From 43e57a42832ea8b4ceb0317f3c9028a4174ffa7b Mon Sep 17 00:00:00 2001
From: mcentner <mcentner@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Wed, 8 Aug 2007 07:25:32 +0000
Subject: Adapted project directory structure to suit the new maven based build
 process.

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@909 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../data/deploy/conf/moa-id/MOAIdentities.xsd      |  59 +++++++++
 .../data/deploy/conf/moa-id/SampleIdentities.xml   |  34 +++++
 .../conf/moa-id/SampleMOAIDConfiguration.xml       | 113 ++++++++++++++++
 .../conf/moa-id/SampleMOAIDConfigurationProxy.xml  | 135 +++++++++++++++++++
 .../SampleMOAIDConfiguration_withTestBKs.xml       | 118 +++++++++++++++++
 .../SampleMOAIDConfiguration_withTestBKsProxy.xml  | 138 ++++++++++++++++++++
 .../conf/moa-id/SampleMOAWIDConfiguration.xml      | 121 +++++++++++++++++
 .../conf/moa-id/SampleMOAWIDConfigurationProxy.xml | 143 ++++++++++++++++++++
 .../SampleMOAWIDConfiguration_withTestBKs.xml      | 123 +++++++++++++++++
 .../SampleMOAWIDConfiguration_withTestBKsProxy.xml | 145 +++++++++++++++++++++
 id/server/data/deploy/conf/moa-id/log4j.properties |  25 ++++
 .../deploy/conf/moa-id/oa/BasicOAConfiguration.xml |   9 ++
 .../conf/moa-id/oa/HeaderOAConfiguration.xml       |  10 ++
 .../deploy/conf/moa-id/oa/ParamOAConfiguration.xml |  10 ++
 .../conf/moa-id/oa/SampleOAConfiguration.xml       |   9 ++
 .../conf/moa-id/oa/SamplewbPKOAConfiguration.xml   |   9 ++
 .../moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt  |  21 +++
 .../SampleBKUSelectionTemplate.html                |  44 +++++++
 .../moa-id/sampleTemplates/SampleTemplate.html     |  56 ++++++++
 .../moa-id/transforms/TransformsInfoAuthBlock.xml  | 105 +++++++++++++++
 .../transforms/TransformsInfoAuthBlockText.xml     |  44 +++++++
 .../TransformsInfoAuthBlockText_deprecated.xml     |  49 +++++++
 .../TransformsInfoAuthBlock_deprecated.xml         | 107 +++++++++++++++
 23 files changed, 1627 insertions(+)
 create mode 100644 id/server/data/deploy/conf/moa-id/MOAIdentities.xsd
 create mode 100644 id/server/data/deploy/conf/moa-id/SampleIdentities.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/log4j.properties
 create mode 100644 id/server/data/deploy/conf/moa-id/oa/BasicOAConfiguration.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/oa/HeaderOAConfiguration.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/oa/ParamOAConfiguration.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/oa/SamplewbPKOAConfiguration.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt
 create mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/SampleBKUSelectionTemplate.html
 create mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/SampleTemplate.html
 create mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/server/data/deploy/conf/moa-id/MOAIdentities.xsd b/id/server/data/deploy/conf/moa-id/MOAIdentities.xsd
new file mode 100644
index 000000000..91c7a6cc0
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/MOAIdentities.xsd
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->
+<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814" elementFormDefault="qualified" attributeFormDefault="unqualified">
+	<xs:element name="MOAIdentities">
+		<xs:annotation>
+			<xs:documentation>MOAIdentities provides a mapping from identities to parameters used in the XMLLoginParameterResolver of MOA-ID</xs:documentation>
+		</xs:annotation>
+		<xs:complexType>
+			<xs:sequence maxOccurs="unbounded">
+				<xs:element name="Mapping">
+					<xs:complexType>
+						<xs:sequence>
+							<xs:element name="Identity">
+								<xs:complexType>
+									<xs:choice>
+										<xs:element name="NamedIdentity" type="tns:NamedIdentityType"/>
+										<xs:element name="bPKIdentity" type="tns:bPKIdentitiyType"/>
+										<xs:element name="wbPKIdentity" type="tns:wbPKIdentitiyType"/>
+									</xs:choice>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="Parameters" type="tns:ParametersType"/>
+						</xs:sequence>
+					</xs:complexType>
+				</xs:element>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:complexType name="wbPKIdentitiyType">
+		<xs:simpleContent>
+			<xs:extension base="xs:boolean">
+				<xs:attribute name="wbPK" type="xs:string" use="required"/>
+			</xs:extension>
+		</xs:simpleContent>
+	</xs:complexType>
+	<xs:complexType name="bPKIdentitiyType">
+		<xs:simpleContent>
+			<xs:extension base="xs:boolean">
+				<xs:attribute name="bPK" type="xs:string" use="required"/>
+			</xs:extension>
+		</xs:simpleContent>
+	</xs:complexType>
+	<xs:complexType name="NamedIdentityType">
+		<xs:simpleContent>
+			<xs:extension base="xs:boolean">
+				<xs:attribute name="SurName" type="xs:string" use="required"/>
+				<xs:attribute name="GivenName" type="xs:string" use="required"/>
+				<xs:attribute name="BirthDate" type="xs:string" use="optional"/>
+			</xs:extension>
+		</xs:simpleContent>
+	</xs:complexType>
+	<xs:complexType name="ParametersType">
+		<xs:attribute name="UN" type="xs:string" use="optional"/>
+		<xs:attribute name="PW" type="xs:string" use="optional"/>
+		<xs:attribute name="Param1" type="xs:string" use="optional"/>
+		<xs:attribute name="Param2" type="xs:string" use="optional"/>
+		<xs:attribute name="Param3" type="xs:string" use="optional"/>
+	</xs:complexType>
+</xs:schema>
diff --git a/id/server/data/deploy/conf/moa-id/SampleIdentities.xml b/id/server/data/deploy/conf/moa-id/SampleIdentities.xml
new file mode 100644
index 000000000..fc6dc2ccf
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/SampleIdentities.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration für den Einsatz der MOA-ID Proxy-Komponenten unter Einsatz eines speziellen XMLLoginParameterResolver 
+	 Damit kann unter Einsatz des XMLLoginParameterResolverPlainData (s.u.) eine Einschränkung von Benutzer für OA erfolgen. 	 -->
+<!-- Beispiel für ein Element ProxyComponent in der MOA-ID Konfigurationsdatei welches den XMLLoginParameterResolverPlainData 
+     mit der Benutzerdatei Identities.xml verwendet um sich über Basic Authentication (401) an einer Webseite anzumeldne 	     	-->
+     
+     
+<!--
+		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" 
+						loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.XMLLoginParameterResolverPlainData" 
+						loginParameterResolverConfiguration="Identities.xml">
+			<ConnectionParameter URL="http://www.cio.gv.at/">
+			</ConnectionParameter>
+		</ProxyComponent>
+-->
+<MOAIdentities xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814 MOAIdentities.xsd">
+	<!-- Eintrag aller Benutzer mit Berechtigung -->
+	<!-- Die Daten müssen in der Schreibweise wie in der Personenbindung (= Schreibweise des ZMRs) eingegeben werden -->
+
+	<!-- Benutzerin Kunz -->
+	<Mapping>
+		<Identity>
+			<NamedIdentity SurName="Kunz" GivenName="Karin Stella" BirthDate="1900-01-01">1</NamedIdentity>
+		</Identity>
+		<Parameters UN="KunzKS" PW="geheim"/>
+	</Mapping>
+	<!-- Benutzer Mustermann -->
+	<Mapping>
+		<Identity>
+			<NamedIdentity SurName="Mustermann-Fall" GivenName="Max Moriz" BirthDate="1900-01-01">1</NamedIdentity>
+		</Identity>
+		<Parameters UN="MustMM" PW="höchst?Geheim"/>
+	</Mapping>
+</MOAIdentities>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
new file mode 100644
index 000000000..f8dbd4b13
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration fuer MOA-ID ohne Proxy mit Unterstuetzung fuer A-Trust und A1-Signatur  -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+	<!-- Konfiguration fuer MOA-ID-AUTH -->
+	<AuthComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+		<BKUSelection BKUSelectionAlternative="HTMLSelect">
+			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+			<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			</ConnectionParameter>
+		</BKUSelection>
+		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
+		<!--Templates>
+			<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+			<Template URL="sampleTemplates/SampleTemplate.html"/>
+		</Templates-->
+		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+		<SecurityLayer>
+	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+	
+	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</SecurityLayer>
+		<MOA-SP>
+			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+			Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+			<!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
+			<!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			<!-- </ConnectionParameter> -->
+			
+			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyIdentityLink>
+				<TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
+			</VerifyIdentityLink>
+			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyAuthBlock>	
+				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
+
+				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+
+				<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+				<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+			</VerifyAuthBlock>
+		</MOA-SP>
+
+		<!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
+		<IdentityLinkSigners>
+			<!-- Personenbindung alt (Ausgabe vor 05.2004) -->
+			<X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) mit Typo -->
+			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) jedoch ohne Typo -->
+			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission</X509SubjectName>
+		</IdentityLinkSigners>
+	</AuthComponent>
+	
+	<!-- Eintragung fuer jede Online-Applikation -->
+	<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
+	<OnlineApplication publicURLPrefix="https://localhost:8443/">
+		<!-- fuer MOA-ID-AUTH -->
+		<AuthComponent>
+			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        	&quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
+			<!--Templates>
+				<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+				<Template URL="sampleTemplates/SampleTemplate.html"/>
+			</Templates-->
+			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+
+	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</AuthComponent>
+	</OnlineApplication>
+	
+	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+	<ChainingModes systemDefaultMode="pkix">
+	</ChainingModes>
+	
+	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+       zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
+	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+	<!-- Cache-Verzeichnis fuer-Zertifikate -->
+	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+	
+	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> 
+	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
new file mode 100644
index 000000000..51d62bd72
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -0,0 +1,135 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer A-Trust und A1-Signatur 
+		 Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+	<!-- Konfiguration fuer MOA-ID-AUTH -->
+	<AuthComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+		<BKUSelection BKUSelectionAlternative="HTMLSelect">
+			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+			<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			</ConnectionParameter>
+		</BKUSelection>
+		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
+		<!--Templates>
+			<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+			<Template URL="sampleTemplates/SampleTemplate.html"/>
+		</Templates-->
+		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+		<SecurityLayer>
+	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+	
+	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</SecurityLayer>
+		<MOA-SP>
+			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+			Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+			<!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
+			<!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			<!-- </ConnectionParameter> -->
+			
+			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyIdentityLink>
+				<TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
+			</VerifyIdentityLink>
+			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyAuthBlock>	
+				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
+
+				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+
+				<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+				<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+			</VerifyAuthBlock>
+		</MOA-SP>
+
+		<!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
+		<IdentityLinkSigners>
+			<!-- Personenbindung alt (Ausgabe vor 05.2004) -->
+			<X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) mit Typo -->
+			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) jedoch ohne Typo -->
+			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission</X509SubjectName>
+		</IdentityLinkSigners>
+	</AuthComponent>
+	
+	<!-- Konfiguration fuer MOA-ID-PROXY -->
+	<ProxyComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+		<AuthComponent>
+			<ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			</ConnectionParameter>
+		</AuthComponent>
+	</ProxyComponent>
+
+	<!-- Eintragung fuer jede Online-Applikation -->
+	<!-- Demo Online-Applikation: Zugriff auf www.cio.gv.at ueber MOA-ID-PROXY -->
+	<OnlineApplication publicURLPrefix="https://localhost:8443/">
+		<!-- fuer MOA-ID-AUTH -->
+		<AuthComponent>
+			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        	&quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
+			<!--Templates>
+				<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+				<Template URL="sampleTemplates/SampleTemplate.html"/>
+			</Templates-->
+			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+
+	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</AuthComponent>
+		<!-- fuer MOA-ID-PROXY -->
+		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
+		<!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
+			<!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+			<ConnectionParameter URL="http://www.cio.gv.at/">
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			</ConnectionParameter>
+		</ProxyComponent>
+	</OnlineApplication>
+	
+	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+	<ChainingModes systemDefaultMode="pkix">
+	</ChainingModes>
+	
+	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+	     fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird 
+       zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
+	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+	<!-- Cache-Verzeichnis fuer-Zertifikate -->
+	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+	
+	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> 
+	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
new file mode 100644
index 000000000..8a9898792
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration fuer MOA-ID ohne Proxy mit Unterstuetzung fuer 
+	 A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext
+      -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+	<!-- Konfiguration fuer MOA-ID-AUTH -->
+	<AuthComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+		<BKUSelection BKUSelectionAlternative="HTMLSelect">
+			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+			<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			</ConnectionParameter>
+		</BKUSelection>
+		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
+		<!--Templates>
+			<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+			<Template URL="sampleTemplates/SampleTemplate.html"/>
+		</Templates-->
+		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+		<SecurityLayer>
+	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+	
+	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</SecurityLayer>
+		<MOA-SP>
+			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+			Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+			<!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			<!-- </ConnectionParameter> -->
+			
+			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyIdentityLink>
+				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
+				<TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
+			</VerifyIdentityLink>
+			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyAuthBlock>	
+				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
+
+				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+
+				<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+				<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+			</VerifyAuthBlock>
+		</MOA-SP>
+
+		<!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
+		<IdentityLinkSigners>
+			<!-- Personenbindung alt (Ausgabe vor 05.2004) -->
+			<X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) -->
+			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+			<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+			<X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName>
+
+		</IdentityLinkSigners>
+	</AuthComponent>
+
+	<!-- Eintragung fuer jede Online-Applikation -->
+	<!--  publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden  -->
+	<OnlineApplication publicURLPrefix="https://localhost:8443/">
+		<!-- fuer MOA-ID-AUTH -->
+		<AuthComponent>
+			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        	&quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
+			<!--Templates>
+				<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+				<Template URL="sampleTemplates/SampleTemplate.html"/>
+			</Templates-->
+			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+
+	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</AuthComponent>
+		
+	</OnlineApplication>
+	
+	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+	<ChainingModes systemDefaultMode="pkix">
+	</ChainingModes>
+	
+	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+       zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
+	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+	<!-- Cache-Verzeichnis fuer-Zertifikate -->
+	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+	
+	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> 
+	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
new file mode 100644
index 000000000..b859fe758
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -0,0 +1,138 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer 
+	 A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext
+     Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+	<!-- Konfiguration fuer MOA-ID-AUTH -->
+	<AuthComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+		<BKUSelection BKUSelectionAlternative="HTMLSelect">
+			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+			<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			</ConnectionParameter>
+		</BKUSelection>
+		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
+		<!--Templates>
+			<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+			<Template URL="sampleTemplates/SampleTemplate.html"/>
+		</Templates-->
+		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+		<SecurityLayer>
+	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+	
+	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</SecurityLayer>
+		<MOA-SP>
+			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+			Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+			<!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			<!-- </ConnectionParameter> -->
+			
+			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyIdentityLink>
+				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
+				<TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
+			</VerifyIdentityLink>
+			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyAuthBlock>	
+				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
+
+				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+
+				<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+				<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+			</VerifyAuthBlock>
+		</MOA-SP>
+
+		<!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
+		<IdentityLinkSigners>
+			<!-- Personenbindung alt (Ausgabe vor 05.2004) -->
+			<X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) -->
+			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+			<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+			<X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName>
+
+		</IdentityLinkSigners>
+	</AuthComponent>
+	
+	<!-- Konfiguration fuer MOA-ID-PROXY -->
+	<ProxyComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+		<AuthComponent>
+			<ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			</ConnectionParameter>
+		</AuthComponent>
+	</ProxyComponent>
+
+	<!-- Eintragung fuer jede Online-Applikation -->
+	<!-- Demo Online-Applikation: Zugriff auf www.cio.gv.at ueber MOA-ID-PROXY -->
+	<OnlineApplication publicURLPrefix="https://localhost:8443/">
+		<!-- fuer MOA-ID-AUTH -->
+		<AuthComponent>
+			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        	&quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
+			<!--Templates>
+				<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+				<Template URL="sampleTemplates/SampleTemplate.html"/>
+			</Templates-->
+			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+
+	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</AuthComponent>
+		<!-- fuer MOA-ID-PROXY -->
+		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
+		<!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
+			<!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+			<ConnectionParameter URL="http://www.cio.gv.at/">
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			</ConnectionParameter>
+		</ProxyComponent>
+	</OnlineApplication>
+	
+	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+	<ChainingModes systemDefaultMode="pkix">
+	</ChainingModes>
+	
+	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+	     fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird 
+       zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
+	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+	<!-- Cache-Verzeichnis fuer-Zertifikate -->
+	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+	
+	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> 
+	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
new file mode 100644
index 000000000..e5b49bbe1
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -0,0 +1,121 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration fuer MOA-WID ohne Proxy mit Unterstuetzung fuer A-Trust und A1-Signatur 
+		 Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt;
+		 Harald Bratko, IAIK -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+	<!-- Konfiguration fuer MOA-ID-AUTH -->
+	<AuthComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+		<BKUSelection BKUSelectionAlternative="HTMLSelect">
+			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+			<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			</ConnectionParameter>
+		</BKUSelection>
+		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
+		<!--Templates>
+			<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+			<Template URL="sampleTemplates/SampleTemplate.html"/>
+		</Templates-->
+		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+		<SecurityLayer>
+	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+	
+	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</SecurityLayer>
+		<MOA-SP>
+			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+			Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+			<!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
+			<!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			<!-- </ConnectionParameter> -->
+			
+			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyIdentityLink>
+				<TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
+			</VerifyIdentityLink>
+			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyAuthBlock>	
+				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
+
+				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+
+				<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+				<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+			</VerifyAuthBlock>
+		</MOA-SP>
+
+		<!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
+		<IdentityLinkSigners>
+			<!-- Personenbindung alt (Ausgabe vor 05.2004) -->
+			<X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) mit Typo -->
+			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) jedoch ohne Typo -->
+			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission</X509SubjectName>
+		</IdentityLinkSigners>
+	</AuthComponent>
+	
+	<!-- Eintragung fuer jede Online-Applikation -->
+	<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
+	<OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
+		<!-- fuer MOA-ID-AUTH WID Modus -->
+		<AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
+			<!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
+			<IdentificationNumber>
+				<!-- Beispiel Firmenbuchnummer -->
+				<pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
+			</IdentificationNumber>
+			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        	&quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
+			<!--Templates>
+				<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+				<Template URL="sampleTemplates/SampleTemplate.html"/>
+			</Templates-->
+			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+
+	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</AuthComponent>
+				
+	</OnlineApplication>
+	
+	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+	<ChainingModes systemDefaultMode="pkix">
+	</ChainingModes>
+	
+	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+       zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
+	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+	<!-- Cache-Verzeichnis fuer-Zertifikate -->
+	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+	
+	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> 
+	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
new file mode 100644
index 000000000..4e7a8ae54
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -0,0 +1,143 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration fuer MOA-WID mit Unterstuetzung fuer A-Trust und A1-Signatur 
+		 Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt;
+		 Harald Bratko, IAIK -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+	<!-- Konfiguration fuer MOA-ID-AUTH -->
+	<AuthComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+		<BKUSelection BKUSelectionAlternative="HTMLSelect">
+			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+			<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			</ConnectionParameter>
+		</BKUSelection>
+		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
+		<!--Templates>
+			<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+			<Template URL="sampleTemplates/SampleTemplate.html"/>
+		</Templates-->
+		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+		<SecurityLayer>
+	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+	
+	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</SecurityLayer>
+		<MOA-SP>
+			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+			Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+			<!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
+			<!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			<!-- </ConnectionParameter> -->
+			
+			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyIdentityLink>
+				<TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
+			</VerifyIdentityLink>
+			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyAuthBlock>	
+				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
+
+				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+
+				<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+				<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+			</VerifyAuthBlock>
+		</MOA-SP>
+
+		<!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
+		<IdentityLinkSigners>
+			<!-- Personenbindung alt (Ausgabe vor 05.2004) -->
+			<X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) mit Typo -->
+			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) jedoch ohne Typo -->
+			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission</X509SubjectName>
+		</IdentityLinkSigners>
+	</AuthComponent>
+	
+	<!-- Konfiguration fuer MOA-ID-PROXY -->
+	<ProxyComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+		<AuthComponent>
+			<ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			</ConnectionParameter>
+		</AuthComponent>
+	</ProxyComponent>
+
+
+	<!-- Eintragung fuer jede Online-Applikation -->
+	<!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.cio.gv.at ueber MOA-ID-PROXY -->
+	<OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
+		<!-- fuer MOA-ID-AUTH WID Modus -->
+		<AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
+			<!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
+			<IdentificationNumber>
+				<!-- Beispiel Firmenbuchnummer -->
+				<pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
+			</IdentificationNumber>
+			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        	&quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
+			<!--Templates>
+				<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+				<Template URL="sampleTemplates/SampleTemplate.html"/>
+			</Templates-->
+			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+
+	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</AuthComponent>
+				
+		<!-- fuer MOA-ID-PROXY -->
+		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
+		<!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
+			<!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+			<ConnectionParameter URL="http://www.cio.gv.at/">
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			</ConnectionParameter>
+		</ProxyComponent>
+	</OnlineApplication>
+	
+	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+	<ChainingModes systemDefaultMode="pkix">
+	</ChainingModes>
+	
+	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+	     fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird 
+       zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
+	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+	<!-- Cache-Verzeichnis fuer-Zertifikate -->
+	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+	
+	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> 
+	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
new file mode 100644
index 000000000..1d5c410ec
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration fuer MOA-WID ohne Proxy mit Unterstuetzung fuer 
+	 A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext
+     Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt,
+     Harald Bratko, IAIK -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+	<!-- Konfiguration fuer MOA-ID-AUTH -->
+	<AuthComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+		<BKUSelection BKUSelectionAlternative="HTMLSelect">
+			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+			<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			</ConnectionParameter>
+		</BKUSelection>
+		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
+		<!--Templates>
+			<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+			<Template URL="sampleTemplates/SampleTemplate.html"/>
+		</Templates-->
+		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+		<SecurityLayer>
+	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+	
+	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</SecurityLayer>
+		<MOA-SP>
+			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+			Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+			<!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			<!-- </ConnectionParameter> -->
+			
+			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyIdentityLink>
+				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
+				<TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
+			</VerifyIdentityLink>
+			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyAuthBlock>	
+				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
+
+				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+
+				<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+				<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+			</VerifyAuthBlock>
+		</MOA-SP>
+
+		<!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
+		<IdentityLinkSigners>
+			<!-- Personenbindung alt (Ausgabe vor 05.2004) -->
+			<X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) -->
+			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+			<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+			<X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName>
+
+		</IdentityLinkSigners>
+	</AuthComponent>
+
+	<!-- Eintragung fuer jede Online-Applikation -->
+	<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
+	<OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
+		<!-- fuer MOA-ID-AUTH WID Modus -->
+		<AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
+			<!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
+			<IdentificationNumber>
+				<!-- Beispiel Firmenbuchnummer -->
+				<pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
+			</IdentificationNumber>
+			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        	&quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
+			<!--Templates>
+				<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+				<Template URL="sampleTemplates/SampleTemplate.html"/>
+			</Templates-->
+			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+
+	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</AuthComponent>
+	</OnlineApplication>
+	
+	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+	<ChainingModes systemDefaultMode="pkix">
+	</ChainingModes>
+	
+	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+       zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
+	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+	<!-- Cache-Verzeichnis fuer-Zertifikate -->
+	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+	
+	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> 
+	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
new file mode 100644
index 000000000..2afa97e77
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -0,0 +1,145 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration fuer MOA-WID mit Unterstuetzung fuer 
+	 A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext
+     Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt,
+     Harald Bratko, IAIK -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+	<!-- Konfiguration fuer MOA-ID-AUTH -->
+	<AuthComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+		<BKUSelection BKUSelectionAlternative="HTMLSelect">
+			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+			<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			</ConnectionParameter>
+		</BKUSelection>
+		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
+		<!--Templates>
+			<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+			<Template URL="sampleTemplates/SampleTemplate.html"/>
+		</Templates-->
+		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+		<SecurityLayer>
+	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+	
+	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</SecurityLayer>
+		<MOA-SP>
+			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+			Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+			<!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			<!-- </ConnectionParameter> -->
+			
+			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyIdentityLink>
+				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
+				<TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
+			</VerifyIdentityLink>
+			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyAuthBlock>	
+				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
+
+				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+
+				<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+				<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+			</VerifyAuthBlock>
+		</MOA-SP>
+
+		<!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
+		<IdentityLinkSigners>
+			<!-- Personenbindung alt (Ausgabe vor 05.2004) -->
+			<X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) -->
+			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+			<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+			<X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName>
+
+		</IdentityLinkSigners>
+	</AuthComponent>
+	
+	<!-- Konfiguration fuer MOA-ID-PROXY -->
+	<ProxyComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+		<AuthComponent>
+			<ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			</ConnectionParameter>
+		</AuthComponent>
+	</ProxyComponent>
+
+
+	<!-- Eintragung fuer jede Online-Applikation -->
+	<!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.cio.gv.at ueber MOA-ID-PROXY -->
+	<OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
+		<!-- fuer MOA-ID-AUTH WID Modus -->
+		<AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
+			<!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
+			<IdentificationNumber>
+				<!-- Beispiel Firmenbuchnummer -->
+				<pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
+			</IdentificationNumber>
+			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        	&quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
+			<!--Templates>
+				<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+				<Template URL="sampleTemplates/SampleTemplate.html"/>
+			</Templates-->
+			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+
+	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</AuthComponent>
+		<!-- fuer MOA-ID-PROXY -->
+		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
+		<!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
+			<!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+			<ConnectionParameter URL="http://www.cio.gv.at/">
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			</ConnectionParameter>
+		</ProxyComponent>
+	</OnlineApplication>
+	
+	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+	<ChainingModes systemDefaultMode="pkix">
+	</ChainingModes>
+	
+	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+	     fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird 
+       zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
+	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+	<!-- Cache-Verzeichnis fuer-Zertifikate -->
+	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+	
+	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> 
+	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/log4j.properties b/id/server/data/deploy/conf/moa-id/log4j.properties
new file mode 100644
index 000000000..debdb146c
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/log4j.properties
@@ -0,0 +1,25 @@
+# commons-logging setup
+org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory
+
+# define log4j root loggers
+log4j.rootLogger=info, stdout, R
+log4j.logger.moa=info
+log4j.logger.moa.spss.server=info
+log4j.logger.iaik.server=info
+log4j.logger.moa.id.auth=info
+log4j.logger.moa.id.proxy=info
+
+# configure the stdout appender
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+#log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c |  %10t | %m%n
+log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20.20c | %10t | %m%n
+
+# configure the rolling file appender (R)
+log4j.appender.R=org.apache.log4j.RollingFileAppender
+log4j.appender.R.File=${catalina.home}/logs/moa-id.log
+log4j.appender.R.MaxFileSize=10000KB
+log4j.appender.R.MaxBackupIndex=1
+log4j.appender.R.layout=org.apache.log4j.PatternLayout
+log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
+
diff --git a/id/server/data/deploy/conf/moa-id/oa/BasicOAConfiguration.xml b/id/server/data/deploy/conf/moa-id/oa/BasicOAConfiguration.xml
new file mode 100644
index 000000000..fc99cea79
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/oa/BasicOAConfiguration.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Demokonfiguration fuer eine Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet -->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+	<LoginType>stateless</LoginType>
+	<BasicAuth>
+		<UserID>MOAFamilyName</UserID>
+		<Password>MOAGivenName</Password>
+	</BasicAuth>
+</Configuration>
diff --git a/id/server/data/deploy/conf/moa-id/oa/HeaderOAConfiguration.xml b/id/server/data/deploy/conf/moa-id/oa/HeaderOAConfiguration.xml
new file mode 100644
index 000000000..4d34c3646
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/oa/HeaderOAConfiguration.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Demokonfiguration fuer eine Online Applikation (OA) welche Header Authentication zur Uebergabe der Parameter verwendet -->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+	<LoginType>stateless</LoginType>
+	<HeaderAuth>
+		<!-- zusaetzlicher Header GivenName -->
+		<Header Name="X-MOAParameterGivenName" Value="MOAGivenName"></Header>
+		<Header Name="X-MOAParameterFamilyName" Value="MOAFamilyName"></Header>
+	</HeaderAuth>
+</Configuration>
diff --git a/id/server/data/deploy/conf/moa-id/oa/ParamOAConfiguration.xml b/id/server/data/deploy/conf/moa-id/oa/ParamOAConfiguration.xml
new file mode 100644
index 000000000..979faca95
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/oa/ParamOAConfiguration.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Demokonfiguration fuer eine Online Applikation (OA) welche Parameter Authentication verwendet -->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+	<LoginType>stateless</LoginType>
+	<ParamAuth>
+		<!-- URL Parameter GivenName und FamilyName -->
+		<Parameter Name="GivenName" Value="MOAGivenName"></Parameter>
+		<Parameter Name="FamilyName" Value="MOAFamilyName"></Parameter>
+	</ParamAuth>
+</Configuration>
diff --git a/id/server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml b/id/server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml
new file mode 100644
index 000000000..edbfe7aa5
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Demokonfiguration fuer Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet -->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+	<LoginType>stateless</LoginType>
+	<BasicAuth>
+		<UserID>MOAFamilyName</UserID>
+		<Password>MOAGivenName</Password>
+	</BasicAuth>
+</Configuration>
diff --git a/id/server/data/deploy/conf/moa-id/oa/SamplewbPKOAConfiguration.xml b/id/server/data/deploy/conf/moa-id/oa/SamplewbPKOAConfiguration.xml
new file mode 100644
index 000000000..2cff3bd67
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/oa/SamplewbPKOAConfiguration.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Demokonfiguration fuer eine Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet -->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+	<LoginType>stateless</LoginType>
+	<BasicAuth>
+		<UserID>MOAWBPK</UserID>
+		<Password>MOAGivenName</Password>
+	</BasicAuth>
+</Configuration>
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt b/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt
new file mode 100644
index 000000000..01f724cc4
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt
@@ -0,0 +1,21 @@
+TEMPLATES:
+==========
+Zweck:
+------
+Mithilfe von Templates können Sie das Aussehen der Seiten 
+"Auswahl der Bürgerkartenumgebung" sowie "Anmeldung mit Bürgerkarte" 
+anpassen. Damit können Sie zusätzliche Hintergrundinformationen (Wozu 
+dient die Anmeldung, etc.) zu diesen Seiten hinzufügen und das Layout an 
+Ihre sonstigen Anwendungen anpassen.
+
+Wenn Sie in den Beispielkonfigurationsdateien die Elmente 
+"AuthComponent/Templates" oder "OnlineApplication/AuthComponent/Templates"
+aktivieren, dann werden die in diesem Verzeichnis enthaltenen Beispieltemplates
+geladen. Es sind dies sehr einfache Templates, die nur das Laden über die 
+Konfigurationsdatei demonstrieren sollen. (Das Laden der Templates über
+die Konfigurationsdatei steht erst ab Version 1.3.1 zur Verfügung).
+Etwas aufwendigere Templates (mit CSS) finden Sie als eigene Webapplikation im 
+Verzeichnis "/auth/templates" der entpackten Distribution.
+
+Nähere Informationen zu den Templates finden Sie im MOA-ID-Konfigurationshandbuch.
+
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleBKUSelectionTemplate.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleBKUSelectionTemplate.html
new file mode 100644
index 000000000..2f2ea6552
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleBKUSelectionTemplate.html
@@ -0,0 +1,44 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>MOA ID - Auswahl der B&uuuml;rgerkartenumgebung</title>
+	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+	<meta name="Author" content="Max Mustermann">
+	<meta name="keywords" content="MOA-ID">
+</head>
+
+<body>
+
+<h1 align="center">Auswahl der B&uuml;rgerkartenumgebung</h1>
+
+<p></p>
+<p>Sie haben sich f&uuml;r Anmeldung mit Ihrer B&uuml;rgerkarte entschieden. Da es verschiedene Formen der B&uuml;rgerkarte gibt, m&uuml;ssen Sie nun w&auml;hlen, welche Sie bei der Anmeldung verwenden wollen.</p>
+<h3>Auswahl der B&uuml;rgerkarte</h3>
+<form name="CustomizedForm" method="post" action="<StartAuth>">
+  <BKUSelect> 
+  <input type="submit" value="Ausw&auml;hlen"/>
+</form>
+<br/>
+<p></p>
+
+ <input type="hidden" value="Weitere Info"/>
+</form>
+
+<h4>Hinweise: </h4>
+<ul>
+  <li> 
+  	<p>Bei der Anmeldung mit einer <a href="http://www.a-trust.at/info.asp?node=337" target="_blank">A-Trust B&uuml;rgerkarte</a> oder Ihrer
+  	<a href="http://www.chipkarte.at/esvapps/page/page.jsp?p_pageid=110&p_menuid=62182&p_id=2" target="_blank">E-CARD</a> ben&ouml;tigen Sie 
+  	eine funktionsf&auml;hige <a href="http://www.buergerkarte.at/" target="_blank">B&uuml;rgerkartensoftware</a> sowie einen passenden Kartenleser.</p>
+  </li>
+  <li> 
+    <p>Bei der Anmeldung mit der <a href="http://www.a1.net/signatur" target="_blank">A1-Signatur</a> &uuml;ber Ihr Handy wird keine B&uuml;rgerkartensoftware und 
+      kein Kartenleser ben&ouml;tigt.</p>
+  </li>
+</ul>
+
+<p align="right">&nbsp; </p>
+
+
+</body>
+</html>
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleTemplate.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleTemplate.html
new file mode 100644
index 000000000..83a6639e6
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleTemplate.html
@@ -0,0 +1,56 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>MOA ID - Identifizierter Zugang mit B&uuml;rgerkarte</title>
+	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+	<meta name="Author" content="Max Mustermann">
+	<meta name="keywords" content="MOA-ID">
+</head>
+
+<body>
+
+<h1 align="center">Sicherer Zugang zur Online-Anwendung mit B&uuml;rgerkarte</h1>
+
+<p></p>
+
+Der identifizierte Zugang erfolgt &uuml;ber die Module f&uuml;r Online Applikationen (MOA) unter Verwendung einer B&uuml;rgerkarte und deren Signaturfunktion.
+
+<p></p>
+<p>Wenn Sie in Folge die Schaltfl&auml;che "Anmeldung mit B&uuml;rgerkarte"
+aktivieren, so werden Sie zur Signatur der Anmeldedaten aufgefordert. Wenn Sie diese
+signieren, so werden Sie zur Online-Anwendung weitergeleitet und angemeldet.</p>
+
+
+<form name="CustomizedForm" action="<BKU>" method="post">
+  <div align="center">
+    <input type="hidden" 
+        name="XMLRequest" 
+        value="<XMLRequest>"/>
+    <input type="hidden" 
+        name="DataURL" 
+        value="<DataURL>"/>
+    <input type="hidden" 
+        name="PushInfobox" 
+        value="<PushInfobox>"/>
+    <input type="submit" value="Anmeldung mit B&uuml;rgerkarte" name="submit"/>
+  </div>
+</form>
+<form name="CustomizedInfoForm"
+ action="<BKU>"
+ method="post">
+  <input type="hidden"
+        name="XMLRequest"
+        value="<CertInfoXMLRequest>"/>
+    <input type="hidden"
+        name="DataURL"
+        value="<CertInfoDataURL>"/>
+
+
+<br/>
+<p></p>
+
+ <input type="hidden" value="Weitere Info"/>
+</form>
+
+</body>
+</html>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
new file mode 100644
index 000000000..915a6bf2f
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
@@ -0,0 +1,105 @@
+<sl10:TransformsInfo>
+	<dsig:Transforms>
+		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+					<html>
+						<head>
+							<title>Signatur der Anmeldedaten</title>
+							<style type="text/css" media="screen">
+							.boldstyle {font-weight: bold; }
+							.italicstyle { font-style: italic; } 
+							.annotationstyle { font-size: 0.8em; }
+							table { border:1px solid #000;}
+							td { border:1px solid #000; padding:4px;}
+							</style>
+						</head>
+						<body>
+<p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p>
+							<table>
+								<tr>
+									<td class="boldstyle">
+										Name:
+									</td>
+									<td>
+										<xsl:value-of select="//@Issuer"/>
+									</td>
+								</tr>
+								<tr>
+									<td class="boldstyle">
+										Geburtsdatum:
+									</td>
+									<td>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+									</td>
+								</tr>
+								<tr>
+									<td class="boldstyle">
+										Applikation:
+									</td>
+									<td>
+										<xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+									</td>
+								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+									<tr>
+										<td class="boldstyle">
+											Geschäftsbereich:
+										</td>
+										<td>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<tr>
+									<td class="boldstyle">
+										Anmeldeserver:
+									</td>
+									<td>
+										<xsl:value-of select="//saml:NameIdentifier"/>
+									</td>
+								</tr>
+								<tr>
+									<td class="boldstyle">
+										Datum:
+									</td>
+									<td>
+										<xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+									</td>
+								</tr>
+								<tr>
+									<td class="boldstyle">
+										Uhrzeit:
+									</td>
+									<td>
+										<xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+									</td>
+								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+									<tr>
+										<td class="boldstyle">
+											wbPK (*):
+										</td>
+										<td>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+										</td>
+									</tr>
+								</xsl:if>
+							</table>
+							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+								<p/>
+								<hr/>
+								<div class="annotationstyle">(*): Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</div>							
+							</xsl:if>
+						</body>
+					</html>
+				</xsl:template>
+			</xsl:stylesheet>
+		</dsig:Transform>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+	</dsig:Transforms>
+	<sl10:FinalDataMetaInfo>
+		<sl10:MimeType>application/xhtml+xml</sl10:MimeType>
+	</sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
new file mode 100644
index 000000000..5089140b4
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
@@ -0,0 +1,44 @@
+<sl10:TransformsInfo>
+	<dsig:Transforms>
+		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+					<html>
+						<head>
+							<title>Signatur der Anmeldedaten</title>
+							<style type="text/css" media="screen">
+							.boldstyle { font-weight: bold; }
+							.italicstyle { font-style: italic; }
+							.annotationstyle { font-size: 0.8em; }
+							</style>
+						</head>
+						<body>
+							<h1>Signatur der Anmeldedaten</h1>
+							<p/>
+							<h4>Mit meiner elektronischen Signatur beantrage ich, <span class="boldstyle">
+									<xsl:value-of select="//@Issuer"/>
+								</span>, 
+geboren am 
+<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, den Zugang zur gesicherten Anwendung.</h4>
+							<p/>
+							<h4>Datum und Uhrzeit: <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+							</h4>
+							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+								<h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+								</h4>
+								<p/>
+								<hr/>
+								<div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</div>
+							</xsl:if>
+						</body>
+					</html>
+				</xsl:template>
+			</xsl:stylesheet>
+		</dsig:Transform>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+	</dsig:Transforms>
+	<sl10:FinalDataMetaInfo>
+		<sl10:MimeType>application/xhtml+xml</sl10:MimeType>
+	</sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
new file mode 100644
index 000000000..07d926d14
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
@@ -0,0 +1,49 @@
+<sl10:TransformsInfo>
+	<dsig:Transforms>
+		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+				<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes"/>
+				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+					<html>
+						<head>
+							<title>Signatur der Anmeldedaten</title>
+						</head>
+						<body>
+							<h1>Signatur der Anmeldedaten</h1>
+							<p/>
+							<h4>Mit meiner elektronischen Signatur beantrage ich, <b><xsl:value-of select="//@Issuer"/></b>, 
+              geboren am 
+                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
+                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
+                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>,
+              den Zugang zur gesicherten Anwendung.</h4>
+							<p/>
+							<h4>Datum und Uhrzeit: 
+							  <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
+							  <xsl:value-of select="substring(//@IssueInstant,6,2)"/>.
+							  <xsl:value-of select="substring(//@IssueInstant,1,4)"/>, 
+							  <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:
+							  <xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
+							  <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+							</h4>
+							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+								<h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+								</h4>
+								<p/>
+								<hr/>
+								<h6>(*) wbPK: Das <i>wirtschaftsbereichsspezifische 
+								Personenkennzeichen</i> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens
+								berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</h6>
+							</xsl:if>
+						</body>
+					</html>
+				</xsl:template>
+			</xsl:stylesheet>
+		</dsig:Transform>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+	</dsig:Transforms>
+	<sl10:FinalDataMetaInfo>
+		<sl10:MimeType>text/html</sl10:MimeType>
+	</sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml
new file mode 100644
index 000000000..05f91750c
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml
@@ -0,0 +1,107 @@
+<sl10:TransformsInfo>
+	<dsig:Transforms>
+		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+				<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes"/>
+				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+					<html>
+						<head>
+							<title>Signatur der Anmeldedaten</title>
+						</head>
+						<body>
+              <p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p>
+							<table>
+								<tr>
+									<td>
+										<b>Name:</b>
+									</td>
+									<td>
+										<xsl:value-of select="//@Issuer"/>
+									</td>
+								</tr>
+								<tr>
+									<td>
+										<b>Geburtsdatum:</b>
+									</td>
+									<td>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+									</td>
+								</tr>
+								<tr>
+									<td>
+										<b>Applikation:</b>
+									</td>
+									<td>
+										<xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+									</td>
+								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+									<tr>
+										<td>
+											<b>Geschäftsbereich:</b>
+										</td>
+										<td>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<tr>
+									<td>
+										<b>Anmeldeserver:</b>
+									</td>
+									<td>
+										<xsl:value-of select="//saml:NameIdentifier"/>
+									</td>
+								</tr>
+								<tr>
+									<td>
+										<b>Datum:</b>
+									</td>
+									<td>
+										<xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
+										<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.
+										<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+									</td>
+								</tr>
+								<tr>
+									<td>
+										<b>Uhrzeit:</b>
+									</td>
+									<td>
+										<xsl:value-of select="substring(//@IssueInstant,12,2)"/>:
+										<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
+										<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+									</td>
+								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+									<tr>
+										<td>
+											<b>wbPK (*):</b>
+										</td>
+										<td>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+										</td>
+									</tr>
+								</xsl:if>
+							</table>
+							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+								<p/>
+								<hr/>
+								<h6>(*): Das <i>wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</i> wird aus den jeweiligen 
+								Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige 
+								Zuordnung des Bürgers zum Wirtschaftsunternehmen.</h6>							
+							</xsl:if>
+						</body>
+					</html>
+				</xsl:template>
+			</xsl:stylesheet>
+		</dsig:Transform>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+	</dsig:Transforms>
+	<sl10:FinalDataMetaInfo>
+		<sl10:MimeType>text/html</sl10:MimeType>
+	</sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
-- 
cgit v1.2.3


From 189f12c42b38d58d1b324daa573153111bd2f7a4 Mon Sep 17 00:00:00 2001
From: pdanner <pdanner@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Fri, 24 Aug 2007 11:52:28 +0000
Subject: build optimizations, updated documentation and sample configuration

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@953 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 id/server/auth/pom.xml                             |   1 +
 .../data/deploy/conf/moa-id/SampleIdentities.xml   |   2 +-
 .../conf/moa-id/SampleMOAIDConfigurationProxy.xml  |   4 +-
 .../SampleMOAIDConfiguration_withTestBKsProxy.xml  |   4 +-
 .../conf/moa-id/SampleMOAWIDConfigurationProxy.xml |   4 +-
 .../SampleMOAWIDConfiguration_withTestBKsProxy.xml |   4 +-
 .../conf/moa-spss/SampleMOASPSSConfiguration.xml   |   8 +-
 ..._Signatur_Buerger.20070823-20131022.SerNo03.der | Bin 0 -> 1117 bytes
 ...ur_B\303\274rger.20070823-20131022.SerNo03.der" | Bin 1117 -> 0 bytes
 ...uesselung_Buerger.20070823-20131022.SerNo04.p12 | Bin 0 -> 3849 bytes
 ...ng_B\303\274rger.20070823-20131022.SerNo04.p12" | Bin 3849 -> 0 bytes
 .../moa_id/examples/conf/MOA-ID-Configuration.xml  |   4 +-
 id/server/doc/moa_id/id-admin.htm                  |  66 ++++++++--------
 id/server/proxy/pom.xml                            |  87 +++++++++++----------
 spss/assembly.xml                                  |   2 +-
 ...uesselung_Buerger.20070823-20131022.SerNo04.der | Bin 0 -> 1125 bytes
 ...ng_B\303\274rger.20070823-20131022.SerNo04.der" | Bin 1125 -> 0 bytes
 ..._Signatur_Buerger.20070823-20131022.SerNo03.der | Bin 0 -> 977 bytes
 ...ur_B\303\274rger.20070823-20131022.SerNo03.der" | Bin 977 -> 0 bytes
 spss/server/serverws/pom.xml                       |   1 +
 20 files changed, 95 insertions(+), 92 deletions(-)
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Signatur_Buerger.20070823-20131022.SerNo03.der
 delete mode 100644 "id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Signatur_B\303\274rger.20070823-20131022.SerNo03.der"
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Verschluesselung_Buerger.20070823-20131022.SerNo04.p12
 delete mode 100644 "id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Verschl\303\274sselung_B\303\274rger.20070823-20131022.SerNo04.p12"
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/EGIZ.MOA_Test_CA_-_Verschluesselung_Buerger.20070823-20131022.SerNo04.der
 delete mode 100644 "spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/EGIZ.MOA_Test_CA_-_Verschl\303\274sselung_B\303\274rger.20070823-20131022.SerNo04.der"
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/EGIZ.MOA_Test_CA_-_Signatur_Buerger.20070823-20131022.SerNo03.der
 delete mode 100644 "spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/EGIZ.MOA_Test_CA_-_Signatur_B\303\274rger.20070823-20131022.SerNo03.der"

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml
index 80eabe6d0..d0c8c1612 100644
--- a/id/server/auth/pom.xml
+++ b/id/server/auth/pom.xml
@@ -30,6 +30,7 @@
                             <addDefaultSpecificationEntries>false</addDefaultSpecificationEntries>
                             <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
                         </manifest>
+                        <addMavenDescriptor>false</addMavenDescriptor>
                     </archive>
 <!--
                     <webResources>
diff --git a/id/server/data/deploy/conf/moa-id/SampleIdentities.xml b/id/server/data/deploy/conf/moa-id/SampleIdentities.xml
index fc6dc2ccf..abda0bf64 100644
--- a/id/server/data/deploy/conf/moa-id/SampleIdentities.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleIdentities.xml
@@ -9,7 +9,7 @@
 		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" 
 						loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.XMLLoginParameterResolverPlainData" 
 						loginParameterResolverConfiguration="Identities.xml">
-			<ConnectionParameter URL="http://www.cio.gv.at/">
+			<ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
 			</ConnectionParameter>
 		</ProxyComponent>
 -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index 51d62bd72..fa9177e9a 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -79,7 +79,7 @@
 	</ProxyComponent>
 
 	<!-- Eintragung fuer jede Online-Applikation -->
-	<!-- Demo Online-Applikation: Zugriff auf www.cio.gv.at ueber MOA-ID-PROXY -->
+	<!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
 	<OnlineApplication publicURLPrefix="https://localhost:8443/">
 		<!-- fuer MOA-ID-AUTH -->
 		<AuthComponent>
@@ -104,7 +104,7 @@
 		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
 		<!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
 			<!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
-			<ConnectionParameter URL="http://www.cio.gv.at/">
+			<ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
 			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
 			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
 			</ConnectionParameter>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index b859fe758..86ee440e5 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -82,7 +82,7 @@
 	</ProxyComponent>
 
 	<!-- Eintragung fuer jede Online-Applikation -->
-	<!-- Demo Online-Applikation: Zugriff auf www.cio.gv.at ueber MOA-ID-PROXY -->
+	<!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
 	<OnlineApplication publicURLPrefix="https://localhost:8443/">
 		<!-- fuer MOA-ID-AUTH -->
 		<AuthComponent>
@@ -107,7 +107,7 @@
 		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
 		<!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
 			<!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
-			<ConnectionParameter URL="http://www.cio.gv.at/">
+			<ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
 			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
 			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
 			</ConnectionParameter>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index 4e7a8ae54..ddcdc6189 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -81,7 +81,7 @@
 
 
 	<!-- Eintragung fuer jede Online-Applikation -->
-	<!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.cio.gv.at ueber MOA-ID-PROXY -->
+	<!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
 	<OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
 		<!-- fuer MOA-ID-AUTH WID Modus -->
 		<AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
@@ -112,7 +112,7 @@
 		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
 		<!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
 			<!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
-			<ConnectionParameter URL="http://www.cio.gv.at/">
+			<ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
 			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
 			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
 			</ConnectionParameter>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 2afa97e77..77049d798 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -84,7 +84,7 @@
 
 
 	<!-- Eintragung fuer jede Online-Applikation -->
-	<!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.cio.gv.at ueber MOA-ID-PROXY -->
+	<!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
 	<OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
 		<!-- fuer MOA-ID-AUTH WID Modus -->
 		<AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
@@ -114,7 +114,7 @@
 		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
 		<!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
 			<!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
-			<ConnectionParameter URL="http://www.cio.gv.at/">
+			<ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
 			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
 			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
 			</ConnectionParameter>
diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
index 008a59d8e..eee390044 100644
--- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
@@ -25,19 +25,19 @@
 				</cfg:ChainingMode>
 				<cfg:TrustProfile>
 					<cfg:Id>MOAIDBuergerkartePersonenbindung</cfg:Id>
-					<cfg:TrustAnchorsLocation>trustprofiles/MOAIDBuergerkartePersonenbindungOhneTestkarten</cfg:TrustAnchorsLocation>
+					<cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten</cfg:TrustAnchorsLocation>
 				</cfg:TrustProfile>
 				<cfg:TrustProfile>
 					<cfg:Id>MOAIDBuergerkarteAuthentisierungsDaten</cfg:Id>
-					<cfg:TrustAnchorsLocation>trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten</cfg:TrustAnchorsLocation>
+					<cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten</cfg:TrustAnchorsLocation>
 				</cfg:TrustProfile>
 				<cfg:TrustProfile>
 					<cfg:Id>MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:Id>
-					<cfg:TrustAnchorsLocation>trustprofiles/MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:TrustAnchorsLocation>
+					<cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:TrustAnchorsLocation>
 				</cfg:TrustProfile>
 				<cfg:TrustProfile>
 					<cfg:Id>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:Id>
-					<cfg:TrustAnchorsLocation>trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:TrustAnchorsLocation>
+					<cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:TrustAnchorsLocation>
 				</cfg:TrustProfile>
 			</cfg:PathValidation>
 			<cfg:RevocationChecking>
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Signatur_Buerger.20070823-20131022.SerNo03.der b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Signatur_Buerger.20070823-20131022.SerNo03.der
new file mode 100644
index 000000000..2696201b0
Binary files /dev/null and b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Signatur_Buerger.20070823-20131022.SerNo03.der differ
diff --git "a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Signatur_B\303\274rger.20070823-20131022.SerNo03.der" "b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Signatur_B\303\274rger.20070823-20131022.SerNo03.der"
deleted file mode 100644
index 2696201b0..000000000
Binary files "a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Signatur_B\303\274rger.20070823-20131022.SerNo03.der" and /dev/null differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Verschluesselung_Buerger.20070823-20131022.SerNo04.p12 b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Verschluesselung_Buerger.20070823-20131022.SerNo04.p12
new file mode 100644
index 000000000..82d52e644
Binary files /dev/null and b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Verschluesselung_Buerger.20070823-20131022.SerNo04.p12 differ
diff --git "a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Verschl\303\274sselung_B\303\274rger.20070823-20131022.SerNo04.p12" "b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Verschl\303\274sselung_B\303\274rger.20070823-20131022.SerNo04.p12"
deleted file mode 100644
index 82d52e644..000000000
Binary files "a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Verschl\303\274sselung_B\303\274rger.20070823-20131022.SerNo04.p12" and /dev/null differ
diff --git a/id/server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml b/id/server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml
index db43b0c1d..d0ea9cf6c 100644
--- a/id/server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml
+++ b/id/server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml
@@ -58,7 +58,7 @@
 	</ProxyComponent>
 
 	<!-- Eintragung fuer jede Online-Applikation -->
-	<!-- Demo Online-Applikation: Zugriff auf www.cio.gv.at ueber MOA-ID-PROXY -->
+	<!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
 	<OnlineApplication publicURLPrefix="https://localhost:8443/">
 		<!-- fuer MOA-ID-AUTH -->
 		<AuthComponent>
@@ -72,7 +72,7 @@
 		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
 		<!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
 			<!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
-			<ConnectionParameter URL="http://www.cio.gv.at/">
+			<ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
 			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
 			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
 			</ConnectionParameter>
diff --git a/id/server/doc/moa_id/id-admin.htm b/id/server/doc/moa_id/id-admin.htm
index 19fa3562c..c0f195600 100644
--- a/id/server/doc/moa_id/id-admin.htm
+++ b/id/server/doc/moa_id/id-admin.htm
@@ -25,7 +25,7 @@
 </style>
 
 <script language="JavaScript">
-<!-- 
+<!--
 function goWin(url) {
 	Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
 	window.setTimeout("showWin()",300);
@@ -45,7 +45,7 @@ function showWin() { Fenster.focus(); }
 <div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
 <!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
 </div>
-<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" > 
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
 Projekt <span style="font-size:48pt; ">moa</span>&#160;
 </div>
 <br />
@@ -55,13 +55,13 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
 <tr>
 <td width="170"  valign="top">
 <div style="font-weight:bold; margin-top:12px">MOA-ID</div><br />
-<div id="klein"><img src="../moa_images/select.gif" border="0" width="13" height="14" /> 
+<div id="klein"><img src="../moa_images/select.gif" border="0" width="13" height="14" />
 	<b> Übersicht</b></div>
-<div id="klein"><a href="id-admin_1.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" /> 
+<div id="klein"><a href="id-admin_1.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
 	<b> Basis-Installation</b></a></div>
-<div id="klein"><a href="id-admin_2.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" /> 
+<div id="klein"><a href="id-admin_2.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
 	<b> Konfiguration </b></a></div>
-<div id="klein"><a href="id-admin_3.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" /> 
+<div id="klein"><a href="id-admin_3.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
 	<b> Optionale<br />&#160; &#160;&#160;Komponenten</b></a></div>
 <br />
 <div id="klein"><a href="moa.htm"><img src="../moa_images/west.gif" border="0" width="13" height="14" />
@@ -74,7 +74,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
 <p id="block">
 Die Komponenten des Moduls Identifikation (MOA-ID), MOA-ID-AUTH und MOA-ID-PROXY, sind als plattformunabh&auml;ngige Webapplikationen ausgelegt.
 MOA-ID-AUTH ist die Basiskomponente des Moduls, und MOA-ID-PROXY ist eine optionale Zusatzkomponente.
-F&uuml;r den Betrieb dieser Webapplikationen wird eine Java Virtual Machine und ein Java Servlet Container vorausgesetzt. 
+F&uuml;r den Betrieb dieser Webapplikationen wird eine Java Virtual Machine und ein Java Servlet Container vorausgesetzt.
 <br /><br />
 Dieses Handbuch beschreibt die Installation und Konfiguration von MOA-ID-AUTH und von MOA-ID-PROXY, und die Einrichtung der Systemumgebungen.
 </p>
@@ -120,7 +120,7 @@ Folgende Software ist Voraussetzung f&uuml;r die Basis-Installation:
 Um m&ouml;glichen Versionskonflikten aus dem Weg zu gehen sollten stets die neuesten Versionen von MOA-ID als auch von MOA-SP/SS verwendet werden. <br/>
 In diesem Betriebs-Szenario wird MOA-ID-AUTH in Tomcat deployt. Tomcat fungiert gleichzeitig als HTTP- und HTTPS-Endpunkt f&uuml;r MOA-ID-AUTH. Beide Protokolle werden direkt in Tomcat konfiguriert.
 <br/><br/>
-Die Webapplikation verwendet Log4j als Logging Toolkit. 
+Die Webapplikation verwendet Log4j als Logging Toolkit.
 </div>
 </table>
 <br />
@@ -172,7 +172,7 @@ Den MOA ID Webapplikationen kann jeweils optional ein Webserver vorgeschaltet se
 <li>Apache Webserver 2.0.x mit mod_SSL </li>
 <li>Jakarta mod_jk 1.2.2 </li>
 </ul>
-<div id="block">In diesem Fall &uuml;bernimmt der vorgeschaltete Webserver die Funktion des HTTP- und HTTPS-Endpunktes. Beide Protokolle werden im Webserver konfiguriert. 
+<div id="block">In diesem Fall &uuml;bernimmt der vorgeschaltete Webserver die Funktion des HTTP- und HTTPS-Endpunktes. Beide Protokolle werden im Webserver konfiguriert.
 <br /><br />
 Mittels mod_jk werden die Webservice-Aufrufe, die im vorgeschalteten Webserver eintreffen, an Tomcat weiter geleitet, bzw. die Antwort von Tomcat wieder an den Webserver zur&uuml;ck &uuml;bermittelt.
 </div>
@@ -188,7 +188,7 @@ Mittels mod_jk werden die Webservice-Aufrufe, die im vorgeschalteten Webserver e
 <td valign="top">
 <p id="subtitel">Konfiguration mit PostgreSQL (optional)</p>
 <div id="block">
-Das MOA ID Webservice kann eine PostgreSQL Datenbank nutzen, um: 
+Das MOA ID Webservice kann eine PostgreSQL Datenbank nutzen, um:
 </div>
 <ul>
 <li>Log-Meldungen zu speichern </li>
@@ -230,66 +230,66 @@ Die Versionsangaben beziehen sich auf die Versionen, mit denen die MOA ID Webapp
 <br /><br />
 <div id="block">
                       <table border="1" width="100%" cellpadding="2" cellspacing="0">
-                        <tr> 
+                        <tr>
                           <th width="59%">Komponente</th>
                           <th width="41%">Getestete Version</th>
                         </tr>
-                        <tr> 
+                        <tr>
                           <td width="59%"><b>JDK (SDK)</b> </td>
                           <td width="41%">min. <a href="http://java.sun.com/j2se/1.4.0/download.html">1.4.0</a> bzw. <a href="http://java.sun.com/j2se/1.4.2/download.html"><br>
                           1.4.2</a><br/>
-						  <a href="http://java.sun.com/j2se/1.5.0/download.html">1.5.0</a>	
+						  <a href="http://java.sun.com/j2se/1.5.0/download.html">1.5.0</a>
 						  </td>
                         </tr>
-                        <tr> 
+                        <tr>
                           <td width="59%" height="21"><b>Tomcat</b></td>
-                          <td width="41%" height="21"> 
+                          <td width="41%" height="21">
                             <p><a href="http://archive.apache.org/dist/tomcat/tomcat-4/v4.1.31/bin/jakarta-tomcat-4.1.31.zip">4.1.31</a><br/>
 							<a href="http://gd.tuwien.ac.at/infosys/servers/http/apache/dist/tomcat/tomcat-5/v5.0.28/bin/jakarta-tomcat-5.0.28.zip">5.0.25</a></p>
                           </td>
                         </tr>
-                        <tr> 
+                        <tr>
                           <td width="59%"><b>MOA-ID-AUTH </b></td>
-                          <td width="41%"><a href="http://www.cio.gv.at/onlineservices/basicmodules/moa/implementation/">1.4 (neueste Version) </a></td>
+                          <td width="41%"><a href="http://egovlabs.gv.at/frs/?group_id=6&release_id=5">1.4 (neueste Version) </a></td>
                         </tr>
-                        <tr> 
+                        <tr>
                           <td width="59%"><b>MOA-ID-PROXY </b></td>
-                          <td width="41%"><a href="http://www.cio.gv.at/onlineservices/basicmodules/moa/implementation/">1.4 (neueste Version)</a></td>
+                          <td width="41%"><a href="http://egovlabs.gv.at/frs/?group_id=6&release_id=5">1.4 (neueste Version)</a></td>
                         </tr>
-                        <tr> 
+                        <tr>
                           <td width="59%"><b>MOA-SPSS </b></td>
-                          <td width="41%"><a href="http://www.cio.gv.at/onlineservices/basicmodules/moa/implementation/">1.4 (neueste Version)</a>&#160;</td>
+                          <td width="41%"><a href="http://egovlabs.gv.at/frs/?group_id=6&release_id=5">1.4 (neueste Version)</a>&#160;</td>
                         </tr>
-                        <tr> 
+                        <tr>
                           <td width="59%"><b>Apache Webserver </b></td>
-                          <td width="41%"><a href="http://httpd.apache.org/">1.3.X</a> 
+                          <td width="41%"><a href="http://httpd.apache.org/">1.3.X</a>
                             bzw.<br>
                             <a href="http://httpd.apache.org/">2.0.X</a></td>
                         </tr>
-                        <tr> 
-                          <td width="59%"><b>Microsoft Internet Information Server 
+                        <tr>
+                          <td width="59%"><b>Microsoft Internet Information Server
                             </b></td>
                           <td width="41%"><a href="http://www.microsoft.com/windows2000/en/server/iis/default.asp">5.0</a>&#160; <br/>
 						  <a href="http://www.microsoft.com/WindowsServer2003/iis/default.mspx">6.0</a>&#160; </td>
                         </tr>
-                        <tr> 
+                        <tr>
                           <td width="59%"><b>mod_SSL </b></td>
-                          <td width="41%">(<a href="http://httpd.apache.org/docs-2.0/ssl/">**</a>)&#160; 
+                          <td width="41%">(<a href="http://httpd.apache.org/docs-2.0/ssl/">**</a>)&#160;
                           </td>
                         </tr>
-                        <tr> 
+                        <tr>
                           <td width="59%"><b>Jakarta mod_jk </b></td>
-                          <td width="41%"><a href="http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/">1.2.2&#160;</a> 
+                          <td width="41%"><a href="http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/">1.2.2&#160;</a>
                           </td>
                         </tr>
-                        <tr> 
+                        <tr>
                           <td width="59%"><b>Jakarta Log4j </b></td>
-                          <td width="41%"><a href="http://jakarta.apache.org/log4j/docs/index.html">1.2.8</a>&#160; 
+                          <td width="41%"><a href="http://jakarta.apache.org/log4j/docs/index.html">1.2.8</a>&#160;
                           </td>
                         </tr>
-                        <tr> 
+                        <tr>
                           <td width="59%"><b>PostgreSQL </b></td>
-                          <td width="41%"><a href="http://techdocs.postgresql.org/installguides.php">7.3</a>&#160; 
+                          <td width="41%"><a href="http://techdocs.postgresql.org/installguides.php">7.3</a>&#160;
                           </td>
                         </tr>
                       </table>
diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml
index faffae81b..ee8c38c29 100644
--- a/id/server/proxy/pom.xml
+++ b/id/server/proxy/pom.xml
@@ -31,6 +31,7 @@
 							<addDefaultSpecificationEntries>false</addDefaultSpecificationEntries>
 							<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
 						</manifest>
+            <addMavenDescriptor>false</addMavenDescriptor>
 					</archive>
 <!--
 					<webResources>
@@ -61,49 +62,49 @@
 			<artifactId>moa-id-lib</artifactId>
 			<version>${project.version}</version>
 		</dependency>
-        <!-- transitive dependencies we don't want to include into the war -->
-        <dependency>
-            <groupId>iaik.prod</groupId>
-            <artifactId>iaik_jce_full</artifactId>
-            <!-- should be in the ext directory of the jre -->
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>iaik.prod</groupId>
-            <artifactId>iaik_ecc</artifactId>
-            <!-- should be in the ext directory of the jre -->
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>iaik.prod</groupId>
-            <artifactId>iaik_Pkcs11Provider</artifactId>
-            <!-- should be in the ext directory of the jre -->
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>iaik.prod</groupId>
-            <artifactId>iaik_Pkcs11Wrapper</artifactId>
-            <!-- should be in the ext directory of the jre -->
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>xalan</groupId>
-            <artifactId>xalan</artifactId>
-            <!-- should be provided by the container or jre -->
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>xerces</groupId>
-            <artifactId>xercesImpl</artifactId>
-            <!-- should be provided by the container or jre -->
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>xerces</groupId>
-            <artifactId>xmlParserAPIs</artifactId>
-            <!-- should be provided by the container or jre -->
-            <scope>provided</scope>
-        </dependency>
+        <!-- transitive dependencies we don't want to include into the war -->
+        <dependency>
+            <groupId>iaik.prod</groupId>
+            <artifactId>iaik_jce_full</artifactId>
+            <!-- should be in the ext directory of the jre -->
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>iaik.prod</groupId>
+            <artifactId>iaik_ecc</artifactId>
+            <!-- should be in the ext directory of the jre -->
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>iaik.prod</groupId>
+            <artifactId>iaik_Pkcs11Provider</artifactId>
+            <!-- should be in the ext directory of the jre -->
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>iaik.prod</groupId>
+            <artifactId>iaik_Pkcs11Wrapper</artifactId>
+            <!-- should be in the ext directory of the jre -->
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>xalan</groupId>
+            <artifactId>xalan</artifactId>
+            <!-- should be provided by the container or jre -->
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>xerces</groupId>
+            <artifactId>xercesImpl</artifactId>
+            <!-- should be provided by the container or jre -->
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>xerces</groupId>
+            <artifactId>xmlParserAPIs</artifactId>
+            <!-- should be provided by the container or jre -->
+            <scope>provided</scope>
+        </dependency>
 	</dependencies>
 
 </project>
diff --git a/spss/assembly.xml b/spss/assembly.xml
index fb395df19..6649f9763 100644
--- a/spss/assembly.xml
+++ b/spss/assembly.xml
@@ -23,7 +23,7 @@
 						</includes>
 						<outputDirectory>/endorsed</outputDirectory>
                         <!-- strip version off the artifact file names -->
-                        <outputFileNameMapping>${artifactId}.{extension}</outputFileNameMapping>
+                        <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
 					</dependencySet>
 					<dependencySet>
 						<includes>
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/EGIZ.MOA_Test_CA_-_Verschluesselung_Buerger.20070823-20131022.SerNo04.der b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/EGIZ.MOA_Test_CA_-_Verschluesselung_Buerger.20070823-20131022.SerNo04.der
new file mode 100644
index 000000000..5f83fa43c
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/EGIZ.MOA_Test_CA_-_Verschluesselung_Buerger.20070823-20131022.SerNo04.der differ
diff --git "a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/EGIZ.MOA_Test_CA_-_Verschl\303\274sselung_B\303\274rger.20070823-20131022.SerNo04.der" "b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/EGIZ.MOA_Test_CA_-_Verschl\303\274sselung_B\303\274rger.20070823-20131022.SerNo04.der"
deleted file mode 100644
index 5f83fa43c..000000000
Binary files "a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/EGIZ.MOA_Test_CA_-_Verschl\303\274sselung_B\303\274rger.20070823-20131022.SerNo04.der" and /dev/null differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/EGIZ.MOA_Test_CA_-_Signatur_Buerger.20070823-20131022.SerNo03.der b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/EGIZ.MOA_Test_CA_-_Signatur_Buerger.20070823-20131022.SerNo03.der
new file mode 100644
index 000000000..f4de446af
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/EGIZ.MOA_Test_CA_-_Signatur_Buerger.20070823-20131022.SerNo03.der differ
diff --git "a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/EGIZ.MOA_Test_CA_-_Signatur_B\303\274rger.20070823-20131022.SerNo03.der" "b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/EGIZ.MOA_Test_CA_-_Signatur_B\303\274rger.20070823-20131022.SerNo03.der"
deleted file mode 100644
index f4de446af..000000000
Binary files "a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/EGIZ.MOA_Test_CA_-_Signatur_B\303\274rger.20070823-20131022.SerNo03.der" and /dev/null differ
diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml
index b286db6a2..5a5afdebd 100644
--- a/spss/server/serverws/pom.xml
+++ b/spss/server/serverws/pom.xml
@@ -29,6 +29,7 @@
                             <addDefaultSpecificationEntries>false</addDefaultSpecificationEntries>
                             <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
                         </manifest>
+                        <addMavenDescriptor>false</addMavenDescriptor>
                     </archive>
                     <warName>moa-spss</warName>
                     <webResources>
-- 
cgit v1.2.3


From ad3895c482b9c0a6b6aa2dbf6467d69219152c40 Mon Sep 17 00:00:00 2001
From: pdanner <pdanner@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Fri, 24 Aug 2007 14:01:39 +0000
Subject: added Personenbindungs-signer to configurations

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@958 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml   | 3 ++-
 .../deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml   | 3 ++-
 .../data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml  | 3 ++-
 .../deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml  | 3 ++-
 4 files changed, 8 insertions(+), 4 deletions(-)

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 8a9898792..4b4f2441a 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -66,7 +66,8 @@
 			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
 			<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
 			<X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName>
-
+			<!-- Test-Personenbindung SeLaN 1.04b ff. -->
+			<X509SubjectName>CN=EGIZ Administrator,OU=Institute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</X509SubjectName>
 		</IdentityLinkSigners>
 	</AuthComponent>
 
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index 86ee440e5..e580b0d8e 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -66,7 +66,8 @@
 			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
 			<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
 			<X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName>
-
+			<!-- Test-Personenbindung SeLaN 1.04b ff. -->
+			<X509SubjectName>CN=EGIZ Administrator,OU=Institute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</X509SubjectName>
 		</IdentityLinkSigners>
 	</AuthComponent>
 	
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index 1d5c410ec..636433a57 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -67,7 +67,8 @@
 			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
 			<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
 			<X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName>
-
+			<!-- Test-Personenbindung SeLaN 1.04b ff. -->
+			<X509SubjectName>CN=EGIZ Administrator,OU=Institute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</X509SubjectName>
 		</IdentityLinkSigners>
 	</AuthComponent>
 
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 77049d798..7a93f766c 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -67,7 +67,8 @@
 			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
 			<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
 			<X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName>
-
+			<!-- Test-Personenbindung SeLaN 1.04b ff. -->
+			<X509SubjectName>CN=EGIZ Administrator,OU=Institute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</X509SubjectName>
 		</IdentityLinkSigners>
 	</AuthComponent>
 	
-- 
cgit v1.2.3


From 8352b34e0d8d6d69e8e308b5b1eafc93e0b9b903 Mon Sep 17 00:00:00 2001
From: pdanner <pdanner@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Wed, 29 Aug 2007 17:10:49 +0000
Subject: renewed certificates and cleaned test certificate trustprofiles

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@974 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../conf/moa-id/SampleMOAIDConfiguration.xml       |   9 --------
 .../conf/moa-id/SampleMOAIDConfigurationProxy.xml  |   9 --------
 .../SampleMOAIDConfiguration_withTestBKs.xml       |  14 ++++--------
 .../SampleMOAIDConfiguration_withTestBKsProxy.xml  |  14 ++++--------
 .../conf/moa-id/SampleMOAWIDConfiguration.xml      |   9 --------
 .../conf/moa-id/SampleMOAWIDConfigurationProxy.xml |   9 --------
 .../SampleMOAWIDConfiguration_withTestBKs.xml      |  14 ++++--------
 .../SampleMOAWIDConfiguration_withTestBKsProxy.xml |  14 ++++--------
 ...ignTest-Enc-01-SN0450(CertifiedKeypair_alt).cer | Bin 1018 -> 0 bytes
 ...t-Sig-01-SN0588(SecureSignatureKeypair_alt).cer | Bin 1151 -> 0 bytes
 ..._Signatur_Buerger.20070823-20131022.SerNo03.der | Bin 1117 -> 0 bytes
 ...uesselung_Buerger.20070823-20131022.SerNo04.der | Bin 1125 -> 0 bytes
 ...ignatur_Buerger_1.20070531-20130101.SerNo01.der | Bin 3554 -> 0 bytes
 ...IZ_Test_CA_-_User.20070829-20140101.SerNo00.cer | Bin 0 -> 1262 bytes
 ...sselung_Buerger_1.20070531-20130101.SerNo00.der | Bin 3562 -> 0 bytes
 ...TEST-Premium-Enc-01SN16f8(CertifiedKeypair).cer | Bin 1136 -> 0 bytes
 ...TEST-Premium-Enc-01SN4848(CertifiedKeypair).cer | Bin 1136 -> 0 bytes
 ...remium-Sig-01SN16f9(SecureSignatureKeypair).cer | Bin 1171 -> 0 bytes
 ...remium-Sig-01SN484a(SecureSignatureKeypair).cer | Bin 1133 -> 0 bytes
 ...GIZ_Administrator.20070531-20130101.SerNo02.der |  25 ---------------------
 ..._-_Signaturdienst.20070829-20140101.SerNo02.cer | Bin 0 -> 1272 bytes
 ...t_Personenbindung.20030822-20060822.SerNo02.der |  18 ---------------
 .../35A40EF932B1F23980E2C672FC939E91EEBD0317       | Bin 0 -> 1262 bytes
 .../66AB66128A44574873E54E6584E450C4EB3B9A1E       | Bin 0 -> 1170 bytes
 .../6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A       | Bin 0 -> 1256 bytes
 .../07298E24461954E4696D2ED9FFB7D52B57F325B3       | Bin 0 -> 1279 bytes
 .../F5F2456D79490C268569970E900C68FD1C7DC8E5       | Bin 0 -> 1264 bytes
 .../CA80A13D41116E24CB1479E970CDC1C030C5907C       | Bin 0 -> 1272 bytes
 .../C6658C25AFB8A9D738F2BC591775D167549FFD3A       | Bin 0 -> 1264 bytes
 ...011206-20041206.SerNo0450[CertifiedKeypair].cer | Bin 1018 -> 0 bytes
 ...021120-20051120.SerNo16f8[CertifiedKeypair].cer | Bin 1136 -> 0 bytes
 ...030903-20060903.SerNo4848[CertifiedKeypair].cer | Bin 1136 -> 0 bytes
 ...uesselung_Buerger.20070823-20131022.SerNo04.der | Bin 1125 -> 0 bytes
 ...IZ_Test_CA_-_Root.20070829-20180101.SerNo00.cer | Bin 0 -> 1170 bytes
 ...sselung_Buerger_1.20070531-20130101.SerNo00.der | Bin 3562 -> 0 bytes
 ...GIZ_Administrator.20070829-20120829.SerNo00.cer | Bin 0 -> 1273 bytes
 ...GIZ_Administrator.20070531-20130101.SerNo02.der |  25 ---------------------
 ..._-_Signaturdienst.20070829-20140101.SerNo02.cer | Bin 0 -> 1272 bytes
 ...t_Personenbindung.20030822-20060822.SerNo02.der |  18 ---------------
 ...-20041206.SerNo0588[SecureSignatureKeypair].cer | Bin 1151 -> 0 bytes
 ...-20051120.SerNo16f9[SecureSignatureKeypair].cer | Bin 1171 -> 0 bytes
 ...-20060903.SerNo484a[SecureSignatureKeypair].cer | Bin 1133 -> 0 bytes
 ..._Signatur_Buerger.20070823-20131022.SerNo03.der | Bin 977 -> 0 bytes
 ...IZ_Test_CA_-_Root.20070829-20180101.SerNo00.cer | Bin 0 -> 1170 bytes
 ...ignatur_Buerger_1.20070531-20130101.SerNo01.der | Bin 3554 -> 0 bytes
 .../test/MOA_Test_CA.20070823-20131022.Serno01.cer | Bin 0 -> 958 bytes
 .../moa-spss/trustProfiles/test/signaturdienst.der | Bin 958 -> 0 bytes
 47 files changed, 16 insertions(+), 162 deletions(-)
 delete mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-TrustSignTest-Enc-01-SN0450(CertifiedKeypair_alt).cer
 delete mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-TrustSignTest-Sig-01-SN0588(SecureSignatureKeypair_alt).cer
 delete mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Signatur_Buerger.20070823-20131022.SerNo03.der
 delete mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Verschluesselung_Buerger.20070823-20131022.SerNo04.der
 delete mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_Signatur_Buerger_1.20070531-20130101.SerNo01.der
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_User.20070829-20140101.SerNo00.cer
 delete mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_Verschluesselung_Buerger_1.20070531-20130101.SerNo00.der
 delete mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Enc-01SN16f8(CertifiedKeypair).cer
 delete mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Enc-01SN4848(CertifiedKeypair).cer
 delete mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Sig-01SN16f9(SecureSignatureKeypair).cer
 delete mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Sig-01SN484a(SecureSignatureKeypair).cer
 delete mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Administrator.20070531-20130101.SerNo02.der
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer
 delete mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Test_Signaturdienst_Personenbindung.20030822-20060822.SerNo02.der
 create mode 100644 spss/handbook/conf/moa-spss/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317
 create mode 100644 spss/handbook/conf/moa-spss/certstore/3868959083AA986194E58E73798BCD724D785A0E/66AB66128A44574873E54E6584E450C4EB3B9A1E
 create mode 100644 spss/handbook/conf/moa-spss/certstore/405D86C9D39B1061885678ED90780A0F04A76327/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A
 create mode 100644 spss/handbook/conf/moa-spss/certstore/427765A998398EE1B138ABDBA20313DC4A3738A0/07298E24461954E4696D2ED9FFB7D52B57F325B3
 create mode 100644 spss/handbook/conf/moa-spss/certstore/53CF955B19387A437659158BC050B7BC4B238132/F5F2456D79490C268569970E900C68FD1C7DC8E5
 create mode 100644 spss/handbook/conf/moa-spss/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907C
 create mode 100644 spss/handbook/conf/moa-spss/certstore/CD2D87A57D1568A515128BE9DA8B3CAE7AC007A4/C6658C25AFB8A9D738F2BC591775D167549FFD3A
 delete mode 100644 spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust.TrustSignTest-Enc-01.20011206-20041206.SerNo0450[CertifiedKeypair].cer
 delete mode 100644 spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust.a-sign-TEST-Premium-Enc-01.20021120-20051120.SerNo16f8[CertifiedKeypair].cer
 delete mode 100644 spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust.a-sign-TEST-Premium-Enc-01.20030903-20060903.SerNo4848[CertifiedKeypair].cer
 delete mode 100644 spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/EGIZ.MOA_Test_CA_-_Verschluesselung_Buerger.20070823-20131022.SerNo04.der
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/EGIZ_Test_CA_-_Root.20070829-20180101.SerNo00.cer
 delete mode 100644 spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/EGIZ_Test_CA_-_Verschluesselung_Buerger_1.20070531-20130101.SerNo00.der
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test-signerCerts/EGIZ_Administrator.20070829-20120829.SerNo00.cer
 delete mode 100644 spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test/EGIZ_Administrator.20070531-20130101.SerNo02.der
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer
 delete mode 100644 spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test/Test_Signaturdienst_Personenbindung.20030822-20060822.SerNo02.der
 delete mode 100644 spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust.TrustSignTest-Sig-01.20011206-20041206.SerNo0588[SecureSignatureKeypair].cer
 delete mode 100644 spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust.a-sign-TEST-Premium-Sig-01.20021120-20051120.SerNo16f9[SecureSignatureKeypair].cer
 delete mode 100644 spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust.a-sign-TEST-Premium-Sig-01.20030903-20060903.SerNo484a[SecureSignatureKeypair].cer
 delete mode 100644 spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/EGIZ.MOA_Test_CA_-_Signatur_Buerger.20070823-20131022.SerNo03.der
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/EGIZ_Test_CA_-_Root.20070829-20180101.SerNo00.cer
 delete mode 100644 spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/EGIZ_Test_CA_-_Signatur_Buerger_1.20070531-20130101.SerNo01.der
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/test/MOA_Test_CA.20070823-20131022.Serno01.cer
 delete mode 100644 spss/handbook/conf/moa-spss/trustProfiles/test/signaturdienst.der

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index f8dbd4b13..7e22ee05f 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -55,15 +55,6 @@
 			</VerifyAuthBlock>
 		</MOA-SP>
 
-		<!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
-		<IdentityLinkSigners>
-			<!-- Personenbindung alt (Ausgabe vor 05.2004) -->
-			<X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
-			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) mit Typo -->
-			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
-			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) jedoch ohne Typo -->
-			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission</X509SubjectName>
-		</IdentityLinkSigners>
 	</AuthComponent>
 	
 	<!-- Eintragung fuer jede Online-Applikation -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index fa9177e9a..6dab6911a 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -56,15 +56,6 @@
 			</VerifyAuthBlock>
 		</MOA-SP>
 
-		<!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
-		<IdentityLinkSigners>
-			<!-- Personenbindung alt (Ausgabe vor 05.2004) -->
-			<X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
-			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) mit Typo -->
-			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
-			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) jedoch ohne Typo -->
-			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission</X509SubjectName>
-		</IdentityLinkSigners>
 	</AuthComponent>
 	
 	<!-- Konfiguration fuer MOA-ID-PROXY -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 4b4f2441a..f8dd375d1 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -58,17 +58,11 @@
 			</VerifyAuthBlock>
 		</MOA-SP>
 
-		<!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
-		<IdentityLinkSigners>
-			<!-- Personenbindung alt (Ausgabe vor 05.2004) -->
-			<X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
-			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) -->
-			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
+		<!-- IdentityLinkSigners-->
 			<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-			<X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName>
-			<!-- Test-Personenbindung SeLaN 1.04b ff. -->
-			<X509SubjectName>CN=EGIZ Administrator,OU=Institute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</X509SubjectName>
-		</IdentityLinkSigners>
+			<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
+		<!--/IdentityLinkSigners-->
 	</AuthComponent>
 
 	<!-- Eintragung fuer jede Online-Applikation -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index e580b0d8e..c60101e8d 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -58,17 +58,11 @@
 			</VerifyAuthBlock>
 		</MOA-SP>
 
-		<!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
-		<IdentityLinkSigners>
-			<!-- Personenbindung alt (Ausgabe vor 05.2004) -->
-			<X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
-			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) -->
-			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
+		<!-- IdentityLinkSigners-->
 			<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-			<X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName>
-			<!-- Test-Personenbindung SeLaN 1.04b ff. -->
-			<X509SubjectName>CN=EGIZ Administrator,OU=Institute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</X509SubjectName>
-		</IdentityLinkSigners>
+			<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
+		<!--/IdentityLinkSigners-->
 	</AuthComponent>
 	
 	<!-- Konfiguration fuer MOA-ID-PROXY -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index e5b49bbe1..9dc42ee2e 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -57,15 +57,6 @@
 			</VerifyAuthBlock>
 		</MOA-SP>
 
-		<!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
-		<IdentityLinkSigners>
-			<!-- Personenbindung alt (Ausgabe vor 05.2004) -->
-			<X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
-			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) mit Typo -->
-			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
-			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) jedoch ohne Typo -->
-			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission</X509SubjectName>
-		</IdentityLinkSigners>
 	</AuthComponent>
 	
 	<!-- Eintragung fuer jede Online-Applikation -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index ddcdc6189..e92678b27 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -57,15 +57,6 @@
 			</VerifyAuthBlock>
 		</MOA-SP>
 
-		<!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
-		<IdentityLinkSigners>
-			<!-- Personenbindung alt (Ausgabe vor 05.2004) -->
-			<X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
-			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) mit Typo -->
-			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
-			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) jedoch ohne Typo -->
-			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission</X509SubjectName>
-		</IdentityLinkSigners>
 	</AuthComponent>
 	
 	<!-- Konfiguration fuer MOA-ID-PROXY -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index 636433a57..7617737dd 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -59,17 +59,11 @@
 			</VerifyAuthBlock>
 		</MOA-SP>
 
-		<!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
-		<IdentityLinkSigners>
-			<!-- Personenbindung alt (Ausgabe vor 05.2004) -->
-			<X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
-			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) -->
-			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
+		<!-- IdentityLinkSigners-->
 			<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-			<X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName>
-			<!-- Test-Personenbindung SeLaN 1.04b ff. -->
-			<X509SubjectName>CN=EGIZ Administrator,OU=Institute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</X509SubjectName>
-		</IdentityLinkSigners>
+			<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
+		<!--/IdentityLinkSigners-->
 	</AuthComponent>
 
 	<!-- Eintragung fuer jede Online-Applikation -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 7a93f766c..264f6f6e3 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -59,17 +59,11 @@
 			</VerifyAuthBlock>
 		</MOA-SP>
 
-		<!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
-		<IdentityLinkSigners>
-			<!-- Personenbindung alt (Ausgabe vor 05.2004) -->
-			<X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
-			<!-- Personenbindung neu (ab 05.2004, mit Stammzahl) -->
-			<X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
+		<!-- IdentityLinkSigners-->
 			<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-			<X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName>
-			<!-- Test-Personenbindung SeLaN 1.04b ff. -->
-			<X509SubjectName>CN=EGIZ Administrator,OU=Institute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</X509SubjectName>
-		</IdentityLinkSigners>
+			<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
+		<!--/IdentityLinkSigners-->
 	</AuthComponent>
 	
 	<!-- Konfiguration fuer MOA-ID-PROXY -->
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-TrustSignTest-Enc-01-SN0450(CertifiedKeypair_alt).cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-TrustSignTest-Enc-01-SN0450(CertifiedKeypair_alt).cer
deleted file mode 100644
index 836ba3767..000000000
Binary files a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-TrustSignTest-Enc-01-SN0450(CertifiedKeypair_alt).cer and /dev/null differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-TrustSignTest-Sig-01-SN0588(SecureSignatureKeypair_alt).cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-TrustSignTest-Sig-01-SN0588(SecureSignatureKeypair_alt).cer
deleted file mode 100644
index 28cb48bb0..000000000
Binary files a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-TrustSignTest-Sig-01-SN0588(SecureSignatureKeypair_alt).cer and /dev/null differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Signatur_Buerger.20070823-20131022.SerNo03.der b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Signatur_Buerger.20070823-20131022.SerNo03.der
deleted file mode 100644
index 2696201b0..000000000
Binary files a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Signatur_Buerger.20070823-20131022.SerNo03.der and /dev/null differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Verschluesselung_Buerger.20070823-20131022.SerNo04.der b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Verschluesselung_Buerger.20070823-20131022.SerNo04.der
deleted file mode 100644
index 5f83fa43c..000000000
Binary files a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ.MOA_Test_CA_-_Verschluesselung_Buerger.20070823-20131022.SerNo04.der and /dev/null differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_Signatur_Buerger_1.20070531-20130101.SerNo01.der b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_Signatur_Buerger_1.20070531-20130101.SerNo01.der
deleted file mode 100644
index a344532fb..000000000
Binary files a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_Signatur_Buerger_1.20070531-20130101.SerNo01.der and /dev/null differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_User.20070829-20140101.SerNo00.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_User.20070829-20140101.SerNo00.cer
new file mode 100644
index 000000000..73553b996
Binary files /dev/null and b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_User.20070829-20140101.SerNo00.cer differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_Verschluesselung_Buerger_1.20070531-20130101.SerNo00.der b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_Verschluesselung_Buerger_1.20070531-20130101.SerNo00.der
deleted file mode 100644
index 73c194d07..000000000
Binary files a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_Verschluesselung_Buerger_1.20070531-20130101.SerNo00.der and /dev/null differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Enc-01SN16f8(CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Enc-01SN16f8(CertifiedKeypair).cer
deleted file mode 100644
index fc5bd433b..000000000
Binary files a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Enc-01SN16f8(CertifiedKeypair).cer and /dev/null differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Enc-01SN4848(CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Enc-01SN4848(CertifiedKeypair).cer
deleted file mode 100644
index f3cf5e676..000000000
Binary files a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Enc-01SN4848(CertifiedKeypair).cer and /dev/null differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Sig-01SN16f9(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Sig-01SN16f9(SecureSignatureKeypair).cer
deleted file mode 100644
index 28fbdf42f..000000000
Binary files a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Sig-01SN16f9(SecureSignatureKeypair).cer and /dev/null differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Sig-01SN484a(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Sig-01SN484a(SecureSignatureKeypair).cer
deleted file mode 100644
index c9da41583..000000000
Binary files a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Sig-01SN484a(SecureSignatureKeypair).cer and /dev/null differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Administrator.20070531-20130101.SerNo02.der b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Administrator.20070531-20130101.SerNo02.der
deleted file mode 100644
index 812a45c97..000000000
--- a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Administrator.20070531-20130101.SerNo02.der
+++ /dev/null
@@ -1,25 +0,0 @@
-MIIEmDCCA4CgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBqzELMAkGA1UEBhMCQVQx
-JjAkBgNVBAoTHUdSQVogVU5JVkVSU0lUWSBPRiBURUNITk9MT0dZMUgwRgYDVQQL
-Ez9JbnN0aXR1dGUgZm9yIEFwcGxpZWQgSW5mb3JtYXRpb24gUHJvY2Vzc2luZyBh
-bmQgQ29tbXVuaWNhdGlvbnMxKjAoBgNVBAMTIUVHSVogVGVzdCBDQSAtIFNpZ25h
-dHVyIEJ1ZXJnZXIgMTAeFw0wNzA1MzExNTE3MTdaFw0xMjEyMzEyMjU5NTlaMIGc
-MQswCQYDVQQGEwJBVDEmMCQGA1UEChMdR1JBWiBVTklWRVJTSVRZIE9GIFRFQ0hO
-T0xPR1kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJbmZvcm1hdGlv
-biBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEbMBkGA1UEAxMSRUdJWiBB
-ZG1pbmlzdHJhdG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6Pe
-ks12p+OFQibR9WaL8q6/rvVowT8oUCf112DTttlADhSG7jQchp7vC+IDHct3lNtZ
-AwqHE+mXXS3vNJEIZToGe6CJt05E8bE2ChFNveCrgTl+vD/Js5wSm92eCySNq2cw
-HMGRhBmoOeIWi0Ca4wrdD2iZpiKfqm9M+RCtmoAUaA1NEQKZARCxMih2KzisL3Gp
-j89w2qFJ6FO+9B4pLfXzpmbioadkzuAxItxGvBxDcJ5FIyXmtOXDxFzgrx8VK8NG
-BY1sukYQxR3IBHDhYEeT+3wU0J0OytSm6LHgRe6WoPskCkSSx/E7wXCrIVvjTw+b
-wP5OanGRtqSmeobEAQIDAQABo4HTMIHQMA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMB
-Af8EAjAAMB0GA1UdDgQWBBTzk6fcEo2PzMEiqik9eQ7fgbV8CzBwBgNVHSAEaTBn
-MGUGDCsGAQQBlRIBAgQBATBVMFMGCCsGAQUFBwICMEcaRVRoaXMgY2VydGlmaWNh
-dGUgb25seSBtYXkgYmUgdXNlZCBmb3IgZGVtb25zdHJhdGlvbiBhbmQgdGVzdCBw
-dXJwb3NlczAfBgNVHSMEGDAWgBQHYJe+t/1DOmd/QXQayS4d8SAkOzANBgkqhkiG
-9w0BAQUFAAOCAQEArvnc0ELBuhal5AcBco/57/6CY/K8ZqRmghuuhJNKAU5gwsqz
-HoJ7d1pliCtSwuj13VKUFj4GTxZFczyLnlQAbPjVuKrDw/K3euUmWbNVyxbNFuZD
-zeixlD1SAP/bf15fBHGTroIB2sSpVyOnvDGYIEdhafiIMunjDnigAs2F0w7CJvhb
-HtbMGJ7WlPDrxxmKxIovvQ8q0vNtiSA+Me2LFIXe3lpzMhEf9XxSQ3hWwFL7gWB6
-E28wF/0VDPvWK2KnXeOaZertamViFV4mxzCBNpmAiP2n021ppBMMdxTf0HDKKey3
-vDZsL+Xuu+wfNJd+GRWg+TYlpwiMb1Uq1jCJJQ==
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer
new file mode 100644
index 000000000..277b6083a
Binary files /dev/null and b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Test_Signaturdienst_Personenbindung.20030822-20060822.SerNo02.der b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Test_Signaturdienst_Personenbindung.20030822-20060822.SerNo02.der
deleted file mode 100644
index 347e7984c..000000000
--- a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Test_Signaturdienst_Personenbindung.20030822-20060822.SerNo02.der
+++ /dev/null
@@ -1,18 +0,0 @@
-MIIDNTCCAqKgAwIBAgIBAjAJBgUrDgMCHQUAMHUxCzAJBgNVBAYTAkFUMRkwFwYD
-VQQKExBCdW5kZXNrYW56bGVyYW10MSMwIQYDVQQLExpJS1QtU3RhYnNzdGVsbGUg
-ZGVzIEJ1bmRlczEmMCQGA1UEAxMdTU9BIFRlc3QgQ0EgLSBTaWduYXR1cmRpZW5z
-dGUwHhcNMDMwODIyMTQxNjU1WhcNMDYwODIyMTQxNjU1WjB7MQswCQYDVQQGEwJB
-VDEZMBcGA1UEChMQQnVuZGVza2FuemxlcmFtdDEjMCEGA1UECxMaSUtULVN0YWJz
-c3RlbGxlIGRlcyBCdW5kZXMxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
-UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZc7fI
-2JnT/uJyI1QwW3vhO0Wg3yplZoJjE4mnTo06IEtbZpGOA6KmqhvNB6VpZzGsaXk2
-JGlibxeX2QcCENqxpM+W3g76KiSI1mQJAXksQF1sG4DmDBZc73RN1MvVZPXaOlrI
-wHP3e4OJfUyX42jESCxq2gw2CYAK1vQqP9vwpQIDAQABo4HWMIHTMAwGA1UdEwEB
-/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
-MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
-VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFG/KxiBrwgiTGvaQ4qnlNqZr
-ys9eMBQGByooAAoBAQEECQwHQktBLUlLVDAfBgNVHSMEGDAWgBRYApE8f1Giez5W
-W/e04zcT6yOYfDAJBgUrDgMCHQUAA4GBACUMi3FLhSlR6GCud44tlz3699yhlYia
-Rg4K8Tn2PumjaLKHeldvabu5fo3ZPQmVUEYg9JIlq1des0/MSQzB0J6D8cOISwA6
-UjO5P0Nf6z3+vJEEV91w7knsI7oq4TXMPppUO2ZNAfiYI+lfJWL4BA6eSJzXUkh1
-eoVONcI4929I
diff --git a/spss/handbook/conf/moa-spss/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317 b/spss/handbook/conf/moa-spss/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317
new file mode 100644
index 000000000..73553b996
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317 differ
diff --git a/spss/handbook/conf/moa-spss/certstore/3868959083AA986194E58E73798BCD724D785A0E/66AB66128A44574873E54E6584E450C4EB3B9A1E b/spss/handbook/conf/moa-spss/certstore/3868959083AA986194E58E73798BCD724D785A0E/66AB66128A44574873E54E6584E450C4EB3B9A1E
new file mode 100644
index 000000000..ed5ba194c
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/3868959083AA986194E58E73798BCD724D785A0E/66AB66128A44574873E54E6584E450C4EB3B9A1E differ
diff --git a/spss/handbook/conf/moa-spss/certstore/405D86C9D39B1061885678ED90780A0F04A76327/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A b/spss/handbook/conf/moa-spss/certstore/405D86C9D39B1061885678ED90780A0F04A76327/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A
new file mode 100644
index 000000000..141b05ef4
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/405D86C9D39B1061885678ED90780A0F04A76327/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A differ
diff --git a/spss/handbook/conf/moa-spss/certstore/427765A998398EE1B138ABDBA20313DC4A3738A0/07298E24461954E4696D2ED9FFB7D52B57F325B3 b/spss/handbook/conf/moa-spss/certstore/427765A998398EE1B138ABDBA20313DC4A3738A0/07298E24461954E4696D2ED9FFB7D52B57F325B3
new file mode 100644
index 000000000..33e1ee94b
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/427765A998398EE1B138ABDBA20313DC4A3738A0/07298E24461954E4696D2ED9FFB7D52B57F325B3 differ
diff --git a/spss/handbook/conf/moa-spss/certstore/53CF955B19387A437659158BC050B7BC4B238132/F5F2456D79490C268569970E900C68FD1C7DC8E5 b/spss/handbook/conf/moa-spss/certstore/53CF955B19387A437659158BC050B7BC4B238132/F5F2456D79490C268569970E900C68FD1C7DC8E5
new file mode 100644
index 000000000..b2a1e145f
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/53CF955B19387A437659158BC050B7BC4B238132/F5F2456D79490C268569970E900C68FD1C7DC8E5 differ
diff --git a/spss/handbook/conf/moa-spss/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907C b/spss/handbook/conf/moa-spss/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907C
new file mode 100644
index 000000000..277b6083a
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907C differ
diff --git a/spss/handbook/conf/moa-spss/certstore/CD2D87A57D1568A515128BE9DA8B3CAE7AC007A4/C6658C25AFB8A9D738F2BC591775D167549FFD3A b/spss/handbook/conf/moa-spss/certstore/CD2D87A57D1568A515128BE9DA8B3CAE7AC007A4/C6658C25AFB8A9D738F2BC591775D167549FFD3A
new file mode 100644
index 000000000..f6df0f4fd
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/CD2D87A57D1568A515128BE9DA8B3CAE7AC007A4/C6658C25AFB8A9D738F2BC591775D167549FFD3A differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust.TrustSignTest-Enc-01.20011206-20041206.SerNo0450[CertifiedKeypair].cer b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust.TrustSignTest-Enc-01.20011206-20041206.SerNo0450[CertifiedKeypair].cer
deleted file mode 100644
index 836ba3767..000000000
Binary files a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust.TrustSignTest-Enc-01.20011206-20041206.SerNo0450[CertifiedKeypair].cer and /dev/null differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust.a-sign-TEST-Premium-Enc-01.20021120-20051120.SerNo16f8[CertifiedKeypair].cer b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust.a-sign-TEST-Premium-Enc-01.20021120-20051120.SerNo16f8[CertifiedKeypair].cer
deleted file mode 100644
index fc5bd433b..000000000
Binary files a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust.a-sign-TEST-Premium-Enc-01.20021120-20051120.SerNo16f8[CertifiedKeypair].cer and /dev/null differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust.a-sign-TEST-Premium-Enc-01.20030903-20060903.SerNo4848[CertifiedKeypair].cer b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust.a-sign-TEST-Premium-Enc-01.20030903-20060903.SerNo4848[CertifiedKeypair].cer
deleted file mode 100644
index f3cf5e676..000000000
Binary files a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust.a-sign-TEST-Premium-Enc-01.20030903-20060903.SerNo4848[CertifiedKeypair].cer and /dev/null differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/EGIZ.MOA_Test_CA_-_Verschluesselung_Buerger.20070823-20131022.SerNo04.der b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/EGIZ.MOA_Test_CA_-_Verschluesselung_Buerger.20070823-20131022.SerNo04.der
deleted file mode 100644
index 5f83fa43c..000000000
Binary files a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/EGIZ.MOA_Test_CA_-_Verschluesselung_Buerger.20070823-20131022.SerNo04.der and /dev/null differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/EGIZ_Test_CA_-_Root.20070829-20180101.SerNo00.cer b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/EGIZ_Test_CA_-_Root.20070829-20180101.SerNo00.cer
new file mode 100644
index 000000000..ed5ba194c
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/EGIZ_Test_CA_-_Root.20070829-20180101.SerNo00.cer differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/EGIZ_Test_CA_-_Verschluesselung_Buerger_1.20070531-20130101.SerNo00.der b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/EGIZ_Test_CA_-_Verschluesselung_Buerger_1.20070531-20130101.SerNo00.der
deleted file mode 100644
index 73c194d07..000000000
Binary files a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/EGIZ_Test_CA_-_Verschluesselung_Buerger_1.20070531-20130101.SerNo00.der and /dev/null differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test-signerCerts/EGIZ_Administrator.20070829-20120829.SerNo00.cer b/spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test-signerCerts/EGIZ_Administrator.20070829-20120829.SerNo00.cer
new file mode 100644
index 000000000..694e6828b
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test-signerCerts/EGIZ_Administrator.20070829-20120829.SerNo00.cer differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test/EGIZ_Administrator.20070531-20130101.SerNo02.der b/spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test/EGIZ_Administrator.20070531-20130101.SerNo02.der
deleted file mode 100644
index 812a45c97..000000000
--- a/spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test/EGIZ_Administrator.20070531-20130101.SerNo02.der
+++ /dev/null
@@ -1,25 +0,0 @@
-MIIEmDCCA4CgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBqzELMAkGA1UEBhMCQVQx
-JjAkBgNVBAoTHUdSQVogVU5JVkVSU0lUWSBPRiBURUNITk9MT0dZMUgwRgYDVQQL
-Ez9JbnN0aXR1dGUgZm9yIEFwcGxpZWQgSW5mb3JtYXRpb24gUHJvY2Vzc2luZyBh
-bmQgQ29tbXVuaWNhdGlvbnMxKjAoBgNVBAMTIUVHSVogVGVzdCBDQSAtIFNpZ25h
-dHVyIEJ1ZXJnZXIgMTAeFw0wNzA1MzExNTE3MTdaFw0xMjEyMzEyMjU5NTlaMIGc
-MQswCQYDVQQGEwJBVDEmMCQGA1UEChMdR1JBWiBVTklWRVJTSVRZIE9GIFRFQ0hO
-T0xPR1kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJbmZvcm1hdGlv
-biBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEbMBkGA1UEAxMSRUdJWiBB
-ZG1pbmlzdHJhdG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6Pe
-ks12p+OFQibR9WaL8q6/rvVowT8oUCf112DTttlADhSG7jQchp7vC+IDHct3lNtZ
-AwqHE+mXXS3vNJEIZToGe6CJt05E8bE2ChFNveCrgTl+vD/Js5wSm92eCySNq2cw
-HMGRhBmoOeIWi0Ca4wrdD2iZpiKfqm9M+RCtmoAUaA1NEQKZARCxMih2KzisL3Gp
-j89w2qFJ6FO+9B4pLfXzpmbioadkzuAxItxGvBxDcJ5FIyXmtOXDxFzgrx8VK8NG
-BY1sukYQxR3IBHDhYEeT+3wU0J0OytSm6LHgRe6WoPskCkSSx/E7wXCrIVvjTw+b
-wP5OanGRtqSmeobEAQIDAQABo4HTMIHQMA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMB
-Af8EAjAAMB0GA1UdDgQWBBTzk6fcEo2PzMEiqik9eQ7fgbV8CzBwBgNVHSAEaTBn
-MGUGDCsGAQQBlRIBAgQBATBVMFMGCCsGAQUFBwICMEcaRVRoaXMgY2VydGlmaWNh
-dGUgb25seSBtYXkgYmUgdXNlZCBmb3IgZGVtb25zdHJhdGlvbiBhbmQgdGVzdCBw
-dXJwb3NlczAfBgNVHSMEGDAWgBQHYJe+t/1DOmd/QXQayS4d8SAkOzANBgkqhkiG
-9w0BAQUFAAOCAQEArvnc0ELBuhal5AcBco/57/6CY/K8ZqRmghuuhJNKAU5gwsqz
-HoJ7d1pliCtSwuj13VKUFj4GTxZFczyLnlQAbPjVuKrDw/K3euUmWbNVyxbNFuZD
-zeixlD1SAP/bf15fBHGTroIB2sSpVyOnvDGYIEdhafiIMunjDnigAs2F0w7CJvhb
-HtbMGJ7WlPDrxxmKxIovvQ8q0vNtiSA+Me2LFIXe3lpzMhEf9XxSQ3hWwFL7gWB6
-E28wF/0VDPvWK2KnXeOaZertamViFV4mxzCBNpmAiP2n021ppBMMdxTf0HDKKey3
-vDZsL+Xuu+wfNJd+GRWg+TYlpwiMb1Uq1jCJJQ==
\ No newline at end of file
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer b/spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer
new file mode 100644
index 000000000..277b6083a
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test/Test_Signaturdienst_Personenbindung.20030822-20060822.SerNo02.der b/spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test/Test_Signaturdienst_Personenbindung.20030822-20060822.SerNo02.der
deleted file mode 100644
index 347e7984c..000000000
--- a/spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test/Test_Signaturdienst_Personenbindung.20030822-20060822.SerNo02.der
+++ /dev/null
@@ -1,18 +0,0 @@
-MIIDNTCCAqKgAwIBAgIBAjAJBgUrDgMCHQUAMHUxCzAJBgNVBAYTAkFUMRkwFwYD
-VQQKExBCdW5kZXNrYW56bGVyYW10MSMwIQYDVQQLExpJS1QtU3RhYnNzdGVsbGUg
-ZGVzIEJ1bmRlczEmMCQGA1UEAxMdTU9BIFRlc3QgQ0EgLSBTaWduYXR1cmRpZW5z
-dGUwHhcNMDMwODIyMTQxNjU1WhcNMDYwODIyMTQxNjU1WjB7MQswCQYDVQQGEwJB
-VDEZMBcGA1UEChMQQnVuZGVza2FuemxlcmFtdDEjMCEGA1UECxMaSUtULVN0YWJz
-c3RlbGxlIGRlcyBCdW5kZXMxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg
-UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZc7fI
-2JnT/uJyI1QwW3vhO0Wg3yplZoJjE4mnTo06IEtbZpGOA6KmqhvNB6VpZzGsaXk2
-JGlibxeX2QcCENqxpM+W3g76KiSI1mQJAXksQF1sG4DmDBZc73RN1MvVZPXaOlrI
-wHP3e4OJfUyX42jESCxq2gw2CYAK1vQqP9vwpQIDAQABo4HWMIHTMAwGA1UdEwEB
-/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB
-MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg
-VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFG/KxiBrwgiTGvaQ4qnlNqZr
-ys9eMBQGByooAAoBAQEECQwHQktBLUlLVDAfBgNVHSMEGDAWgBRYApE8f1Giez5W
-W/e04zcT6yOYfDAJBgUrDgMCHQUAA4GBACUMi3FLhSlR6GCud44tlz3699yhlYia
-Rg4K8Tn2PumjaLKHeldvabu5fo3ZPQmVUEYg9JIlq1des0/MSQzB0J6D8cOISwA6
-UjO5P0Nf6z3+vJEEV91w7knsI7oq4TXMPppUO2ZNAfiYI+lfJWL4BA6eSJzXUkh1
-eoVONcI4929I
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust.TrustSignTest-Sig-01.20011206-20041206.SerNo0588[SecureSignatureKeypair].cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust.TrustSignTest-Sig-01.20011206-20041206.SerNo0588[SecureSignatureKeypair].cer
deleted file mode 100644
index 28cb48bb0..000000000
Binary files a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust.TrustSignTest-Sig-01.20011206-20041206.SerNo0588[SecureSignatureKeypair].cer and /dev/null differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust.a-sign-TEST-Premium-Sig-01.20021120-20051120.SerNo16f9[SecureSignatureKeypair].cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust.a-sign-TEST-Premium-Sig-01.20021120-20051120.SerNo16f9[SecureSignatureKeypair].cer
deleted file mode 100644
index 28fbdf42f..000000000
Binary files a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust.a-sign-TEST-Premium-Sig-01.20021120-20051120.SerNo16f9[SecureSignatureKeypair].cer and /dev/null differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust.a-sign-TEST-Premium-Sig-01.20030903-20060903.SerNo484a[SecureSignatureKeypair].cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust.a-sign-TEST-Premium-Sig-01.20030903-20060903.SerNo484a[SecureSignatureKeypair].cer
deleted file mode 100644
index c9da41583..000000000
Binary files a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust.a-sign-TEST-Premium-Sig-01.20030903-20060903.SerNo484a[SecureSignatureKeypair].cer and /dev/null differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/EGIZ.MOA_Test_CA_-_Signatur_Buerger.20070823-20131022.SerNo03.der b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/EGIZ.MOA_Test_CA_-_Signatur_Buerger.20070823-20131022.SerNo03.der
deleted file mode 100644
index f4de446af..000000000
Binary files a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/EGIZ.MOA_Test_CA_-_Signatur_Buerger.20070823-20131022.SerNo03.der and /dev/null differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/EGIZ_Test_CA_-_Root.20070829-20180101.SerNo00.cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/EGIZ_Test_CA_-_Root.20070829-20180101.SerNo00.cer
new file mode 100644
index 000000000..ed5ba194c
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/EGIZ_Test_CA_-_Root.20070829-20180101.SerNo00.cer differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/EGIZ_Test_CA_-_Signatur_Buerger_1.20070531-20130101.SerNo01.der b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/EGIZ_Test_CA_-_Signatur_Buerger_1.20070531-20130101.SerNo01.der
deleted file mode 100644
index a344532fb..000000000
Binary files a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/EGIZ_Test_CA_-_Signatur_Buerger_1.20070531-20130101.SerNo01.der and /dev/null differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/test/MOA_Test_CA.20070823-20131022.Serno01.cer b/spss/handbook/conf/moa-spss/trustProfiles/test/MOA_Test_CA.20070823-20131022.Serno01.cer
new file mode 100644
index 000000000..05a8b86f9
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/test/MOA_Test_CA.20070823-20131022.Serno01.cer differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/test/signaturdienst.der b/spss/handbook/conf/moa-spss/trustProfiles/test/signaturdienst.der
deleted file mode 100644
index 05a8b86f9..000000000
Binary files a/spss/handbook/conf/moa-spss/trustProfiles/test/signaturdienst.der and /dev/null differ
-- 
cgit v1.2.3


From 83f01ddf24d98dbb5df41fb627a14edee2d57df7 Mon Sep 17 00:00:00 2001
From: pdanner <pdanner@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Wed, 17 Oct 2007 16:18:44 +0000
Subject: Implemented and integrated party representation and integrated
 mandates as per default available Now Eclipse projects are available. The Web
 Tools Platform can be used to run the web applications

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1014 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 common/.classpath                                  |   9 +
 common/.project                                    |  23 +
 common/.settings/org.eclipse.jdt.core.prefs        |   5 +
 common/pom.xml                                     |   4 +-
 .../java/at/gv/egovernment/moa/util/Constants.java |   7 +-
 .../at/gv/egovernment/moa/util/StringUtils.java    |   6 +-
 .../schemas/MOA-ID-Configuration-1.4.2.xsd         | 506 ++++++++++++++
 id/oa/.classpath                                   |   4 +
 id/oa/.project                                     |  14 +
 id/pom.xml                                         |   4 +-
 id/server/auth/.classpath                          |   7 +
 id/server/auth/.project                            |  44 ++
 .../auth/.settings/org.eclipse.jdt.core.prefs      |   7 +
 .../.settings/org.eclipse.wst.common.component     |  16 +
 .../org.eclipse.wst.common.project.facet.core.xml  |   5 +
 id/server/auth/pom.xml                             |  12 +-
 .../main/resources/resources/wsdl/MOA-ID-1.0.wsdl  |  40 --
 .../main/resources/resources/wsdl/MOA-ID-1.x.wsdl  |  40 --
 .../main/resources/resources/wsdl/MOA-SPSS-1.2.xsd | 454 -------------
 .../auth/src/main/webapp/META-INF/MANIFEST.MF      |   2 +
 id/server/auth/src/main/webapp/WEB-INF/web.xml     |  18 +-
 id/server/auth/src/main/webapp/css/mandates.css    |  57 ++
 id/server/auth/src/main/webapp/css/styles.css      | 741 +++++++++++++++++++++
 .../auth/src/main/webapp/css/styles_opera.css      |  11 +
 .../auth/src/main/webapp/img/egov_schrift.gif      | Bin 0 -> 1843 bytes
 id/server/auth/src/main/webapp/img/info.gif        | Bin 0 -> 892 bytes
 id/server/auth/src/main/webapp/img/rufezeichen.gif | Bin 0 -> 844 bytes
 id/server/auth/src/main/webapp/img/stern.gif       | Bin 0 -> 856 bytes
 id/server/auth/src/main/webapp/javascript/fa.js    |   8 +
 .../auth/src/main/webapp/javascript/formallg.js    | 315 +++++++++
 id/server/auth/src/main/wsdl/MOA-ID-1.0.wsdl       |  40 ++
 id/server/auth/src/main/wsdl/MOA-ID-1.x.wsdl       |  40 ++
 id/server/auth/src/main/wsdl/MOA-SPSS-1.2.xsd      | 454 +++++++++++++
 id/server/component-idlibs.xml                     |  39 ++
 .../conf/moa-id/SampleMOAIDConfiguration.xml       | 241 ++++---
 .../conf/moa-id/SampleMOAIDConfigurationProxy.xml  | 283 ++++----
 .../SampleMOAIDConfiguration_withTestBKs.xml       | 251 ++++---
 .../SampleMOAIDConfiguration_withTestBKsProxy.xml  | 293 ++++----
 .../conf/moa-id/SampleMOAWIDConfiguration.xml      | 262 +++++---
 .../conf/moa-id/SampleMOAWIDConfigurationProxy.xml | 305 +++++----
 .../SampleMOAWIDConfiguration_withTestBKs.xml      | 264 +++++---
 .../SampleMOAWIDConfiguration_withTestBKsProxy.xml | 303 +++++----
 .../moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt  |   7 +-
 .../ParepInputProcessorSignTemplate.html           |  61 ++
 .../SampleInputProcessorSignTemplate.html          |  39 ++
 .../moa-id/transforms/TransformsInfoAuthBlock.xml  |  98 ++-
 .../transforms/TransformsInfoAuthBlockText.xml     |  66 +-
 .../TransformsInfoAuthBlockText_deprecated.xml     |  61 +-
 .../TransformsInfoAuthBlock_deprecated.xml         |  88 ++-
 .../moa-spss/profiles/MOAIDTransformAuthBlock.xml  |  98 ++-
 .../profiles/MOAIDTransformAuthBlockText.xml       |  66 +-
 .../MOAIDTransformAuthBlockText_deprecated.xml     |  61 +-
 .../MOAIDTransformAuthBlock_deprecated.xml         |  88 ++-
 ...m-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer | Bin 0 -> 1028 bytes
 ...TEST-Qual-01a.20041117-20141117.SerNo00da88.cer | Bin 0 -> 991 bytes
 ...EST-nQual-01a.20041117-20080630.SerNo00da8b.cer | Bin 0 -> 995 bytes
 id/server/data/deploy/tomcat/server.mod_jk.xml     | 162 -----
 id/server/data/deploy/tomcat/server.xml            | 171 -----
 .../deploy/tomcat/tomcat-4.1.x/server.mod_jk.xml   | 162 +++++
 .../data/deploy/tomcat/tomcat-4.1.x/server.xml     | 171 +++++
 .../deploy/tomcat/tomcat-5.0.x/server.mod_jk.xml   | 386 +++++++++++
 .../data/deploy/tomcat/tomcat-5.0.x/server.xml     | 388 +++++++++++
 id/server/doc/MOA-ID-Configuration-1.4.2.xsd       | 506 ++++++++++++++
 id/server/doc/MOA-Testzertifikate.vsd              | Bin 0 -> 316416 bytes
 id/server/doc/moa_id/id-admin_1.htm                |   4 +-
 id/server/idserverlib/.classpath                   |   9 +
 id/server/idserverlib/.project                     |  36 +
 id/server/idserverlib/pom.xml                      | 364 +++++-----
 .../idserverlib/src/main/java/META-INF/MANIFEST.MF |   3 +
 .../moa/id/auth/AuthenticationServer.java          | 435 +++++++++---
 .../moa/id/auth/MOAIDAuthConstants.java            |  12 +-
 .../AuthenticationDataAssertionBuilder.java        |   1 +
 .../moa/id/auth/builder/BPKBuilder.java            |  32 +-
 .../builder/GetVerifyAuthBlockFormBuilder.java     |  86 +++
 .../builder/InfoboxValidatorParamsBuilder.java     |  10 +-
 .../moa/id/auth/data/AuthenticationSession.java    | 199 +++++-
 .../moa/id/auth/data/InfoboxValidatorParams.java   |   8 +
 .../id/auth/data/InfoboxValidatorParamsImpl.java   |  21 +
 .../auth/servlet/ProcessValidatorInputServlet.java | 175 +++++
 .../moa/id/auth/servlet/SelectBKUServlet.java      |  10 +-
 .../auth/servlet/StartAuthenticationServlet.java   |  10 +-
 .../servlet/VerifyAuthenticationBlockServlet.java  |  26 +-
 .../id/auth/servlet/VerifyIdentityLinkServlet.java |  25 +-
 .../CreateXMLSignatureResponseValidator.java       |   2 +-
 .../moa/id/auth/validator/InfoboxValidator.java    |  52 +-
 .../auth/validator/parep/ParepInputProcessor.java  |  68 ++
 .../validator/parep/ParepInputProcessorImpl.java   | 298 +++++++++
 .../moa/id/auth/validator/parep/ParepUtils.java    | 708 ++++++++++++++++++++
 .../id/auth/validator/parep/ParepValidator.java    | 576 ++++++++++++++++
 .../auth/validator/parep/PartyRepresentative.java  | 159 +++++
 .../parep/client/szrgw/CreateMandateRequest.java   | 235 +++++++
 .../parep/client/szrgw/CreateMandateResponse.java  | 130 ++++
 .../parep/client/szrgw/SOAPConstants.java          |  23 +
 .../validator/parep/client/szrgw/SZRGWClient.java  | 144 ++++
 .../parep/client/szrgw/SZRGWClientException.java   |  37 +
 .../parep/client/szrgw/SZRGWConstants.java         |  51 ++
 .../client/szrgw/SZRGWSecureSocketFactory.java     |  94 +++
 .../validator/parep/config/ParepConfiguration.java | 411 ++++++++++++
 .../moa/id/config/ConfigurationBuilder.java        |   8 +-
 .../moa/id/config/auth/OAAuthParameter.java        |  24 +
 .../gv/egovernment/moa/id/util/ServletUtils.java   |  63 ++
 .../resources/properties/id_messages_de.properties |   7 +
 .../resources/templates/ParepMinTemplate.html      | 134 ++++
 .../resources/templates/ParepTemplate.html         | 171 +++++
 id/server/pom.xml                                  |   4 +-
 id/server/proxy/.classpath                         |   4 +
 id/server/proxy/.project                           |  14 +
 .../proxy/.settings/org.eclipse.jdt.core.prefs     |   5 +
 id/server/proxy/pom.xml                            |   4 +-
 id/templates/.classpath                            |   4 +
 id/templates/.project                              |  14 +
 id/templates/.settings/org.eclipse.jdt.core.prefs  |   5 +
 id/templates/pom.xml                               |   4 +-
 .../webapp/SampleInputProcessorSignTemplate.html   |  45 ++
 id/templates/src/main/webapp/SampleTemplate.html   |  39 +-
 pom.xml                                            |  15 +-
 .../mandate-validate/1.0/mandate-validate-1.0.jar  | Bin 0 -> 24256 bytes
 .../1.0/mandate-validate-1.0.jar.md5               |   1 +
 .../1.0/mandate-validate-1.0.jar.sha1              |   1 +
 .../mandate-validate/1.0/mandate-validate-1.0.pom  |   7 +
 .../1.0/mandate-validate-1.0.pom.md5               |   1 +
 .../1.0/mandate-validate-1.0.pom.sha1              |   1 +
 spss/handbook/.settings/org.eclipse.jdt.core.prefs |   5 +
 spss/handbook/clients/api/.classpath               |   6 +
 spss/handbook/clients/api/.project                 |  23 +
 spss/handbook/clients/referencedData/.classpath    |   6 +
 spss/handbook/clients/referencedData/.project      |  23 +
 spss/handbook/clients/webservice/.classpath        |   7 +
 spss/handbook/clients/webservice/.project          |  23 +
 .../.settings/org.eclipse.jdt.core.prefs           |   5 +
 .../CreateXMLSignatureRequest.Simple.response.xml  |  24 +
 ...ateXMLSignatureRequest.Supplements.response.xml |   2 +
 .../08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9       | Bin 0 -> 991 bytes
 .../BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330       | Bin 0 -> 995 bytes
 .../069519EC949AC6B91D4C33A3F3665441F0220D20       | Bin 0 -> 1313 bytes
 .../2F5EBA5055E9F7444852ADCEEB769E5DE157A03D       | Bin 0 -> 1352 bytes
 .../A149EE01A250491C07D5A279D3B58A646288DA22       | Bin 0 -> 1185 bytes
 .../AD8ECBB67B9DC59406F92A296A38192297A4F169       | Bin 0 -> 1191 bytes
 .../7AC3EFA52DE27A930EC8754DB5E061476948E914       | Bin 0 -> 1028 bytes
 ...EST-nQual-01a.20041117-20080630.SerNo00da8b.cer | Bin 0 -> 995 bytes
 ...TEST-Qual-01a.20041117-20141117.SerNo00da88.cer | Bin 0 -> 991 bytes
 spss/pom.xml                                       |   2 +-
 spss/server/history.txt                            |   2 +-
 spss/server/serverlib/.classpath                   |   9 +
 spss/server/serverlib/.project                     |  36 +
 .../serverlib/.settings/org.eclipse.jdt.core.prefs |   7 +
 .../.settings/org.eclipse.wst.common.component     |   8 +
 .../org.eclipse.wst.common.project.facet.core.xml  |   7 +
 spss/server/serverlib/pom.xml                      |   2 +-
 .../serverlib/src/main/java/META-INF/MANIFEST.MF   |   3 +
 spss/server/serverws/.classpath                    |   8 +
 spss/server/serverws/.project                      |  36 +
 .../serverws/.settings/org.eclipse.jdt.core.prefs  |   7 +
 .../.settings/org.eclipse.wst.common.component     |   8 +
 .../org.eclipse.wst.common.project.facet.core.xml  |   5 +
 .../serverws/WebContent/META-INF/MANIFEST.MF       |   3 +
 spss/server/serverws/WebContent/WEB-INF/web.xml    |  13 +
 spss/server/serverws/pom.xml                       |   2 +-
 spss/server/tools/.classpath                       |   8 +
 spss/server/tools/.project                         |  23 +
 .../tools/.settings/org.eclipse.jdt.core.prefs     |   5 +
 161 files changed, 10917 insertions(+), 2243 deletions(-)
 create mode 100644 common/.classpath
 create mode 100644 common/.project
 create mode 100644 common/.settings/org.eclipse.jdt.core.prefs
 create mode 100644 common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.2.xsd
 create mode 100644 id/oa/.classpath
 create mode 100644 id/oa/.project
 create mode 100644 id/server/auth/.classpath
 create mode 100644 id/server/auth/.project
 create mode 100644 id/server/auth/.settings/org.eclipse.jdt.core.prefs
 create mode 100644 id/server/auth/.settings/org.eclipse.wst.common.component
 create mode 100644 id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml
 delete mode 100644 id/server/auth/src/main/resources/resources/wsdl/MOA-ID-1.0.wsdl
 delete mode 100644 id/server/auth/src/main/resources/resources/wsdl/MOA-ID-1.x.wsdl
 delete mode 100644 id/server/auth/src/main/resources/resources/wsdl/MOA-SPSS-1.2.xsd
 create mode 100644 id/server/auth/src/main/webapp/META-INF/MANIFEST.MF
 create mode 100644 id/server/auth/src/main/webapp/css/mandates.css
 create mode 100644 id/server/auth/src/main/webapp/css/styles.css
 create mode 100644 id/server/auth/src/main/webapp/css/styles_opera.css
 create mode 100644 id/server/auth/src/main/webapp/img/egov_schrift.gif
 create mode 100644 id/server/auth/src/main/webapp/img/info.gif
 create mode 100644 id/server/auth/src/main/webapp/img/rufezeichen.gif
 create mode 100644 id/server/auth/src/main/webapp/img/stern.gif
 create mode 100644 id/server/auth/src/main/webapp/javascript/fa.js
 create mode 100644 id/server/auth/src/main/webapp/javascript/formallg.js
 create mode 100644 id/server/auth/src/main/wsdl/MOA-ID-1.0.wsdl
 create mode 100644 id/server/auth/src/main/wsdl/MOA-ID-1.x.wsdl
 create mode 100644 id/server/auth/src/main/wsdl/MOA-SPSS-1.2.xsd
 create mode 100644 id/server/component-idlibs.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/ParepInputProcessorSignTemplate.html
 create mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/SampleInputProcessorSignTemplate.html
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer
 delete mode 100644 id/server/data/deploy/tomcat/server.mod_jk.xml
 delete mode 100644 id/server/data/deploy/tomcat/server.xml
 create mode 100644 id/server/data/deploy/tomcat/tomcat-4.1.x/server.mod_jk.xml
 create mode 100644 id/server/data/deploy/tomcat/tomcat-4.1.x/server.xml
 create mode 100644 id/server/data/deploy/tomcat/tomcat-5.0.x/server.mod_jk.xml
 create mode 100644 id/server/data/deploy/tomcat/tomcat-5.0.x/server.xml
 create mode 100644 id/server/doc/MOA-ID-Configuration-1.4.2.xsd
 create mode 100644 id/server/doc/MOA-Testzertifikate.vsd
 create mode 100644 id/server/idserverlib/.classpath
 create mode 100644 id/server/idserverlib/.project
 create mode 100644 id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
 create mode 100644 id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html
 create mode 100644 id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html
 create mode 100644 id/server/proxy/.classpath
 create mode 100644 id/server/proxy/.project
 create mode 100644 id/server/proxy/.settings/org.eclipse.jdt.core.prefs
 create mode 100644 id/templates/.classpath
 create mode 100644 id/templates/.project
 create mode 100644 id/templates/.settings/org.eclipse.jdt.core.prefs
 create mode 100644 id/templates/src/main/webapp/SampleInputProcessorSignTemplate.html
 create mode 100644 repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar
 create mode 100644 repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.md5
 create mode 100644 repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.sha1
 create mode 100644 repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom
 create mode 100644 repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.md5
 create mode 100644 repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.sha1
 create mode 100644 spss/handbook/.settings/org.eclipse.jdt.core.prefs
 create mode 100644 spss/handbook/clients/api/.classpath
 create mode 100644 spss/handbook/clients/api/.project
 create mode 100644 spss/handbook/clients/referencedData/.classpath
 create mode 100644 spss/handbook/clients/referencedData/.project
 create mode 100644 spss/handbook/clients/webservice/.classpath
 create mode 100644 spss/handbook/clients/webservice/.project
 create mode 100644 spss/handbook/clients/webservice/.settings/org.eclipse.jdt.core.prefs
 create mode 100644 spss/handbook/clients/webservice/resources/requests/CreateXMLSignatureRequest.Simple.response.xml
 create mode 100644 spss/handbook/clients/webservice/resources/requests/CreateXMLSignatureRequest.Supplements.response.xml
 create mode 100644 spss/handbook/conf/moa-spss/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9
 create mode 100644 spss/handbook/conf/moa-spss/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330
 create mode 100644 spss/handbook/conf/moa-spss/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/069519EC949AC6B91D4C33A3F3665441F0220D20
 create mode 100644 spss/handbook/conf/moa-spss/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/2F5EBA5055E9F7444852ADCEEB769E5DE157A03D
 create mode 100644 spss/handbook/conf/moa-spss/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/A149EE01A250491C07D5A279D3B58A646288DA22
 create mode 100644 spss/handbook/conf/moa-spss/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/AD8ECBB67B9DC59406F92A296A38192297A4F169
 create mode 100644 spss/handbook/conf/moa-spss/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer
 create mode 100644 spss/server/serverlib/.classpath
 create mode 100644 spss/server/serverlib/.project
 create mode 100644 spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs
 create mode 100644 spss/server/serverlib/.settings/org.eclipse.wst.common.component
 create mode 100644 spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml
 create mode 100644 spss/server/serverlib/src/main/java/META-INF/MANIFEST.MF
 create mode 100644 spss/server/serverws/.classpath
 create mode 100644 spss/server/serverws/.project
 create mode 100644 spss/server/serverws/.settings/org.eclipse.jdt.core.prefs
 create mode 100644 spss/server/serverws/.settings/org.eclipse.wst.common.component
 create mode 100644 spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml
 create mode 100644 spss/server/serverws/WebContent/META-INF/MANIFEST.MF
 create mode 100644 spss/server/serverws/WebContent/WEB-INF/web.xml
 create mode 100644 spss/server/tools/.classpath
 create mode 100644 spss/server/tools/.project
 create mode 100644 spss/server/tools/.settings/org.eclipse.jdt.core.prefs

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/common/.classpath b/common/.classpath
new file mode 100644
index 000000000..01edb156d
--- /dev/null
+++ b/common/.classpath
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" path="src/main/java"/>
+	<classpathentry kind="src" path="src/test/java"/>
+	<classpathentry excluding="**" kind="src" output="src/main/resources" path="src/main/resources"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/common/.project b/common/.project
new file mode 100644
index 000000000..d8e7fc611
--- /dev/null
+++ b/common/.project
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>moa-common</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.maven.ide.eclipse.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>org.maven.ide.eclipse.maven2Nature</nature>
+	</natures>
+</projectDescription>
diff --git a/common/.settings/org.eclipse.jdt.core.prefs b/common/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 000000000..99f54a8bf
--- /dev/null
+++ b/common/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,5 @@
+#Wed Sep 12 10:16:21 CEST 2007
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
+org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.source=1.4
diff --git a/common/pom.xml b/common/pom.xml
index e8110385a..850613e97 100644
--- a/common/pom.xml
+++ b/common/pom.xml
@@ -2,12 +2,12 @@
   <parent>
     <groupId>MOA</groupId>
     <artifactId>MOA</artifactId>
-    <version>1.4.2beta1</version>
+    <version>1.4.2beta2</version>
   </parent>
   <modelVersion>4.0.0</modelVersion>
   <groupId>MOA</groupId>
   <artifactId>moa-common</artifactId>
-  <version>1.4.2beta1</version>
+  <version>1.4.2beta2</version>
   <packaging>jar</packaging>
   <name>MOA common library</name>
 
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
index 5c1314296..d1edbc38d 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -23,13 +23,16 @@ public interface Constants {
   public static final String STB_NS_URI =
     "http://reference.e-government.gv.at/namespace/standardtextblock/20041105#";
 
-  /** Prefix used for the Mandate XML namespace */
+  /** Prefix used for the standard text block XML namespace */
   public static final String STB_PREFIX = "stb";
 
   /** URI of the MOA XML namespace. */
   public static final String MOA_NS_URI =
     "http://reference.e-government.gv.at/namespace/moa/20020822#";
 
+  /** Name of the mandates infobox */
+  public static final String INFOBOXIDENTIFIER_MANDATES = "Mandates";
+
   /** Prefix used for the Mandate XML namespace */
   public static final String MD_PREFIX = "md";
 
@@ -78,7 +81,7 @@ public interface Constants {
 
   /** Local location of the MOA ID configuration XML schema definition. */
   public static final String MOA_ID_CONFIG_SCHEMA_LOCATION =
-    SCHEMA_ROOT + "MOA-ID-Configuration-1.4.xsd";
+    SCHEMA_ROOT + "MOA-ID-Configuration-1.4.2.xsd";
 
   /** URI of the Security Layer 1.0 namespace. */
   public static final String SL10_NS_URI =
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/StringUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/StringUtils.java
index 61b1a18ea..82c10d90f 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/StringUtils.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/StringUtils.java
@@ -87,11 +87,11 @@ public class StringUtils {
    * Replaces each substring of string <code>s</code> that matches the given
    * <code>search</code> string by the given <code>replace</code> string.
    * 
-   * @param s         The string where the replacment should take place.
+   * @param s         The string where the replacement should take place.
    * @param search    The pattern that should be replaced.
    * @param replace   The string that should replace all each <code>search</code>
    *                  string within <code>s</code>.
-   * @return          A string whrer all occurrence of <code>search</code> are
+   * @return          A string where all occurrence of <code>search</code> are
    *                  replaced with <code>replace</code>.
    */
   public static String replaceAll (String s, String search, String replace)
@@ -153,7 +153,7 @@ public class StringUtils {
    * @return XML expression, XML declaration removed
    */
   public static String removeXMLDeclaration(String xmlString) {
-    if (xmlString.startsWith("<?xml")) {
+    if (xmlString!=null && xmlString.startsWith("<?xml")) {
       int firstElement = xmlString.indexOf("<", 1);
       return xmlString.substring(firstElement);
     } else {
diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.2.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.2.xsd
new file mode 100644
index 000000000..5a87e3fde
--- /dev/null
+++ b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.2.xsd
@@ -0,0 +1,506 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->
+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1">
+  <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+  <xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
+  <xsd:element name="Configuration">
+    <xsd:complexType>
+      <xsd:sequence>
+        <xsd:element name="LoginType" type="LoginType" default="stateful"/>
+        <xsd:element name="Binding" minOccurs="0">
+          <xsd:simpleType>
+            <xsd:restriction base="xsd:string">
+              <xsd:enumeration value="full"/>
+              <xsd:enumeration value="userName"/>
+              <xsd:enumeration value="none"/>
+            </xsd:restriction>
+          </xsd:simpleType>
+        </xsd:element>
+        <xsd:choice>
+          <xsd:element ref="ParamAuth"/>
+          <xsd:element ref="BasicAuth"/>
+          <xsd:element ref="HeaderAuth"/>
+        </xsd:choice>
+      </xsd:sequence>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:simpleType name="LoginType">
+    <xsd:restriction base="xsd:token">
+      <xsd:enumeration value="stateless"/>
+      <xsd:enumeration value="stateful"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+  <xsd:element name="ParamAuth">
+    <xsd:complexType>
+      <xsd:sequence>
+        <xsd:element ref="Parameter" maxOccurs="unbounded"/>
+      </xsd:sequence>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:element name="Parameter">
+    <xsd:complexType>
+      <xsd:attribute name="Name" type="xsd:token" use="required"/>
+      <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:element name="BasicAuth">
+    <xsd:complexType>
+      <xsd:sequence>
+        <xsd:element name="UserID" type="MOAAuthDataType"/>
+        <xsd:element name="Password" type="MOAAuthDataType"/>
+      </xsd:sequence>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:element name="HeaderAuth">
+    <xsd:complexType>
+      <xsd:sequence>
+        <xsd:element ref="Header" maxOccurs="unbounded"/>
+      </xsd:sequence>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:element name="Header">
+    <xsd:complexType>
+      <xsd:attribute name="Name" type="xsd:token" use="required"/>
+      <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:simpleType name="MOAAuthDataType">
+    <xsd:restriction base="xsd:token">
+      <xsd:enumeration value="MOAGivenName"/>
+      <xsd:enumeration value="MOAFamilyName"/>
+      <xsd:enumeration value="MOADateOfBirth"/>
+      <xsd:enumeration value="MOABPK"/>
+      <xsd:enumeration value="MOAWBPK"/>
+      <xsd:enumeration value="MOAPublicAuthority"/>
+      <xsd:enumeration value="MOABKZ"/>
+      <xsd:enumeration value="MOAQualifiedCertificate"/>
+      <xsd:enumeration value="MOAStammzahl"/>
+      <xsd:enumeration value="MOAIdentificationValueType"/>
+      <xsd:enumeration value="MOAIPAddress"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+  <xsd:simpleType name="MOAKeyBoxSelector">
+    <xsd:restriction base="xsd:token">
+      <xsd:enumeration value="SecureSignatureKeypair"/>
+      <xsd:enumeration value="CertifiedKeypair"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+  <!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
+  <xsd:element name="MOA-IDConfiguration">
+    <xsd:complexType>
+      <xsd:sequence>
+        <xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+          <xsd:annotation>
+            <xsd:documentation>enthält Parameter der 
+							Authentisierungs-Komponente</xsd:documentation>
+          </xsd:annotation>
+        </xsd:element>
+        <xsd:element name="ProxyComponent" minOccurs="0">
+          <xsd:annotation>
+            <xsd:documentation>enthält Konfigurationsparameter der 
+							Proxy-Komponente</xsd:documentation>
+          </xsd:annotation>
+          <xsd:complexType>
+            <xsd:sequence>
+              <xsd:element name="AuthComponent">
+                <xsd:annotation>
+                  <xsd:documentation>enthält Parameter für die Kommunikation zw. 
+										Proxykomponente und Authenttisierungskomponente</xsd:documentation>
+                </xsd:annotation>
+                <xsd:complexType>
+                  <xsd:sequence>
+                    <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+                      <xsd:annotation>
+                        <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der 
+													Proxy-Komponente zur Auth-Komponente (vgl. 
+													AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
+                      </xsd:annotation>
+                    </xsd:element>
+                  </xsd:sequence>
+                </xsd:complexType>
+              </xsd:element>
+            </xsd:sequence>
+          </xsd:complexType>
+        </xsd:element>
+        <xsd:element name="OnlineApplication" maxOccurs="unbounded">
+          <xsd:annotation>
+            <xsd:documentation>enthält Parameter für die OA</xsd:documentation>
+          </xsd:annotation>
+          <xsd:complexType>
+            <xsd:complexContent>
+              <xsd:extension base="OnlineApplicationType">
+                <xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
+                <xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
+                <xsd:attribute name="type" use="optional" default="publicService">
+                  <xsd:simpleType>
+                    <xsd:restriction base="xsd:NMTOKEN">
+                      <xsd:enumeration value="businessService"/>
+                      <xsd:enumeration value="publicService"/>
+                    </xsd:restriction>
+                  </xsd:simpleType>
+                </xsd:attribute>
+                <xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
+              </xsd:extension>
+            </xsd:complexContent>
+          </xsd:complexType>
+        </xsd:element>
+        <xsd:element name="ChainingModes" minOccurs="0">
+          <xsd:annotation>
+            <xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die 
+							Zertifikatspfadvalidierung</xsd:documentation>
+          </xsd:annotation>
+          <xsd:complexType>
+            <xsd:sequence minOccurs="0" maxOccurs="unbounded">
+              <xsd:element name="TrustAnchor">
+                <xsd:annotation>
+                  <xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann 
+										für jeden TrustAnchor gesetzt werden</xsd:documentation>
+                </xsd:annotation>
+                <xsd:complexType>
+                  <xsd:complexContent>
+                    <xsd:extension base="dsig:X509IssuerSerialType">
+                      <xsd:attribute name="mode" type="ChainingModeType" use="required"/>
+                    </xsd:extension>
+                  </xsd:complexContent>
+                </xsd:complexType>
+              </xsd:element>
+            </xsd:sequence>
+            <xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
+          </xsd:complexType>
+        </xsd:element>
+        <xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
+          <xsd:annotation>
+            <xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA 
+							(Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
+          </xsd:annotation>
+        </xsd:element>
+        <xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
+          <xsd:complexType>
+            <xsd:attribute name="name" use="required">
+              <xsd:simpleType>
+                <xsd:restriction base="xsd:string">
+                  <xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
+                  <xsd:enumeration value="AuthenticationSession.TimeOut"/>
+                  <xsd:enumeration value="AuthenticationData.TimeOut"/>
+                  <xsd:enumeration value="TrustManager.RevocationChecking"/>
+                  <xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
+                  <xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
+                </xsd:restriction>
+              </xsd:simpleType>
+            </xsd:attribute>
+            <xsd:attribute name="value" type="xsd:string" use="required"/>
+          </xsd:complexType>
+        </xsd:element>
+      </xsd:sequence>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:complexType name="AuthComponentType">
+    <xsd:sequence>
+      <xsd:element name="BKUSelection" minOccurs="0">
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
+          </xsd:sequence>
+          <xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+      <xsd:element name="SecurityLayer">
+        <xsd:annotation>
+          <xsd:documentation>enthält Parameter für die Kommunikation mit dem 
+						Security-Layer</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
+          </xsd:sequence>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="MOA-SP">
+        <xsd:annotation>
+          <xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA 
+						SP Modul</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+              <xsd:annotation>
+                <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der 
+									AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; 
+									wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; 
+									wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben 
+									werden; wird das Element nicht verwendet dann wird MOA-SP über das API 
+									aufgerufen</xsd:documentation>
+              </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="VerifyIdentityLink">
+              <xsd:annotation>
+                <xsd:documentation>enthält Parameter für die Überprüfung der 
+									Personenbindung</xsd:documentation>
+              </xsd:annotation>
+              <xsd:complexType>
+                <xsd:sequence>
+                  <xsd:element ref="TrustProfileID"/>
+                </xsd:sequence>
+              </xsd:complexType>
+            </xsd:element>
+            <xsd:element name="VerifyAuthBlock">
+              <xsd:annotation>
+                <xsd:documentation>enthält Parameter für die Überprüfung des 
+									AUTH-Blocks</xsd:documentation>
+              </xsd:annotation>
+              <xsd:complexType>
+                <xsd:sequence>
+                  <xsd:element ref="TrustProfileID"/>
+                  <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
+                </xsd:sequence>
+              </xsd:complexType>
+            </xsd:element>
+          </xsd:sequence>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="IdentityLinkSigners" minOccurs="0">
+        <xsd:annotation>
+          <xsd:documentation>enthält Informationen über akzeptierte Signers des 
+						IdentityLinks</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
+              <xsd:annotation>
+                <xsd:documentation>akzeptierte Signer des IdentityLinks werden per 
+									X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
+              </xsd:annotation>
+            </xsd:element>
+          </xsd:sequence>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
+        <xsd:annotation>
+          <xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
+        </xsd:annotation>
+      </xsd:element>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="TransformsInfoType">
+    <xsd:annotation>
+      <xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem 
+				Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo 
+				werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks 
+				inkludiert</xsd:documentation>
+    </xsd:annotation>
+    <xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
+  </xsd:complexType>
+  <xsd:complexType name="TemplatesType">
+    <xsd:sequence>
+      <xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
+      <xsd:element name="Template" type="TemplateType" minOccurs="0"/>
+      <xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="TemplateType">
+    <xsd:annotation>
+      <xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
+    </xsd:annotation>
+    <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+  </xsd:complexType>
+  <xsd:complexType name="VerifyInfoboxesType">
+    <xsd:annotation>
+      <xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
+    </xsd:annotation>
+    <xsd:sequence>
+      <xsd:element name="DefaultTrustProfile" minOccurs="0">
+        <xsd:annotation>
+          <xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:element ref="TrustProfileID"/>
+          </xsd:sequence>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="Infobox" maxOccurs="unbounded">
+        <xsd:annotation>
+          <xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
+              <xsd:annotation>
+                <xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll;
+								z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird
+								das Identifier-Attribut verwendet</xsd:documentation>
+              </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
+              <xsd:annotation>
+                <xsd:documentation>TrustProfil, das für die Überprüfung der Infobox
+								verwendet werden soll</xsd:documentation>
+              </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
+              <xsd:annotation>
+                <xsd:documentation>Validatorklasse, die für die Prüfung der Infobox
+								verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname
+								vom Default Package- und Klassennamen abweichen</xsd:documentation>
+              </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
+            <xsd:element name="ApplicationSpecificParameters" minOccurs="0">
+              <xsd:annotation>
+                <xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation
+									 übergeben werden</xsd:documentation>
+              </xsd:annotation>
+              <xsd:complexType>
+                <xsd:sequence>
+                  <xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
+                </xsd:sequence>
+              </xsd:complexType>
+            </xsd:element>
+          </xsd:sequence>
+          <xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+          <xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
+          <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+          <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+        </xsd:complexType>
+      </xsd:element>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="SchemaLocationType">
+    <xsd:annotation>
+      <xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
+    </xsd:annotation>
+    <xsd:sequence>
+      <xsd:element name="Schema" maxOccurs="unbounded">
+        <xsd:complexType>
+          <xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
+          <xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
+        </xsd:complexType>
+      </xsd:element>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="ProxyComponentType"/>
+  <xsd:complexType name="OnlineApplicationType">
+    <xsd:sequence>
+      <xsd:element name="AuthComponent" minOccurs="0">
+        <xsd:annotation>
+          <xsd:documentation>enthält Parameter über die OA, die die 
+						Authentisierungs-Komponente betreffen</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexType>
+          <xsd:sequence>
+            <!--xsd:element name="IdentificationNumber" minOccurs="0">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="pr:AbstractSimpleIdentification"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element-->
+            <xsd:element name="IdentificationNumber" minOccurs="0">
+              <xsd:complexType>
+                <xsd:choice>
+                  <xsd:element ref="pr:Firmenbuchnummer"/>
+                  <xsd:element ref="pr:ZMRzahl"/>
+                  <xsd:element ref="pr:Vereinsnummer"/>
+                  <xsd:element ref="pr:ERJPZahl"/>
+                  <xsd:element name="AnyNumber">
+                    <xsd:complexType>
+                      <xsd:simpleContent>
+                        <xsd:extension base="xsd:string">
+                          <xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+                        </xsd:extension>
+                      </xsd:simpleContent>
+                    </xsd:complexType>
+                  </xsd:element>
+                </xsd:choice>
+              </xsd:complexType>
+            </xsd:element>
+            <xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+            <xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
+            <xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
+          </xsd:sequence>
+          <xsd:attribute name="slVersion" use="optional" default="1.1">
+            <xsd:simpleType>
+              <xsd:restriction base="xsd:string">
+                <xsd:enumeration value="1.1"/>
+                <xsd:enumeration value="1.2"/>
+              </xsd:restriction>
+            </xsd:simpleType>
+          </xsd:attribute>
+          <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+          <xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
+          <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+          <xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
+          <!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="ProxyComponent" minOccurs="0">
+        <xsd:annotation>
+          <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente 
+						betreffen</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+              <xsd:annotation>
+                <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente 
+									betreffen</xsd:documentation>
+              </xsd:annotation>
+            </xsd:element>
+          </xsd:sequence>
+          <xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
+          <xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
+          <xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
+          <xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
+          <xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
+        </xsd:complexType>
+      </xsd:element>
+      <!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="ConnectionParameterServerAuthType">
+    <xsd:sequence>
+      <xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
+        <xsd:annotation>
+          <xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der 
+						TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
+        </xsd:annotation>
+      </xsd:element>
+    </xsd:sequence>
+    <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+  </xsd:complexType>
+  <xsd:complexType name="ConnectionParameterClientAuthType">
+    <xsd:complexContent>
+      <xsd:extension base="ConnectionParameterServerAuthType">
+        <xsd:sequence>
+          <xsd:element name="ClientKeyStore" minOccurs="0">
+            <xsd:annotation>
+              <xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für 
+								die TLS-Client-Authentisierung verwendetwird, enthält</xsd:documentation>
+            </xsd:annotation>
+            <xsd:complexType>
+              <xsd:simpleContent>
+                <xsd:extension base="xsd:anyURI">
+                  <xsd:attribute name="password" type="xsd:string" use="optional"/>
+                </xsd:extension>
+              </xsd:simpleContent>
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:sequence>
+      </xsd:extension>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <xsd:element name="TrustProfileID" type="xsd:string"/>
+  <xsd:simpleType name="ChainingModeType">
+    <xsd:restriction base="xsd:string">
+      <xsd:enumeration value="chaining"/>
+      <xsd:enumeration value="pkix"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+  <xsd:simpleType name="BKUSelectionType">
+    <xsd:restriction base="xsd:token">
+      <xsd:enumeration value="HTMLComplete"/>
+      <xsd:enumeration value="HTMLSelect"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+</xsd:schema>
diff --git a/id/oa/.classpath b/id/oa/.classpath
new file mode 100644
index 000000000..5d93de69c
--- /dev/null
+++ b/id/oa/.classpath
@@ -0,0 +1,4 @@
+<classpath>
+  <classpathentry kind="output" path="target/classes"/>
+  <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+</classpath>
\ No newline at end of file
diff --git a/id/oa/.project b/id/oa/.project
new file mode 100644
index 000000000..cf4d83eff
--- /dev/null
+++ b/id/oa/.project
@@ -0,0 +1,14 @@
+<projectDescription>
+  <name>moa-id-oa</name>
+  <comment/>
+  <projects/>
+  <buildSpec>
+    <buildCommand>
+      <name>org.eclipse.jdt.core.javabuilder</name>
+      <arguments/>
+    </buildCommand>
+  </buildSpec>
+  <natures>
+    <nature>org.eclipse.jdt.core.javanature</nature>
+  </natures>
+</projectDescription>
diff --git a/id/pom.xml b/id/pom.xml
index ab3b59e7d..1d93d087c 100644
--- a/id/pom.xml
+++ b/id/pom.xml
@@ -3,14 +3,14 @@
     <parent>
         <groupId>MOA</groupId>
         <artifactId>MOA</artifactId>
-        <version>1.4.2beta1</version>
+        <version>1.4.2beta2</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>MOA</groupId>
     <artifactId>id</artifactId>
     <packaging>pom</packaging>
-    <version>1.4.2beta1</version>
+    <version>1.4.2beta2</version>
     <name>MOA ID</name>
 
     <modules>
diff --git a/id/server/auth/.classpath b/id/server/auth/.classpath
new file mode 100644
index 000000000..46c5c5ab0
--- /dev/null
+++ b/id/server/auth/.classpath
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+	<classpathentry kind="con" path="org.eclipse.jst.server.core.container/org.eclipse.jst.server.tomcat.runtimeTarget/Apache Tomcat v5.0"/>
+	<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.web.container"/>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/id/server/auth/.project b/id/server/auth/.project
new file mode 100644
index 000000000..a8a455ff2
--- /dev/null
+++ b/id/server/auth/.project
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>moa-id-auth</name>
+	<comment></comment>
+	<projects>
+		<project>moa-id-lib</project>
+		<project>moa-spss-lib</project>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.wst.common.project.facet.core.builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.wst.validation.validationbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.maven.ide.eclipse.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>kr.javanese.devtools.m2wtp.wtpDepBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>org.maven.ide.eclipse.maven2Nature</nature>
+		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
+		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
+		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
+		<nature>kr.javanese.devtools.m2wtp.m2wtpNature</nature>
+	</natures>
+</projectDescription>
diff --git a/id/server/auth/.settings/org.eclipse.jdt.core.prefs b/id/server/auth/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 000000000..1b042e027
--- /dev/null
+++ b/id/server/auth/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,7 @@
+#Fri Sep 14 14:27:19 CEST 2007
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
+org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=warning
+org.eclipse.jdt.core.compiler.source=1.4
diff --git a/id/server/auth/.settings/org.eclipse.wst.common.component b/id/server/auth/.settings/org.eclipse.wst.common.component
new file mode 100644
index 000000000..f256fdc92
--- /dev/null
+++ b/id/server/auth/.settings/org.eclipse.wst.common.component
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+<wb-module deploy-name="moa-id-auth">
+<wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
+<dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
+<dependency-type>uses</dependency-type>
+</dependent-module>
+<dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
+<dependency-type>uses</dependency-type>
+<wb-resource deploy-path="/WEB-INF/LIB" source-path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+</dependent-module>
+<property name="java-output-path" value="target/classes"/>
+<property name="context-root" value="moa-id-auth"/>
+</wb-module>
+</project-modules>
diff --git a/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml b/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml
new file mode 100644
index 000000000..d0145894a
--- /dev/null
+++ b/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<faceted-project>
+  <installed facet="jst.web" version="2.4"/>
+  <installed facet="jst.java" version="1.4"/>
+</faceted-project>
diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml
index 9870c7ef6..2c123a8ec 100644
--- a/id/server/auth/pom.xml
+++ b/id/server/auth/pom.xml
@@ -2,14 +2,14 @@
 	<parent>
 		<groupId>MOA.id</groupId>
 		<artifactId>moa-id</artifactId>
-		<version>1.4.2beta1</version>
+		<version>1.4.2beta2</version>
 	</parent>
 	
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>MOA.id.server</groupId>
 	<artifactId>moa-id-auth</artifactId>
 	<packaging>war</packaging>
-	<version>1.4.2beta1</version>
+	<version>1.4.2beta2</version>
 	<name>MOA ID-Auth WebService</name>
 	
 	<properties>
@@ -35,14 +35,18 @@
 
 					<!-- extract moa-id classes for debugging -->
 					<!--warSourceExcludes>WEB-INF/lib/moa-id-lib*.jar</warSourceExcludes-->
-					<!--
 					<webResources>
+						<resource>
+							<directory>${basedir}/src/main/wsdl</directory>
+							<targetPath>WEB-INF/classes/resources/wsdl</targetPath>
+						</resource>
+					<!--
 						<resource>
 							<directory>${basedir}/../idserverlib/target/classes</directory>
 							<targetPath>WEB-INF/classes</targetPath>
 						</resource>
-					</webResources>
 -->
+					</webResources>
 				</configuration>
 			</plugin>
 		</plugins>
diff --git a/id/server/auth/src/main/resources/resources/wsdl/MOA-ID-1.0.wsdl b/id/server/auth/src/main/resources/resources/wsdl/MOA-ID-1.0.wsdl
deleted file mode 100644
index 5751b3e58..000000000
--- a/id/server/auth/src/main/resources/resources/wsdl/MOA-ID-1.0.wsdl
+++ /dev/null
@@ -1,40 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/ http://schemas.xmlsoap.org/wsdl/">
-	<import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="MOA-20020812.xsd"/>
-	<message name="GetAuthenticationDataInput">
-		<part name="body" element="samlp:Request"/>
-	</message>
-	<message name="GetAuthenticationDataOutput">
-		<part name="body" element="samlp:Response"/>
-	</message>
-	<message name="MOAFault">
-		<part name="body" element="moa:ErrorResponse"/>
-	</message>
-	<portType name="IdentificationPortType">
-		<operation name="getAuthenticationData">
-			<input message="tns:GetAuthenticationDataInput"/>
-			<output message="tns:GetAuthenticationDataOutput"/>
-			<fault name="MOAFault" message="tns:MOAFault"/>
-		</operation>
-	</portType>
-	<binding name="IdentificationBinding" type="tns:IdentificationPortType" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/soap/ http://schemas.xmlsoap.org/wsdl/soap/">
-		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
-		<operation name="getAuthenticationData">
-			<soap:operation soapAction="urn:GetAuthenticationDataAction"/>
-			<input>
-				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</input>
-			<output>
-				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</output>
-			<fault name="MOAFault">
-				<soap:fault name="MOAFault" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</fault>
-		</operation>
-	</binding>
-	<service name="GetAuthenticationDataService">
-		<port name="IdentificationPort" binding="tns:IdentificationBinding">
-			<soap:address location="http://localhost/moa-id-auth/services/GetAuthenticationData"/>
-		</port>
-	</service>
-</definitions>
diff --git a/id/server/auth/src/main/resources/resources/wsdl/MOA-ID-1.x.wsdl b/id/server/auth/src/main/resources/resources/wsdl/MOA-ID-1.x.wsdl
deleted file mode 100644
index 45152cb38..000000000
--- a/id/server/auth/src/main/resources/resources/wsdl/MOA-ID-1.x.wsdl
+++ /dev/null
@@ -1,40 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/ http://schemas.xmlsoap.org/wsdl/">
-	<import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-1.2.xsd"/>
-	<message name="GetAuthenticationDataInput">
-		<part name="body" element="samlp:Request"/>
-	</message>
-	<message name="GetAuthenticationDataOutput">
-		<part name="body" element="samlp:Response"/>
-	</message>
-	<message name="MOAFault">
-		<part name="body" element="moa:ErrorResponse"/>
-	</message>
-	<portType name="IdentificationPortType">
-		<operation name="getAuthenticationData">
-			<input message="tns:GetAuthenticationDataInput"/>
-			<output message="tns:GetAuthenticationDataOutput"/>
-			<fault name="MOAFault" message="tns:MOAFault"/>
-		</operation>
-	</portType>
-	<binding name="IdentificationBinding" type="tns:IdentificationPortType" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/soap/ http://schemas.xmlsoap.org/wsdl/soap/">
-		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
-		<operation name="getAuthenticationData">
-			<soap:operation soapAction="urn:GetAuthenticationDataAction"/>
-			<input>
-				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</input>
-			<output>
-				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</output>
-			<fault name="MOAFault">
-				<soap:fault name="MOAFault" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
-			</fault>
-		</operation>
-	</binding>
-	<service name="GetAuthenticationDataService">
-		<port name="IdentificationPort" binding="tns:IdentificationBinding">
-			<soap:address location="http://localhost/Identification"/>
-		</port>
-	</service>
-</definitions>
diff --git a/id/server/auth/src/main/resources/resources/wsdl/MOA-SPSS-1.2.xsd b/id/server/auth/src/main/resources/resources/wsdl/MOA-SPSS-1.2.xsd
deleted file mode 100644
index d7a06d6e7..000000000
--- a/id/server/auth/src/main/resources/resources/wsdl/MOA-SPSS-1.2.xsd
+++ /dev/null
@@ -1,454 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  MOA SP/SS 1.2 Schema
--->
-<xsd:schema targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2">
-  <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
-  <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
-  <!--########## Create XML Signature ###-->
-  <!--### Create XML Signature Request ###-->
-  <xsd:element name="CreateXMLSignatureRequest">
-    <xsd:complexType>
-      <xsd:complexContent>
-        <xsd:extension base="CreateXMLSignatureRequestType"/>
-      </xsd:complexContent>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:complexType name="CreateXMLSignatureRequestType">
-    <xsd:sequence>
-      <xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
-      <xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
-        <xsd:annotation>
-          <xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:element name="DataObjectInfo" maxOccurs="unbounded">
-              <xsd:complexType>
-                <xsd:complexContent>
-                  <xsd:extension base="DataObjectInfoType">
-                    <xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>
-                  </xsd:extension>
-                </xsd:complexContent>
-              </xsd:complexType>
-            </xsd:element>
-            <xsd:element name="CreateSignatureInfo" minOccurs="0">
-              <xsd:complexType>
-                <xsd:sequence>
-                  <xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>
-                  <xsd:choice>
-                    <xsd:annotation>
-                      <xsd:documentation>Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil</xsd:documentation>
-                    </xsd:annotation>
-                    <xsd:element ref="CreateSignatureEnvironmentProfile"/>
-                    <xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>
-                  </xsd:choice>
-                </xsd:sequence>
-              </xsd:complexType>
-            </xsd:element>
-          </xsd:sequence>
-          <xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
-        </xsd:complexType>
-      </xsd:element>
-    </xsd:sequence>
-  </xsd:complexType>
-  <!--### Create XML Signature Response ###-->
-  <xsd:complexType name="CreateXMLSignatureResponseType">
-    <xsd:choice maxOccurs="unbounded">
-      <xsd:annotation>
-        <xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
-      </xsd:annotation>
-      <xsd:element name="SignatureEnvironment">
-        <xsd:annotation>
-          <xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:any namespace="##any" processContents="lax"/>
-          </xsd:sequence>
-        </xsd:complexType>
-      </xsd:element>
-      <xsd:element ref="ErrorResponse"/>
-    </xsd:choice>
-  </xsd:complexType>
-  <xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>
-  <!--########## Verify CMS Signature ###-->
-  <!--### Verifiy CMS Signature Request ###-->
-  <xsd:element name="VerifyCMSSignatureRequest">
-    <xsd:complexType>
-      <xsd:complexContent>
-        <xsd:extension base="VerifyCMSSignatureRequestType">
-          <xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
-        </xsd:extension>
-      </xsd:complexContent>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:complexType name="VerifyCMSSignatureRequestType">
-    <xsd:sequence>
-      <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
-      <xsd:element name="CMSSignature" type="xsd:base64Binary"/>
-      <xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>
-      <xsd:element name="TrustProfileID">
-        <xsd:annotation>
-          <xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
-        </xsd:annotation>
-      </xsd:element>
-    </xsd:sequence>
-  </xsd:complexType>
-  <!--### Verify CMS Signature Response ###-->
-  <xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>
-  <xsd:complexType name="VerifyCMSSignatureResponseType">
-    <xsd:sequence maxOccurs="unbounded">
-      <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
-        <xsd:annotation>
-          <xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any</xsd:documentation>
-        </xsd:annotation>
-      </xsd:element>
-      <xsd:element name="SignatureCheck" type="CheckResultType"/>
-      <xsd:element name="CertificateCheck" type="CheckResultType"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <!--########## Verify XML Signature ###-->
-  <!--### Verify XML Signature Request ###-->
-  <xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>
-  <xsd:complexType name="VerifyXMLSignatureRequestType">
-    <xsd:sequence>
-      <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
-      <xsd:element name="VerifySignatureInfo">
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>
-            <xsd:element name="VerifySignatureLocation" type="xsd:token"/>
-          </xsd:sequence>
-        </xsd:complexType>
-      </xsd:element>
-      <xsd:choice minOccurs="0" maxOccurs="unbounded">
-        <xsd:element ref="SupplementProfile"/>
-        <xsd:element name="SupplementProfileID" type="xsd:string"/>
-      </xsd:choice>
-      <xsd:element name="SignatureManifestCheckParams" minOccurs="0">
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">
-              <xsd:annotation>
-                <xsd:documentation>Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.</xsd:documentation>
-              </xsd:annotation>
-            </xsd:element>
-          </xsd:sequence>
-          <xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>
-        </xsd:complexType>
-      </xsd:element>
-      <xsd:element name="ReturnHashInputData" minOccurs="0"/>
-      <xsd:element name="TrustProfileID">
-        <xsd:annotation>
-          <xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
-        </xsd:annotation>
-      </xsd:element>
-    </xsd:sequence>
-  </xsd:complexType>
-  <!--### Verify XML Signature Response ###-->
-  <xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>
-  <xsd:complexType name="VerifyXMLSignatureResponseType">
-    <xsd:sequence>
-      <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
-        <xsd:annotation>
-          <xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any</xsd:documentation>
-        </xsd:annotation>
-      </xsd:element>
-      <xsd:element name="HashInputData" type="ContentExLocRefBaseType" minOccurs="0" maxOccurs="unbounded"/>
-      <xsd:element name="ReferenceInputData" type="ContentExLocRefBaseType" minOccurs="0" maxOccurs="unbounded"/>
-      <xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
-      <xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
-      <xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
-      <xsd:element name="CertificateCheck" type="CheckResultType"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:simpleType name="ProfileIdentifierType">
-    <xsd:restriction base="xsd:token"/>
-  </xsd:simpleType>
-  <xsd:complexType name="MetaInfoType">
-    <xsd:sequence>
-      <xsd:element name="MimeType" type="MimeTypeType"/>
-      <xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>
-      <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="FinalDataMetaInfoType">
-    <xsd:complexContent>
-      <xsd:extension base="MetaInfoType">
-        <xsd:sequence>
-          <xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>
-        </xsd:sequence>
-      </xsd:extension>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="DataObjectInfoType">
-    <xsd:sequence>
-      <xsd:element name="DataObject">
-        <xsd:complexType>
-          <xsd:complexContent>
-            <xsd:extension base="ContentOptionalRefType"/>
-          </xsd:complexContent>
-        </xsd:complexType>
-      </xsd:element>
-      <xsd:choice>
-        <xsd:annotation>
-          <xsd:documentation>Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil</xsd:documentation>
-        </xsd:annotation>
-        <xsd:element ref="CreateTransformsInfoProfile"/>
-        <xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>
-      </xsd:choice>
-    </xsd:sequence>
-    <xsd:attribute name="Structure" use="required">
-      <xsd:simpleType>
-        <xsd:restriction base="xsd:string">
-          <xsd:enumeration value="detached"/>
-          <xsd:enumeration value="enveloping"/>
-        </xsd:restriction>
-      </xsd:simpleType>
-    </xsd:attribute>
-  </xsd:complexType>
-  <xsd:complexType name="TransformsInfoType">
-    <xsd:sequence>
-      <xsd:element ref="dsig:Transforms" minOccurs="0"/>
-      <xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="XMLDataObjectAssociationType">
-    <xsd:sequence>
-      <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
-      <xsd:element name="Content" type="ContentRequiredRefType"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="CMSDataObjectOptionalMetaType">
-    <xsd:sequence>
-      <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
-      <xsd:element name="Content" type="CMSContentBaseType"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="CMSContentBaseType">
-    <xsd:complexContent>
-      <xsd:restriction base="ContentOptionalRefType">
-        <xsd:choice minOccurs="0">
-          <xsd:element name="Base64Content" type="xsd:base64Binary"/>
-        </xsd:choice>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="CheckResultType">
-    <xsd:sequence>
-      <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
-      <xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="ReferencesCheckResultType">
-    <xsd:complexContent>
-      <xsd:restriction base="CheckResultType">
-        <xsd:sequence>
-          <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
-          <xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>
-        </xsd:sequence>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">
-    <xsd:complexContent mixed="true">
-      <xsd:restriction base="AnyChildrenType">
-        <xsd:sequence>
-          <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
-          <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
-        </xsd:sequence>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="ManifestRefsCheckResultType">
-    <xsd:complexContent>
-      <xsd:restriction base="CheckResultType">
-        <xsd:sequence>
-          <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
-          <xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
-        </xsd:sequence>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">
-    <xsd:complexContent mixed="true">
-      <xsd:restriction base="AnyChildrenType">
-        <xsd:sequence>
-          <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
-          <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
-          <xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>
-        </xsd:sequence>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <!--########## Error Response ###-->
-  <xsd:element name="ErrorResponse" type="ErrorResponseType">
-    <xsd:annotation>
-      <xsd:documentation>Resultat, falls die Signaturerstellung gescheitert ist</xsd:documentation>
-    </xsd:annotation>
-  </xsd:element>
-  <xsd:complexType name="ErrorResponseType">
-    <xsd:sequence>
-      <xsd:element name="ErrorCode" type="xsd:integer"/>
-      <xsd:element name="Info" type="xsd:string"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <!--########## Auxiliary Types ###-->
-  <xsd:simpleType name="KeyIdentifierType">
-    <xsd:restriction base="xsd:string"/>
-  </xsd:simpleType>
-  <xsd:simpleType name="KeyStorageType">
-    <xsd:restriction base="xsd:string">
-      <xsd:enumeration value="Software"/>
-      <xsd:enumeration value="Hardware"/>
-    </xsd:restriction>
-  </xsd:simpleType>
-  <xsd:simpleType name="MimeTypeType">
-    <xsd:restriction base="xsd:token"/>
-  </xsd:simpleType>
-  <xsd:complexType name="AnyChildrenType" mixed="true">
-    <xsd:sequence>
-      <xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="XMLContentType" mixed="true">
-    <xsd:complexContent mixed="true">
-      <xsd:extension base="AnyChildrenType">
-        <xsd:attribute ref="xml:space" use="optional"/>
-      </xsd:extension>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="ContentBaseType">
-    <xsd:choice minOccurs="0">
-      <xsd:element name="Base64Content" type="xsd:base64Binary"/>
-      <xsd:element name="XMLContent" type="XMLContentType"/>
-      <xsd:element name="LocRefContent" type="xsd:anyURI"/>
-    </xsd:choice>
-  </xsd:complexType>
-  <xsd:complexType name="ContentExLocRefBaseType">
-    <xsd:complexContent>
-      <xsd:restriction base="ContentBaseType">
-        <xsd:choice minOccurs="0">
-          <xsd:element name="Base64Content" type="xsd:base64Binary"/>
-          <xsd:element name="XMLContent" type="XMLContentType"/>
-        </xsd:choice>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="ContentOptionalRefType">
-    <xsd:complexContent>
-      <xsd:extension base="ContentBaseType">
-        <xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
-      </xsd:extension>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="ContentRequiredRefType">
-    <xsd:complexContent>
-      <xsd:restriction base="ContentOptionalRefType">
-        <xsd:choice minOccurs="0">
-          <xsd:element name="Base64Content" type="xsd:base64Binary"/>
-          <xsd:element name="XMLContent" type="XMLContentType"/>
-          <xsd:element name="LocRefContent" type="xsd:anyURI"/>
-        </xsd:choice>
-        <xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>
-      </xsd:restriction>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:complexType name="VerifyTransformsDataType">
-    <xsd:choice maxOccurs="unbounded">
-      <xsd:annotation>
-        <xsd:documentation>Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.</xsd:documentation>
-      </xsd:annotation>
-      <xsd:element ref="VerifyTransformsInfoProfile"/>
-      <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">
-        <xsd:annotation>
-          <xsd:documentation>Profilbezeichner für einen Transformationsweg</xsd:documentation>
-        </xsd:annotation>
-      </xsd:element>
-    </xsd:choice>
-  </xsd:complexType>
-  <xsd:element name="QualifiedCertificate"/>
-  <xsd:element name="PublicAuthority" type="PublicAuthorityType"/>
-  <xsd:complexType name="PublicAuthorityType">
-    <xsd:sequence>
-      <xsd:element name="Code" type="xsd:string" minOccurs="0"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:simpleType name="SignatoriesType">
-    <xsd:union memberTypes="AllSignatoriesType">
-      <xsd:simpleType>
-        <xsd:list itemType="xsd:positiveInteger"/>
-      </xsd:simpleType>
-    </xsd:union>
-  </xsd:simpleType>
-  <xsd:simpleType name="AllSignatoriesType">
-    <xsd:restriction base="xsd:string">
-      <xsd:enumeration value="all"/>
-    </xsd:restriction>
-  </xsd:simpleType>
-  <xsd:complexType name="CreateSignatureLocationType">
-    <xsd:simpleContent>
-      <xsd:extension base="xsd:token">
-        <xsd:attribute name="Index" type="xsd:nonNegativeInteger" use="required"/>
-      </xsd:extension>
-    </xsd:simpleContent>
-  </xsd:complexType>
-  <xsd:complexType name="TransformParameterType">
-    <xsd:choice minOccurs="0">
-      <xsd:annotation>
-        <xsd:documentation>Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.</xsd:documentation>
-      </xsd:annotation>
-      <xsd:element name="Base64Content" type="xsd:base64Binary">
-        <xsd:annotation>
-          <xsd:documentation>Der Transformationsparameter explizit angegeben.</xsd:documentation>
-        </xsd:annotation>
-      </xsd:element>
-      <xsd:element name="Hash">
-        <xsd:annotation>
-          <xsd:documentation>Der Hashwert des Transformationsparameters.</xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:element ref="dsig:DigestMethod"/>
-            <xsd:element ref="dsig:DigestValue"/>
-          </xsd:sequence>
-        </xsd:complexType>
-      </xsd:element>
-    </xsd:choice>
-    <xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
-  </xsd:complexType>
-  <xsd:element name="CreateSignatureEnvironmentProfile">
-    <xsd:complexType>
-      <xsd:sequence>
-        <xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>
-        <xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
-      </xsd:sequence>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:element name="VerifyTransformsInfoProfile">
-    <xsd:annotation>
-      <xsd:documentation>Explizite Angabe des Transformationswegs</xsd:documentation>
-    </xsd:annotation>
-    <xsd:complexType>
-      <xsd:sequence>
-        <xsd:element ref="dsig:Transforms" minOccurs="0"/>
-        <xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">
-          <xsd:annotation>
-            <xsd:documentation>Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.</xsd:documentation>
-          </xsd:annotation>
-        </xsd:element>
-      </xsd:sequence>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>
-  <xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>
-  <xsd:element name="CreateTransformsInfoProfile">
-    <xsd:complexType>
-      <xsd:sequence>
-        <xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>
-        <xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>
-      </xsd:sequence>
-    </xsd:complexType>
-  </xsd:element>
-</xsd:schema>
diff --git a/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF b/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF
new file mode 100644
index 000000000..58630c02e
--- /dev/null
+++ b/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF
@@ -0,0 +1,2 @@
+Manifest-Version: 1.0
+
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index 603758fb8..5c729ef19 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -22,6 +22,12 @@
 		<description>Verify identity link coming from security layer</description>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet</servlet-class>
 	</servlet>
+    <servlet>
+        <servlet-name>ProcessInput</servlet-name>
+        <display-name>ProcessInput</display-name>
+        <description>Process user input needed by infobox validators</description>
+        <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet</servlet-class>
+    </servlet>
 	<servlet>
 		<servlet-name>VerifyAuthBlock</servlet-name>
 		<display-name>VerifyAuthBlock</display-name>
@@ -37,9 +43,7 @@
 	<servlet>
 		<servlet-name>AxisServlet</servlet-name>
 		<display-name>Apache-Axis Servlet</display-name>
-		<servlet-class>
-      org.apache.axis.transport.http.AxisServlet
-    </servlet-class>
+		<servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>
 	</servlet>
 
 	<!-- JSP servlet -->
@@ -73,9 +77,13 @@
 		<url-pattern>/VerifyIdentityLink</url-pattern>
 	</servlet-mapping>
 	<servlet-mapping>
-		<servlet-name>VerifyAuthBlock</servlet-name>
-		<url-pattern>/VerifyAuthBlock</url-pattern>
+		<servlet-name>ProcessInput</servlet-name>
+		<url-pattern>/ProcessInput</url-pattern>
 	</servlet-mapping>
+    <servlet-mapping>
+        <servlet-name>VerifyAuthBlock</servlet-name>
+        <url-pattern>/VerifyAuthBlock</url-pattern>
+    </servlet-mapping>
 	<servlet-mapping>
 		<servlet-name>ConfigurationUpdate</servlet-name>
 		<url-pattern>/ConfigurationUpdate</url-pattern>
diff --git a/id/server/auth/src/main/webapp/css/mandates.css b/id/server/auth/src/main/webapp/css/mandates.css
new file mode 100644
index 000000000..7b6e550f0
--- /dev/null
+++ b/id/server/auth/src/main/webapp/css/mandates.css
@@ -0,0 +1,57 @@
+/* CSS Document */
+
+.hleft {
+	float: left;
+	width: 50%;
+}
+
+.hright {
+	float: left;
+	width: 49%;
+}
+
+.htitle {
+	padding-top: 15px;
+	clear: both;
+}
+
+.leiste1 {
+	background-color: #FF0000;
+	color: #FFFFFF;
+	font-weight: bold;
+	width: 15%;
+	float: left;
+	clear: left;
+	height: 20px;
+	padding-top: 5px;
+	padding-bottom: 5px;
+  FONT-SIZE: 0.9em;
+}
+
+.leiste2 {
+	background-color: #CCCCCC;
+	color: #000000;
+	float: left;
+	height: 20px;
+	width: 33%;
+	padding-top: 5px;
+	padding-bottom: 5px;
+}
+
+a.info {
+	color: #000000;
+	text-decoration: underline;
+}
+
+
+.leiste3 {
+	background-color: #CCCCCC;
+	color: #000000;
+	height: 20px;
+	float: left;
+	width: 17%;
+	padding-top: 5px;
+	padding-bottom: 5px;
+  FONT-SIZE: 0.8em;
+
+}	
diff --git a/id/server/auth/src/main/webapp/css/styles.css b/id/server/auth/src/main/webapp/css/styles.css
new file mode 100644
index 000000000..d91b993d1
--- /dev/null
+++ b/id/server/auth/src/main/webapp/css/styles.css
@@ -0,0 +1,741 @@
+/*
+|| Groesse der Seite auf A4 setzen
+|| Rand auf jeweils 10% der Seite setzen
+*/
+
+@page {
+  size: 21cm 29.7cm;
+  margin: 10%;
+}
+
+/*
+|| Font und Farben, die fuer das gesamte Dokument gueltig sind.
+*/
+
+body {
+  font-family: arial, helvetica, sans-serif;
+  background-color: white;
+  color: black;
+}
+
+/*
+|| Eingabefelder verwenden eine Monospace-Font (s. Laenderstyleguide 5.1)
+*/
+
+input, textarea, select {
+  font-family: monospace;
+}
+
+/*
+|| Schriftgroesse fuer Formulartitel
+*/
+
+h1 {
+  font-size: 1.3em;
+}
+
+/*
+|| Definitionen fuer die Kategorien (faerbiger Balken)
+*/
+
+h2 {
+  width: 98%;
+  background-color: #A02D2D;
+  color: white;
+  font-weight: bold;
+  font-size: 1em;
+  padding: 0.3em;
+  border-width: thin;
+  margin-bottom: 1em;
+}
+
+/*
+|| Subkategorie (zB Adresse innerhalb von Stammgewerbeberechtigung)
+*/
+
+h3 {
+  padding: 5px;
+  margin-bottom: 1px;
+  font-size: 0.8em;
+}
+
+/*
+|| Informationstext zu einer Kategorie
+*/
+
+h4 {
+  margin-bottom: 0.5em;
+  font-size: 0.8em;
+}
+
+fieldset {
+  border: none;
+}
+
+}
+
+legend {
+  display: none;
+}
+
+
+/*
+|| Informationstext im Info-Kaestchen
+*/
+
+.infotext {
+  padding: 0.8em;
+  float: left;
+  background-color: #EEEEEE;
+  color: black;
+  font-size: 0.8em;
+}
+
+/*
+|| Info-Link im Info-Kaestchen
+*/
+
+.infobutton {
+  float: left;
+  width: 2em;
+  background-color: red;
+  text-align: center;
+  font-size: 1.5em;
+  color: white;
+  font-weight: bold;
+  padding: 0.4em;
+  border-width: 0.25em;
+  border-style: outset;
+  border-style: -moz-bg-outset;
+}
+
+/*
+|| Info-Link soll weiss sein
+*/
+
+.infobutton a:link {
+ 	background-color: red;
+	color: white;
+  text-decoration: none;
+
+}
+
+/*
+|| Info-Link soll weiss sein, auch wenn Link schon einmal angeklickt wurde
+*/
+
+.infobutton a:visited {
+	background-color: red;
+	color: white;
+}
+
+/*
+|| Info-Link-Text soll weiss sein, auch wenn man mit der Maus drueberfaehrt
+*/
+
+.infobutton a:hover {
+	background-color: red;
+	color: white;
+}
+
+/*
+|| Begrenzung fuer das Info-Kaestchen
+*/
+
+.boundinginfobox {
+  width: 99%;
+  background-color: #EEEEEE;
+  color: black;
+  border-width: thin;
+}
+
+/*
+|| Begrenzung fuer Eingabefeldbereiche
+*/
+
+.boundingbox {
+  width: 99%;
+  background-color: #EEEEEE;
+  color: black;
+  border-width: thin;
+  margin-bottom: 1em;
+}
+
+/*
+|| Begrenzung, die Leittexte und Formulardaten im statischen Formular
+|| zusammenhaelt, sodass es bei einem Seitenumbruch beim Ausdruck
+|| nicht zu Verschiebungen kommt
+*/
+.printboundingbox {
+  width: 99%;
+}
+
+/*
+|| Bereich fuer die Leittexte
+*/
+
+.labelarea {
+  text-align: right;
+  width: 17%;
+  float: left;
+  padding: 5px;
+  font-size: 0.8em;
+  vertical-align: middle;
+}
+
+/*
+|| Bereich fuer sehr lange Leittexte
+*/
+
+.labelareawidened {
+  text-align: right;
+  width: 50%;
+  float: left;
+  padding: 5px;
+  font-size: 0.8em;
+  vertical-align: middle;
+}
+
+/*
+|| Leittextbereich ohne Angabe einer Breite (z.B. bei Stiege und Tuer; sonst generell (.labelarea) 17% der Gesamtbreite)
+*/
+
+.labelareanowidth {
+  float: left;
+  padding: 5px;
+  font-size: 0.8em;
+  vertical-align: middle;
+}
+
+/*
+|| Legendenbereich (Icons)
+*/
+
+.legendarea {
+  width: 30px;
+  text-align: left;
+  float: left;
+  padding-left: 4px;
+  padding-top: 5px;
+  vertical-align: middle;
+}
+
+/*
+|| Legendenbereich fuer den Stern (in Kombination mit einem Rufzeichen)
+*/
+
+.legendareastar {
+  width: 13px;
+  float: left;
+  padding-left: 4px;
+  padding-top: 5px;
+  vertical-align: middle;
+}
+
+/*
+|| Legendenbereich fuer das Info-Icon
+*/
+
+.legendareainfo {
+  width: 17px;
+  float: left;
+  padding-top: 5px;
+  vertical-align: middle;
+}
+
+/*
+|| Bereich fuer ein einzelnes Eingabefeld
+*/
+
+.inputfieldarea {
+  float: left;
+  padding: 4px;
+}
+
+/*
+|| Bereich fuer das erste Eingabefeld, wenn zwei in einer Zeile
+|| = Eingabefeldbereich, dessen Breite auf 26% begrenzt ist (.inputfieldarea hat keine Begrenzung)
+*/
+
+.inputfieldareafortwo {
+  width: 26%;
+  float: left;
+  padding: 4px;
+}
+
+
+/*
+|| e-Goverment Schriftzug im Logo
+*/
+
+.egovlogo {
+  text-align: center;
+  background-color: white;
+  color: #008B8B;
+  font-weight: bold;
+  font-style: italic;
+  font-size: 1.7em;
+}
+
+/*
+|| help.gv.at-Schriftzug im Logo
+*/
+
+.egovtext {
+  text-align: center;
+  background-color: white;
+  color: black;
+  font-weight: bold;
+  font-size: 1.2em;
+}
+
+/*
+|| Bereich fuer den Titel des Formulars links vom Logo
+*/
+
+.titlebox {
+  float: left;
+  width: 65%;
+  margin-bottom: 1em;
+}
+
+/*
+|| Bereich fuer das Logo
+*/
+
+.logobox {
+  float: right;
+  margin-bottom: 1em;
+}
+
+/*
+|| Allgemeiner Informationstext zu einem Formular (zwischen Formulartitel
+|| und Info-Kaestchen
+*/
+
+.introtext {
+  font-weight: bold;
+  margin-bottom: 1em;
+}
+
+/*
+|| Link "Zum Formularanfang"
+*/
+
+.formtop {
+  float: right;
+}
+
+/*
+|| Bereich fuer die Steuerungs-Buttons (Senden, Abbrechen, etc.)
+*/
+
+.buttonarea {
+  margin-top: 0.5em;
+  text-align: center;
+}
+
+/*
+|| Aussehen der Steuerungs-Buttons
+*/
+
+.button {
+  font-family: arial, helvetica, sans-serif;
+  font-size: 1em;
+}
+
+/*
+|| Formularkennung/Fusszeile des Formulars
+*/
+
+.formid {
+  float: left;
+  font-style: italic;
+  font-size: 0.8em;
+  background-color: #008B8B;
+  color: white;
+  padding: 0.5em;
+}
+
+/*
+|| Behoerdenanschrift
+*/
+
+.organizationaddress {
+  font-style: italic;
+  margin-top: 1em;
+  margin-bottom: 1em;
+}
+
+/*
+|| Behoerdenanschrift mit Logo
+*/
+
+.organizationaddresslogo {
+  font-style: italic;
+  margin-top: 1em;
+  margin-bottom: 1em;
+  float: left;
+}
+
+/*
+|| Beilagen-Tabelle
+*/
+
+.attachmenttable {
+  width: 99%;
+  background-color: #EEEEEE;
+  color: black;
+  border-width: thin;
+  border-collapse: collapse;
+  margin-bottom: 1em;
+}
+
+/*
+|| Spaltenueberschrift "lfd Nr"
+*/
+
+.attachmenttitlenumber  {
+	border-bottom: thin solid black;
+	border-right: thin solid black;
+	padding: 0.3em;
+	font-size: 0.8em;
+}
+
+/*
+|| Spaltenueberschrift "Beilage"
+*/
+
+.attachmenttitlename {
+	border-bottom: thin solid black;
+	border-right: thin solid black;
+	padding: 0.5em;
+	text-align: left;
+	font-size: 0.8em;
+}
+
+
+/*
+|| Spaltenueberschriften "nachgereicht" und "angefuegt"
+*/
+
+.attachmenttitleselection {
+	padding: 0.3em;
+	text-align: center;
+	border-left: thin solid black;
+	border-bottom: thin solid black;
+	font-size: 0.8em;
+}
+
+/*
+|| Spaltenueberschrift "Datei"
+*/
+
+.attachmenttitlefile {
+	padding: 0.3em;
+	text-align: left;
+	border-bottom: thin solid black;
+	font-size: 0.8em;
+}
+
+/*
+|| Zellen der Spalte "lfd Nr"
+*/
+
+.attachmentnumber {
+	text-align: center;
+	border-left: thin solid #EEEEEE;
+	border-right: thin solid black;
+	padding: 0.3em;
+	font-size: 0.8em;
+}
+
+/*
+|| Zellen der Spalte "Beilage"
+*/
+
+.attachmentname {
+	text-align: left;
+	border-left: thin solid black;
+	border-right: thin solid black;
+	padding: 0.5em;
+	font-size: 0.8em;
+}
+
+/*
+|| Zellen der Spalte "Datei"
+*/
+
+.attachmentfile {
+	text-align: left;
+	border-right: thin solid #EEEEEE;
+	padding: 0.3em;
+}
+
+/*
+|| Zellen der Spalte "angefuegt"
+*/
+
+.attachmentselectiononline {
+	text-align: center;
+	padding: 0.3em;
+  border-left: solid black thin;
+}
+
+/*
+|| Zellen der Spalte "nachgereicht"
+*/
+
+.attachmentselectionpost {
+	text-align: center;
+	border-left: solid black thin;
+	padding: 0.3em;
+}
+
+/*
+|| unsichtbarer Bereich
+*/
+
+.hide {
+	visibility: hidden;
+	display: none;
+}
+
+/*
+|| sichtbarer Bereich
+*/
+
+.show {
+	visibility: visible;
+	display: block;
+}
+
+/*
+|| readonly-Felder
+*/
+
+.deactive {
+  background-color: #D3D3D3;
+  color: gray;
+}
+
+/*
+|| Fehlertexte (bei fehlerhaften Eingaben)
+*/
+
+.errortext {
+  color: red;
+  background-color: white;
+  font-size: 1em;
+  border: solid red 2px;
+  padding: 0.5em;
+  width: 97%;
+}
+
+.errortext a:visited , .errortext a:link, .errortext a:hover {
+	color: red;
+}
+
+/*
+|| simuliertes Readonly-Eingabefeld, das in Wirklichkeit
+|| Text mit einem Rahmen ist
+*/
+
+.readonlybutton {
+  width: 20em;
+  background-color: #D3D3D3;
+  color: gray;
+  border-color: gray;
+  border-width: thin;
+  border-style: inset;
+  font-family: monospace;
+}
+
+/*
+|| Vertikale Ausrichtung des Info-Icons im Beilagenbereich
+*/
+
+.imagevertalign {
+  vertical-align: middle;
+}
+
+/*
+|| Unterbindet Rahmen bei Bildern mit hinterlegtem Link
+*/
+
+a img {
+  border: none;
+}
+
+/*
+|| MOA-Ergebnis-Tabelle
+*/
+
+.MOA-SP-ergebnis-tabelle {
+	width: 100%;
+	border: thin solid black;
+	border-collapse: collapse;
+	margin-bottom: 1em;
+}
+
+/*
+|| MOA-Ergebnis-Tabellenemelemente
+*/
+
+.MOA-SP-ergebnis-zelle, .MOA-SP-ergebnis-header {
+	border: thin solid black;
+	text-align: left;
+	padding: 0.3em;
+	background-color: #EEEEEE;
+}
+
+/*
+|| MOA-Ergebnis-Tabelle Fehlermeldungen
+*/
+
+.moa-sp-error {
+	color: red;
+	font-weight: bold;
+}
+
+/*
+|| Signaturblock-Tabelle
+*/
+
+.sigblock-tabelle {
+	width: 100%;
+	border: thin solid black;
+	border-collapse: collapse;
+	margin-bottom: 1em;
+}
+
+/*
+|| Signaturblock-Tabellenelemente
+*/
+
+.sigblock-zelle, .sigblock-header {
+	border: thin solid black;
+	text-align: left;
+	padding: 0.3em;
+	background-color: #EEEEEE;
+}
+
+/*
+|| Formular mit mehreren Seiten, Angabe der aktuellen Seite
+*/
+
+.steps {
+	text-align: right;
+	font-weight: bold;
+	padding: 0.3em;
+	margin-right: 0.3em;
+	font-style: italic;
+}
+
+/*
+|| Bereich fuer Formularliste
+*/
+
+.labelareaform {
+  text-align: left;
+  width: 50%;
+  float: left;
+  padding: 5px;
+  font-size: 0.8em;
+  font-weight: bold;
+  vertical-align: middle;
+}
+
+/*
+|| Bereich fuer Bestellung und Details bei Formularbestellungen
+*/
+
+.labelareaorderdetail {
+  text-align: center;
+  width: 17%;
+  float: left;
+  padding: 5px;
+  font-size: 0.8em;
+  vertical-align: middle;
+  font-weight: bold;
+}
+
+/*
+|| Farbe der Verfahrens-Tabellenzeilen mit geradem Index
+*/
+
+.evenformrow {
+	background-color: #EEEEEE;
+}
+
+/*
+|| Farbe der Verfahrens-Tabellenzeilen mit ungeradem Index
+*/
+
+.oddformrow {
+	background-color: lightgrey;
+}
+
+/*
+|| Sicherheitsabfrage in der Verfahrensverwaltung
+*/
+
+.checktext {
+	color: red;
+	padding: 0.5em;
+	border: solid 2px red;
+	margin: 1em;
+}
+
+/*
+|| Buttons der Eingangsstelle
+*/
+
+.eingang_button {
+	line-height: 2em;
+	border-width: 2px;
+	border-color: grey;
+	padding: 4px;
+	background-color: lightgrey;
+	border-style: outset;
+	border-style: -moz-bg-outset;
+}
+
+/*
+|| Buttonlinks der Eingangsstelle
+*/
+
+.eingang_button_link {
+	color: black;
+	text-decoration: none;
+}
+
+/*
+|| Für den Farbenwechsel bei den Beilagen-Tabellen
+*/
+
+table.attachmenttable tr.s
+{ 
+  background-color: lightgrey;
+}
+
+/*
+|| Farbe der Titelzeile bei den Beilagen-Tabellen
+*/
+
+table.attachmenttable thead
+{ 
+  background-color: #aaaaaa;
+}
+
+/*
+|| Aktuell fokussiertes Eingabefeld visuell hervorheben (Styleguide Anforderung)
+*/
+
+input:focus, input.field:focus, select:focus, textarea:focus {
+   border: 2px solid black;
+}
+   
+select:focus {
+   background-color: #FFFFFE;
+} 
\ No newline at end of file
diff --git a/id/server/auth/src/main/webapp/css/styles_opera.css b/id/server/auth/src/main/webapp/css/styles_opera.css
new file mode 100644
index 000000000..a2ea527bf
--- /dev/null
+++ b/id/server/auth/src/main/webapp/css/styles_opera.css
@@ -0,0 +1,11 @@
+/*
+|| In Opera funktioniert das Aus- und Einblenden von HTML-Bloecken
+|| mittels JavaScript-Zugriff auf DOM-Objekte nicht, daher muss
+|| die Definition der Klasse .hide in diesem Browser durch eine
+|| "sichtbare" Definition ueberlagert werden
+*/
+
+.hide {
+	visibility: visible;
+	display: block;
+}
\ No newline at end of file
diff --git a/id/server/auth/src/main/webapp/img/egov_schrift.gif b/id/server/auth/src/main/webapp/img/egov_schrift.gif
new file mode 100644
index 000000000..aea64ef5e
Binary files /dev/null and b/id/server/auth/src/main/webapp/img/egov_schrift.gif differ
diff --git a/id/server/auth/src/main/webapp/img/info.gif b/id/server/auth/src/main/webapp/img/info.gif
new file mode 100644
index 000000000..f9e1bb00f
Binary files /dev/null and b/id/server/auth/src/main/webapp/img/info.gif differ
diff --git a/id/server/auth/src/main/webapp/img/rufezeichen.gif b/id/server/auth/src/main/webapp/img/rufezeichen.gif
new file mode 100644
index 000000000..fbad8d758
Binary files /dev/null and b/id/server/auth/src/main/webapp/img/rufezeichen.gif differ
diff --git a/id/server/auth/src/main/webapp/img/stern.gif b/id/server/auth/src/main/webapp/img/stern.gif
new file mode 100644
index 000000000..77c53d1c3
Binary files /dev/null and b/id/server/auth/src/main/webapp/img/stern.gif differ
diff --git a/id/server/auth/src/main/webapp/javascript/fa.js b/id/server/auth/src/main/webapp/javascript/fa.js
new file mode 100644
index 000000000..ffa4031b1
--- /dev/null
+++ b/id/server/auth/src/main/webapp/javascript/fa.js
@@ -0,0 +1,8 @@
+function deactivateApplicant( ) {
+	if ( document.formular.familienname.value != '' )
+		toggleActive( document.formular.familienname, 'deactive' );
+	if ( document.formular.vorname.value != '' )
+		toggleActive( document.formular.vorname, 'deactive' );
+	if ( document.formular.geburtsdatum.value != '' && document.formular.geburtsdatum.value != 'JJJJ-MM-TT' )
+		toggleActive( document.formular.geburtsdatum, 'deactive' );
+}
diff --git a/id/server/auth/src/main/webapp/javascript/formallg.js b/id/server/auth/src/main/webapp/javascript/formallg.js
new file mode 100644
index 000000000..65d7bbedf
--- /dev/null
+++ b/id/server/auth/src/main/webapp/javascript/formallg.js
@@ -0,0 +1,315 @@
+/*
+|| Die Funktion displayElement() macht ein verstecktes HTML-Element sichtbar.
+|| Das HTML-Element ist in aller Regel ein mit <div> ... </div> umspannter
+|| HTML-Abschnitt.
+||
+|| IN-Parameter: element_id ... ID des sichtbarzumachenden HTML-Elements
+||
+*/
+
+function displayElement( element_id ) {
+	if ( notNN4( ) )
+	{
+		var elementToDisplay = document.getElementById( element_id );
+		elementToDisplay.className = 'show';
+	}
+}
+
+
+
+/*
+|| Die Funktion hideElement() macht ein HTML-Element unsichtbar.
+|| Das HTML-Element ist in aller Regel ein mit <div> ... </div> umspannter
+|| HTML-Abschnitt.
+||
+|| IN-Parameter: element_id ... ID des zu versteckenden HTML-Elements
+||
+*/
+
+function hideElement( element_id ) {
+	if ( notNN4( ) )
+	{
+		var elementToHide = document.getElementById( element_id );
+		elementToHide.className = 'hide';
+	}
+}
+
+
+
+/*
+|| Die Funktion resetValue() setzt Radiobuttons, Dropdown-Menues und Checkboxes auf ihre
+|| Ausgangswerte (beim Laden des Formulars) zurueck.
+||
+|| IN-Parameter: element ... Radiobutton-, Dropdown- oder Checkbox-Element
+||
+*/
+
+function resetValue( element ) {
+	for ( var i = 0; i < element.length; i++ )
+	{
+		element[i].checked = element[i].defaultChecked;
+		element[i].selected = element[i].defaultSelected;
+	}
+}
+
+
+
+/*
+|| Die Funktion toggleDisplay() invertiert die Sichtbarkeit eines
+|| HTML-Elements.
+|| Das HTML-Element ist in aller Regel ein mit <div> ... </div> umspannter
+|| HTML-Abschnitt.
+||
+|| IN-Parameter: element_id ... ID des zu invertierenden HTML-Elements
+||
+*/
+
+function toggleDisplay( element_id ) {
+	if ( notNN4( ) )
+	{
+		var elementToToggle = document.getElementById( element_id );
+		var elementClass = elementToToggle.className;
+		if ( elementClass == 'hide' )
+			elementToToggle.className = "display";
+		else
+			elementToToggle.className = "hide";
+	}
+}
+
+/*
+|| Die Funktion toggleActive() setzt das Attribut 'readonly' eines
+|| HTML-Eingabeelements.
+||
+|| IN-Parameter: element ... HTML-Eingabeelement
+|| IN-Parameter: status ... entweder 'active' oder 'deactive'
+||
+*/
+
+function toggleActive( element, status ) {
+
+	if ( notNN4( ) )
+	{
+ 		var elementToToggle = document.getElementById( element.id );
+
+ 		if ( status == 'active' )
+ 		{
+ 			element.readOnly = false;
+ 			elementToToggle.className = "active";
+ 		}
+ 		else
+ 		{
+ 			element.readOnly = true;
+ 			elementToToggle.className = "deactive";
+ 		}
+	}
+}
+
+
+
+/*
+|| Die Funktion changeActivity() setzt das Attribut 'readonly' eines
+|| HTML-Eingabeelements in Abhaengigkeit des Uebergabeparameters 'value'.
+||
+|| IN-Parameter: value ... Wert eines HTML-Eingabelements
+|| IN-Parameter: element ... HTML-Eingabeelement
+||
+*/
+
+function changeActivity( value, element ) {
+	if ( value == null || value == '' )
+		toggleActive( element, 'active' );
+	else
+		toggleActive( element, 'deactive' );
+}
+
+
+
+/*
+|| Die Funktion pasteValueAndDeactivate() setzt den Wert eines HTML-Eingabeelements
+|| und setzt das Attribut 'readonly', je nachdem ob der uebergebene Wert ungleich
+|| dem Leerstring ist oder nicht.
+||
+|| IN-Parameter: value ... zu setzender Wert
+|| IN-Parameter: element ... HTML-Eingabeelement
+||
+*/
+
+function pasteValueAndDeactivate( value, element ) {
+	if ( notNN4( ) )
+	{
+		var elementToSet = document.getElementById( element.id );
+		elementToSet.value = value;
+		if ( value != null && value != '' )
+		{
+			element.readOnly = true;
+			elementToSet.className = "deactive";
+		}
+		else
+		{
+			element.readOnly = false;
+			elementToSet.className = "active";
+		}
+	}
+}
+
+
+
+/*
+|| Die Funktion popitup() oeffnet im Browser links oben ein Fenster
+|| mit bestimmten Eigenschaften (keine Statuszeile, kein Browsermenue, etc.).
+|| URL und Groesse des Fensters werden als Parameter uebergeben.
+||
+|| IN-Parameter: url ... in dem Fenster zu oeffnende URL
+|| IN-Parameter: win_width ... Breite des zu oeffnenden Fensters
+|| IN-Parameter: win_height ... Hoehe des zu oeffnenden Fensters
+||
+*/
+
+function popitup( url, win_width, win_height ) {
+	var features = "resizable, scrollbars=yes,status=no, menubar=no, toolbar=no, screenX=20, screenY=20, width=" + win_width + ", height=" + win_height;
+	newwindow=window.open( url, 'Info', features );
+	/* die folgende Anweisung verursacht im IE eine Zugriffsverletzung, daher auskommentiert! */
+	// newwindow.moveTo( 20, 20);
+	if ( window.focus )
+		newwindow.focus( );
+}
+
+
+
+/*
+|| Die Funktion initialize() deaktiviert das StyleSheet styles_opera.css (ausser fuer Opera).
+|| Ausserdem werden in Browsern, die JavaScript aktiviert haben, die Icon-Info-Links durch href-Werte ersetzt,
+|| die kein neues Browser-Fenster, sondern ein kleines Fenster oeffnen (s. Funktion javascriptWindows).
+|| Der Parameter url hat entweder den Wert http://www.help.gv.at/formulare/infotexte/ oder
+|| http://e-www.help.gv.at/linkdb/formulare/infotexte/, je nachdem in welcher Umgebung man sich befindet
+*/
+
+function initialize( url ) {
+	if ( notNN4( ) ) {
+            if (document.getElementsByTagName) {
+                  if ( document.getElementsByTagName('link').length > 1 )
+			{
+				document.getElementsByTagName('link')[1].disabled = true;
+				javascriptWindows( url );
+			}
+		  schattieren( );
+		}
+      }
+}
+
+
+/*
+|| Die Funktion javascriptWindows() ersetzt in den Formularen bei aktiviertem JavaScript
+|| die Links bei den Infobuttons durch window.open-Befehle, so dass diese Infotexte in
+|| einem kleinen Fenster im Browser links oben geoeffnet werden.
+|| Der Parameter url hat entweder den Wert http://www.help.gv.at/formulare/infotexte/ oder
+|| http://e-www.help.gv.at/linkdb/formulare/infotexte/, je nachdem in welcher Umgebung man sich befindet.
+*/
+
+function javascriptWindows( url ) {
+	var aElement,
+	    href,
+	    newHref,
+	    lastIndex;
+	if ( notNN4( ) )
+	{
+		for ( var i = 0; i < document.getElementsByTagName( 'a' ).length; i++ )
+		{
+			aElement = document.getElementsByTagName( 'a' )[i];
+			href = aElement.href;
+			if ( href.indexOf( 'info_' ) != -1 )
+			{
+				lastIndex = href.lastIndexOf( '/' );
+				newHref = href.substring( lastIndex + 1 );
+				newHref = "javascript:popitup('" + url + newHref + "',660,500);";
+				aElement.setAttribute( 'href', newHref );
+				aElement.setAttribute( 'target', '_self' );
+			}
+		}
+	}
+}
+
+/*
+|| Die Funktion submitButton() erzeugt einen Submit-Button, der ein automatisches
+|| Abschicken verhindert, wenn der User in einem Eingabefeld die Return-Taste
+|| betaetigt.
+|| Wurde durch die Funktion generateButton() abgeloest.
+*/
+
+function submitButton( ) {
+  document.writeln('<input type="button" name="JavaScriptButton" value="Senden" class="button" ' +
+                   'onclick="document.formular.Senden.value=\'Senden\'; document.formular.submit()" ' +
+                   'onkeypress="document.formular.Senden.value=\'Senden\'; document.formular.submit()" />');
+}
+
+/*
+|| Die Funktion cancelButton() erzeugt einen Abbrechen-Button, der ein automatisches
+|| Abschicken verhindert, wenn der User in einem Eingabefeld die Return-Taste
+|| betaetigt.
+|| Wurde durch die Funktion generateButton() abgeloest.
+*/
+
+function cancelButton( ) {
+  document.writeln('<input type="button" name="JavaScriptButton" value="Abbrechen" class="button" ' +
+                   'onclick="document.formular.Senden.value=\'Abbrechen\'; document.formular.submit()" ' +
+                   'onkeypress="document.formular.Senden.value=\'Abbrechen\'; document.formular.submit()" />');
+}
+
+/*
+|| Die Funktion generateButton() erzeugt einen Button, der ein automatisches
+|| Abschicken verhindert, wenn der User in einem Eingabefeld die Return-Taste
+|| betaetigt. Die Art des Buttons wird durch den uebergebenen Wert bestimmt.
+|| Moegliche Werte: Senden, Abbrechen, Signieren, etc.
+*/
+
+function generateButton( kind ) {
+
+  document.write('<input type="button" name="JavaScriptButton" value="' + kind + '" class="button" ' +
+                   'onclick="' );
+  if ( kind == 'Druckversion' )
+    document.write( 'document.formular.target=\'_blank\' ;' );
+  else
+    document.write( 'document.formular.target=\'_self\' ; ' );
+  document.write( 'document.formular.Senden.value=\'' + kind + '\'; document.formular.submit()" ' +
+                   'onkeypress="' );
+  if ( kind == 'Druckversion' )
+    document.write( 'document.formular.target=\'_blank\'; ' );
+  else
+    document.write( 'document.formular.target=\'_self\';' );
+  document.writeln( 'document.formular.Senden.value=\'' + kind + '\'; document.formular.submit()" />');
+
+}
+
+/*
+|| Die Funktion NN4 testet, ob es sich bei dem Browser um einen Netscape
+|| Navigator der Version 4 handelt.
+*/
+
+function notNN4( ) {
+	return ( ! document.layers );
+}
+
+/*
+|| Die Funktion schattieren setzt in den Beilagen-Tabellen abwechselnd Farben
+|| Quelle: Andreas Borutta, http://borumat.de/html/tab-schattieren.php
+*/
+
+
+function schattieren () {
+var tabelle=document.getElementsByTagName("table");
+  for(i=0; i<=tabelle.length-1; i++) {
+    var klasse=tabelle[i].className;
+    var pos1=klasse.indexOf("attachmenttable");
+    if (pos1 > -1) {
+      pos1=klasse.indexOf("ab_");
+      if (pos1 > -1 ) var von=parseInt(klasse.substr(pos1+3,2));
+      else var von=3;
+      var pos2=klasse.indexOf("fuss_");
+      if (pos2 > -1 ) var fuss=parseInt(klasse.substr(pos2+5,2));
+      else var fuss=0;
+      var reihe=tabelle[i].getElementsByTagName("tr");
+      for (j=von -1; j<=reihe.length -fuss -1; j=j+2)
+        reihe[j].className="s";
+    } //endIf
+  } //endFor
+} //endFunc
diff --git a/id/server/auth/src/main/wsdl/MOA-ID-1.0.wsdl b/id/server/auth/src/main/wsdl/MOA-ID-1.0.wsdl
new file mode 100644
index 000000000..5751b3e58
--- /dev/null
+++ b/id/server/auth/src/main/wsdl/MOA-ID-1.0.wsdl
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/ http://schemas.xmlsoap.org/wsdl/">
+	<import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="MOA-20020812.xsd"/>
+	<message name="GetAuthenticationDataInput">
+		<part name="body" element="samlp:Request"/>
+	</message>
+	<message name="GetAuthenticationDataOutput">
+		<part name="body" element="samlp:Response"/>
+	</message>
+	<message name="MOAFault">
+		<part name="body" element="moa:ErrorResponse"/>
+	</message>
+	<portType name="IdentificationPortType">
+		<operation name="getAuthenticationData">
+			<input message="tns:GetAuthenticationDataInput"/>
+			<output message="tns:GetAuthenticationDataOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+	</portType>
+	<binding name="IdentificationBinding" type="tns:IdentificationPortType" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/soap/ http://schemas.xmlsoap.org/wsdl/soap/">
+		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+		<operation name="getAuthenticationData">
+			<soap:operation soapAction="urn:GetAuthenticationDataAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="MOAFault" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+	</binding>
+	<service name="GetAuthenticationDataService">
+		<port name="IdentificationPort" binding="tns:IdentificationBinding">
+			<soap:address location="http://localhost/moa-id-auth/services/GetAuthenticationData"/>
+		</port>
+	</service>
+</definitions>
diff --git a/id/server/auth/src/main/wsdl/MOA-ID-1.x.wsdl b/id/server/auth/src/main/wsdl/MOA-ID-1.x.wsdl
new file mode 100644
index 000000000..5466a0b6f
--- /dev/null
+++ b/id/server/auth/src/main/wsdl/MOA-ID-1.x.wsdl
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/ http://schemas.xmlsoap.org/wsdl/">
+	<import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="MOA-SPSS-1.2.xsd"/>
+	<message name="GetAuthenticationDataInput">
+		<part name="body" element="samlp:Request"/>
+	</message>
+	<message name="GetAuthenticationDataOutput">
+		<part name="body" element="samlp:Response"/>
+	</message>
+	<message name="MOAFault">
+		<part name="body" element="moa:ErrorResponse"/>
+	</message>
+	<portType name="IdentificationPortType">
+		<operation name="getAuthenticationData">
+			<input message="tns:GetAuthenticationDataInput"/>
+			<output message="tns:GetAuthenticationDataOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+	</portType>
+	<binding name="IdentificationBinding" type="tns:IdentificationPortType" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/soap/ http://schemas.xmlsoap.org/wsdl/soap/">
+		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+		<operation name="getAuthenticationData">
+			<soap:operation soapAction="urn:GetAuthenticationDataAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="MOAFault" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+	</binding>
+	<service name="GetAuthenticationDataService">
+		<port name="IdentificationPort" binding="tns:IdentificationBinding">
+			<soap:address location="http://localhost/Identification"/>
+		</port>
+	</service>
+</definitions>
diff --git a/id/server/auth/src/main/wsdl/MOA-SPSS-1.2.xsd b/id/server/auth/src/main/wsdl/MOA-SPSS-1.2.xsd
new file mode 100644
index 000000000..d7a06d6e7
--- /dev/null
+++ b/id/server/auth/src/main/wsdl/MOA-SPSS-1.2.xsd
@@ -0,0 +1,454 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  MOA SP/SS 1.2 Schema
+-->
+<xsd:schema targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2">
+  <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+  <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+  <!--########## Create XML Signature ###-->
+  <!--### Create XML Signature Request ###-->
+  <xsd:element name="CreateXMLSignatureRequest">
+    <xsd:complexType>
+      <xsd:complexContent>
+        <xsd:extension base="CreateXMLSignatureRequestType"/>
+      </xsd:complexContent>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:complexType name="CreateXMLSignatureRequestType">
+    <xsd:sequence>
+      <xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+      <xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+        <xsd:annotation>
+          <xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:element name="DataObjectInfo" maxOccurs="unbounded">
+              <xsd:complexType>
+                <xsd:complexContent>
+                  <xsd:extension base="DataObjectInfoType">
+                    <xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>
+                  </xsd:extension>
+                </xsd:complexContent>
+              </xsd:complexType>
+            </xsd:element>
+            <xsd:element name="CreateSignatureInfo" minOccurs="0">
+              <xsd:complexType>
+                <xsd:sequence>
+                  <xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>
+                  <xsd:choice>
+                    <xsd:annotation>
+                      <xsd:documentation>Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil</xsd:documentation>
+                    </xsd:annotation>
+                    <xsd:element ref="CreateSignatureEnvironmentProfile"/>
+                    <xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>
+                  </xsd:choice>
+                </xsd:sequence>
+              </xsd:complexType>
+            </xsd:element>
+          </xsd:sequence>
+          <xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+        </xsd:complexType>
+      </xsd:element>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--### Create XML Signature Response ###-->
+  <xsd:complexType name="CreateXMLSignatureResponseType">
+    <xsd:choice maxOccurs="unbounded">
+      <xsd:annotation>
+        <xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
+      </xsd:annotation>
+      <xsd:element name="SignatureEnvironment">
+        <xsd:annotation>
+          <xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:any namespace="##any" processContents="lax"/>
+          </xsd:sequence>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element ref="ErrorResponse"/>
+    </xsd:choice>
+  </xsd:complexType>
+  <xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>
+  <!--########## Verify CMS Signature ###-->
+  <!--### Verifiy CMS Signature Request ###-->
+  <xsd:element name="VerifyCMSSignatureRequest">
+    <xsd:complexType>
+      <xsd:complexContent>
+        <xsd:extension base="VerifyCMSSignatureRequestType">
+          <xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
+        </xsd:extension>
+      </xsd:complexContent>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:complexType name="VerifyCMSSignatureRequestType">
+    <xsd:sequence>
+      <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+      <xsd:element name="CMSSignature" type="xsd:base64Binary"/>
+      <xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>
+      <xsd:element name="TrustProfileID">
+        <xsd:annotation>
+          <xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+        </xsd:annotation>
+      </xsd:element>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--### Verify CMS Signature Response ###-->
+  <xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>
+  <xsd:complexType name="VerifyCMSSignatureResponseType">
+    <xsd:sequence maxOccurs="unbounded">
+      <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+        <xsd:annotation>
+          <xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any</xsd:documentation>
+        </xsd:annotation>
+      </xsd:element>
+      <xsd:element name="SignatureCheck" type="CheckResultType"/>
+      <xsd:element name="CertificateCheck" type="CheckResultType"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--########## Verify XML Signature ###-->
+  <!--### Verify XML Signature Request ###-->
+  <xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>
+  <xsd:complexType name="VerifyXMLSignatureRequestType">
+    <xsd:sequence>
+      <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+      <xsd:element name="VerifySignatureInfo">
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>
+            <xsd:element name="VerifySignatureLocation" type="xsd:token"/>
+          </xsd:sequence>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:choice minOccurs="0" maxOccurs="unbounded">
+        <xsd:element ref="SupplementProfile"/>
+        <xsd:element name="SupplementProfileID" type="xsd:string"/>
+      </xsd:choice>
+      <xsd:element name="SignatureManifestCheckParams" minOccurs="0">
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">
+              <xsd:annotation>
+                <xsd:documentation>Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.</xsd:documentation>
+              </xsd:annotation>
+            </xsd:element>
+          </xsd:sequence>
+          <xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="ReturnHashInputData" minOccurs="0"/>
+      <xsd:element name="TrustProfileID">
+        <xsd:annotation>
+          <xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+        </xsd:annotation>
+      </xsd:element>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--### Verify XML Signature Response ###-->
+  <xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>
+  <xsd:complexType name="VerifyXMLSignatureResponseType">
+    <xsd:sequence>
+      <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+        <xsd:annotation>
+          <xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any</xsd:documentation>
+        </xsd:annotation>
+      </xsd:element>
+      <xsd:element name="HashInputData" type="ContentExLocRefBaseType" minOccurs="0" maxOccurs="unbounded"/>
+      <xsd:element name="ReferenceInputData" type="ContentExLocRefBaseType" minOccurs="0" maxOccurs="unbounded"/>
+      <xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
+      <xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
+      <xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
+      <xsd:element name="CertificateCheck" type="CheckResultType"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:simpleType name="ProfileIdentifierType">
+    <xsd:restriction base="xsd:token"/>
+  </xsd:simpleType>
+  <xsd:complexType name="MetaInfoType">
+    <xsd:sequence>
+      <xsd:element name="MimeType" type="MimeTypeType"/>
+      <xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>
+      <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="FinalDataMetaInfoType">
+    <xsd:complexContent>
+      <xsd:extension base="MetaInfoType">
+        <xsd:sequence>
+          <xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>
+        </xsd:sequence>
+      </xsd:extension>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <xsd:complexType name="DataObjectInfoType">
+    <xsd:sequence>
+      <xsd:element name="DataObject">
+        <xsd:complexType>
+          <xsd:complexContent>
+            <xsd:extension base="ContentOptionalRefType"/>
+          </xsd:complexContent>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:choice>
+        <xsd:annotation>
+          <xsd:documentation>Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil</xsd:documentation>
+        </xsd:annotation>
+        <xsd:element ref="CreateTransformsInfoProfile"/>
+        <xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>
+      </xsd:choice>
+    </xsd:sequence>
+    <xsd:attribute name="Structure" use="required">
+      <xsd:simpleType>
+        <xsd:restriction base="xsd:string">
+          <xsd:enumeration value="detached"/>
+          <xsd:enumeration value="enveloping"/>
+        </xsd:restriction>
+      </xsd:simpleType>
+    </xsd:attribute>
+  </xsd:complexType>
+  <xsd:complexType name="TransformsInfoType">
+    <xsd:sequence>
+      <xsd:element ref="dsig:Transforms" minOccurs="0"/>
+      <xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="XMLDataObjectAssociationType">
+    <xsd:sequence>
+      <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+      <xsd:element name="Content" type="ContentRequiredRefType"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="CMSDataObjectOptionalMetaType">
+    <xsd:sequence>
+      <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+      <xsd:element name="Content" type="CMSContentBaseType"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="CMSContentBaseType">
+    <xsd:complexContent>
+      <xsd:restriction base="ContentOptionalRefType">
+        <xsd:choice minOccurs="0">
+          <xsd:element name="Base64Content" type="xsd:base64Binary"/>
+        </xsd:choice>
+      </xsd:restriction>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <xsd:complexType name="CheckResultType">
+    <xsd:sequence>
+      <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+      <xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="ReferencesCheckResultType">
+    <xsd:complexContent>
+      <xsd:restriction base="CheckResultType">
+        <xsd:sequence>
+          <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+          <xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>
+        </xsd:sequence>
+      </xsd:restriction>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">
+    <xsd:complexContent mixed="true">
+      <xsd:restriction base="AnyChildrenType">
+        <xsd:sequence>
+          <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+          <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+        </xsd:sequence>
+      </xsd:restriction>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <xsd:complexType name="ManifestRefsCheckResultType">
+    <xsd:complexContent>
+      <xsd:restriction base="CheckResultType">
+        <xsd:sequence>
+          <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+          <xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
+        </xsd:sequence>
+      </xsd:restriction>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">
+    <xsd:complexContent mixed="true">
+      <xsd:restriction base="AnyChildrenType">
+        <xsd:sequence>
+          <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+          <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+          <xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>
+        </xsd:sequence>
+      </xsd:restriction>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <!--########## Error Response ###-->
+  <xsd:element name="ErrorResponse" type="ErrorResponseType">
+    <xsd:annotation>
+      <xsd:documentation>Resultat, falls die Signaturerstellung gescheitert ist</xsd:documentation>
+    </xsd:annotation>
+  </xsd:element>
+  <xsd:complexType name="ErrorResponseType">
+    <xsd:sequence>
+      <xsd:element name="ErrorCode" type="xsd:integer"/>
+      <xsd:element name="Info" type="xsd:string"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <!--########## Auxiliary Types ###-->
+  <xsd:simpleType name="KeyIdentifierType">
+    <xsd:restriction base="xsd:string"/>
+  </xsd:simpleType>
+  <xsd:simpleType name="KeyStorageType">
+    <xsd:restriction base="xsd:string">
+      <xsd:enumeration value="Software"/>
+      <xsd:enumeration value="Hardware"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+  <xsd:simpleType name="MimeTypeType">
+    <xsd:restriction base="xsd:token"/>
+  </xsd:simpleType>
+  <xsd:complexType name="AnyChildrenType" mixed="true">
+    <xsd:sequence>
+      <xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="XMLContentType" mixed="true">
+    <xsd:complexContent mixed="true">
+      <xsd:extension base="AnyChildrenType">
+        <xsd:attribute ref="xml:space" use="optional"/>
+      </xsd:extension>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <xsd:complexType name="ContentBaseType">
+    <xsd:choice minOccurs="0">
+      <xsd:element name="Base64Content" type="xsd:base64Binary"/>
+      <xsd:element name="XMLContent" type="XMLContentType"/>
+      <xsd:element name="LocRefContent" type="xsd:anyURI"/>
+    </xsd:choice>
+  </xsd:complexType>
+  <xsd:complexType name="ContentExLocRefBaseType">
+    <xsd:complexContent>
+      <xsd:restriction base="ContentBaseType">
+        <xsd:choice minOccurs="0">
+          <xsd:element name="Base64Content" type="xsd:base64Binary"/>
+          <xsd:element name="XMLContent" type="XMLContentType"/>
+        </xsd:choice>
+      </xsd:restriction>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <xsd:complexType name="ContentOptionalRefType">
+    <xsd:complexContent>
+      <xsd:extension base="ContentBaseType">
+        <xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
+      </xsd:extension>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <xsd:complexType name="ContentRequiredRefType">
+    <xsd:complexContent>
+      <xsd:restriction base="ContentOptionalRefType">
+        <xsd:choice minOccurs="0">
+          <xsd:element name="Base64Content" type="xsd:base64Binary"/>
+          <xsd:element name="XMLContent" type="XMLContentType"/>
+          <xsd:element name="LocRefContent" type="xsd:anyURI"/>
+        </xsd:choice>
+        <xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>
+      </xsd:restriction>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <xsd:complexType name="VerifyTransformsDataType">
+    <xsd:choice maxOccurs="unbounded">
+      <xsd:annotation>
+        <xsd:documentation>Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.</xsd:documentation>
+      </xsd:annotation>
+      <xsd:element ref="VerifyTransformsInfoProfile"/>
+      <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">
+        <xsd:annotation>
+          <xsd:documentation>Profilbezeichner für einen Transformationsweg</xsd:documentation>
+        </xsd:annotation>
+      </xsd:element>
+    </xsd:choice>
+  </xsd:complexType>
+  <xsd:element name="QualifiedCertificate"/>
+  <xsd:element name="PublicAuthority" type="PublicAuthorityType"/>
+  <xsd:complexType name="PublicAuthorityType">
+    <xsd:sequence>
+      <xsd:element name="Code" type="xsd:string" minOccurs="0"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:simpleType name="SignatoriesType">
+    <xsd:union memberTypes="AllSignatoriesType">
+      <xsd:simpleType>
+        <xsd:list itemType="xsd:positiveInteger"/>
+      </xsd:simpleType>
+    </xsd:union>
+  </xsd:simpleType>
+  <xsd:simpleType name="AllSignatoriesType">
+    <xsd:restriction base="xsd:string">
+      <xsd:enumeration value="all"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+  <xsd:complexType name="CreateSignatureLocationType">
+    <xsd:simpleContent>
+      <xsd:extension base="xsd:token">
+        <xsd:attribute name="Index" type="xsd:nonNegativeInteger" use="required"/>
+      </xsd:extension>
+    </xsd:simpleContent>
+  </xsd:complexType>
+  <xsd:complexType name="TransformParameterType">
+    <xsd:choice minOccurs="0">
+      <xsd:annotation>
+        <xsd:documentation>Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.</xsd:documentation>
+      </xsd:annotation>
+      <xsd:element name="Base64Content" type="xsd:base64Binary">
+        <xsd:annotation>
+          <xsd:documentation>Der Transformationsparameter explizit angegeben.</xsd:documentation>
+        </xsd:annotation>
+      </xsd:element>
+      <xsd:element name="Hash">
+        <xsd:annotation>
+          <xsd:documentation>Der Hashwert des Transformationsparameters.</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:element ref="dsig:DigestMethod"/>
+            <xsd:element ref="dsig:DigestValue"/>
+          </xsd:sequence>
+        </xsd:complexType>
+      </xsd:element>
+    </xsd:choice>
+    <xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
+  </xsd:complexType>
+  <xsd:element name="CreateSignatureEnvironmentProfile">
+    <xsd:complexType>
+      <xsd:sequence>
+        <xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>
+        <xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
+      </xsd:sequence>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:element name="VerifyTransformsInfoProfile">
+    <xsd:annotation>
+      <xsd:documentation>Explizite Angabe des Transformationswegs</xsd:documentation>
+    </xsd:annotation>
+    <xsd:complexType>
+      <xsd:sequence>
+        <xsd:element ref="dsig:Transforms" minOccurs="0"/>
+        <xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">
+          <xsd:annotation>
+            <xsd:documentation>Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.</xsd:documentation>
+          </xsd:annotation>
+        </xsd:element>
+      </xsd:sequence>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>
+  <xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>
+  <xsd:element name="CreateTransformsInfoProfile">
+    <xsd:complexType>
+      <xsd:sequence>
+        <xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>
+        <xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>
+      </xsd:sequence>
+    </xsd:complexType>
+  </xsd:element>
+</xsd:schema>
diff --git a/id/server/component-idlibs.xml b/id/server/component-idlibs.xml
new file mode 100644
index 000000000..c967690d5
--- /dev/null
+++ b/id/server/component-idlibs.xml
@@ -0,0 +1,39 @@
+<component>
+    <dependencySets>
+      <dependencySet>
+        <includes>
+            <include>iaik.prod:iaik_Pkcs11Wrapper:dll:win32</include>
+        </includes>
+        <outputDirectory>/pkcs11/win32</outputDirectory>
+        <outputFileNameMapping>pkcs11wrapper.${extension}</outputFileNameMapping>
+      </dependencySet>
+      <dependencySet>
+        <includes>
+            <include>iaik.prod:iaik_Pkcs11Wrapper:so:linux</include>
+        </includes>
+        <outputDirectory>/pkcs11/linux</outputDirectory>
+        <outputFileNameMapping>libpkcs11wrapper.${extension}</outputFileNameMapping>
+      </dependencySet>
+      <dependencySet>
+        <includes>
+            <include>iaik.prod:iaik_Pkcs11Wrapper:so:solaris_sparc</include>
+        </includes>
+        <outputDirectory>/pkcs11/solaris_sparc</outputDirectory>
+        <outputFileNameMapping>libpkcs11wrapper.${extension}</outputFileNameMapping>
+      </dependencySet>
+      <dependencySet>
+        <includes>
+            <include>iaik.prod:iaik_Pkcs11Wrapper:so:solaris_sparcv9</include>
+        </includes>
+        <outputDirectory>/pkcs11/solaris_sparcv9</outputDirectory>
+        <outputFileNameMapping>libpkcs11wrapper.${extension}</outputFileNameMapping>
+      </dependencySet>
+      <dependencySet>
+        <includes>
+            <include>iaik.prod:iaik_Pkcs11Wrapper:dll:wince30arm</include>
+        </includes>
+        <outputDirectory>/pkcs11/wince30arm</outputDirectory>
+        <outputFileNameMapping>pkcs11wrapper.${extension}</outputFileNameMapping>
+      </dependencySet>
+    </dependencySets>
+</component>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index 7e22ee05f..0f3f9dbba 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -1,104 +1,153 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- Beispielkonfiguration fuer MOA-ID ohne Proxy mit Unterstuetzung fuer A-Trust und A1-Signatur  -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
-	<!-- Konfiguration fuer MOA-ID-AUTH -->
-	<AuthComponent>
-		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-		<BKUSelection BKUSelectionAlternative="HTMLSelect">
-			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-			<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			</ConnectionParameter>
-		</BKUSelection>
-		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
-		<!--Templates>
-			<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
-			<Template URL="sampleTemplates/SampleTemplate.html"/>
-		</Templates-->
-		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
-		<SecurityLayer>
-	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
-	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
-	
-	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-		</SecurityLayer>
-		<MOA-SP>
-			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
-			Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
-			<!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
-			<!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
-			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-			<!-- </ConnectionParameter> -->
-			
-			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-			<VerifyIdentityLink>
-				<TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
-			</VerifyIdentityLink>
-			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-			<VerifyAuthBlock>	
-				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
+  <!-- Konfiguration fuer MOA-ID-AUTH -->
+  <AuthComponent>
+    <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+    <BKUSelection BKUSelectionAlternative="HTMLSelect">
+      <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+        <!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+      </ConnectionParameter>
+    </BKUSelection>
+    <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
+    <Templates>
+      <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+      <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+      <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+    </Templates>
+    <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+    <SecurityLayer>
+      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+    </SecurityLayer>
+    <MOA-SP>
+      <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+           Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+      <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
+      <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
+      <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+      <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+      <!-- </ConnectionParameter> -->
+      <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+      <VerifyIdentityLink>
+        <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
+      </VerifyIdentityLink>
+      <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+      <VerifyAuthBlock>
+        <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
+        <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+        <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+        <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+      </VerifyAuthBlock>
+    </MOA-SP>
+    
+    <VerifyInfoboxes>
+      <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+        <FriendlyName>Vollmachten</FriendlyName>
+        <ApplicationSpecificParameters>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
+          <CompatibilityMode>true</CompatibilityMode>
+          <!--
+          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
+            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
+            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
+          </ConnectionParameter>
+          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
+          -->
+          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
+          <EnableInfoboxValidator>false</EnableInfoboxValidator>
+          <PartyRepresentation>
+            <!-- Standardklasse, die Daten vervollstaendigt -->
+            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
+            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
+            <!--AlwaysShowForm>true</AlwaysShowForm-->
+            <!-- Standard-Stammzahlenregister-Gateway -->
+            <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation">
+              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
+              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
+            </ConnectionParameter>
+            <!-- Notare -->
+            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+            <!-- Rechtsanwaelte -->
+            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+            <!-- Ziviltechniker -->
+            <!--
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+              <!- - Standardklasse, die Daten vervollstaendigt - ->
+              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
+              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
+              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
+              <!- - Standard-Stammzahlenregister-Gateway - ->
+              <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
+                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
+                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
+              </ConnectionParameter>
+            </PartyRepresentative>
+            -->
+            <!-- Organwalter -->
+            <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
+          </PartyRepresentation>
+        </ApplicationSpecificParameters>
+      </Infobox>
+    </VerifyInfoboxes>
+    
+  </AuthComponent>
 
-				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
-				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
-				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
 
-				<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
-				<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
-			</VerifyAuthBlock>
-		</MOA-SP>
+  <!-- Eintragung fuer jede Online-Applikation -->
+  <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
+  <OnlineApplication publicURLPrefix="https://localhost:8443/">
+    <!-- fuer MOA-ID-AUTH -->
+    <AuthComponent>
+      <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+           &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
+           nur f&uuml;r diese Online Applikation<-->
+      <Templates>
+        <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+        <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+        <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+      </Templates>
+      <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+    </AuthComponent>
+  </OnlineApplication>
 
-	</AuthComponent>
-	
-	<!-- Eintragung fuer jede Online-Applikation -->
-	<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
-	<OnlineApplication publicURLPrefix="https://localhost:8443/">
-		<!-- fuer MOA-ID-AUTH -->
-		<AuthComponent>
-			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        	&quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
-			<!--Templates>
-				<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
-				<Template URL="sampleTemplates/SampleTemplate.html"/>
-			</Templates-->
-			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-
-	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-		</AuthComponent>
-	</OnlineApplication>
-	
-	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
-	<ChainingModes systemDefaultMode="pkix">
-	</ChainingModes>
-	
-	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+  <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+  <ChainingModes systemDefaultMode="pkix">
+  </ChainingModes>
+  
+  <!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
        zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
-	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
-
-	<!-- Cache-Verzeichnis fuer-Zertifikate -->
-	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
-	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
-	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
-	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
-	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
-	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
-	
-	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> 
-	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
-	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
-	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+  <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+  
+  <!-- Cache-Verzeichnis fuer-Zertifikate -->
+  <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+  <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+  <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+  <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+  <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+  <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+  
+  <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+  <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+  <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+  <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index 6dab6911a..ab99176dd 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -1,126 +1,173 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer A-Trust und A1-Signatur 
-		 Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt -->
+<!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer A-Trust und A1-Signatur -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
-	<!-- Konfiguration fuer MOA-ID-AUTH -->
-	<AuthComponent>
-		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-		<BKUSelection BKUSelectionAlternative="HTMLSelect">
-			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-			<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			</ConnectionParameter>
-		</BKUSelection>
-		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
-		<!--Templates>
-			<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
-			<Template URL="sampleTemplates/SampleTemplate.html"/>
-		</Templates-->
-		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
-		<SecurityLayer>
-	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
-	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
-	
-	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-		</SecurityLayer>
-		<MOA-SP>
-			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
-			Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
-			<!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
-			<!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
-			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-			<!-- </ConnectionParameter> -->
-			
-			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-			<VerifyIdentityLink>
-				<TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
-			</VerifyIdentityLink>
-			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-			<VerifyAuthBlock>	
-				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
+  <!-- Konfiguration fuer MOA-ID-AUTH -->
+  <AuthComponent>
+    <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+    <BKUSelection BKUSelectionAlternative="HTMLSelect">
+      <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+        <!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+      </ConnectionParameter>
+    </BKUSelection>
+    <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
+    <Templates>
+      <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+      <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+      <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+    </Templates>
+    <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+    <SecurityLayer>
+      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+    </SecurityLayer>
+    <MOA-SP>
+      <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+           Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+      <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
+      <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
+      <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+      <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+      <!-- </ConnectionParameter> -->
+      <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+      <VerifyIdentityLink>
+        <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
+      </VerifyIdentityLink>
+      <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+      <VerifyAuthBlock>
+        <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
+        <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+        <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+        <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+      </VerifyAuthBlock>
+    </MOA-SP>
+    
+    <VerifyInfoboxes>
+      <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+        <FriendlyName>Vollmachten</FriendlyName>
+        <ApplicationSpecificParameters>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
+          <CompatibilityMode>true</CompatibilityMode>
+          <!--
+          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
+            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
+            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
+          </ConnectionParameter>
+          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
+          -->
+          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
+          <EnableInfoboxValidator>false</EnableInfoboxValidator>
+          <PartyRepresentation>
+            <!-- Standardklasse, die Daten vervollstaendigt -->
+            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
+            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
+            <!--AlwaysShowForm>true</AlwaysShowForm-->
+            <!-- Standard-Stammzahlenregister-Gateway -->
+            <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation">
+              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
+              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
+            </ConnectionParameter>
+            <!-- Notare -->
+            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+            <!-- Rechtsanwaelte -->
+            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+            <!-- Ziviltechniker -->
+            <!--
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+              <!- - Standardklasse, die Daten vervollstaendigt - ->
+              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
+              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
+              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
+              <!- - Standard-Stammzahlenregister-Gateway - ->
+              <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
+                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
+                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
+              </ConnectionParameter>
+            </PartyRepresentative>
+            -->
+            <!-- Organwalter -->
+            <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
+          </PartyRepresentation>
+        </ApplicationSpecificParameters>
+      </Infobox>
+    </VerifyInfoboxes>
+    
+  </AuthComponent>
 
-				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
-				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
-				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+  <!-- Konfiguration fuer MOA-ID-PROXY -->
+  <ProxyComponent>
+    <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+    <AuthComponent>
+      <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+        <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+        <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+      </ConnectionParameter>
+    </AuthComponent>
+  </ProxyComponent>
+  
+  
+  <!-- Eintragung fuer jede Online-Applikation -->
+  <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
+  <OnlineApplication publicURLPrefix="https://localhost:8443/">
+    <!-- fuer MOA-ID-AUTH -->
+    <AuthComponent>
+      <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+           &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
+           nur f&uuml;r diese Online Applikation<-->
+      <Templates>
+        <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+        <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+        <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+      </Templates>
+      <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+    </AuthComponent>
+    <!-- fuer MOA-ID-PROXY -->
+    <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
+      <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
+      <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+      <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
+        <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+        <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+      </ConnectionParameter>
+    </ProxyComponent>
+  </OnlineApplication>
 
-				<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
-				<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
-			</VerifyAuthBlock>
-		</MOA-SP>
+  <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+  <ChainingModes systemDefaultMode="pkix">
+  </ChainingModes>
 
-	</AuthComponent>
-	
-	<!-- Konfiguration fuer MOA-ID-PROXY -->
-	<ProxyComponent>
-		<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
-		<AuthComponent>
-			<ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
-			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-			</ConnectionParameter>
-		</AuthComponent>
-	</ProxyComponent>
-
-	<!-- Eintragung fuer jede Online-Applikation -->
-	<!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
-	<OnlineApplication publicURLPrefix="https://localhost:8443/">
-		<!-- fuer MOA-ID-AUTH -->
-		<AuthComponent>
-			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        	&quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
-			<!--Templates>
-				<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
-				<Template URL="sampleTemplates/SampleTemplate.html"/>
-			</Templates-->
-			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-
-	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-		</AuthComponent>
-		<!-- fuer MOA-ID-PROXY -->
-		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
-		<!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
-			<!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
-			<ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
-			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-			</ConnectionParameter>
-		</ProxyComponent>
-	</OnlineApplication>
-	
-	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
-	<ChainingModes systemDefaultMode="pkix">
-	</ChainingModes>
-	
-	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
-	     fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird 
+  <!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+       fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird 
        zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
-	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+  <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
 
-	<!-- Cache-Verzeichnis fuer-Zertifikate -->
-	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
-	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
-	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
-	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
-	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
-	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
-	
-	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> 
-	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
-	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
-	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+  <!-- Cache-Verzeichnis fuer-Zertifikate -->
+  <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+  <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+  <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+  <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+  <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+  <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+  <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+  <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+  <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+  <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index f8dd375d1..25485432d 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -1,113 +1,162 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- Beispielkonfiguration fuer MOA-ID ohne Proxy mit Unterstuetzung fuer 
-	 A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext
-      -->
+     A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext
+-->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
-	<!-- Konfiguration fuer MOA-ID-AUTH -->
-	<AuthComponent>
-		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-		<BKUSelection BKUSelectionAlternative="HTMLSelect">
-			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-			<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			</ConnectionParameter>
-		</BKUSelection>
-		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
-		<!--Templates>
-			<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
-			<Template URL="sampleTemplates/SampleTemplate.html"/>
-		</Templates-->
-		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
-		<SecurityLayer>
-	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
-	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
-	
-	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-		</SecurityLayer>
-		<MOA-SP>
-			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
-			Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
-			<!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
-			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-			<!-- </ConnectionParameter> -->
-			
-			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-			<VerifyIdentityLink>
-				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
-				<TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
-			</VerifyIdentityLink>
-			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-			<VerifyAuthBlock>	
-				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
+  <!-- Konfiguration fuer MOA-ID-AUTH -->
+  <AuthComponent>
+    <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+    <BKUSelection BKUSelectionAlternative="HTMLSelect">
+      <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+        <!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+      </ConnectionParameter>
+    </BKUSelection>
+    <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
+    <Templates>
+      <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+      <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+      <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+    </Templates>
+    <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+    <SecurityLayer>
+      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+    </SecurityLayer>
+    <MOA-SP>
+      <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+           Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+      <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
+      <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+      <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+      <!-- </ConnectionParameter> -->
+      <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+      <VerifyIdentityLink>
+        <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
+        <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
+      </VerifyIdentityLink>
+      <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+      <VerifyAuthBlock>
+        <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+        <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
+        <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+        <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+        <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+      </VerifyAuthBlock>
+    </MOA-SP>
 
-				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
-				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
-				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+    <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
+    <!-- IdentityLinkSigners-->
+    <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+    <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
+    <!--/IdentityLinkSigners-->
 
-				<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
-				<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
-			</VerifyAuthBlock>
-		</MOA-SP>
+    <VerifyInfoboxes>
+      <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+        <FriendlyName>Vollmachten</FriendlyName>
+        <ApplicationSpecificParameters>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
+          <CompatibilityMode>true</CompatibilityMode>
+          <!--
+          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
+            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
+            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
+          </ConnectionParameter>
+          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
+          -->
+          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
+          <EnableInfoboxValidator>false</EnableInfoboxValidator>
+          <PartyRepresentation>
+            <!-- Standardklasse, die Daten vervollstaendigt -->
+            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
+            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
+            <!--AlwaysShowForm>true</AlwaysShowForm-->
+            <!-- Standard-Stammzahlenregister-Gateway -->
+            <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation">
+              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
+              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
+            </ConnectionParameter>
+            <!-- Notare -->
+            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+            <!-- Rechtsanwaelte -->
+            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+            <!-- Ziviltechniker -->
+            <!--
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+              <!- - Standardklasse, die Daten vervollstaendigt - ->
+              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
+              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
+              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
+              <!- - Standard-Stammzahlenregister-Gateway - ->
+              <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
+                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
+                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
+              </ConnectionParameter>
+            </PartyRepresentative>
+            -->
+            <!-- Organwalter -->
+            <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
+          </PartyRepresentation>
+        </ApplicationSpecificParameters>
+      </Infobox>
+    </VerifyInfoboxes>
 
-		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
-		<!-- IdentityLinkSigners-->
-			<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-			<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
-		<!--/IdentityLinkSigners-->
-	</AuthComponent>
+  </AuthComponent>
 
-	<!-- Eintragung fuer jede Online-Applikation -->
-	<!--  publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden  -->
-	<OnlineApplication publicURLPrefix="https://localhost:8443/">
-		<!-- fuer MOA-ID-AUTH -->
-		<AuthComponent>
-			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        	&quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
-			<!--Templates>
-				<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
-				<Template URL="sampleTemplates/SampleTemplate.html"/>
-			</Templates-->
-			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
 
-	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-		</AuthComponent>
-		
-	</OnlineApplication>
-	
-	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
-	<ChainingModes systemDefaultMode="pkix">
+  <!-- Eintragung fuer jede Online-Applikation -->
+  <!--  publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden  -->
+  <OnlineApplication publicURLPrefix="https://localhost:8443/">
+    <!-- fuer MOA-ID-AUTH -->
+    <AuthComponent>
+      <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+           &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
+           nur f&uuml;r diese Online Applikation<-->
+      <Templates>
+        <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+        <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+        <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+      </Templates>
+      <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+    </AuthComponent>
+  </OnlineApplication>
+
+  <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+  <ChainingModes systemDefaultMode="pkix">
 	</ChainingModes>
-	
-	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+
+  <!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
        zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
-	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+  <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+  <!-- Cache-Verzeichnis fuer-Zertifikate -->
+  <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+  <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+  <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+  <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+  <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+  <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
 
-	<!-- Cache-Verzeichnis fuer-Zertifikate -->
-	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
-	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
-	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
-	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
-	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
-	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
-	
-	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> 
-	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
-	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
-	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+  <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+  <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+  <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+  <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index c60101e8d..05db0b923 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -1,133 +1,182 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer 
-	 A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext
-     Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt -->
+     A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
-	<!-- Konfiguration fuer MOA-ID-AUTH -->
-	<AuthComponent>
-		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-		<BKUSelection BKUSelectionAlternative="HTMLSelect">
-			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-			<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			</ConnectionParameter>
-		</BKUSelection>
-		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
-		<!--Templates>
-			<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
-			<Template URL="sampleTemplates/SampleTemplate.html"/>
-		</Templates-->
-		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
-		<SecurityLayer>
-	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
-	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
-	
-	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-		</SecurityLayer>
-		<MOA-SP>
-			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
-			Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
-			<!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
-			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-			<!-- </ConnectionParameter> -->
-			
-			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-			<VerifyIdentityLink>
-				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
-				<TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
-			</VerifyIdentityLink>
-			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-			<VerifyAuthBlock>	
-				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
+  <!-- Konfiguration fuer MOA-ID-AUTH -->
+  <AuthComponent>
+    <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+    <BKUSelection BKUSelectionAlternative="HTMLSelect">
+      <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+        <!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+      </ConnectionParameter>
+    </BKUSelection>
+    <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
+    <Templates>
+      <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+      <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+      <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+    </Templates>
+    <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+    <SecurityLayer>
+      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+    </SecurityLayer>
+    <MOA-SP>
+      <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+           Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+      <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
+      <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+      <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+      <!-- </ConnectionParameter> -->
+      <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+      <VerifyIdentityLink>
+        <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
+        <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
+      </VerifyIdentityLink>
+      <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+      <VerifyAuthBlock>
+        <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+        <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
+        <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+        <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+        <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+      </VerifyAuthBlock>
+    </MOA-SP>
 
-				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
-				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
-				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+    <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
+    <!-- IdentityLinkSigners-->
+    <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+    <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
+    <!--/IdentityLinkSigners-->
 
-				<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
-				<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
-			</VerifyAuthBlock>
-		</MOA-SP>
+    <VerifyInfoboxes>
+      <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+        <FriendlyName>Vollmachten</FriendlyName>
+        <ApplicationSpecificParameters>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
+          <CompatibilityMode>true</CompatibilityMode>
+          <!--
+          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
+            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
+            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
+          </ConnectionParameter>
+          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
+          -->
+          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
+          <EnableInfoboxValidator>false</EnableInfoboxValidator>
+          <PartyRepresentation>
+            <!-- Standardklasse, die Daten vervollstaendigt -->
+            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
+            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
+            <!--AlwaysShowForm>true</AlwaysShowForm-->
+            <!-- Standard-Stammzahlenregister-Gateway -->
+            <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation">
+              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
+              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
+            </ConnectionParameter>
+            <!-- Notare -->
+            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+            <!-- Rechtsanwaelte -->
+            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+            <!-- Ziviltechniker -->
+            <!--
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+              <!- - Standardklasse, die Daten vervollstaendigt - ->
+              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
+              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
+              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
+              <!- - Standard-Stammzahlenregister-Gateway - ->
+              <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
+                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
+                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
+              </ConnectionParameter>
+            </PartyRepresentative>
+            -->
+            <!-- Organwalter -->
+            <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
+          </PartyRepresentation>
+        </ApplicationSpecificParameters>
+      </Infobox>
+    </VerifyInfoboxes>
 
-		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
-		<!-- IdentityLinkSigners-->
-			<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-			<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
-		<!--/IdentityLinkSigners-->
-	</AuthComponent>
-	
-	<!-- Konfiguration fuer MOA-ID-PROXY -->
-	<ProxyComponent>
-		<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
-		<AuthComponent>
-			<ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
-			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-			</ConnectionParameter>
-		</AuthComponent>
-	</ProxyComponent>
+  </AuthComponent>
 
-	<!-- Eintragung fuer jede Online-Applikation -->
-	<!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
-	<OnlineApplication publicURLPrefix="https://localhost:8443/">
-		<!-- fuer MOA-ID-AUTH -->
-		<AuthComponent>
-			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        	&quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
-			<!--Templates>
-				<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
-				<Template URL="sampleTemplates/SampleTemplate.html"/>
-			</Templates-->
-			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+  <!-- Konfiguration fuer MOA-ID-PROXY -->
+  <ProxyComponent>
+    <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+    <AuthComponent>
+      <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+        <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+        <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+      </ConnectionParameter>
+    </AuthComponent>
+  </ProxyComponent>
 
-	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-		</AuthComponent>
-		<!-- fuer MOA-ID-PROXY -->
-		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
-		<!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
-			<!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
-			<ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
-			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-			</ConnectionParameter>
-		</ProxyComponent>
-	</OnlineApplication>
-	
-	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
-	<ChainingModes systemDefaultMode="pkix">
-	</ChainingModes>
-	
-	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
-	     fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird 
+
+  <!-- Eintragung fuer jede Online-Applikation -->
+  <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
+  <OnlineApplication publicURLPrefix="https://localhost:8443/">
+    <!-- fuer MOA-ID-AUTH -->
+    <AuthComponent>
+      <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+           &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
+           nur f&uuml;r diese Online Applikation<-->
+      <Templates>
+        <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+        <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+        <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+      </Templates>
+      <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+    </AuthComponent>
+    <!-- fuer MOA-ID-PROXY -->
+    <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
+      <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
+      <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+      <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
+        <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+        <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+      </ConnectionParameter>
+    </ProxyComponent>
+  </OnlineApplication>
+
+  <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+  <ChainingModes systemDefaultMode="pkix">
+  </ChainingModes>
+
+  <!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+       fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird 
        zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
-	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+  <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+  <!-- Cache-Verzeichnis fuer-Zertifikate -->
+  <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+  <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+  <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+  <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+  <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+  <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
 
-	<!-- Cache-Verzeichnis fuer-Zertifikate -->
-	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
-	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
-	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
-	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
-	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
-	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
-	
-	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> 
-	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
-	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
-	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+  <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+  <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+  <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+  <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index 9dc42ee2e..0b2fc2189 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -1,112 +1,158 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-WID ohne Proxy mit Unterstuetzung fuer A-Trust und A1-Signatur 
-		 Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt;
-		 Harald Bratko, IAIK -->
+<!-- Beispielkonfiguration fuer MOA-WID ohne Proxy mit Unterstuetzung fuer A-Trust und A1-Signatur -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-	<!-- Konfiguration fuer MOA-ID-AUTH -->
-	<AuthComponent>
-		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-		<BKUSelection BKUSelectionAlternative="HTMLSelect">
-			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-			<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			</ConnectionParameter>
-		</BKUSelection>
-		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
-		<!--Templates>
-			<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
-			<Template URL="sampleTemplates/SampleTemplate.html"/>
-		</Templates-->
-		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
-		<SecurityLayer>
-	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
-	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
-	
-	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-		</SecurityLayer>
-		<MOA-SP>
-			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
-			Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
-			<!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
-			<!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
-			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-			<!-- </ConnectionParameter> -->
-			
-			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-			<VerifyIdentityLink>
-				<TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
-			</VerifyIdentityLink>
-			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-			<VerifyAuthBlock>	
-				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
-
-				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
-				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
-				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
-
-				<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
-				<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
-			</VerifyAuthBlock>
-		</MOA-SP>
-
-	</AuthComponent>
-	
-	<!-- Eintragung fuer jede Online-Applikation -->
-	<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
-	<OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
-		<!-- fuer MOA-ID-AUTH WID Modus -->
-		<AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
-			<!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
-			<IdentificationNumber>
-				<!-- Beispiel Firmenbuchnummer -->
-				<pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
-			</IdentificationNumber>
-			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        	&quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
-			<!--Templates>
-				<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
-				<Template URL="sampleTemplates/SampleTemplate.html"/>
-			</Templates-->
-			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-
-	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-		</AuthComponent>
-				
-	</OnlineApplication>
-	
-	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
-	<ChainingModes systemDefaultMode="pkix">
-	</ChainingModes>
-	
-	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+  <!-- Konfiguration fuer MOA-ID-AUTH -->
+  <AuthComponent>
+    <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+    <BKUSelection BKUSelectionAlternative="HTMLSelect">
+      <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+        <!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+      </ConnectionParameter>
+    </BKUSelection>
+    <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
+    <Templates>
+      <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+      <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+      <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+    </Templates>
+    <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+    <SecurityLayer>
+      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+    </SecurityLayer>
+    <MOA-SP>
+      <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+           Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+      <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
+      <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
+      <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+      <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+      <!-- </ConnectionParameter> -->
+      <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+      <VerifyIdentityLink>
+        <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
+      </VerifyIdentityLink>
+      <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+      <VerifyAuthBlock>
+        <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
+        <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+        <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+        <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+      </VerifyAuthBlock>
+    </MOA-SP>
+    
+    <VerifyInfoboxes>
+      <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+        <FriendlyName>Vollmachten</FriendlyName>
+        <ApplicationSpecificParameters>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
+          <CompatibilityMode>true</CompatibilityMode>
+          <!--
+          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
+            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
+            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
+          </ConnectionParameter>
+          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
+          -->
+          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
+          <EnableInfoboxValidator>false</EnableInfoboxValidator>
+          <PartyRepresentation>
+            <!-- Standardklasse, die Daten vervollstaendigt -->
+            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
+            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
+            <!--AlwaysShowForm>true</AlwaysShowForm-->
+            <!-- Standard-Stammzahlenregister-Gateway -->
+            <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation">
+              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
+              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
+            </ConnectionParameter>
+            <!-- Notare -->
+            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+            <!-- Rechtsanwaelte -->
+            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+            <!-- Ziviltechniker -->
+            <!--
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+              <!- - Standardklasse, die Daten vervollstaendigt - ->
+              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
+              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
+              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
+              <!- - Standard-Stammzahlenregister-Gateway - ->
+              <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
+                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
+                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
+              </ConnectionParameter>
+            </PartyRepresentative>
+            -->
+            <!-- Organwalter -->
+            <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
+          </PartyRepresentation>
+        </ApplicationSpecificParameters>
+      </Infobox>
+    </VerifyInfoboxes>
+    
+  </AuthComponent>
+  
+  
+  <!-- Eintragung fuer jede Online-Applikation -->
+  <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
+  <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
+    <!-- fuer MOA-ID-AUTH WID Modus -->
+    <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
+      <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
+      <IdentificationNumber>
+        <!-- Beispiel Firmenbuchnummer -->
+        <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
+      </IdentificationNumber>
+      <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+           &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
+           nur f&uuml;r diese Online Applikation<-->
+      <Templates>
+        <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+        <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+        <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+      </Templates>
+      <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+    </AuthComponent>
+  </OnlineApplication>
+  
+  <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+  <ChainingModes systemDefaultMode="pkix">
+  </ChainingModes>
+  
+  <!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
        zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
-	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
-
-	<!-- Cache-Verzeichnis fuer-Zertifikate -->
-	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
-	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
-	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
-	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
-	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
-	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
-	
-	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> 
-	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
-	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
-	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+  <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+  
+  <!-- Cache-Verzeichnis fuer-Zertifikate -->
+  <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+  <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+  <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+  <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+  <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+  <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+  
+  <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+  <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+  <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+  <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index e92678b27..8643998d5 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -1,134 +1,179 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-WID mit Unterstuetzung fuer A-Trust und A1-Signatur 
-		 Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt;
-		 Harald Bratko, IAIK -->
+<!-- Beispielkonfiguration fuer MOA-WID mit Unterstuetzung fuer A-Trust und A1-Signatur -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-	<!-- Konfiguration fuer MOA-ID-AUTH -->
-	<AuthComponent>
-		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-		<BKUSelection BKUSelectionAlternative="HTMLSelect">
-			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-			<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			</ConnectionParameter>
-		</BKUSelection>
-		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
-		<!--Templates>
-			<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
-			<Template URL="sampleTemplates/SampleTemplate.html"/>
-		</Templates-->
-		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
-		<SecurityLayer>
-	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
-	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
-	
-	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-		</SecurityLayer>
-		<MOA-SP>
-			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
-			Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
-			<!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
-			<!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
-			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-			<!-- </ConnectionParameter> -->
-			
-			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-			<VerifyIdentityLink>
-				<TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
-			</VerifyIdentityLink>
-			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-			<VerifyAuthBlock>	
-				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
-
-				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
-				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
-				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
-
-				<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
-				<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
-			</VerifyAuthBlock>
-		</MOA-SP>
-
-	</AuthComponent>
-	
-	<!-- Konfiguration fuer MOA-ID-PROXY -->
-	<ProxyComponent>
-		<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
-		<AuthComponent>
-			<ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
-			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-			</ConnectionParameter>
-		</AuthComponent>
-	</ProxyComponent>
-
-
-	<!-- Eintragung fuer jede Online-Applikation -->
-	<!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
-	<OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
-		<!-- fuer MOA-ID-AUTH WID Modus -->
-		<AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
-			<!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
-			<IdentificationNumber>
-				<!-- Beispiel Firmenbuchnummer -->
-				<pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
-			</IdentificationNumber>
-			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        	&quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
-			<!--Templates>
-				<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
-				<Template URL="sampleTemplates/SampleTemplate.html"/>
-			</Templates-->
-			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-
-	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-		</AuthComponent>
-				
-		<!-- fuer MOA-ID-PROXY -->
-		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
-		<!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
-			<!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
-			<ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
-			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-			</ConnectionParameter>
-		</ProxyComponent>
-	</OnlineApplication>
-	
-	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
-	<ChainingModes systemDefaultMode="pkix">
-	</ChainingModes>
-	
-	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
-	     fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird 
+  <!-- Konfiguration fuer MOA-ID-AUTH -->
+  <AuthComponent>
+    <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+    <BKUSelection BKUSelectionAlternative="HTMLSelect">
+      <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+        <!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+      </ConnectionParameter>
+    </BKUSelection>
+    <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
+    <Templates>
+      <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+      <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+      <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+    </Templates>
+    <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+    <SecurityLayer>
+      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+    </SecurityLayer>
+    <MOA-SP>
+      <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+           Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+      <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
+      <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
+      <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+      <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+      <!-- </ConnectionParameter> -->
+      <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+      <VerifyIdentityLink>
+        <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
+      </VerifyIdentityLink>
+      <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+      <VerifyAuthBlock>
+        <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
+        <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+        <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+        <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+      </VerifyAuthBlock>
+    </MOA-SP>
+    
+    <VerifyInfoboxes>
+      <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+        <FriendlyName>Vollmachten</FriendlyName>
+        <ApplicationSpecificParameters>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
+          <CompatibilityMode>true</CompatibilityMode>
+          <!--
+          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
+            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
+            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
+          </ConnectionParameter>
+          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
+          -->
+          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
+          <EnableInfoboxValidator>false</EnableInfoboxValidator>
+          <PartyRepresentation>
+            <!-- Standardklasse, die Daten vervollstaendigt -->
+            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
+            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
+            <!--AlwaysShowForm>true</AlwaysShowForm-->
+            <!-- Standard-Stammzahlenregister-Gateway -->
+            <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation">
+              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
+              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
+            </ConnectionParameter>
+            <!-- Notare -->
+            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+            <!-- Rechtsanwaelte -->
+            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+            <!-- Ziviltechniker -->
+            <!--
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+              <!- - Standardklasse, die Daten vervollstaendigt - ->
+              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
+              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
+              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
+              <!- - Standard-Stammzahlenregister-Gateway - ->
+              <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
+                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
+                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
+              </ConnectionParameter>
+            </PartyRepresentative>
+            -->
+            <!-- Organwalter -->
+            <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
+          </PartyRepresentation>
+        </ApplicationSpecificParameters>
+      </Infobox>
+    </VerifyInfoboxes>
+    
+  </AuthComponent>
+  
+  <!-- Konfiguration fuer MOA-ID-PROXY -->
+  <ProxyComponent>
+    <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+    <AuthComponent>
+      <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+        <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+        <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+      </ConnectionParameter>
+    </AuthComponent>
+  </ProxyComponent>
+  
+  
+  <!-- Eintragung fuer jede Online-Applikation -->
+  <!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
+  <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
+    <!-- fuer MOA-ID-AUTH WID Modus -->
+    <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
+      <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
+      <IdentificationNumber>
+        <!-- Beispiel Firmenbuchnummer -->
+        <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
+      </IdentificationNumber>
+      <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+           &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
+           nur f&uuml;r diese Online Applikation<-->
+      <Templates>
+        <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+        <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+        <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+      </Templates>
+      <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+    </AuthComponent>
+    <!-- fuer MOA-ID-PROXY -->
+    <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
+      <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
+      <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+      <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
+        <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+        <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+      </ConnectionParameter>
+    </ProxyComponent>
+  </OnlineApplication>
+  
+  <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+  <ChainingModes systemDefaultMode="pkix">
+  </ChainingModes>
+  
+  <!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+       fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird 
        zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
-	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
-
-	<!-- Cache-Verzeichnis fuer-Zertifikate -->
-	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
-	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
-	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
-	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
-	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
-	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
-	
-	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> 
-	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
-	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
-	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+  <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+  
+  <!-- Cache-Verzeichnis fuer-Zertifikate -->
+  <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+  <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+  <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+  <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+  <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+  <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+  
+  <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+  <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+  <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+  <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index 7617737dd..1b21fa767 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -1,118 +1,166 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- Beispielkonfiguration fuer MOA-WID ohne Proxy mit Unterstuetzung fuer 
-	 A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext
-     Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt,
-     Harald Bratko, IAIK -->
+     A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
-	<!-- Konfiguration fuer MOA-ID-AUTH -->
-	<AuthComponent>
-		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-		<BKUSelection BKUSelectionAlternative="HTMLSelect">
-			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-			<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			</ConnectionParameter>
-		</BKUSelection>
-		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
-		<!--Templates>
-			<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
-			<Template URL="sampleTemplates/SampleTemplate.html"/>
-		</Templates-->
-		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
-		<SecurityLayer>
-	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
-	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
-	
-	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-		</SecurityLayer>
-		<MOA-SP>
-			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
-			Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
-			<!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
-			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-			<!-- </ConnectionParameter> -->
-			
-			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-			<VerifyIdentityLink>
-				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
-				<TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
-			</VerifyIdentityLink>
-			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-			<VerifyAuthBlock>	
-				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
+  <!-- Konfiguration fuer MOA-ID-AUTH -->
+  <AuthComponent>
+    <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+    <BKUSelection BKUSelectionAlternative="HTMLSelect">
+      <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+        <!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+      </ConnectionParameter>
+    </BKUSelection>
+    <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
+    <Templates>
+      <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+      <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+      <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+    </Templates>
+    <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+    <SecurityLayer>
+      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+    </SecurityLayer>
+    <MOA-SP>
+      <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+           Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+      <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
+      <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+      <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+      <!-- </ConnectionParameter> -->
+      <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+      <VerifyIdentityLink>
+        <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
+        <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
+      </VerifyIdentityLink>
+      <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+      <VerifyAuthBlock>
+        <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+        <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
+        <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+        <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+        <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+      </VerifyAuthBlock>
+    </MOA-SP>
 
-				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
-				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
-				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+    <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
+    <!-- IdentityLinkSigners-->
+    <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+    <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
+    <!--/IdentityLinkSigners-->
 
-				<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
-				<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
-			</VerifyAuthBlock>
-		</MOA-SP>
+    <VerifyInfoboxes>
+      <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+        <FriendlyName>Vollmachten</FriendlyName>
+        <ApplicationSpecificParameters>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
+          <CompatibilityMode>true</CompatibilityMode>
+          <!--
+          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
+            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
+            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
+          </ConnectionParameter>
+          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
+          -->
+          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
+          <EnableInfoboxValidator>false</EnableInfoboxValidator>
+          <PartyRepresentation>
+            <!-- Standardklasse, die Daten vervollstaendigt -->
+            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
+            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
+            <!--AlwaysShowForm>true</AlwaysShowForm-->
+            <!-- Standard-Stammzahlenregister-Gateway -->
+            <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation">
+              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
+              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
+            </ConnectionParameter>
+            <!-- Notare -->
+            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+            <!-- Rechtsanwaelte -->
+            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+            <!-- Ziviltechniker -->
+            <!--
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+              <!- - Standardklasse, die Daten vervollstaendigt - ->
+              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
+              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
+              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
+              <!- - Standard-Stammzahlenregister-Gateway - ->
+              <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
+                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
+                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
+              </ConnectionParameter>
+            </PartyRepresentative>
+            -->
+            <!-- Organwalter -->
+            <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
+          </PartyRepresentation>
+        </ApplicationSpecificParameters>
+      </Infobox>
+    </VerifyInfoboxes>
+    
+  </AuthComponent>
+  
+  
+  <!-- Eintragung fuer jede Online-Applikation -->
+  <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
+  <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
+    <!-- fuer MOA-ID-AUTH WID Modus -->
+    <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
+      <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
+      <IdentificationNumber>
+        <!-- Beispiel Firmenbuchnummer -->
+        <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
+      </IdentificationNumber>
+      <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+           &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
+           nur f&uuml;r diese Online Applikation<-->
+      <Templates>
+        <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+        <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+        <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+      </Templates>
+      <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+    </AuthComponent>
+  </OnlineApplication>
 
-		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
-		<!-- IdentityLinkSigners-->
-			<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-			<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
-		<!--/IdentityLinkSigners-->
-	</AuthComponent>
+  <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+  <ChainingModes systemDefaultMode="pkix">
+  </ChainingModes>
 
-	<!-- Eintragung fuer jede Online-Applikation -->
-	<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
-	<OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
-		<!-- fuer MOA-ID-AUTH WID Modus -->
-		<AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
-			<!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
-			<IdentificationNumber>
-				<!-- Beispiel Firmenbuchnummer -->
-				<pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
-			</IdentificationNumber>
-			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        	&quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
-			<!--Templates>
-				<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
-				<Template URL="sampleTemplates/SampleTemplate.html"/>
-			</Templates-->
-			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-
-	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-		</AuthComponent>
-	</OnlineApplication>
-	
-	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
-	<ChainingModes systemDefaultMode="pkix">
-	</ChainingModes>
-	
-	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+  <!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
        zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
-	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+  <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+  <!-- Cache-Verzeichnis fuer-Zertifikate -->
+  <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+  <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+  <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+  <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+  <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+  <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
 
-	<!-- Cache-Verzeichnis fuer-Zertifikate -->
-	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
-	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
-	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
-	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
-	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
-	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
-	
-	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> 
-	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
-	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
-	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+  <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+  <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+  <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+  <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 264f6f6e3..55d1654fe 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -1,140 +1,187 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- Beispielkonfiguration fuer MOA-WID mit Unterstuetzung fuer 
-	 A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext
-     Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt,
-     Harald Bratko, IAIK -->
+     A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
-	<!-- Konfiguration fuer MOA-ID-AUTH -->
-	<AuthComponent>
-		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-		<BKUSelection BKUSelectionAlternative="HTMLSelect">
-			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-			<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			</ConnectionParameter>
-		</BKUSelection>
-		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
-		<!--Templates>
-			<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
-			<Template URL="sampleTemplates/SampleTemplate.html"/>
-		</Templates-->
-		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
-		<SecurityLayer>
-	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
-	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-	    <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
-	
-	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-		</SecurityLayer>
-		<MOA-SP>
-			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
-			Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
-			<!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
-			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-			<!-- </ConnectionParameter> -->
-			
-			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-			<VerifyIdentityLink>
-				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
-				<TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
-			</VerifyIdentityLink>
-			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-			<VerifyAuthBlock>	
-				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
+  <!-- Konfiguration fuer MOA-ID-AUTH -->
+  <AuthComponent>
+    <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+    <BKUSelection BKUSelectionAlternative="HTMLSelect">
+      <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+        <!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+      </ConnectionParameter>
+    </BKUSelection>
+    <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+        &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
+    <Templates>
+      <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+      <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+      <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+    </Templates>
+    <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+    <SecurityLayer>
+      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+    </SecurityLayer>
+    <MOA-SP>
+      <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+           Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+      <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
+      <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+      <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+      <!-- </ConnectionParameter> -->
+      <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+      <VerifyIdentityLink>
+        <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
+        <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
+      </VerifyIdentityLink>
+      <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+      <VerifyAuthBlock>
+        <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+        <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
+        <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+        <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+        <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+      </VerifyAuthBlock>
+    </MOA-SP>
 
-				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
-				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
-				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+    <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
+    <!-- IdentityLinkSigners-->
+    <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+    <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
+    <!--/IdentityLinkSigners-->
 
-				<!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
-				<!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
-			</VerifyAuthBlock>
-		</MOA-SP>
+    <VerifyInfoboxes>
+      <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+        <FriendlyName>Vollmachten</FriendlyName>
+        <ApplicationSpecificParameters>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
+          <CompatibilityMode>true</CompatibilityMode>
+          <!--
+          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
+            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
+            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
+          </ConnectionParameter>
+          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
+          -->
+          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
+          <EnableInfoboxValidator>false</EnableInfoboxValidator>
+          <PartyRepresentation>
+            <!-- Standardklasse, die Daten vervollstaendigt -->
+            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
+            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
+            <!--AlwaysShowForm>true</AlwaysShowForm-->
+            <!-- Standard-Stammzahlenregister-Gateway -->
+            <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation">
+              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
+              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
+            </ConnectionParameter>
+            <!-- Notare -->
+            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+            <!-- Rechtsanwaelte -->
+            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+            <!-- Ziviltechniker -->
+            <!--
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+              <!- - Standardklasse, die Daten vervollstaendigt - ->
+              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
+              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
+              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
+              <!- - Standard-Stammzahlenregister-Gateway - ->
+              <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
+                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
+                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
+              </ConnectionParameter>
+            </PartyRepresentative>
+            -->
+            <!-- Organwalter -->
+            <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
+          </PartyRepresentation>
+        </ApplicationSpecificParameters>
+      </Infobox>
+    </VerifyInfoboxes>
 
-		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
-		<!-- IdentityLinkSigners-->
-			<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-			<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
-		<!--/IdentityLinkSigners-->
-	</AuthComponent>
-	
-	<!-- Konfiguration fuer MOA-ID-PROXY -->
-	<ProxyComponent>
-		<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
-		<AuthComponent>
-			<ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
-			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-			</ConnectionParameter>
-		</AuthComponent>
-	</ProxyComponent>
+  </AuthComponent>
 
+  <!-- Konfiguration fuer MOA-ID-PROXY -->
+  <ProxyComponent>
+    <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+    <AuthComponent>
+      <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+        <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+        <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+      </ConnectionParameter>
+    </AuthComponent>
+  </ProxyComponent>
 
-	<!-- Eintragung fuer jede Online-Applikation -->
-	<!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
-	<OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
-		<!-- fuer MOA-ID-AUTH WID Modus -->
-		<AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
-			<!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
-			<IdentificationNumber>
-				<!-- Beispiel Firmenbuchnummer -->
-				<pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
-			</IdentificationNumber>
-			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        	&quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
-			<!--Templates>
-				<BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
-				<Template URL="sampleTemplates/SampleTemplate.html"/>
-			</Templates-->
-			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-	    <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-	    <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
 
-	    <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-	    <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-	    <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-		</AuthComponent>
-		<!-- fuer MOA-ID-PROXY -->
-		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
-		<!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
-			<!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
-			<ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
-			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-			</ConnectionParameter>
-		</ProxyComponent>
-	</OnlineApplication>
-	
-	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
-	<ChainingModes systemDefaultMode="pkix">
-	</ChainingModes>
-	
-	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
-	     fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird 
+  <!-- Eintragung fuer jede Online-Applikation -->
+  <!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
+  <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
+    <!-- fuer MOA-ID-AUTH WID Modus -->
+    <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
+      <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
+      <IdentificationNumber>
+        <!-- Beispiel Firmenbuchnummer -->
+        <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
+      </IdentificationNumber>
+      <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+           &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
+           nur f&uuml;r diese Online Applikation<-->
+      <Templates>
+        <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+        <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+        <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+      </Templates>
+      <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+    </AuthComponent>
+    <!-- fuer MOA-ID-PROXY -->
+    <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
+      <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
+      <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+      <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
+        <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+        <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+      </ConnectionParameter>
+    </ProxyComponent>
+  </OnlineApplication>
+
+  <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+  <ChainingModes systemDefaultMode="pkix">
+  </ChainingModes>
+
+  <!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+       fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird 
        zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
-	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+  <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+  <!-- Cache-Verzeichnis fuer-Zertifikate -->
+  <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+  <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+  <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+  <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+  <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+  <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
 
-	<!-- Cache-Verzeichnis fuer-Zertifikate -->
-	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
-	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
-	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
-	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
-	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
-	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
-	
-	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> 
-	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
-	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
-	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+  <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+  <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+  <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+  <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt b/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt
index 01f724cc4..04029dc80 100644
--- a/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt
@@ -2,7 +2,7 @@ TEMPLATES:
 ==========
 Zweck:
 ------
-Mithilfe von Templates können Sie das Aussehen der Seiten 
+Mithilfe von Templates können Sie beispielsweise das Aussehen der Seiten 
 "Auswahl der Bürgerkartenumgebung" sowie "Anmeldung mit Bürgerkarte" 
 anpassen. Damit können Sie zusätzliche Hintergrundinformationen (Wozu 
 dient die Anmeldung, etc.) zu diesen Seiten hinzufügen und das Layout an 
@@ -17,5 +17,10 @@ die Konfigurationsdatei steht erst ab Version 1.3.1 zur Verf
 Etwas aufwendigere Templates (mit CSS) finden Sie als eigene Webapplikation im 
 Verzeichnis "/auth/templates" der entpackten Distribution.
 
+Die Datei ParepInputProcessorSignTemplate.html dient als Template für die 
+Formulare der beruflichen Parteienvertretung, welche bereits die Styleguide für
+das österreichische E-Government erfüllen sollen. 
+
 Nähere Informationen zu den Templates finden Sie im MOA-ID-Konfigurationshandbuch.
 
+
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/ParepInputProcessorSignTemplate.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/ParepInputProcessorSignTemplate.html
new file mode 100644
index 000000000..99bc057ad
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/ParepInputProcessorSignTemplate.html
@@ -0,0 +1,61 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
+
+<html>
+<head>
+<BASE href="<BASE_href>">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Berufliche Parteieinvertretung</title>
+<link href="css/styles.css" type="text/css" rel="stylesheet">
+<link href="css/styles_opera.css" type="text/css" rel="stylesheet">
+<link href="css/mandates.css" type="text/css" rel="stylesheet">
+    <script language="javascript" type="text/javascript">
+      //<!--
+      function autoSubmit() {
+        document.VerifyAuthBlockForm.submitButton.disabled=true;
+        document.VerifyAuthBlockForm.submit();
+      } //-->
+    </script>
+<script src="formallg.js" type="text/javascript"></script>
+<script src="fa.js" type="text/javascript"></script>
+</head>
+<body onLoad="autoSubmit()">
+
+
+<div class="hleft">
+<!--Stammzahlenregisterbehörde--><br />
+<!--Ballhausplatz 2--><br />
+<!--1014 Wien-->
+</div>
+<div class="hright" align="right"><!--img src="img/szr-logo.jpg" width="400" height="56" /--></div>
+<div class="htitle" align="left">
+  <h1>Berufliche Parteienvertretung</h1>
+</div>
+<div class="leiste1" align="center">
+Bitte beachten Sie
+</div>
+<div class="leiste2" align="center">
+</div>
+<div class="leiste3">
+<img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" />&nbsp; Feld muss ausgef&uuml;llt sein
+</div>
+<div class="leiste3">
+<img alt=" Hilfe zum Ausfüllen " src="img/info.gif" width="10" height="16" />&nbsp; Ausf&uuml;llhilfe
+</div>
+<div class="leiste3">
+<img alt=" Angabe bitte ergänzen oder richtig stellen! " src="img/rufezeichen.gif" width="10" height="16" />&nbsp; Fehlerhinweis</div>
+<div style="clear: both">&nbsp;</div>
+
+<h2>Berufliche Parteienvertretung einer nat&uuml;rlichen/juristischen Person
+</h2>
+<div class="boundingbox">
+  <br/><br/>
+    <form name="VerifyAuthBlockForm" action="<BKU>" method="post" enctype="application/x-www-form-urlencoded">
+      <input type="hidden" name="XMLRequest" value="<XMLRequest>"/>
+      <input type="hidden" name="DataURL" value="<DataURL>"/>
+      <input type="hidden" name="PushInfobox" value="<PushInfobox>"/>
+      &nbsp;&nbsp;&nbsp;&nbsp;<input type="submit" value="Signieren der Anmeldedaten" id="submitButton"/>
+    </form>
+  <br/>
+</div>
+</body>
+</html>
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleInputProcessorSignTemplate.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleInputProcessorSignTemplate.html
new file mode 100644
index 000000000..9c8e67a20
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleInputProcessorSignTemplate.html
@@ -0,0 +1,39 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>MOA ID - Identifizierter Zugang mit B&uuml;rgerkarte</title>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+  <meta name="Author" content="Max Mustermann">
+  <meta name="keywords" content="MOA-ID">
+  <script language="javascript" type="text/javascript">
+    //<!--
+    function autoSubmit() {
+      document.VerifyAuthBlockForm.submitButton.disabled=true;
+      document.VerifyAuthBlockForm.submit();
+    } //-->
+  </script>
+</head>
+
+<body onLoad="autoSubmit()">
+<h1 align="center">Sicherer Zugang zur Online-Anwendung mit B&uuml;rgerkarte</h1>
+<p></p>
+
+Der identifizierte Zugang erfolgt &uuml;ber die Module f&uuml;r Online Applikationen (MOA) unter Verwendung einer B&uuml;rgerkarte und deren Signaturfunktion.
+
+<p></p>
+<p>Sie werden in ku&uuml;rze zur Signatur der Anmeldedaten aufgefordert. Wenn sie diese
+signieren, so werden sie zur Online-Anwendung weitergeleitet und angemeldet.</p>
+
+<form name="VerifyAuthBlockForm" action="<BKU>" method="post" enctype="application/x-www-form-urlencoded">
+  <div align="center">
+    <input type="hidden" name="XMLRequest" value="<XMLRequest>"/>
+    <input type="hidden" name="DataURL" value="<DataURL>"/>
+    <input type="hidden" name="PushInfobox" value="<PushInfobox>"/>
+    <input type="submit" value="Signieren der Anmeldedaten" id="submitButton"/>
+  </div>
+</form>
+
+<p align="right">&nbsp; </p>
+
+</body>
+</html>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
index 915a6bf2f..2ee27aae1 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
@@ -16,7 +16,7 @@
 							</style>
 						</head>
 						<body>
-<p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p>
+							<p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p>
 							<table>
 								<tr>
 									<td class="boldstyle">
@@ -31,9 +31,22 @@
 										Geburtsdatum:
 									</td>
 									<td>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
 									</td>
 								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+									<tr>
+										<td class="boldstyle">
+											Rolle im Gesundheitsbereich:
+										</td>
+										<td>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
+											(OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), 
+										</td>
+									</tr>
+								</xsl:if>
 								<tr>
 									<td class="boldstyle">
 										Applikation:
@@ -65,7 +78,9 @@
 										Datum:
 									</td>
 									<td>
-										<xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+										<xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
+										<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.
+										<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
 									</td>
 								</tr>
 								<tr>
@@ -73,9 +88,21 @@
 										Uhrzeit:
 									</td>
 									<td>
-										<xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+										<xsl:value-of select="substring(//@IssueInstant,12,2)"/>:
+										<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
+										<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
 									</td>
 								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+									<tr>
+										<td class="boldstyle">
+											HPI(**):
+										</td>
+										<td>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
 								<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
 									<tr>
 										<td class="boldstyle">
@@ -87,10 +114,67 @@
 									</tr>
 								</xsl:if>
 							</table>
+							<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']">
+								<p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p>
+								<table>
+									<tr>
+										<td class="boldstyle">
+											Name:
+										</td>
+										<td>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/>
+										</td>
+									</tr>
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">
+										<tr>
+											<td class="boldstyle">
+												Geburtsdatum:
+											</td>
+											<td>
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>.
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>.
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/>
+											</td>
+										</tr>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">
+										<tr>
+											<td colspan="2">
+												<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/>
+											</td>
+										</tr>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']">
+										<tr>
+											<td class="boldstyle">
+												wbPK (*):
+											</td>
+											<td>
+												<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/>
+											</td>
+										</tr>
+									</xsl:if>
+								</table>
+								<p>zu handeln.</p>
+							</xsl:if>
+							<xsl:choose>
+								<xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when>
+								<xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when>
+								<xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when>
+							</xsl:choose>
 							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<p/>
-								<hr/>
-								<div class="annotationstyle">(*): Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</div>							
+								<div class="annotationstyle">(*): Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</span> wird aus den 
+								jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum 
+								Wirtschaftsunternehmen.</div>
+							</xsl:if>
+							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+								<div class="annotationstyle">(**): Der <span class="italicstyle">eHealth Professional Identifier (HPI)</span> wird aus den jeweiligen 
+								Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der 
+								Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div>
+							</xsl:if>
+							<xsl:if test="//saml:Attribute[@AttributeName='OID']">
+								<div class="annotationstyle">(***): <span class="italicstyle">Object Identifier (OID)</span> sind standardisierte Objekt-Bezeichner und 
+								beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div>
 							</xsl:if>
 						</body>
 					</html>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
index 5089140b4..ecc60a481 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
@@ -16,20 +16,68 @@
 						<body>
 							<h1>Signatur der Anmeldedaten</h1>
 							<p/>
-							<h4>Mit meiner elektronischen Signatur beantrage ich, <span class="boldstyle">
-									<xsl:value-of select="//@Issuer"/>
-								</span>, 
-geboren am 
-<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, den Zugang zur gesicherten Anwendung.</h4>
+							<h4>Mit meiner elektronischen Signatur beantrage ich, 
+								<span class="boldstyle"><xsl:value-of select="//@Issuer"/></span>, geboren am 
+								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
+								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
+								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, 
+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+									in der Rolle als <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> 
+									(OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), 
+								</xsl:if>
+								den Zugang zur gesicherten Anwendung.
+							</h4>
 							<p/>
-							<h4>Datum und Uhrzeit: <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+							<h4>Datum und Uhrzeit:
+								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
+								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.
+								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, 
+								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>:
+								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
+								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
 							</h4>
+							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+								<h4>HPI(**): <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></h4>
+							</xsl:if>
 							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+								<h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4>
+							</xsl:if>
+							<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']">
+								<hr/>
+								<h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/>
+									von <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">, geboren am 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">, 
+										<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/>
+									</xsl:if>, in dessen Auftrag zu handeln.
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']">
+										<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/></h4>
+									</xsl:if>
 								</h4>
 								<p/>
-								<hr/>
-								<div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</div>
+							</xsl:if>
+							<xsl:choose>
+								<xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when>
+								<xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when>
+								<xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when>
+							</xsl:choose>
+							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+								<div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den 
+								jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum 
+								Wirtschaftsunternehmen.</div>
+							</xsl:if>
+							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+								<div class="annotationstyle">(**) HPI: Der <span class="italicstyle">eHealth Professional Identifier</span> wird aus den jeweiligen 
+								Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der 
+								Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div>
+							</xsl:if>
+							<xsl:if test="//saml:Attribute[@AttributeName='OID']">
+								<div class="annotationstyle">(***) OID: <span class="italicstyle">Object Identifier</span> sind standardisierte Objekt-Bezeichner und 
+								beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div>
 							</xsl:if>
 						</body>
 					</html>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
index 07d926d14..894e82ff8 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
@@ -12,12 +12,17 @@
 						<body>
 							<h1>Signatur der Anmeldedaten</h1>
 							<p/>
-							<h4>Mit meiner elektronischen Signatur beantrage ich, <b><xsl:value-of select="//@Issuer"/></b>, 
-              geboren am 
-                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
-                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
-                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>,
-              den Zugang zur gesicherten Anwendung.</h4>
+							<h4>Mit meiner elektronischen Signatur beantrage ich, 
+								<b><xsl:value-of select="//@Issuer"/></b>, geboren am 
+								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
+								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
+								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, 
+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+									in der Rolle als <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> 
+									(OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), 
+								</xsl:if>
+								den Zugang zur gesicherten Anwendung.
+							</h4>
 							<p/>
 							<h4>Datum und Uhrzeit: 
 							  <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
@@ -27,14 +32,48 @@
 							  <xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
 							  <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
 							</h4>
+							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+								<h4>HPI(**): <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></h4>
+							</xsl:if>
 							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+								<h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4>
+							</xsl:if>
+							<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']">
+								<hr/>
+								<h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/>
+									von <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">, geboren am 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">, 
+										<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/>
+									</xsl:if>, in dessen Auftrag zu handeln.
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']">
+										<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/></h4>
+									</xsl:if>
 								</h4>
 								<p/>
-								<hr/>
-								<h6>(*) wbPK: Das <i>wirtschaftsbereichsspezifische 
-								Personenkennzeichen</i> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens
-								berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</h6>
+							</xsl:if>
+							<xsl:choose>
+								<xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when>
+								<xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when>
+								<xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when>
+							</xsl:choose>
+							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+								<h6>(*) wbPK: Das <i>wirtschaftsbereichsspezifische Personenkennzeichen</i> wird aus den 
+								jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum 
+								Wirtschaftsunternehmen.</h6>
+							</xsl:if>
+							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+								<h6>(**) HPI: Der <i>eHealth Professional Identifier</i> wird aus den jeweiligen 
+								Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der 
+								Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</h6>
+							</xsl:if>
+							<xsl:if test="//saml:Attribute[@AttributeName='OID']">
+								<h6>(***) OID: <i>Object Identifier</i> sind standardisierte Objekt-Bezeichner und 
+								beschreiben eindeutig die Rollen des GDA-Token Inhabers.</h6>
 							</xsl:if>
 						</body>
 					</html>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml
index 05f91750c..348546f8d 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml
@@ -10,7 +10,7 @@
 							<title>Signatur der Anmeldedaten</title>
 						</head>
 						<body>
-              <p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p>
+							<p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p>
 							<table>
 								<tr>
 									<td>
@@ -30,6 +30,17 @@
 										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
 									</td>
 								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+									<tr>
+										<td>
+											<b>Rolle im Gesundheitsbereich:<b>
+										</td>
+										<td>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
+											(OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), 
+										</td>
+									</tr>
+								</xsl:if>
 								<tr>
 									<td>
 										<b>Applikation:</b>
@@ -76,6 +87,16 @@
 										<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
 									</td>
 								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+									<tr>
+										<td>
+											<b>HPI(**):</b>
+										</td>
+										<td>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
 								<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
 									<tr>
 										<td>
@@ -87,12 +108,67 @@
 									</tr>
 								</xsl:if>
 							</table>
+							<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']">
+								<p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p>
+								<table>
+									<tr>
+										<td>
+											<b>Name:</b>
+										</td>
+										<td>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/>
+										</td>
+									</tr>
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">
+										<tr>
+											<td>
+												<b>Geburtsdatum:</b>
+											</td>
+											<td>
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>.
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>.
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/>
+											</td>
+										</tr>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">
+										<tr>
+											<td colspan="2">
+												<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/>
+											</td>
+										</tr>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']">
+										<tr>
+											<td>
+												<b>wbPK (*):</b>
+											</td>
+											<td>
+												<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/>
+											</td>
+										</tr>
+									</xsl:if>
+								</table>
+								<p>zu handeln.</p>
+							</xsl:if>
+							<xsl:choose>
+								<xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when>
+								<xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when>
+								<xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when>
+							</xsl:choose>
 							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<p/>
-								<hr/>
-								<h6>(*): Das <i>wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</i> wird aus den jeweiligen 
-								Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige 
-								Zuordnung des Bürgers zum Wirtschaftsunternehmen.</h6>							
+								<h6>(*): Das <i>wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</i> wird aus den 
+								jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum 
+								Wirtschaftsunternehmen.</h6>
+							</xsl:if>
+							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+								<h6>(**): Der <i>eHealth Professional Identifier (HPI)</i> wird aus den jeweiligen 
+								Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der 
+								Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</h6>
+							</xsl:if>
+							<xsl:if test="//saml:Attribute[@AttributeName='OID']">
+								<h6>(***): <i>Object Identifier (OID)</i> sind standardisierte Objekt-Bezeichner und 
+								beschreiben eindeutig die Rollen des GDA-Token Inhabers.</h6>
 							</xsl:if>
 						</body>
 					</html>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
index 6ed91ddc3..b84093ed1 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
@@ -17,7 +17,7 @@
 							</style>
 						</head>
 						<body>
-<p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p>
+							<p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p>
 							<table>
 								<tr>
 									<td class="boldstyle">
@@ -32,9 +32,22 @@
 										Geburtsdatum:
 									</td>
 									<td>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
 									</td>
 								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+									<tr>
+										<td class="boldstyle">
+											Rolle im Gesundheitsbereich:
+										</td>
+										<td>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
+											(OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), 
+										</td>
+									</tr>
+								</xsl:if>
 								<tr>
 									<td class="boldstyle">
 										Applikation:
@@ -66,7 +79,9 @@
 										Datum:
 									</td>
 									<td>
-										<xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+										<xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
+										<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.
+										<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
 									</td>
 								</tr>
 								<tr>
@@ -74,9 +89,21 @@
 										Uhrzeit:
 									</td>
 									<td>
-										<xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+										<xsl:value-of select="substring(//@IssueInstant,12,2)"/>:
+										<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
+										<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
 									</td>
 								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+									<tr>
+										<td class="boldstyle">
+											HPI(**):
+										</td>
+										<td>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
 								<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
 									<tr>
 										<td class="boldstyle">
@@ -88,10 +115,67 @@
 									</tr>
 								</xsl:if>
 							</table>
+							<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']">
+								<p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p>
+								<table>
+									<tr>
+										<td class="boldstyle">
+											Name:
+										</td>
+										<td>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/>
+										</td>
+									</tr>
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">
+										<tr>
+											<td class="boldstyle">
+												Geburtsdatum:
+											</td>
+											<td>
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>.
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>.
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/>
+											</td>
+										</tr>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">
+										<tr>
+											<td colspan="2">
+												<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/>
+											</td>
+										</tr>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']">
+										<tr>
+											<td class="boldstyle">
+												wbPK (*):
+											</td>
+											<td>
+												<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/>
+											</td>
+										</tr>
+									</xsl:if>
+								</table>
+								<p>zu handeln.</p>
+							</xsl:if>
+							<xsl:choose>
+								<xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when>
+								<xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when>
+								<xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when>
+							</xsl:choose>
 							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<p/>
-								<hr/>
-								<div class="annotationstyle">(*): Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</div>							
+								<div class="annotationstyle">(*): Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</span> wird aus den 
+								jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum 
+								Wirtschaftsunternehmen.</div>
+							</xsl:if>
+							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+								<div class="annotationstyle">(**): Der <span class="italicstyle">eHealth Professional Identifier (HPI)</span> wird aus den jeweiligen 
+								Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der 
+								Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div>
+							</xsl:if>
+							<xsl:if test="//saml:Attribute[@AttributeName='OID']">
+								<div class="annotationstyle">(***): <span class="italicstyle">Object Identifier (OID)</span> sind standardisierte Objekt-Bezeichner und 
+								beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div>
 							</xsl:if>
 						</body>
 					</html>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
index b116152c8..cd207e04c 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
@@ -17,20 +17,68 @@
 						<body>
 							<h1>Signatur der Anmeldedaten</h1>
 							<p/>
-							<h4>Mit meiner elektronischen Signatur beantrage ich, <span class="boldstyle">
-									<xsl:value-of select="//@Issuer"/>
-								</span>, 
-geboren am 
-<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, den Zugang zur gesicherten Anwendung.</h4>
+							<h4>Mit meiner elektronischen Signatur beantrage ich, 
+								<span class="boldstyle"><xsl:value-of select="//@Issuer"/></span>, geboren am 
+								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
+								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
+								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, 
+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+									in der Rolle als <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> 
+									(OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), 
+								</xsl:if>
+								den Zugang zur gesicherten Anwendung.
+							</h4>
 							<p/>
-							<h4>Datum und Uhrzeit: <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+							<h4>Datum und Uhrzeit:
+								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
+								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.
+								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, 
+								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>:
+								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
+								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
 							</h4>
+							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+								<h4>HPI(**): <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></h4>
+							</xsl:if>
 							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+								<h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4>
+							</xsl:if>
+							<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']">
+								<hr/>
+								<h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/>
+									von <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">, geboren am 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">, 
+										<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/>
+									</xsl:if>, in dessen Auftrag zu handeln.
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']">
+										<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/></h4>
+									</xsl:if>
 								</h4>
 								<p/>
-								<hr/>
-								<div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</div>
+							</xsl:if>
+							<xsl:choose>
+								<xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when>
+								<xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when>
+								<xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when>
+							</xsl:choose>
+							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+								<div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den 
+								jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum 
+								Wirtschaftsunternehmen.</div>
+							</xsl:if>
+							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+								<div class="annotationstyle">(**) HPI: Der <span class="italicstyle">eHealth Professional Identifier</span> wird aus den jeweiligen 
+								Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der 
+								Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div>
+							</xsl:if>
+							<xsl:if test="//saml:Attribute[@AttributeName='OID']">
+								<div class="annotationstyle">(***) OID: <span class="italicstyle">Object Identifier</span> sind standardisierte Objekt-Bezeichner und 
+								beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div>
 							</xsl:if>
 						</body>
 					</html>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml
index 10854242e..31e00ec9f 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml
@@ -13,12 +13,17 @@
 						<body>
 							<h1>Signatur der Anmeldedaten</h1>
 							<p/>
-							<h4>Mit meiner elektronischen Signatur beantrage ich, <b><xsl:value-of select="//@Issuer"/></b>, 
-              geboren am 
-                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
-                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
-                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>,
-              den Zugang zur gesicherten Anwendung.</h4>
+							<h4>Mit meiner elektronischen Signatur beantrage ich, 
+								<b><xsl:value-of select="//@Issuer"/></b>, geboren am 
+								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
+								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
+								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, 
+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+									in der Rolle als <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> 
+									(OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), 
+								</xsl:if>
+								den Zugang zur gesicherten Anwendung.
+							</h4>
 							<p/>
 							<h4>Datum und Uhrzeit: 
 							  <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
@@ -28,14 +33,48 @@
 							  <xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
 							  <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
 							</h4>
+							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+								<h4>HPI(**): <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></h4>
+							</xsl:if>
 							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+								<h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4>
+							</xsl:if>
+							<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']">
+								<hr/>
+								<h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/>
+									von <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">, geboren am 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">, 
+										<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/>
+									</xsl:if>, in dessen Auftrag zu handeln.
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']">
+										<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/></h4>
+									</xsl:if>
 								</h4>
 								<p/>
-								<hr/>
-								<h6>(*) wbPK: Das <i>wirtschaftsbereichsspezifische 
-								Personenkennzeichen</i> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens
-								berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</h6>
+							</xsl:if>
+							<xsl:choose>
+								<xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when>
+								<xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when>
+								<xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when>
+							</xsl:choose>
+							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+								<h6>(*) wbPK: Das <i>wirtschaftsbereichsspezifische Personenkennzeichen</i> wird aus den 
+								jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum 
+								Wirtschaftsunternehmen.</h6>
+							</xsl:if>
+							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+								<h6>(**) HPI: Der <i>eHealth Professional Identifier</i> wird aus den jeweiligen 
+								Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der 
+								Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</h6>
+							</xsl:if>
+							<xsl:if test="//saml:Attribute[@AttributeName='OID']">
+								<h6>(***) OID: <i>Object Identifier</i> sind standardisierte Objekt-Bezeichner und 
+								beschreiben eindeutig die Rollen des GDA-Token Inhabers.</h6>
 							</xsl:if>
 						</body>
 					</html>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml
index 0c079da71..bcf0cd7ce 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml
@@ -11,7 +11,7 @@
 							<title>Signatur der Anmeldedaten</title>
 						</head>
 						<body>
-              <p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p>
+							<p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p>
 							<table>
 								<tr>
 									<td>
@@ -31,6 +31,17 @@
 										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
 									</td>
 								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+									<tr>
+										<td>
+											<b>Rolle im Gesundheitsbereich:</b>
+										</td>
+										<td>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
+											(OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), 
+										</td>
+									</tr>
+								</xsl:if>
 								<tr>
 									<td>
 										<b>Applikation:</b>
@@ -77,6 +88,16 @@
 										<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
 									</td>
 								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+									<tr>
+										<td>
+											<b>HPI(**):</b>
+										</td>
+										<td>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
 								<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
 									<tr>
 										<td>
@@ -88,12 +109,67 @@
 									</tr>
 								</xsl:if>
 							</table>
+							<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']">
+								<p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p>
+								<table>
+									<tr>
+										<td>
+											<b>Name:</b>
+										</td>
+										<td>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/>
+										</td>
+									</tr>
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">
+										<tr>
+											<td>
+												<b>Geburtsdatum:</b>
+											</td>
+											<td>
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>.
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>.
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/>
+											</td>
+										</tr>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">
+										<tr>
+											<td colspan="2">
+												<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/>
+											</td>
+										</tr>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']">
+										<tr>
+											<td>
+												<b>wbPK (*):</b>
+											</td>
+											<td>
+												<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/>
+											</td>
+										</tr>
+									</xsl:if>
+								</table>
+								<p>zu handeln.</p>
+							</xsl:if>
+							<xsl:choose>
+								<xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when>
+								<xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when>
+								<xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when>
+							</xsl:choose>
 							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<p/>
-								<hr/>
-								<h6>(*): Das <i>wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</i> wird aus den jeweiligen 
-								Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige 
-								Zuordnung des Bürgers zum Wirtschaftsunternehmen.</h6>							
+								<h6>(*): Das <i>wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</i> wird aus den 
+								jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum 
+								Wirtschaftsunternehmen.</h6>
+							</xsl:if>
+							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+								<h6>(**): Der <i>eHealth Professional Identifier (HPI)</i> wird aus den jeweiligen 
+								Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der 
+								Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</h6>
+							</xsl:if>
+							<xsl:if test="//saml:Attribute[@AttributeName='OID']">
+								<h6>(***): <i>Object Identifier (OID)</i> sind standardisierte Objekt-Bezeichner und 
+								beschreiben eindeutig die Rollen des GDA-Token Inhabers.</h6>
 							</xsl:if>
 						</body>
 					</html>
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer
new file mode 100644
index 000000000..911640d0e
Binary files /dev/null and b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer
new file mode 100644
index 000000000..cac44093a
Binary files /dev/null and b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer
new file mode 100644
index 000000000..32893db7f
Binary files /dev/null and b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer differ
diff --git a/id/server/data/deploy/tomcat/server.mod_jk.xml b/id/server/data/deploy/tomcat/server.mod_jk.xml
deleted file mode 100644
index b32cf7844..000000000
--- a/id/server/data/deploy/tomcat/server.mod_jk.xml
+++ /dev/null
@@ -1,162 +0,0 @@
-<!-- Alternate Example-less Configuration File -->
-<!-- Note that component elements are nested corresponding to their
-     parent-child relationships with each other -->
-<!-- A "Server" is a singleton element that represents the entire JVM,
-     which may contain one or more "Service" instances.  The Server
-     listens for a shutdown command on the indicated port.
-
-     Note:  A "Server" is not itself a "Container", so you may not
-     define subcomponents such as "Valves" or "Loggers" at this level.
- -->
-<Server port="8005" shutdown="SHUTDOWN" debug="0">
-	<!-- Uncomment this entry to enable JMX MBeans support -->
-	<!--
-  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
-                debug="0" port="-1" login="admin" password="admin"/>
--->
-	<!-- A "Service" is a collection of one or more "Connectors" that share
-       a single "Container" (and therefore the web applications visible
-       within that Container).  Normally, that Container is an "Engine",
-       but this is not required.
-
-       Note:  A "Service" is not itself a "Container", so you may not
-       define subcomponents such as "Valves" or "Loggers" at this level.
-   -->
-	<!-- Define the Tomcat Stand-Alone Service -->
-	<Service name="Tomcat-Standalone">
-		<!-- A "Connector" represents an endpoint by which requests are received
-         and responses are returned.  Each Connector passes requests on to the
-         associated "Container" (normally an Engine) for processing.
-
-         By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
-         You can also enable an SSL HTTP/1.1 Connector on port 8443 by
-         following the instructions below and uncommenting the second Connector
-         entry.  SSL support requires the following steps (see the SSL Config
-         HOWTO in the Tomcat 4.0 documentation bundle for more detailed
-         instructions):
-         * Download and install JSSE 1.0.2 or later, and put the JAR files
-           into "$JAVA_HOME/jre/lib/ext".
-         * Execute:
-             %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
-             $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA  (Unix)
-           with a password value of "changeit" for both the certificate and
-           the keystore itself.
-
-         By default, DNS lookups are enabled when a web application calls
-         request.getRemoteHost().  This can have an adverse impact on
-         performance, so you can disable it by setting the
-         "enableLookups" attribute to "false".  When DNS lookups are disabled,
-         request.getRemoteHost() will return the String version of the
-         IP address of the remote client.
-    -->
-		<!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
-		<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" 
-			port="8009" minProcessors="5" maxProcessors="75" 
-			enableLookups="true" redirectPort="8443" acceptCount="10" debug="0" 
-			connectionTimeout="0" useURIValidationHack="false" 
-			protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
-		<!-- An Engine represents the entry point (within Catalina) that processes
-         every request.  The Engine implementation for Tomcat stand alone
-         analyzes the HTTP headers included with the request, and passes them
-         on to the appropriate Host (virtual host). -->
-		<!-- Define the top level container in our container hierarchy -->
-		<Engine name="Standalone" defaultHost="localhost" debug="0">
-			<!-- The request dumper valve dumps useful debugging information about
-           the request headers and cookies that were received, and the response
-           headers and cookies that were sent, for all requests received by
-           this instance of Tomcat.  If you care only about requests to a
-           particular virtual host, or a particular application, nest this
-           element inside the corresponding <Host> or <Context> entry instead.
-
-           For a similar mechanism that is portable to all Servlet 2.3
-           containers, check out the "RequestDumperFilter" Filter in the
-           example application (the source for this filter may be found in
-           "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
-
-           Request dumping is disabled by default.  Uncomment the following
-           element to enable it. -->
-			<!--
-      <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
-      -->
-			<!-- Global logger unless overridden at lower levels -->
-			<Logger className="org.apache.catalina.logger.FileLogger" 
-				prefix="catalina_log." suffix=".txt" timestamp="true"/>
-			<!-- Because this Realm is here, an instance will be shared globally -->
-			<Realm className="org.apache.catalina.realm.MemoryRealm" />
-			<!-- Replace the above Realm with one of the following to get a Realm
-           stored in a database and accessed via JDBC -->
-			<!-- Define the default virtual host -->
-			<Host name="localhost" debug="0" appBase="webapps" 
-				unpackWARs="true" autoDeploy="true">
-				<!-- Normally, users must authenticate themselves to each web app
-             individually.  Uncomment the following entry if you would like
-             a user to be authenticated the first time they encounter a
-             resource protected by a security constraint, and then have that
-             user identity maintained across *all* web applications contained
-             in this virtual host. -->
-				<!--
-        <Valve className="org.apache.catalina.authenticator.SingleSignOn"
-                   debug="0"/>
-        -->
-				<!-- Access log processes all requests for this virtual host.  By
-             default, log files are created in the "logs" directory relative to
-             $CATALINA_HOME.  If you wish, you can specify a different
-             directory with the "directory" attribute.  Specify either a relative
-             (to $CATALINA_HOME) or absolute path to the desired directory.
-        -->
-				<Valve className="org.apache.catalina.valves.AccessLogValve" 
-					directory="logs" prefix="localhost_access_log." 
-					suffix=".txt" pattern="common"/>
-				<!-- Logger shared by all Contexts related to this virtual host.  By
-             default (when using FileLogger), log files are created in the "logs"
-             directory relative to $CATALINA_HOME.  If you wish, you can specify
-             a different directory with the "directory" attribute.  Specify either a
-             relative (to $CATALINA_HOME) or absolute path to the desired
-             directory.-->
-				<Logger className="org.apache.catalina.logger.FileLogger" 
-					directory="logs" prefix="localhost_log." suffix=".txt" 
-					timestamp="true"/>
-				<!-- Define properties for each web application.  This is only needed
-             if you want to set non-default properties, or have web application
-             document roots in places other than the virtual host's appBase
-             directory.  -->
-				<!-- Tomcat Root Context -->
-				<!--
-          <Context path="" docBase="ROOT" debug="0"/>
-        -->
-			</Host>
-		</Engine>
-	</Service>
-	<!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0
-       as its servlet container. Please read the README.txt file coming with
-       the WebApp Module distribution on how to build it.
-       (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository)
-
-       To configure the Apache side, you must ensure that you have the
-       "ServerName" and "Port" directives defined in "httpd.conf".  Then,
-       lines like these to the bottom of your "httpd.conf" file:
-
-         LoadModule webapp_module libexec/mod_webapp.so
-         WebAppConnection warpConnection warp localhost:8008
-         WebAppDeploy examples warpConnection /examples/
-
-       The next time you restart Apache (after restarting Tomcat, if needed)
-       the connection will be established, and all applications you make
-       visible via "WebAppDeploy" directives can be accessed through Apache.
-  -->
-	<!-- Define an Apache-Connector Service -->
-	<Service name="Tomcat-Apache">
-		<Connector className="org.apache.catalina.connector.warp.WarpConnector" 
-			port="8008" minProcessors="5" maxProcessors="75" 
-			enableLookups="true" acceptCount="10" debug="0"/>
-		<!-- Replace "localhost" with what your Apache "ServerName" is set to -->
-		<Engine className="org.apache.catalina.connector.warp.WarpEngine" 
-			name="Apache" debug="0" appBase="webapps">
-			<!-- Global logger unless overridden at lower levels -->
-			<Logger className="org.apache.catalina.logger.FileLogger" 
-				prefix="apache_log." suffix=".txt" timestamp="true"/>
-			<!-- Because this Realm is here, an instance will be shared globally -->
-			<Realm className="org.apache.catalina.realm.MemoryRealm" />
-		</Engine>
-	</Service>
-</Server>
\ No newline at end of file
diff --git a/id/server/data/deploy/tomcat/server.xml b/id/server/data/deploy/tomcat/server.xml
deleted file mode 100644
index 2fd7b6439..000000000
--- a/id/server/data/deploy/tomcat/server.xml
+++ /dev/null
@@ -1,171 +0,0 @@
-<!-- Alternate Example-less Configuration File -->
-<!-- Note that component elements are nested corresponding to their
-     parent-child relationships with each other -->
-<!-- A "Server" is a singleton element that represents the entire JVM,
-     which may contain one or more "Service" instances.  The Server
-     listens for a shutdown command on the indicated port.
-
-     Note:  A "Server" is not itself a "Container", so you may not
-     define subcomponents such as "Valves" or "Loggers" at this level.
- -->
-<Server port="8005" shutdown="SHUTDOWN" debug="0">
-	<!-- Uncomment this entry to enable JMX MBeans support -->
-	<!--
-  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
-                debug="0" port="-1" login="admin" password="admin"/>
--->
-	<!-- A "Service" is a collection of one or more "Connectors" that share
-       a single "Container" (and therefore the web applications visible
-       within that Container).  Normally, that Container is an "Engine",
-       but this is not required.
-
-       Note:  A "Service" is not itself a "Container", so you may not
-       define subcomponents such as "Valves" or "Loggers" at this level.
-   -->
-	<!-- Define the Tomcat Stand-Alone Service -->
-	<Service name="Tomcat-Standalone">
-		<!-- A "Connector" represents an endpoint by which requests are received
-         and responses are returned.  Each Connector passes requests on to the
-         associated "Container" (normally an Engine) for processing.
-
-         By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
-         You can also enable an SSL HTTP/1.1 Connector on port 8443 by
-         following the instructions below and uncommenting the second Connector
-         entry.  SSL support requires the following steps (see the SSL Config
-         HOWTO in the Tomcat 4.0 documentation bundle for more detailed
-         instructions):
-         * Download and install JSSE 1.0.2 or later, and put the JAR files
-           into "$JAVA_HOME/jre/lib/ext".
-         * Execute:
-             %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
-             $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA  (Unix)
-           with a password value of "changeit" for both the certificate and
-           the keystore itself.
-
-         By default, DNS lookups are enabled when a web application calls
-         request.getRemoteHost().  This can have an adverse impact on
-         performance, so you can disable it by setting the
-         "enableLookups" attribute to "false".  When DNS lookups are disabled,
-         request.getRemoteHost() will return the String version of the
-         IP address of the remote client.
-    -->
-		<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
-		<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" 
-			port="8080" minProcessors="5" maxProcessors="75" 
-			enableLookups="true" redirectPort="8443" acceptCount="100" 
-			debug="0" connectionTimeout="20000" useURIValidationHack="false" 
-			disableUploadTimeout="true"/>
-		<!-- Note : To disable connection timeouts, set connectionTimeout value to -1 -->
-		<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
-		<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" 
-			port="8443" minProcessors="5" maxProcessors="75" 
-			enableLookups="uri" acceptCount="100" debug="0" scheme="https" 
-			secure="true" useURIValidationHack="false" 
-			disableUploadTimeout="true">
-			<Factory 
-				className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" 
-				clientAuth="false" protocol="TLS"/>
-		</Connector>
-		<!-- An Engine represents the entry point (within Catalina) that processes
-         every request.  The Engine implementation for Tomcat stand alone
-         analyzes the HTTP headers included with the request, and passes them
-         on to the appropriate Host (virtual host). -->
-		<!-- Define the top level container in our container hierarchy -->
-		<Engine name="Standalone" defaultHost="localhost" debug="0">
-			<!-- The request dumper valve dumps useful debugging information about
-           the request headers and cookies that were received, and the response
-           headers and cookies that were sent, for all requests received by
-           this instance of Tomcat.  If you care only about requests to a
-           particular virtual host, or a particular application, nest this
-           element inside the corresponding <Host> or <Context> entry instead.
-
-           For a similar mechanism that is portable to all Servlet 2.3
-           containers, check out the "RequestDumperFilter" Filter in the
-           example application (the source for this filter may be found in
-           "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
-
-           Request dumping is disabled by default.  Uncomment the following
-           element to enable it. -->
-			<!--
-      	<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
-      	-->
-			<!-- Global logger unless overridden at lower levels -->
-			<Logger className="org.apache.catalina.logger.FileLogger" 
-				prefix="catalina_log." suffix=".txt" timestamp="true"/>
-			<!-- Because this Realm is here, an instance will be shared globally -->
-			<Realm className="org.apache.catalina.realm.MemoryRealm"/>
-			<!-- Define the default virtual host -->
-			<Host name="localhost" debug="0" appBase="webapps" 
-				unpackWARs="true" autoDeploy="true">
-				<!-- Normally, users must authenticate themselves to each web app
-             individually.  Uncomment the following entry if you would like
-             a user to be authenticated the first time they encounter a
-             resource protected by a security constraint, and then have that
-             user identity maintained across *all* web applications contained
-             in this virtual host. -->
-				<!--
-        <Valve className="org.apache.catalina.authenticator.SingleSignOn"
-                   debug="0"/>
-        -->
-				<!-- Access log processes all requests for this virtual host.  By
-             default, log files are created in the "logs" directory relative to
-             $CATALINA_HOME.  If you wish, you can specify a different
-             directory with the "directory" attribute.  Specify either a relative
-             (to $CATALINA_HOME) or absolute path to the desired directory.
-        -->
-				<Valve className="org.apache.catalina.valves.AccessLogValve" 
-					directory="logs" prefix="localhost_access_log." 
-					suffix=".txt" pattern="common"/>
-				<!-- Logger shared by all Contexts related to this virtual host.  By
-             default (when using FileLogger), log files are created in the "logs"
-             directory relative to $CATALINA_HOME.  If you wish, you can specify
-             a different directory with the "directory" attribute.  Specify either a
-             relative (to $CATALINA_HOME) or absolute path to the desired
-             directory.-->
-				<Logger className="org.apache.catalina.logger.FileLogger" 
-					directory="logs" prefix="localhost_log." suffix=".txt" 
-					timestamp="true"/>
-				<!-- Define properties for each web application.  This is only needed
-             if you want to set non-default properties, or have web application
-             document roots in places other than the virtual host's appBase
-             directory.  -->
-				<!-- Tomcat Root Context -->
-				<!--
-          <Context path="" docBase="../moa-id-proxy.war" debug="0"/>
-        -->
-			</Host>
-		</Engine>
-	</Service>
-	<!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0
-       as its servlet container. Please read the README.txt file coming with
-       the WebApp Module distribution on how to build it.
-       (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository)
-
-       To configure the Apache side, you must ensure that you have the
-       "ServerName" and "Port" directives defined in "httpd.conf".  Then,
-       lines like these to the bottom of your "httpd.conf" file:
-
-         LoadModule webapp_module libexec/mod_webapp.so
-         WebAppConnection warpConnection warp localhost:8008
-         WebAppDeploy examples warpConnection /examples/
-
-       The next time you restart Apache (after restarting Tomcat, if needed)
-       the connection will be established, and all applications you make
-       visible via "WebAppDeploy" directives can be accessed through Apache.
-  -->
-	<!-- Define an Apache-Connector Service -->
-	<Service name="Tomcat-Apache">
-		<Connector className="org.apache.catalina.connector.warp.WarpConnector" 
-			port="8008" minProcessors="5" maxProcessors="75" 
-			enableLookups="true" acceptCount="10" debug="0"/>
-		<!-- Replace "localhost" with what your Apache "ServerName" is set to -->
-		<Engine className="org.apache.catalina.connector.warp.WarpEngine" 
-			name="Apache" debug="0" appBase="webapps">
-			<!-- Global logger unless overridden at lower levels -->
-			<Logger className="org.apache.catalina.logger.FileLogger" 
-				prefix="apache_log." suffix=".txt" timestamp="true"/>
-			<!-- Because this Realm is here, an instance will be shared globally -->
-			<Realm className="org.apache.catalina.realm.MemoryRealm"/>
-		</Engine>
-	</Service>
-</Server>
\ No newline at end of file
diff --git a/id/server/data/deploy/tomcat/tomcat-4.1.x/server.mod_jk.xml b/id/server/data/deploy/tomcat/tomcat-4.1.x/server.mod_jk.xml
new file mode 100644
index 000000000..30770b5bf
--- /dev/null
+++ b/id/server/data/deploy/tomcat/tomcat-4.1.x/server.mod_jk.xml
@@ -0,0 +1,162 @@
+<!-- Alternate Example-less Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+     parent-child relationships with each other -->
+<!-- A "Server" is a singleton element that represents the entire JVM,
+     which may contain one or more "Service" instances.  The Server
+     listens for a shutdown command on the indicated port.
+
+     Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+	<!-- Uncomment this entry to enable JMX MBeans support -->
+	<!--
+  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+                debug="0" port="-1" login="admin" password="admin"/>
+-->
+	<!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" (and therefore the web applications visible
+       within that Container).  Normally, that Container is an "Engine",
+       but this is not required.
+
+       Note:  A "Service" is not itself a "Container", so you may not
+       define subcomponents such as "Valves" or "Loggers" at this level.
+   -->
+	<!-- Define the Tomcat Stand-Alone Service -->
+	<Service name="Tomcat-Standalone">
+		<!-- A "Connector" represents an endpoint by which requests are received
+         and responses are returned.  Each Connector passes requests on to the
+         associated "Container" (normally an Engine) for processing.
+
+         By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+         You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+         following the instructions below and uncommenting the second Connector
+         entry.  SSL support requires the following steps (see the SSL Config
+         HOWTO in the Tomcat 4.0 documentation bundle for more detailed
+         instructions):
+         * Download and install JSSE 1.0.2 or later, and put the JAR files
+           into "$JAVA_HOME/jre/lib/ext".
+         * Execute:
+             %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+             $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA  (Unix)
+           with a password value of "changeit" for both the certificate and
+           the keystore itself.
+
+         By default, DNS lookups are enabled when a web application calls
+         request.getRemoteHost().  This can have an adverse impact on
+         performance, so you can disable it by setting the
+         "enableLookups" attribute to "false".  When DNS lookups are disabled,
+         request.getRemoteHost() will return the String version of the
+         IP address of the remote client.
+    -->
+		<!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
+		<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" 
+			port="8009" minProcessors="5" maxProcessors="75" 
+			enableLookups="true" redirectPort="8443" acceptCount="10" debug="0" 
+			connectionTimeout="0" useURIValidationHack="false" 
+			protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
+		<!-- An Engine represents the entry point (within Catalina) that processes
+         every request.  The Engine implementation for Tomcat stand alone
+         analyzes the HTTP headers included with the request, and passes them
+         on to the appropriate Host (virtual host). -->
+		<!-- Define the top level container in our container hierarchy -->
+		<Engine name="Standalone" defaultHost="localhost" debug="0">
+			<!-- The request dumper valve dumps useful debugging information about
+           the request headers and cookies that were received, and the response
+           headers and cookies that were sent, for all requests received by
+           this instance of Tomcat.  If you care only about requests to a
+           particular virtual host, or a particular application, nest this
+           element inside the corresponding <Host> or <Context> entry instead.
+
+           For a similar mechanism that is portable to all Servlet 2.3
+           containers, check out the "RequestDumperFilter" Filter in the
+           example application (the source for this filter may be found in
+           "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+           Request dumping is disabled by default.  Uncomment the following
+           element to enable it. -->
+			<!--
+      <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+      -->
+			<!-- Global logger unless overridden at lower levels -->
+			<Logger className="org.apache.catalina.logger.FileLogger" 
+				prefix="catalina_log." suffix=".txt" timestamp="true"/>
+			<!-- Because this Realm is here, an instance will be shared globally -->
+			<Realm className="org.apache.catalina.realm.MemoryRealm" />
+			<!-- Replace the above Realm with one of the following to get a Realm
+           stored in a database and accessed via JDBC -->
+			<!-- Define the default virtual host -->
+			<Host name="localhost" debug="0" appBase="webapps" 
+				unpackWARs="true" autoDeploy="true">
+				<!-- Normally, users must authenticate themselves to each web app
+             individually.  Uncomment the following entry if you would like
+             a user to be authenticated the first time they encounter a
+             resource protected by a security constraint, and then have that
+             user identity maintained across *all* web applications contained
+             in this virtual host. -->
+				<!--
+        <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+                   debug="0"/>
+        -->
+				<!-- Access log processes all requests for this virtual host.  By
+             default, log files are created in the "logs" directory relative to
+             $CATALINA_HOME.  If you wish, you can specify a different
+             directory with the "directory" attribute.  Specify either a relative
+             (to $CATALINA_HOME) or absolute path to the desired directory.
+        -->
+				<Valve className="org.apache.catalina.valves.AccessLogValve" 
+					directory="logs" prefix="localhost_access_log." 
+					suffix=".txt" pattern="common"/>
+				<!-- Logger shared by all Contexts related to this virtual host.  By
+             default (when using FileLogger), log files are created in the "logs"
+             directory relative to $CATALINA_HOME.  If you wish, you can specify
+             a different directory with the "directory" attribute.  Specify either a
+             relative (to $CATALINA_HOME) or absolute path to the desired
+             directory.-->
+				<Logger className="org.apache.catalina.logger.FileLogger" 
+					directory="logs" prefix="localhost_log." suffix=".txt" 
+					timestamp="true"/>
+				<!-- Define properties for each web application.  This is only needed
+             if you want to set non-default properties, or have web application
+             document roots in places other than the virtual host's appBase
+             directory.  -->
+				<!-- Tomcat Root Context -->
+				<!--
+          <Context path="" docBase="ROOT" debug="0"/>
+        -->
+			</Host>
+		</Engine>
+	</Service>
+	<!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0
+       as its servlet container. Please read the README.txt file coming with
+       the WebApp Module distribution on how to build it.
+       (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository)
+
+       To configure the Apache side, you must ensure that you have the
+       "ServerName" and "Port" directives defined in "httpd.conf".  Then,
+       lines like these to the bottom of your "httpd.conf" file:
+
+         LoadModule webapp_module libexec/mod_webapp.so
+         WebAppConnection warpConnection warp localhost:8008
+         WebAppDeploy examples warpConnection /examples/
+
+       The next time you restart Apache (after restarting Tomcat, if needed)
+       the connection will be established, and all applications you make
+       visible via "WebAppDeploy" directives can be accessed through Apache.
+  -->
+	<!-- Define an Apache-Connector Service -->
+	<Service name="Tomcat-Apache">
+		<Connector className="org.apache.catalina.connector.warp.WarpConnector" 
+			port="8008" minProcessors="5" maxProcessors="75" 
+			enableLookups="true" acceptCount="10" debug="0"/>
+		<!-- Replace "localhost" with what your Apache "ServerName" is set to -->
+		<Engine className="org.apache.catalina.connector.warp.WarpEngine" 
+			name="Apache" debug="0" appBase="webapps">
+			<!-- Global logger unless overridden at lower levels -->
+			<Logger className="org.apache.catalina.logger.FileLogger" 
+				prefix="apache_log." suffix=".txt" timestamp="true"/>
+			<!-- Because this Realm is here, an instance will be shared globally -->
+			<Realm className="org.apache.catalina.realm.MemoryRealm" />
+		</Engine>
+	</Service>
+</Server>
\ No newline at end of file
diff --git a/id/server/data/deploy/tomcat/tomcat-4.1.x/server.xml b/id/server/data/deploy/tomcat/tomcat-4.1.x/server.xml
new file mode 100644
index 000000000..b259d2dec
--- /dev/null
+++ b/id/server/data/deploy/tomcat/tomcat-4.1.x/server.xml
@@ -0,0 +1,171 @@
+<!-- Alternate Example-less Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+     parent-child relationships with each other -->
+<!-- A "Server" is a singleton element that represents the entire JVM,
+     which may contain one or more "Service" instances.  The Server
+     listens for a shutdown command on the indicated port.
+
+     Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+	<!-- Uncomment this entry to enable JMX MBeans support -->
+	<!--
+  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+                debug="0" port="-1" login="admin" password="admin"/>
+-->
+	<!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" (and therefore the web applications visible
+       within that Container).  Normally, that Container is an "Engine",
+       but this is not required.
+
+       Note:  A "Service" is not itself a "Container", so you may not
+       define subcomponents such as "Valves" or "Loggers" at this level.
+   -->
+	<!-- Define the Tomcat Stand-Alone Service -->
+	<Service name="Tomcat-Standalone">
+		<!-- A "Connector" represents an endpoint by which requests are received
+         and responses are returned.  Each Connector passes requests on to the
+         associated "Container" (normally an Engine) for processing.
+
+         By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+         You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+         following the instructions below and uncommenting the second Connector
+         entry.  SSL support requires the following steps (see the SSL Config
+         HOWTO in the Tomcat 4.0 documentation bundle for more detailed
+         instructions):
+         * Download and install JSSE 1.0.2 or later, and put the JAR files
+           into "$JAVA_HOME/jre/lib/ext".
+         * Execute:
+             %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+             $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA  (Unix)
+           with a password value of "changeit" for both the certificate and
+           the keystore itself.
+
+         By default, DNS lookups are enabled when a web application calls
+         request.getRemoteHost().  This can have an adverse impact on
+         performance, so you can disable it by setting the
+         "enableLookups" attribute to "false".  When DNS lookups are disabled,
+         request.getRemoteHost() will return the String version of the
+         IP address of the remote client.
+    -->
+		<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
+		<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" 
+			port="8080" minProcessors="5" maxProcessors="75" 
+			enableLookups="true" redirectPort="8443" acceptCount="100" 
+			debug="0" connectionTimeout="20000" useURIValidationHack="false" 
+			disableUploadTimeout="true"/>
+		<!-- Note : To disable connection timeouts, set connectionTimeout value to -1 -->
+		<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
+		<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" 
+			port="8443" minProcessors="5" maxProcessors="75" 
+			enableLookups="uri" acceptCount="100" debug="0" scheme="https" 
+			secure="true" useURIValidationHack="false" 
+			disableUploadTimeout="true">
+			<Factory 
+				className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" 
+				clientAuth="false" protocol="TLS"/>
+		</Connector>
+		<!-- An Engine represents the entry point (within Catalina) that processes
+         every request.  The Engine implementation for Tomcat stand alone
+         analyzes the HTTP headers included with the request, and passes them
+         on to the appropriate Host (virtual host). -->
+		<!-- Define the top level container in our container hierarchy -->
+		<Engine name="Standalone" defaultHost="localhost" debug="0">
+			<!-- The request dumper valve dumps useful debugging information about
+           the request headers and cookies that were received, and the response
+           headers and cookies that were sent, for all requests received by
+           this instance of Tomcat.  If you care only about requests to a
+           particular virtual host, or a particular application, nest this
+           element inside the corresponding <Host> or <Context> entry instead.
+
+           For a similar mechanism that is portable to all Servlet 2.3
+           containers, check out the "RequestDumperFilter" Filter in the
+           example application (the source for this filter may be found in
+           "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+           Request dumping is disabled by default.  Uncomment the following
+           element to enable it. -->
+			<!--
+      	<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+      	-->
+			<!-- Global logger unless overridden at lower levels -->
+			<Logger className="org.apache.catalina.logger.FileLogger" 
+				prefix="catalina_log." suffix=".txt" timestamp="true"/>
+			<!-- Because this Realm is here, an instance will be shared globally -->
+			<Realm className="org.apache.catalina.realm.MemoryRealm"/>
+			<!-- Define the default virtual host -->
+			<Host name="localhost" debug="0" appBase="webapps" 
+				unpackWARs="true" autoDeploy="true">
+				<!-- Normally, users must authenticate themselves to each web app
+             individually.  Uncomment the following entry if you would like
+             a user to be authenticated the first time they encounter a
+             resource protected by a security constraint, and then have that
+             user identity maintained across *all* web applications contained
+             in this virtual host. -->
+				<!--
+        <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+                   debug="0"/>
+        -->
+				<!-- Access log processes all requests for this virtual host.  By
+             default, log files are created in the "logs" directory relative to
+             $CATALINA_HOME.  If you wish, you can specify a different
+             directory with the "directory" attribute.  Specify either a relative
+             (to $CATALINA_HOME) or absolute path to the desired directory.
+        -->
+				<Valve className="org.apache.catalina.valves.AccessLogValve" 
+					directory="logs" prefix="localhost_access_log." 
+					suffix=".txt" pattern="common"/>
+				<!-- Logger shared by all Contexts related to this virtual host.  By
+             default (when using FileLogger), log files are created in the "logs"
+             directory relative to $CATALINA_HOME.  If you wish, you can specify
+             a different directory with the "directory" attribute.  Specify either a
+             relative (to $CATALINA_HOME) or absolute path to the desired
+             directory.-->
+				<Logger className="org.apache.catalina.logger.FileLogger" 
+					directory="logs" prefix="localhost_log." suffix=".txt" 
+					timestamp="true"/>
+				<!-- Define properties for each web application.  This is only needed
+             if you want to set non-default properties, or have web application
+             document roots in places other than the virtual host's appBase
+             directory.  -->
+				<!-- Tomcat Root Context -->
+				<!--
+          <Context path="" docBase="../moa-id-proxy.war" debug="0"/>
+        -->
+			</Host>
+		</Engine>
+	</Service>
+	<!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0
+       as its servlet container. Please read the README.txt file coming with
+       the WebApp Module distribution on how to build it.
+       (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository)
+
+       To configure the Apache side, you must ensure that you have the
+       "ServerName" and "Port" directives defined in "httpd.conf".  Then,
+       lines like these to the bottom of your "httpd.conf" file:
+
+         LoadModule webapp_module libexec/mod_webapp.so
+         WebAppConnection warpConnection warp localhost:8008
+         WebAppDeploy examples warpConnection /examples/
+
+       The next time you restart Apache (after restarting Tomcat, if needed)
+       the connection will be established, and all applications you make
+       visible via "WebAppDeploy" directives can be accessed through Apache.
+  -->
+	<!-- Define an Apache-Connector Service -->
+	<Service name="Tomcat-Apache">
+		<Connector className="org.apache.catalina.connector.warp.WarpConnector" 
+			port="8008" minProcessors="5" maxProcessors="75" 
+			enableLookups="true" acceptCount="10" debug="0"/>
+		<!-- Replace "localhost" with what your Apache "ServerName" is set to -->
+		<Engine className="org.apache.catalina.connector.warp.WarpEngine" 
+			name="Apache" debug="0" appBase="webapps">
+			<!-- Global logger unless overridden at lower levels -->
+			<Logger className="org.apache.catalina.logger.FileLogger" 
+				prefix="apache_log." suffix=".txt" timestamp="true"/>
+			<!-- Because this Realm is here, an instance will be shared globally -->
+			<Realm className="org.apache.catalina.realm.MemoryRealm"/>
+		</Engine>
+	</Service>
+</Server>
\ No newline at end of file
diff --git a/id/server/data/deploy/tomcat/tomcat-5.0.x/server.mod_jk.xml b/id/server/data/deploy/tomcat/tomcat-5.0.x/server.mod_jk.xml
new file mode 100644
index 000000000..bbc375984
--- /dev/null
+++ b/id/server/data/deploy/tomcat/tomcat-5.0.x/server.mod_jk.xml
@@ -0,0 +1,386 @@
+<!-- Example Server Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+     parent-child relationships with each other -->
+
+<!-- A "Server" is a singleton element that represents the entire JVM,
+     which may contain one or more "Service" instances.  The Server
+     listens for a shutdown command on the indicated port.
+
+     Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+
+
+  <!-- Comment these entries out to disable JMX MBeans support -->
+  <!-- You may also configure custom components (e.g. Valves/Realms) by 
+       including your own mbean-descriptor file(s), and setting the 
+       "descriptors" attribute to point to a ';' seperated list of paths
+       (in the ClassLoader sense) of files to add to the default list.
+       e.g. descriptors="/com/myfirm/mypackage/mbean-descriptor.xml"
+  -->
+  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+            debug="0"/>
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
+            debug="0"/>
+
+  <!-- Global JNDI resources -->
+  <GlobalNamingResources>
+
+    <!-- Test entry for demonstration purposes -->
+    <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
+
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+       description="User database that can be updated and saved">
+    </Resource>
+    <ResourceParams name="UserDatabase">
+      <parameter>
+        <name>factory</name>
+        <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
+      </parameter>
+      <parameter>
+        <name>pathname</name>
+        <value>conf/tomcat-users.xml</value>
+      </parameter>
+    </ResourceParams>
+
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" (and therefore the web applications visible
+       within that Container).  Normally, that Container is an "Engine",
+       but this is not required.
+
+       Note:  A "Service" is not itself a "Container", so you may not
+       define subcomponents such as "Valves" or "Loggers" at this level.
+   -->
+
+  <!-- Define the Tomcat Stand-Alone Service -->
+  <Service name="Catalina">
+
+    <!-- A "Connector" represents an endpoint by which requests are received
+         and responses are returned.  Each Connector passes requests on to the
+         associated "Container" (normally an Engine) for processing.
+
+         By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+         You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+         following the instructions below and uncommenting the second Connector
+         entry.  SSL support requires the following steps (see the SSL Config
+         HOWTO in the Tomcat 5 documentation bundle for more detailed
+         instructions):
+         * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
+           later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
+         * Execute:
+             %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+             $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA  (Unix)
+           with a password value of "changeit" for both the certificate and
+           the keystore itself.
+
+         By default, DNS lookups are enabled when a web application calls
+         request.getRemoteHost().  This can have an adverse impact on
+         performance, so you can disable it by setting the
+         "enableLookups" attribute to "false".  When DNS lookups are disabled,
+         request.getRemoteHost() will return the String version of the
+         IP address of the remote client.
+    -->
+
+    <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
+    <Connector port="8080"
+               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+               enableLookups="false" redirectPort="8443" acceptCount="100"
+               debug="0" connectionTimeout="20000" 
+               disableUploadTimeout="true" />
+    <!-- Note : To disable connection timeouts, set connectionTimeout value
+     to 0 -->
+	
+	<!-- Note : To use gzip compression you could set the following properties :
+	
+			   compression="on" 
+			   compressionMinSize="2048" 
+			   noCompressionUserAgents="gozilla, traviata" 
+			   compressableMimeType="text/html,text/xml"
+	-->
+
+    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
+    <Connector port="8443" 
+               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+               enableLookups="false" disableUploadTimeout="true"
+               acceptCount="100" debug="0" scheme="https" secure="true"
+               clientAuth="false" sslProtocol="TLS" />
+
+    <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
+    <Connector port="8009" 
+               enableLookups="false" redirectPort="8443" debug="0"
+               protocol="AJP/1.3" />
+
+    <!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
+    <!-- See proxy documentation for more information about using this. -->
+    <!--
+    <Connector port="8082" 
+               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+               enableLookups="false"
+               acceptCount="100" debug="0" connectionTimeout="20000"
+               proxyPort="80" disableUploadTimeout="true" />
+    -->
+
+    <!-- An Engine represents the entry point (within Catalina) that processes
+         every request.  The Engine implementation for Tomcat stand alone
+         analyzes the HTTP headers included with the request, and passes them
+         on to the appropriate Host (virtual host). -->
+
+    <!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
+    <Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">         
+    --> 
+         
+    <!-- Define the top level container in our container hierarchy -->
+    <Engine name="Catalina" defaultHost="localhost" debug="0">
+
+      <!-- The request dumper valve dumps useful debugging information about
+           the request headers and cookies that were received, and the response
+           headers and cookies that were sent, for all requests received by
+           this instance of Tomcat.  If you care only about requests to a
+           particular virtual host, or a particular application, nest this
+           element inside the corresponding <Host> or <Context> entry instead.
+
+           For a similar mechanism that is portable to all Servlet 2.4
+           containers, check out the "RequestDumperFilter" Filter in the
+           example application (the source for this filter may be found in
+           "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+           Request dumping is disabled by default.  Uncomment the following
+           element to enable it. -->
+      <!--
+      <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+      -->
+
+      <!-- Global logger unless overridden at lower levels -->
+      <Logger className="org.apache.catalina.logger.FileLogger"
+              prefix="catalina_log." suffix=".txt"
+              timestamp="true"/>
+
+      <!-- Because this Realm is here, an instance will be shared globally -->
+
+      <!-- This Realm uses the UserDatabase configured in the global JNDI
+           resources under the key "UserDatabase".  Any edits
+           that are performed against this UserDatabase are immediately
+           available for use by the Realm.  -->
+      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+                 debug="0" resourceName="UserDatabase"/>
+
+      <!-- Comment out the old realm but leave here for now in case we
+           need to go back quickly -->
+      <!--
+      <Realm className="org.apache.catalina.realm.MemoryRealm" />
+      -->
+
+      <!-- Replace the above Realm with one of the following to get a Realm
+           stored in a database and accessed via JDBC -->
+
+      <!--
+      <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
+             driverName="org.gjt.mm.mysql.Driver"
+          connectionURL="jdbc:mysql://localhost/authority"
+         connectionName="test" connectionPassword="test"
+              userTable="users" userNameCol="user_name" userCredCol="user_pass"
+          userRoleTable="user_roles" roleNameCol="role_name" />
+      -->
+
+      <!--
+      <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
+             driverName="oracle.jdbc.driver.OracleDriver"
+          connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
+         connectionName="scott" connectionPassword="tiger"
+              userTable="users" userNameCol="user_name" userCredCol="user_pass"
+          userRoleTable="user_roles" roleNameCol="role_name" />
+      -->
+
+      <!--
+      <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
+             driverName="sun.jdbc.odbc.JdbcOdbcDriver"
+          connectionURL="jdbc:odbc:CATALINA"
+              userTable="users" userNameCol="user_name" userCredCol="user_pass"
+          userRoleTable="user_roles" roleNameCol="role_name" />
+      -->
+
+      <!-- Define the default virtual host
+           Note: XML Schema validation will not work with Xerces 2.2.
+       -->
+      <Host name="localhost" debug="0" appBase="webapps"
+       unpackWARs="true" autoDeploy="true"
+       xmlValidation="false" xmlNamespaceAware="false">
+
+        <!-- Defines a cluster for this node,
+             By defining this element, means that every manager will be changed.
+             So when running a cluster, only make sure that you have webapps in there
+             that need to be clustered and remove the other ones.
+             A cluster has the following parameters:
+
+             className = the fully qualified name of the cluster class
+
+             name = a descriptive name for your cluster, can be anything
+
+             debug = the debug level, higher means more output
+
+             mcastAddr = the multicast address, has to be the same for all the nodes
+
+             mcastPort = the multicast port, has to be the same for all the nodes
+             
+             mcastBindAddr = bind the multicast socket to a specific address
+             
+             mcastTTL = the multicast TTL if you want to limit your broadcast
+             
+             mcastSoTimeout = the multicast readtimeout 
+
+             mcastFrequency = the number of milliseconds in between sending a "I'm alive" heartbeat
+
+             mcastDropTime = the number a milliseconds before a node is considered "dead" if no heartbeat is received
+
+             tcpThreadCount = the number of threads to handle incoming replication requests, optimal would be the same amount of threads as nodes 
+
+             tcpListenAddress = the listen address (bind address) for TCP cluster request on this host, 
+                                in case of multiple ethernet cards.
+                                auto means that address becomes
+                                InetAddress.getLocalHost().getHostAddress()
+
+             tcpListenPort = the tcp listen port
+
+             tcpSelectorTimeout = the timeout (ms) for the Selector.select() method in case the OS
+                                  has a wakup bug in java.nio. Set to 0 for no timeout
+
+             printToScreen = true means that managers will also print to std.out
+
+             expireSessionsOnShutdown = true means that 
+
+             useDirtyFlag = true means that we only replicate a session after setAttribute,removeAttribute has been called.
+                            false means to replicate the session after each request.
+                            false means that replication would work for the following piece of code:
+                            <%
+                            HashMap map = (HashMap)session.getAttribute("map");
+                            map.put("key","value");
+                            %>
+             replicationMode = can be either 'pooled', 'synchronous' or 'asynchronous'.
+                               * Pooled means that the replication happens using several sockets in a synchronous way. Ie, the data gets replicated, then the request return. This is the same as the 'synchronous' setting except it uses a pool of sockets, hence it is multithreaded. This is the fastest and safest configuration. To use this, also increase the nr of tcp threads that you have dealing with replication.
+                               * Synchronous means that the thread that executes the request, is also the
+                               thread the replicates the data to the other nodes, and will not return until all
+                               nodes have received the information.
+                               * Asynchronous means that there is a specific 'sender' thread for each cluster node,
+                               so the request thread will queue the replication request into a "smart" queue,
+                               and then return to the client.
+                               The "smart" queue is a queue where when a session is added to the queue, and the same session
+                               already exists in the queue from a previous request, that session will be replaced
+                               in the queue instead of replicating two requests. This almost never happens, unless there is a 
+                               large network delay.
+        -->             
+        <!--
+            When configuring for clustering, you also add in a valve to catch all the requests
+            coming in, at the end of the request, the session may or may not be replicated.
+            A session is replicated if and only if all the conditions are met:
+            1. useDirtyFlag is true or setAttribute or removeAttribute has been called AND
+            2. a session exists (has been created)
+            3. the request is not trapped by the "filter" attribute
+
+            The filter attribute is to filter out requests that could not modify the session,
+            hence we don't replicate the session after the end of this request.
+            The filter is negative, ie, anything you put in the filter, you mean to filter out,
+            ie, no replication will be done on requests that match one of the filters.
+            The filter attribute is delimited by ;, so you can't escape out ; even if you wanted to.
+
+            filter=".*\.gif;.*\.js;" means that we will not replicate the session after requests with the URI
+            ending with .gif and .js are intercepted.
+            
+            The deployer element can be used to deploy apps cluster wide.
+            Currently the deployment only deploys/undeploys to working members in the cluster
+            so no WARs are copied upons startup of a broken node.
+            The deployer watches a directory (watchDir) for WAR files when watchEnabled="true"
+            When a new war file is added the war gets deployed to the local instance,
+            and then deployed to the other instances in the cluster.
+            When a war file is deleted from the watchDir the war is undeployed locally 
+            and cluster wide
+        -->
+        
+        <!--
+        <Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
+                 managerClassName="org.apache.catalina.cluster.session.DeltaManager"
+                 expireSessionsOnShutdown="false"
+                 useDirtyFlag="true">
+
+            <Membership 
+                className="org.apache.catalina.cluster.mcast.McastService"
+                mcastAddr="228.0.0.4"
+                mcastPort="45564"
+                mcastFrequency="500"
+                mcastDropTime="3000"/>
+
+            <Receiver 
+                className="org.apache.catalina.cluster.tcp.ReplicationListener"
+                tcpListenAddress="auto"
+                tcpListenPort="4001"
+                tcpSelectorTimeout="100"
+                tcpThreadCount="6"/>
+
+            <Sender
+                className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
+                replicationMode="pooled"/>
+
+            <Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
+                   filter=".*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;"/>
+                   
+            <Deployer className="org.apache.catalina.cluster.deploy.FarmWarDeployer"
+                      tempDir="/tmp/war-temp/"
+                      deployDir="/tmp/war-deploy/"
+                      watchDir="/tmp/war-listen/"
+                      watchEnabled="false"/>
+        </Cluster>
+        -->        
+
+
+
+        <!-- Normally, users must authenticate themselves to each web app
+             individually.  Uncomment the following entry if you would like
+             a user to be authenticated the first time they encounter a
+             resource protected by a security constraint, and then have that
+             user identity maintained across *all* web applications contained
+             in this virtual host. -->
+        <!--
+        <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+                   debug="0"/>
+        -->
+
+        <!-- Access log processes all requests for this virtual host.  By
+             default, log files are created in the "logs" directory relative to
+             $CATALINA_HOME.  If you wish, you can specify a different
+             directory with the "directory" attribute.  Specify either a relative
+             (to $CATALINA_HOME) or absolute path to the desired directory.
+        -->
+        <!--
+        <Valve className="org.apache.catalina.valves.AccessLogValve"
+                 directory="logs"  prefix="localhost_access_log." suffix=".txt"
+                 pattern="common" resolveHosts="false"/>
+        -->
+
+        <!-- Logger shared by all Contexts related to this virtual host.  By
+             default (when using FileLogger), log files are created in the "logs"
+             directory relative to $CATALINA_HOME.  If you wish, you can specify
+             a different directory with the "directory" attribute.  Specify either a
+             relative (to $CATALINA_HOME) or absolute path to the desired
+             directory.-->
+        <Logger className="org.apache.catalina.logger.FileLogger"
+                 directory="logs"  prefix="localhost_log." suffix=".txt"
+            timestamp="true"/>
+
+        <!-- Tomcat Root Context --> 
+        <!-- 
+        <Context path="" docBase="../webappsProxy" debug="0"/>
+        --> 
+
+      </Host>
+
+    </Engine>
+
+  </Service>
+
+</Server>
diff --git a/id/server/data/deploy/tomcat/tomcat-5.0.x/server.xml b/id/server/data/deploy/tomcat/tomcat-5.0.x/server.xml
new file mode 100644
index 000000000..9b86b38ca
--- /dev/null
+++ b/id/server/data/deploy/tomcat/tomcat-5.0.x/server.xml
@@ -0,0 +1,388 @@
+<!-- Example Server Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+     parent-child relationships with each other -->
+
+<!-- A "Server" is a singleton element that represents the entire JVM,
+     which may contain one or more "Service" instances.  The Server
+     listens for a shutdown command on the indicated port.
+
+     Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+
+
+  <!-- Comment these entries out to disable JMX MBeans support -->
+  <!-- You may also configure custom components (e.g. Valves/Realms) by 
+       including your own mbean-descriptor file(s), and setting the 
+       "descriptors" attribute to point to a ';' seperated list of paths
+       (in the ClassLoader sense) of files to add to the default list.
+       e.g. descriptors="/com/myfirm/mypackage/mbean-descriptor.xml"
+  -->
+  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+            debug="0"/>
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
+            debug="0"/>
+
+  <!-- Global JNDI resources -->
+  <GlobalNamingResources>
+
+    <!-- Test entry for demonstration purposes -->
+    <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
+
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+       description="User database that can be updated and saved">
+    </Resource>
+    <ResourceParams name="UserDatabase">
+      <parameter>
+        <name>factory</name>
+        <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
+      </parameter>
+      <parameter>
+        <name>pathname</name>
+        <value>conf/tomcat-users.xml</value>
+      </parameter>
+    </ResourceParams>
+
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" (and therefore the web applications visible
+       within that Container).  Normally, that Container is an "Engine",
+       but this is not required.
+
+       Note:  A "Service" is not itself a "Container", so you may not
+       define subcomponents such as "Valves" or "Loggers" at this level.
+   -->
+
+  <!-- Define the Tomcat Stand-Alone Service -->
+  <Service name="Catalina">
+
+    <!-- A "Connector" represents an endpoint by which requests are received
+         and responses are returned.  Each Connector passes requests on to the
+         associated "Container" (normally an Engine) for processing.
+
+         By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+         You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+         following the instructions below and uncommenting the second Connector
+         entry.  SSL support requires the following steps (see the SSL Config
+         HOWTO in the Tomcat 5 documentation bundle for more detailed
+         instructions):
+         * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
+           later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
+         * Execute:
+             %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+             $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA  (Unix)
+           with a password value of "changeit" for both the certificate and
+           the keystore itself.
+
+         By default, DNS lookups are enabled when a web application calls
+         request.getRemoteHost().  This can have an adverse impact on
+         performance, so you can disable it by setting the
+         "enableLookups" attribute to "false".  When DNS lookups are disabled,
+         request.getRemoteHost() will return the String version of the
+         IP address of the remote client.
+    -->
+
+    <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
+    <Connector port="8080"
+               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+               enableLookups="false" redirectPort="8443" acceptCount="100"
+               debug="0" connectionTimeout="20000" 
+               disableUploadTimeout="true" />
+    <!-- Note : To disable connection timeouts, set connectionTimeout value
+     to 0 -->
+	
+	<!-- Note : To use gzip compression you could set the following properties :
+	
+			   compression="on" 
+			   compressionMinSize="2048" 
+			   noCompressionUserAgents="gozilla, traviata" 
+			   compressableMimeType="text/html,text/xml"
+	-->
+
+    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
+    <Connector port="8443" 
+               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+               enableLookups="false" disableUploadTimeout="true"
+               acceptCount="100" debug="0" scheme="https" secure="true"
+               clientAuth="false" sslProtocol="TLS" />
+
+    <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
+    <!--
+    <Connector port="8009" 
+               enableLookups="false" redirectPort="8443" debug="0"
+               protocol="AJP/1.3" />
+    -->
+
+    <!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
+    <!-- See proxy documentation for more information about using this. -->
+    <!--
+    <Connector port="8082" 
+               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+               enableLookups="false"
+               acceptCount="100" debug="0" connectionTimeout="20000"
+               proxyPort="80" disableUploadTimeout="true" />
+    -->
+
+    <!-- An Engine represents the entry point (within Catalina) that processes
+         every request.  The Engine implementation for Tomcat stand alone
+         analyzes the HTTP headers included with the request, and passes them
+         on to the appropriate Host (virtual host). -->
+
+    <!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
+    <Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">         
+    --> 
+         
+    <!-- Define the top level container in our container hierarchy -->
+    <Engine name="Catalina" defaultHost="localhost" debug="0">
+
+      <!-- The request dumper valve dumps useful debugging information about
+           the request headers and cookies that were received, and the response
+           headers and cookies that were sent, for all requests received by
+           this instance of Tomcat.  If you care only about requests to a
+           particular virtual host, or a particular application, nest this
+           element inside the corresponding <Host> or <Context> entry instead.
+
+           For a similar mechanism that is portable to all Servlet 2.4
+           containers, check out the "RequestDumperFilter" Filter in the
+           example application (the source for this filter may be found in
+           "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+           Request dumping is disabled by default.  Uncomment the following
+           element to enable it. -->
+      <!--
+      <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+      -->
+
+      <!-- Global logger unless overridden at lower levels -->
+      <Logger className="org.apache.catalina.logger.FileLogger"
+              prefix="catalina_log." suffix=".txt"
+              timestamp="true"/>
+
+      <!-- Because this Realm is here, an instance will be shared globally -->
+
+      <!-- This Realm uses the UserDatabase configured in the global JNDI
+           resources under the key "UserDatabase".  Any edits
+           that are performed against this UserDatabase are immediately
+           available for use by the Realm.  -->
+      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+                 debug="0" resourceName="UserDatabase"/>
+
+      <!-- Comment out the old realm but leave here for now in case we
+           need to go back quickly -->
+      <!--
+      <Realm className="org.apache.catalina.realm.MemoryRealm" />
+      -->
+
+      <!-- Replace the above Realm with one of the following to get a Realm
+           stored in a database and accessed via JDBC -->
+
+      <!--
+      <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
+             driverName="org.gjt.mm.mysql.Driver"
+          connectionURL="jdbc:mysql://localhost/authority"
+         connectionName="test" connectionPassword="test"
+              userTable="users" userNameCol="user_name" userCredCol="user_pass"
+          userRoleTable="user_roles" roleNameCol="role_name" />
+      -->
+
+      <!--
+      <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
+             driverName="oracle.jdbc.driver.OracleDriver"
+          connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
+         connectionName="scott" connectionPassword="tiger"
+              userTable="users" userNameCol="user_name" userCredCol="user_pass"
+          userRoleTable="user_roles" roleNameCol="role_name" />
+      -->
+
+      <!--
+      <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
+             driverName="sun.jdbc.odbc.JdbcOdbcDriver"
+          connectionURL="jdbc:odbc:CATALINA"
+              userTable="users" userNameCol="user_name" userCredCol="user_pass"
+          userRoleTable="user_roles" roleNameCol="role_name" />
+      -->
+
+      <!-- Define the default virtual host
+           Note: XML Schema validation will not work with Xerces 2.2.
+       -->
+      <Host name="localhost" debug="0" appBase="webapps"
+       unpackWARs="true" autoDeploy="true"
+       xmlValidation="false" xmlNamespaceAware="false">
+
+        <!-- Defines a cluster for this node,
+             By defining this element, means that every manager will be changed.
+             So when running a cluster, only make sure that you have webapps in there
+             that need to be clustered and remove the other ones.
+             A cluster has the following parameters:
+
+             className = the fully qualified name of the cluster class
+
+             name = a descriptive name for your cluster, can be anything
+
+             debug = the debug level, higher means more output
+
+             mcastAddr = the multicast address, has to be the same for all the nodes
+
+             mcastPort = the multicast port, has to be the same for all the nodes
+             
+             mcastBindAddr = bind the multicast socket to a specific address
+             
+             mcastTTL = the multicast TTL if you want to limit your broadcast
+             
+             mcastSoTimeout = the multicast readtimeout 
+
+             mcastFrequency = the number of milliseconds in between sending a "I'm alive" heartbeat
+
+             mcastDropTime = the number a milliseconds before a node is considered "dead" if no heartbeat is received
+
+             tcpThreadCount = the number of threads to handle incoming replication requests, optimal would be the same amount of threads as nodes 
+
+             tcpListenAddress = the listen address (bind address) for TCP cluster request on this host, 
+                                in case of multiple ethernet cards.
+                                auto means that address becomes
+                                InetAddress.getLocalHost().getHostAddress()
+
+             tcpListenPort = the tcp listen port
+
+             tcpSelectorTimeout = the timeout (ms) for the Selector.select() method in case the OS
+                                  has a wakup bug in java.nio. Set to 0 for no timeout
+
+             printToScreen = true means that managers will also print to std.out
+
+             expireSessionsOnShutdown = true means that 
+
+             useDirtyFlag = true means that we only replicate a session after setAttribute,removeAttribute has been called.
+                            false means to replicate the session after each request.
+                            false means that replication would work for the following piece of code:
+                            <%
+                            HashMap map = (HashMap)session.getAttribute("map");
+                            map.put("key","value");
+                            %>
+             replicationMode = can be either 'pooled', 'synchronous' or 'asynchronous'.
+                               * Pooled means that the replication happens using several sockets in a synchronous way. Ie, the data gets replicated, then the request return. This is the same as the 'synchronous' setting except it uses a pool of sockets, hence it is multithreaded. This is the fastest and safest configuration. To use this, also increase the nr of tcp threads that you have dealing with replication.
+                               * Synchronous means that the thread that executes the request, is also the
+                               thread the replicates the data to the other nodes, and will not return until all
+                               nodes have received the information.
+                               * Asynchronous means that there is a specific 'sender' thread for each cluster node,
+                               so the request thread will queue the replication request into a "smart" queue,
+                               and then return to the client.
+                               The "smart" queue is a queue where when a session is added to the queue, and the same session
+                               already exists in the queue from a previous request, that session will be replaced
+                               in the queue instead of replicating two requests. This almost never happens, unless there is a 
+                               large network delay.
+        -->             
+        <!--
+            When configuring for clustering, you also add in a valve to catch all the requests
+            coming in, at the end of the request, the session may or may not be replicated.
+            A session is replicated if and only if all the conditions are met:
+            1. useDirtyFlag is true or setAttribute or removeAttribute has been called AND
+            2. a session exists (has been created)
+            3. the request is not trapped by the "filter" attribute
+
+            The filter attribute is to filter out requests that could not modify the session,
+            hence we don't replicate the session after the end of this request.
+            The filter is negative, ie, anything you put in the filter, you mean to filter out,
+            ie, no replication will be done on requests that match one of the filters.
+            The filter attribute is delimited by ;, so you can't escape out ; even if you wanted to.
+
+            filter=".*\.gif;.*\.js;" means that we will not replicate the session after requests with the URI
+            ending with .gif and .js are intercepted.
+            
+            The deployer element can be used to deploy apps cluster wide.
+            Currently the deployment only deploys/undeploys to working members in the cluster
+            so no WARs are copied upons startup of a broken node.
+            The deployer watches a directory (watchDir) for WAR files when watchEnabled="true"
+            When a new war file is added the war gets deployed to the local instance,
+            and then deployed to the other instances in the cluster.
+            When a war file is deleted from the watchDir the war is undeployed locally 
+            and cluster wide
+        -->
+        
+        <!--
+        <Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
+                 managerClassName="org.apache.catalina.cluster.session.DeltaManager"
+                 expireSessionsOnShutdown="false"
+                 useDirtyFlag="true">
+
+            <Membership 
+                className="org.apache.catalina.cluster.mcast.McastService"
+                mcastAddr="228.0.0.4"
+                mcastPort="45564"
+                mcastFrequency="500"
+                mcastDropTime="3000"/>
+
+            <Receiver 
+                className="org.apache.catalina.cluster.tcp.ReplicationListener"
+                tcpListenAddress="auto"
+                tcpListenPort="4001"
+                tcpSelectorTimeout="100"
+                tcpThreadCount="6"/>
+
+            <Sender
+                className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
+                replicationMode="pooled"/>
+
+            <Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
+                   filter=".*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;"/>
+                   
+            <Deployer className="org.apache.catalina.cluster.deploy.FarmWarDeployer"
+                      tempDir="/tmp/war-temp/"
+                      deployDir="/tmp/war-deploy/"
+                      watchDir="/tmp/war-listen/"
+                      watchEnabled="false"/>
+        </Cluster>
+        -->        
+
+
+
+        <!-- Normally, users must authenticate themselves to each web app
+             individually.  Uncomment the following entry if you would like
+             a user to be authenticated the first time they encounter a
+             resource protected by a security constraint, and then have that
+             user identity maintained across *all* web applications contained
+             in this virtual host. -->
+        <!--
+        <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+                   debug="0"/>
+        -->
+
+        <!-- Access log processes all requests for this virtual host.  By
+             default, log files are created in the "logs" directory relative to
+             $CATALINA_HOME.  If you wish, you can specify a different
+             directory with the "directory" attribute.  Specify either a relative
+             (to $CATALINA_HOME) or absolute path to the desired directory.
+        -->
+        <!--
+        <Valve className="org.apache.catalina.valves.AccessLogValve"
+                 directory="logs"  prefix="localhost_access_log." suffix=".txt"
+                 pattern="common" resolveHosts="false"/>
+        -->
+
+        <!-- Logger shared by all Contexts related to this virtual host.  By
+             default (when using FileLogger), log files are created in the "logs"
+             directory relative to $CATALINA_HOME.  If you wish, you can specify
+             a different directory with the "directory" attribute.  Specify either a
+             relative (to $CATALINA_HOME) or absolute path to the desired
+             directory.-->
+        <Logger className="org.apache.catalina.logger.FileLogger"
+                 directory="logs"  prefix="localhost_log." suffix=".txt"
+            timestamp="true"/>
+
+        <!-- Tomcat Root Context --> 
+        <!-- 
+        <Context path="" docBase="../webappsProxy" debug="0"/>
+        --> 
+
+      </Host>
+
+    </Engine>
+
+  </Service>
+
+</Server>
diff --git a/id/server/doc/MOA-ID-Configuration-1.4.2.xsd b/id/server/doc/MOA-ID-Configuration-1.4.2.xsd
new file mode 100644
index 000000000..5a87e3fde
--- /dev/null
+++ b/id/server/doc/MOA-ID-Configuration-1.4.2.xsd
@@ -0,0 +1,506 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->
+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1">
+  <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+  <xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
+  <xsd:element name="Configuration">
+    <xsd:complexType>
+      <xsd:sequence>
+        <xsd:element name="LoginType" type="LoginType" default="stateful"/>
+        <xsd:element name="Binding" minOccurs="0">
+          <xsd:simpleType>
+            <xsd:restriction base="xsd:string">
+              <xsd:enumeration value="full"/>
+              <xsd:enumeration value="userName"/>
+              <xsd:enumeration value="none"/>
+            </xsd:restriction>
+          </xsd:simpleType>
+        </xsd:element>
+        <xsd:choice>
+          <xsd:element ref="ParamAuth"/>
+          <xsd:element ref="BasicAuth"/>
+          <xsd:element ref="HeaderAuth"/>
+        </xsd:choice>
+      </xsd:sequence>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:simpleType name="LoginType">
+    <xsd:restriction base="xsd:token">
+      <xsd:enumeration value="stateless"/>
+      <xsd:enumeration value="stateful"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+  <xsd:element name="ParamAuth">
+    <xsd:complexType>
+      <xsd:sequence>
+        <xsd:element ref="Parameter" maxOccurs="unbounded"/>
+      </xsd:sequence>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:element name="Parameter">
+    <xsd:complexType>
+      <xsd:attribute name="Name" type="xsd:token" use="required"/>
+      <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:element name="BasicAuth">
+    <xsd:complexType>
+      <xsd:sequence>
+        <xsd:element name="UserID" type="MOAAuthDataType"/>
+        <xsd:element name="Password" type="MOAAuthDataType"/>
+      </xsd:sequence>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:element name="HeaderAuth">
+    <xsd:complexType>
+      <xsd:sequence>
+        <xsd:element ref="Header" maxOccurs="unbounded"/>
+      </xsd:sequence>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:element name="Header">
+    <xsd:complexType>
+      <xsd:attribute name="Name" type="xsd:token" use="required"/>
+      <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:simpleType name="MOAAuthDataType">
+    <xsd:restriction base="xsd:token">
+      <xsd:enumeration value="MOAGivenName"/>
+      <xsd:enumeration value="MOAFamilyName"/>
+      <xsd:enumeration value="MOADateOfBirth"/>
+      <xsd:enumeration value="MOABPK"/>
+      <xsd:enumeration value="MOAWBPK"/>
+      <xsd:enumeration value="MOAPublicAuthority"/>
+      <xsd:enumeration value="MOABKZ"/>
+      <xsd:enumeration value="MOAQualifiedCertificate"/>
+      <xsd:enumeration value="MOAStammzahl"/>
+      <xsd:enumeration value="MOAIdentificationValueType"/>
+      <xsd:enumeration value="MOAIPAddress"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+  <xsd:simpleType name="MOAKeyBoxSelector">
+    <xsd:restriction base="xsd:token">
+      <xsd:enumeration value="SecureSignatureKeypair"/>
+      <xsd:enumeration value="CertifiedKeypair"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+  <!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
+  <xsd:element name="MOA-IDConfiguration">
+    <xsd:complexType>
+      <xsd:sequence>
+        <xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+          <xsd:annotation>
+            <xsd:documentation>enthält Parameter der 
+							Authentisierungs-Komponente</xsd:documentation>
+          </xsd:annotation>
+        </xsd:element>
+        <xsd:element name="ProxyComponent" minOccurs="0">
+          <xsd:annotation>
+            <xsd:documentation>enthält Konfigurationsparameter der 
+							Proxy-Komponente</xsd:documentation>
+          </xsd:annotation>
+          <xsd:complexType>
+            <xsd:sequence>
+              <xsd:element name="AuthComponent">
+                <xsd:annotation>
+                  <xsd:documentation>enthält Parameter für die Kommunikation zw. 
+										Proxykomponente und Authenttisierungskomponente</xsd:documentation>
+                </xsd:annotation>
+                <xsd:complexType>
+                  <xsd:sequence>
+                    <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+                      <xsd:annotation>
+                        <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der 
+													Proxy-Komponente zur Auth-Komponente (vgl. 
+													AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
+                      </xsd:annotation>
+                    </xsd:element>
+                  </xsd:sequence>
+                </xsd:complexType>
+              </xsd:element>
+            </xsd:sequence>
+          </xsd:complexType>
+        </xsd:element>
+        <xsd:element name="OnlineApplication" maxOccurs="unbounded">
+          <xsd:annotation>
+            <xsd:documentation>enthält Parameter für die OA</xsd:documentation>
+          </xsd:annotation>
+          <xsd:complexType>
+            <xsd:complexContent>
+              <xsd:extension base="OnlineApplicationType">
+                <xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
+                <xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
+                <xsd:attribute name="type" use="optional" default="publicService">
+                  <xsd:simpleType>
+                    <xsd:restriction base="xsd:NMTOKEN">
+                      <xsd:enumeration value="businessService"/>
+                      <xsd:enumeration value="publicService"/>
+                    </xsd:restriction>
+                  </xsd:simpleType>
+                </xsd:attribute>
+                <xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
+              </xsd:extension>
+            </xsd:complexContent>
+          </xsd:complexType>
+        </xsd:element>
+        <xsd:element name="ChainingModes" minOccurs="0">
+          <xsd:annotation>
+            <xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die 
+							Zertifikatspfadvalidierung</xsd:documentation>
+          </xsd:annotation>
+          <xsd:complexType>
+            <xsd:sequence minOccurs="0" maxOccurs="unbounded">
+              <xsd:element name="TrustAnchor">
+                <xsd:annotation>
+                  <xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann 
+										für jeden TrustAnchor gesetzt werden</xsd:documentation>
+                </xsd:annotation>
+                <xsd:complexType>
+                  <xsd:complexContent>
+                    <xsd:extension base="dsig:X509IssuerSerialType">
+                      <xsd:attribute name="mode" type="ChainingModeType" use="required"/>
+                    </xsd:extension>
+                  </xsd:complexContent>
+                </xsd:complexType>
+              </xsd:element>
+            </xsd:sequence>
+            <xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
+          </xsd:complexType>
+        </xsd:element>
+        <xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
+          <xsd:annotation>
+            <xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA 
+							(Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
+          </xsd:annotation>
+        </xsd:element>
+        <xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
+          <xsd:complexType>
+            <xsd:attribute name="name" use="required">
+              <xsd:simpleType>
+                <xsd:restriction base="xsd:string">
+                  <xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
+                  <xsd:enumeration value="AuthenticationSession.TimeOut"/>
+                  <xsd:enumeration value="AuthenticationData.TimeOut"/>
+                  <xsd:enumeration value="TrustManager.RevocationChecking"/>
+                  <xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
+                  <xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
+                </xsd:restriction>
+              </xsd:simpleType>
+            </xsd:attribute>
+            <xsd:attribute name="value" type="xsd:string" use="required"/>
+          </xsd:complexType>
+        </xsd:element>
+      </xsd:sequence>
+    </xsd:complexType>
+  </xsd:element>
+  <xsd:complexType name="AuthComponentType">
+    <xsd:sequence>
+      <xsd:element name="BKUSelection" minOccurs="0">
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
+          </xsd:sequence>
+          <xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+      <xsd:element name="SecurityLayer">
+        <xsd:annotation>
+          <xsd:documentation>enthält Parameter für die Kommunikation mit dem 
+						Security-Layer</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
+          </xsd:sequence>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="MOA-SP">
+        <xsd:annotation>
+          <xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA 
+						SP Modul</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+              <xsd:annotation>
+                <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der 
+									AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; 
+									wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; 
+									wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben 
+									werden; wird das Element nicht verwendet dann wird MOA-SP über das API 
+									aufgerufen</xsd:documentation>
+              </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="VerifyIdentityLink">
+              <xsd:annotation>
+                <xsd:documentation>enthält Parameter für die Überprüfung der 
+									Personenbindung</xsd:documentation>
+              </xsd:annotation>
+              <xsd:complexType>
+                <xsd:sequence>
+                  <xsd:element ref="TrustProfileID"/>
+                </xsd:sequence>
+              </xsd:complexType>
+            </xsd:element>
+            <xsd:element name="VerifyAuthBlock">
+              <xsd:annotation>
+                <xsd:documentation>enthält Parameter für die Überprüfung des 
+									AUTH-Blocks</xsd:documentation>
+              </xsd:annotation>
+              <xsd:complexType>
+                <xsd:sequence>
+                  <xsd:element ref="TrustProfileID"/>
+                  <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
+                </xsd:sequence>
+              </xsd:complexType>
+            </xsd:element>
+          </xsd:sequence>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="IdentityLinkSigners" minOccurs="0">
+        <xsd:annotation>
+          <xsd:documentation>enthält Informationen über akzeptierte Signers des 
+						IdentityLinks</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
+              <xsd:annotation>
+                <xsd:documentation>akzeptierte Signer des IdentityLinks werden per 
+									X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
+              </xsd:annotation>
+            </xsd:element>
+          </xsd:sequence>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
+        <xsd:annotation>
+          <xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
+        </xsd:annotation>
+      </xsd:element>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="TransformsInfoType">
+    <xsd:annotation>
+      <xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem 
+				Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo 
+				werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks 
+				inkludiert</xsd:documentation>
+    </xsd:annotation>
+    <xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
+  </xsd:complexType>
+  <xsd:complexType name="TemplatesType">
+    <xsd:sequence>
+      <xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
+      <xsd:element name="Template" type="TemplateType" minOccurs="0"/>
+      <xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="TemplateType">
+    <xsd:annotation>
+      <xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
+    </xsd:annotation>
+    <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+  </xsd:complexType>
+  <xsd:complexType name="VerifyInfoboxesType">
+    <xsd:annotation>
+      <xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
+    </xsd:annotation>
+    <xsd:sequence>
+      <xsd:element name="DefaultTrustProfile" minOccurs="0">
+        <xsd:annotation>
+          <xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:element ref="TrustProfileID"/>
+          </xsd:sequence>
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="Infobox" maxOccurs="unbounded">
+        <xsd:annotation>
+          <xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
+              <xsd:annotation>
+                <xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll;
+								z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird
+								das Identifier-Attribut verwendet</xsd:documentation>
+              </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
+              <xsd:annotation>
+                <xsd:documentation>TrustProfil, das für die Überprüfung der Infobox
+								verwendet werden soll</xsd:documentation>
+              </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
+              <xsd:annotation>
+                <xsd:documentation>Validatorklasse, die für die Prüfung der Infobox
+								verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname
+								vom Default Package- und Klassennamen abweichen</xsd:documentation>
+              </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
+            <xsd:element name="ApplicationSpecificParameters" minOccurs="0">
+              <xsd:annotation>
+                <xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation
+									 übergeben werden</xsd:documentation>
+              </xsd:annotation>
+              <xsd:complexType>
+                <xsd:sequence>
+                  <xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
+                </xsd:sequence>
+              </xsd:complexType>
+            </xsd:element>
+          </xsd:sequence>
+          <xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+          <xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
+          <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+          <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+        </xsd:complexType>
+      </xsd:element>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="SchemaLocationType">
+    <xsd:annotation>
+      <xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
+    </xsd:annotation>
+    <xsd:sequence>
+      <xsd:element name="Schema" maxOccurs="unbounded">
+        <xsd:complexType>
+          <xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
+          <xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
+        </xsd:complexType>
+      </xsd:element>
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="ProxyComponentType"/>
+  <xsd:complexType name="OnlineApplicationType">
+    <xsd:sequence>
+      <xsd:element name="AuthComponent" minOccurs="0">
+        <xsd:annotation>
+          <xsd:documentation>enthält Parameter über die OA, die die 
+						Authentisierungs-Komponente betreffen</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexType>
+          <xsd:sequence>
+            <!--xsd:element name="IdentificationNumber" minOccurs="0">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="pr:AbstractSimpleIdentification"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element-->
+            <xsd:element name="IdentificationNumber" minOccurs="0">
+              <xsd:complexType>
+                <xsd:choice>
+                  <xsd:element ref="pr:Firmenbuchnummer"/>
+                  <xsd:element ref="pr:ZMRzahl"/>
+                  <xsd:element ref="pr:Vereinsnummer"/>
+                  <xsd:element ref="pr:ERJPZahl"/>
+                  <xsd:element name="AnyNumber">
+                    <xsd:complexType>
+                      <xsd:simpleContent>
+                        <xsd:extension base="xsd:string">
+                          <xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+                        </xsd:extension>
+                      </xsd:simpleContent>
+                    </xsd:complexType>
+                  </xsd:element>
+                </xsd:choice>
+              </xsd:complexType>
+            </xsd:element>
+            <xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+            <xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
+            <xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
+          </xsd:sequence>
+          <xsd:attribute name="slVersion" use="optional" default="1.1">
+            <xsd:simpleType>
+              <xsd:restriction base="xsd:string">
+                <xsd:enumeration value="1.1"/>
+                <xsd:enumeration value="1.2"/>
+              </xsd:restriction>
+            </xsd:simpleType>
+          </xsd:attribute>
+          <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+          <xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
+          <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+          <xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
+          <!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
+        </xsd:complexType>
+      </xsd:element>
+      <xsd:element name="ProxyComponent" minOccurs="0">
+        <xsd:annotation>
+          <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente 
+						betreffen</xsd:documentation>
+        </xsd:annotation>
+        <xsd:complexType>
+          <xsd:sequence>
+            <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+              <xsd:annotation>
+                <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente 
+									betreffen</xsd:documentation>
+              </xsd:annotation>
+            </xsd:element>
+          </xsd:sequence>
+          <xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
+          <xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
+          <xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
+          <xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
+          <xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
+        </xsd:complexType>
+      </xsd:element>
+      <!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
+    </xsd:sequence>
+  </xsd:complexType>
+  <xsd:complexType name="ConnectionParameterServerAuthType">
+    <xsd:sequence>
+      <xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
+        <xsd:annotation>
+          <xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der 
+						TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
+        </xsd:annotation>
+      </xsd:element>
+    </xsd:sequence>
+    <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+  </xsd:complexType>
+  <xsd:complexType name="ConnectionParameterClientAuthType">
+    <xsd:complexContent>
+      <xsd:extension base="ConnectionParameterServerAuthType">
+        <xsd:sequence>
+          <xsd:element name="ClientKeyStore" minOccurs="0">
+            <xsd:annotation>
+              <xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für 
+								die TLS-Client-Authentisierung verwendetwird, enthält</xsd:documentation>
+            </xsd:annotation>
+            <xsd:complexType>
+              <xsd:simpleContent>
+                <xsd:extension base="xsd:anyURI">
+                  <xsd:attribute name="password" type="xsd:string" use="optional"/>
+                </xsd:extension>
+              </xsd:simpleContent>
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:sequence>
+      </xsd:extension>
+    </xsd:complexContent>
+  </xsd:complexType>
+  <xsd:element name="TrustProfileID" type="xsd:string"/>
+  <xsd:simpleType name="ChainingModeType">
+    <xsd:restriction base="xsd:string">
+      <xsd:enumeration value="chaining"/>
+      <xsd:enumeration value="pkix"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+  <xsd:simpleType name="BKUSelectionType">
+    <xsd:restriction base="xsd:token">
+      <xsd:enumeration value="HTMLComplete"/>
+      <xsd:enumeration value="HTMLSelect"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+</xsd:schema>
diff --git a/id/server/doc/MOA-Testzertifikate.vsd b/id/server/doc/MOA-Testzertifikate.vsd
new file mode 100644
index 000000000..c36051c04
Binary files /dev/null and b/id/server/doc/MOA-Testzertifikate.vsd differ
diff --git a/id/server/doc/moa_id/id-admin_1.htm b/id/server/doc/moa_id/id-admin_1.htm
index d289f7929..173e3012a 100644
--- a/id/server/doc/moa_id/id-admin_1.htm
+++ b/id/server/doc/moa_id/id-admin_1.htm
@@ -140,8 +140,8 @@ Unterschiede sind in der Installationsanweisung angef&uuml;hrt.
 <b>Minimale Konfiguration</b> <br />
 Die zentrale Konfigurations-Datei von Tomcat ist $CATALINA_HOME/conf/server.xml. Tomcat wird grunds&auml;tzlich mit 
 einer funktionierenden Default-Konfiguration ausgeliefert, die jedoch einiges an Ballast enth&auml;lt und viele Ports 
-offen l&auml;sst. Die Datei $MOA_ID_INST_AUTH/tomcat/server.xml (bzw. $MOA_ID_INST_PROXY/tomcat/server.xml) enth&auml;lt eine minimale 
-Tomcat-Konfiguration, die je einen Connector f&uuml;r HTTP und f&uuml;r HTTPS freischaltet.<br /><br />
+offen l&auml;sst. Die Datei server.xml im Verzeichnis mit der Versionsnummer des verwendeten Tomcats unter $MOA_ID_INST_AUTH/tomcat (bzw. $MOA_ID_INST_PROXY/tomcat) enth&auml;lt eine minimale 
+Tomcat-Konfiguration, die je einen Connector f&uuml;r HTTP und f&uuml;r HTTPS freischaltet. Die jeweilige Datei server.mod_jk.xml schaltet zus&auml;tzlich den AJP Connector Port f&uuml;r den Apache Webserver frei (falls diese Datei verwendet werden soll ist sie zuvor noch auf server.xml umzubenennen).<br /><br />
 <b>SSL</b><br />
 F&uuml;r den sicheren Betrieb von MOA-ID-AUTH ist die Verwendung von SSL Voraussetzung, sofern nicht ein vorgelagerter WebServer (Apache oder IIS) das SSL-Handling &uuml;bernimmt.
 Ebenso kann SSL auch f&uuml;r MOA-ID-PROXY verwendet werden. 
diff --git a/id/server/idserverlib/.classpath b/id/server/idserverlib/.classpath
new file mode 100644
index 000000000..01edb156d
--- /dev/null
+++ b/id/server/idserverlib/.classpath
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" path="src/main/java"/>
+	<classpathentry kind="src" path="src/test/java"/>
+	<classpathentry excluding="**" kind="src" output="src/main/resources" path="src/main/resources"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/id/server/idserverlib/.project b/id/server/idserverlib/.project
new file mode 100644
index 000000000..b2e34e738
--- /dev/null
+++ b/id/server/idserverlib/.project
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>moa-id-lib</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.wst.common.project.facet.core.builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.wst.validation.validationbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.maven.ide.eclipse.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>org.maven.ide.eclipse.maven2Nature</nature>
+		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
+		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
+		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
+	</natures>
+</projectDescription>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index d313e1eb0..93d61588c 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -1,175 +1,189 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-	<parent>
-		<groupId>MOA.id</groupId>
-		<artifactId>moa-id</artifactId>
-		<version>1.4.2beta1</version>
-	</parent>
-
-	<modelVersion>4.0.0</modelVersion>
-	<groupId>MOA.id.server</groupId>
-	<artifactId>moa-id-lib</artifactId>
-	<packaging>jar</packaging>
-	<version>1.4.2beta1</version>
-	<name>MOA ID API</name>
-
-	<properties>
-		<repositoryPath>${basedir}/../../../repository</repositoryPath>
-	</properties>
-
-	<dependencies>
-		<dependency>
-			<groupId>MOA</groupId>
-			<artifactId>moa-common</artifactId>
-			<type>jar</type>
-		</dependency>
-		<dependency>
-			<groupId>MOA</groupId>
-			<artifactId>moa-common</artifactId>
-			<type>test-jar</type>
-			<scope>test</scope>
-		</dependency>
-		<dependency>
-			<groupId>MOA.spss.server</groupId>
-			<artifactId>moa-spss-lib</artifactId>
-			<!--version>${project.version}</version-->
-		</dependency>
-		<dependency>
-			<groupId>axis</groupId>
-			<artifactId>axis</artifactId>
-			<version>1.4</version>
-		</dependency>
-		<dependency>
-			<groupId>javax.mail</groupId>
-			<artifactId>mail</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>javax.servlet</groupId>
-			<artifactId>servlet-api</artifactId>
-			<scope>provided</scope>
-		</dependency>
-		<dependency>
-			<groupId>xerces</groupId>
-			<artifactId>xercesImpl</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>xalan-bin-dist</groupId>
-			<artifactId>xml-apis</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>xalan-bin-dist</groupId>
-			<artifactId>xalan</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>xalan-bin-dist</groupId>
-			<artifactId>serializer</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>junit</groupId>
-			<artifactId>junit</artifactId>
-			<scope>test</scope>
-		</dependency>
-		<dependency>
-			<groupId>commons-logging</groupId>
-			<artifactId>commons-logging</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>commons-discovery</groupId>
-			<artifactId>commons-discovery</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>commons-fileupload</groupId>
-			<artifactId>commons-fileupload</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>dav4j</groupId>
-			<artifactId>dav4j</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>httpsclient</groupId>
-			<artifactId>httpsclient</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>iaik.prod</groupId>
-			<artifactId>iaik_moa</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>iaik.prod</groupId>
-			<artifactId>iaik_ecc</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>iaik.prod</groupId>
-			<artifactId>iaik_jce_full</artifactId>
-			<scope>provided</scope>
-		</dependency>
-		<dependency>
-			<groupId>iaik.prod</groupId>
-			<artifactId>iaik_ixsil</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>iaik.prod</groupId>
-			<artifactId>iaik_X509TrustManager</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>regexp</groupId>
-			<artifactId>regexp</artifactId>
-		</dependency>
-	</dependencies>
-
-	<build>
-		<plugins>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-jar-plugin</artifactId>
-				<configuration>
-					<archive>
-						<addMavenDescriptor>false</addMavenDescriptor>
-					</archive>
-				</configuration>
-				<executions>
-					<execution>
-						<goals>
-							<goal>test-jar</goal>
-						</goals>
-					</execution>
-				</executions>
-			</plugin>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-javadoc-plugin</artifactId>
-				<version>2.2</version>
-				<configuration>
-					<quiet>true</quiet>
-					<author>false</author>
-					<version>false</version>
-					<use>true</use>
-					<excludePackageNames>
-            at.gv.egovernment.moa.spss.server.*;at.gv.egovernment.moa.spss.api.impl.*;at.gv.egovernment.moa.spss.impl.*
-          </excludePackageNames>
-					<tags>
-						<tag>
-							<name>pre</name>
-							<placement>a</placement>
-							<head>Preconditions:</head>
-						</tag>
-						<tag>
-							<name>post</name>
-							<placement>a</placement>
-							<head>Postconditions:</head>
-						</tag>
-					</tags>
-					<link>http://java.sun.com/j2se/1.4/docs/api/</link>
-				</configuration>
-				<executions>
-					<execution>
-						<id>generate-javadoc</id>
-						<phase>package</phase>
-						<goals>
-							<goal>jar</goal>
-						</goals>
-					</execution>
-				</executions>
-			</plugin>
-		</plugins>
-	</build>
-
-</project>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+	<parent>
+		<groupId>MOA.id</groupId>
+		<artifactId>moa-id</artifactId>
+		<version>1.4.2beta2</version>
+	</parent>
+
+	<modelVersion>4.0.0</modelVersion>
+	<groupId>MOA.id.server</groupId>
+	<artifactId>moa-id-lib</artifactId>
+	<packaging>jar</packaging>
+	<version>1.4.2beta2</version>
+	<name>MOA ID API</name>
+
+	<properties>
+		<repositoryPath>${basedir}/../../../repository</repositoryPath>
+	</properties>
+
+	<dependencies>
+		<dependency>
+			<groupId>MOA</groupId>
+			<artifactId>moa-common</artifactId>
+			<type>jar</type>
+		</dependency>
+		<dependency>
+			<groupId>MOA</groupId>
+			<artifactId>moa-common</artifactId>
+			<type>test-jar</type>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>MOA.spss.server</groupId>
+			<artifactId>moa-spss-lib</artifactId>
+			<!--version>${project.version}</version-->
+		</dependency>
+		<dependency>
+			<groupId>axis</groupId>
+			<artifactId>axis</artifactId>
+			<version>1.4</version>
+		</dependency>
+		<dependency>
+			<groupId>javax.mail</groupId>
+			<artifactId>mail</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>javax.servlet</groupId>
+			<artifactId>servlet-api</artifactId>
+			<scope>provided</scope>
+		</dependency>
+		<dependency>
+			<groupId>xerces</groupId>
+			<artifactId>xercesImpl</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>xalan-bin-dist</groupId>
+			<artifactId>xml-apis</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>xalan-bin-dist</groupId>
+			<artifactId>xalan</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>xalan-bin-dist</groupId>
+			<artifactId>serializer</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>junit</groupId>
+			<artifactId>junit</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>commons-logging</groupId>
+			<artifactId>commons-logging</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>commons-discovery</groupId>
+			<artifactId>commons-discovery</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>commons-fileupload</groupId>
+			<artifactId>commons-fileupload</artifactId>
+		</dependency>
+	    <dependency>
+    	  <groupId>commons-httpclient</groupId>
+	      <artifactId>commons-httpclient</artifactId>
+    	</dependency>
+		<dependency>
+			<groupId>dav4j</groupId>
+			<artifactId>dav4j</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>httpsclient</groupId>
+			<artifactId>httpsclient</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_moa</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_ecc</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_jce_full</artifactId>
+			<scope>provided</scope>
+		</dependency>
+		<dependency>
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_ixsil</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>iaik.prod</groupId>
+			<artifactId>iaik_X509TrustManager</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>regexp</groupId>
+			<artifactId>regexp</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>commons-httpclient</groupId>
+			<artifactId>commons-httpclient</artifactId>
+			<version>2.0.2</version>
+		</dependency>
+		<dependency>
+			<groupId>at.gv.egovernment.moa.id</groupId>
+			<artifactId>mandate-validate</artifactId>
+			<version>1.0</version>
+		</dependency>
+	</dependencies>
+
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-jar-plugin</artifactId>
+				<configuration>
+					<archive>
+						<addMavenDescriptor>false</addMavenDescriptor>
+					</archive>
+				</configuration>
+				<executions>
+					<execution>
+						<goals>
+							<goal>test-jar</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-javadoc-plugin</artifactId>
+				<version>2.2</version>
+				<configuration>
+					<quiet>true</quiet>
+					<author>false</author>
+					<version>false</version>
+					<use>true</use>
+					<excludePackageNames>
+            at.gv.egovernment.moa.spss.server.*;at.gv.egovernment.moa.spss.api.impl.*;at.gv.egovernment.moa.spss.impl.*
+          </excludePackageNames>
+					<tags>
+						<tag>
+							<name>pre</name>
+							<placement>a</placement>
+							<head>Preconditions:</head>
+						</tag>
+						<tag>
+							<name>post</name>
+							<placement>a</placement>
+							<head>Postconditions:</head>
+						</tag>
+					</tags>
+					<link>http://java.sun.com/j2se/1.4/docs/api/</link>
+				</configuration>
+				<executions>
+					<execution>
+						<id>generate-javadoc</id>
+						<phase>package</phase>
+						<goals>
+							<goal>jar</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
+		</plugins>
+	</build>
+
+</project>
diff --git a/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF b/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF
new file mode 100644
index 000000000..5e9495128
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF
@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Class-Path: 
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 5f4ec2d29..75197943f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -3,6 +3,8 @@ package at.gv.egovernment.moa.id.auth;
 import iaik.pki.PKIException;
 import iaik.x509.X509Certificate;
 
+import java.io.File;
+import java.io.FileOutputStream;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.util.Calendar;
@@ -55,6 +57,9 @@ import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
 import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
 import at.gv.egovernment.moa.id.auth.validator.ValidateException;
 import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
+import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
@@ -312,7 +317,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       session.setOAURLRequested(oaURL);
       session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
       session.setAuthURL(authURL);
-      session.setTemplateURL(templateURL);      
+      session.setTemplateURL(templateURL);
       session.setBusinessService(oaParam.getBusinessService());
     }
     // BKU URL has not been set yet, even if session already exists
@@ -320,6 +325,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       bkuURL = DEFAULT_BKU;
     }
     session.setBkuURL(bkuURL);
+    session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
     String infoboxReadRequest = 
       new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(), 
                                             oaParam.getBusinessService(), 
@@ -350,6 +356,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters();
     if (verifyInfoboxParameters != null) {
       pushInfobox = verifyInfoboxParameters.getPushInfobox();
+      session.setPushInfobox(pushInfobox);
     }
     String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(oaParam.getSlVersion12());
     String certInfoDataURL =
@@ -448,6 +455,23 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     session.setIdentityLink(identityLink);
     // now validate the extended infoboxes
     verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam.getProvideStammzahl());
+    
+    return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
+  }
+  
+  public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam)
+    throws 
+      ConfigurationException, 
+      BuildException,
+      ValidateException {
+    
+    // check for intermediate processing of the infoboxes
+    if (session.isValidatorInputPending()) return "Redirect to Input Processor";
+    
+    if (authConf==null) authConf = AuthConfigurationProvider.getInstance();
+    if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance().
+      getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+
     // builds the AUTH-block
     String authBlock = buildAuthenticationBlock(session);
 //    session.setAuthBlock(authBlock);
@@ -456,7 +480,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     if ((transformsInfos == null) || (transformsInfos.length == 0)) {
       // no OA specific transforms specified, use default ones
       transformsInfos = authConf.getTransformsInfos();
-    }    			
+    }         
     String createXMLSignatureRequest =
       new CreateXMLSignatureRequestBuilder().build(authBlock, 
                                                    oaParam.getKeyBoxIdentifier(), 
@@ -464,6 +488,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
                                                    oaParam.getSlVersion12());
     return createXMLSignatureRequest;
   }
+  
   /**
    * Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from given session data.
    * @param session authentication session
@@ -534,8 +559,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       authConfigurationProvider.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
     VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters();
     if (verifyInfoboxParameters != null) {
-      Vector authAttributes = new Vector();
-      Vector oaAttributes = new Vector();
+      session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML Attributes
+      session.setExtendedSAMLAttributesOA(new Vector());
       infoboxParameters = verifyInfoboxParameters.getInfoboxParameters();     
       // get the list of infobox identifiers
       List identifiers = verifyInfoboxParameters.getIdentifiers();
@@ -563,10 +588,46 @@ public class AuthenticationServer implements MOAIDAuthConstants {
               throw new ValidateException("validator.41", new Object[] {identifier});           
             } else {            
               String friendlyName = verifyInfoboxParameter.getFriendlyName();
+              boolean isParepRequest = false;
+              
+              // parse the infobox read reponse
+              List infoboxTokenList = null;
+              try {
+                infoboxTokenList = 
+                  ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName);
+              } catch (ParseException e) {
+                Logger.error("InfoboxReadResponse for \"" + identifier + 
+                  "\"-infobox could not be parsed successfully: " + e.getMessage());
+                throw new ValidateException("validator.43", new Object[] {friendlyName});
+              }
+              // check for party representation in mandates infobox
+              if (Constants.INFOBOXIDENTIFIER_MANDATES.equalsIgnoreCase(identifier) && !((infoboxTokenList == null || infoboxTokenList.size() == 0))){
+                session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams()));
+                Element mandate = ParepValidator.extractPrimaryToken(infoboxTokenList);
+                //ParepUtils.serializeElement(mandate, System.out);
+                String mandateID = ParepUtils.extractRepresentativeID(mandate);
+                if (!isEmpty(mandateID) && 
+                    ("*".equals(mandateID) || mandateID.startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) {
+                  isParepRequest = true;
+                }
+                if (!isParepRequest) {
+                  //if mandates validator is disabled we must throw an error in this case
+                  if (!ParepUtils.isValidatorEnabled(verifyInfoboxParameter.getApplicationSpecificParams())) {
+                    throw new ValidateException("validator.60", new Object[] {friendlyName});
+                  }
+                }
+              }
+              
               // get the class for validating the infobox
               InfoboxValidator infoboxValidator = null;
               try {
-                Class validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName());
+                Class validatorClass = null;
+                if (isParepRequest) {
+                  // Mandates infobox in party representation mode
+                  validatorClass = Class.forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator");
+                } else {
+                  validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName());
+                }
                 infoboxValidator = (InfoboxValidator) validatorClass.newInstance();
               } catch (Exception e) {
                 Logger.error("Could not load validator class \"" + verifyInfoboxParameter.getValidatorClassName() + 
@@ -575,20 +636,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
               }
               Logger.debug("Successfully loaded validator class \"" + verifyInfoboxParameter.getValidatorClassName() + 
                   "\" for \"" + identifier + "\"-infobox.");
-              // parse the infobox read reponse
-              List infoboxTokenList = null;
-              try {
-                infoboxTokenList = 
-                  ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName);
-              } catch (ParseException e) {
-                Logger.error("InfoboxReadResponse for \"" + identifier + 
-                  "\"-infobox could not be parsed successfully: " + e.getMessage());
-                throw new ValidateException("validator.43", new Object[] {friendlyName});
-              }
               // build the parameters for validating the infobox
               InfoboxValidatorParams infoboxValidatorParams = 
                 InfoboxValidatorParamsBuilder.buildInfoboxValidatorParams(
-                  session, verifyInfoboxParameter, infoboxTokenList, hideStammzahl);
+                  session, verifyInfoboxParameter, infoboxTokenList, oaParam);
+              
               // now validate the infobox
               InfoboxValidationResult infoboxValidationResult = null;
               try {
@@ -605,88 +657,137 @@ public class AuthenticationServer implements MOAIDAuthConstants {
               }
               
               Logger.info(identifier + " infobox successfully validated.");
+              // store the validator for post processing
+              session.addInfoboxValidator(identifier, friendlyName, infoboxValidator);
               
               // get the SAML attributes to be appended to the AUTHBlock or to the final
               // SAML Assertion            
-              ExtendedSAMLAttribute[] extendedSAMLAttributes = infoboxValidationResult.getExtendedSamlAttributes();
-              if (extendedSAMLAttributes != null) {
-                int length = extendedSAMLAttributes.length; 
-                for (int i=0; i<length; i++) {                
-                  ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; 
-                  String name = samlAttribute.getName();
-                  if (name == null) {
-                    Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + 
-                      identifier + "-infobox validator is null.");
-                    throw new ValidateException(
-                      "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "null"});
-                  }
-                  if (name == "") {
-                    Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + 
-                      identifier + "-infobox validator is empty.");
-                    throw new ValidateException(
-                      "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "leer"});
-                  }
-                  if (samlAttribute.getNameSpace() == null) {
-                    Logger.info("The namespace of SAML-Attribute number " + (i+1) + " returned from " + 
-                      identifier + "-infobox validator is null.");
-                    throw new ValidateException(
-                      "validator.45", new Object[] {friendlyName, "Namespace", String.valueOf((i+1)), "null"});
-                  }
-                  Object value = samlAttribute.getValue();
-                  if (value == null) {
-                    Logger.info("The value of SAML-Attribute number " + (i+1) + " returned from " + 
-                      identifier + "-infobox validator is null.");
-                    throw new ValidateException(
-                      "validator.45", new Object[] {friendlyName ,"Wert", String.valueOf((i+1)), "null"});
-                  }
-                  if ((value instanceof String) || (value instanceof Element)) {
-                                  
-                    switch (samlAttribute.getAddToAUTHBlock()) {
-                      case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK:
-                        authAttributes.add(samlAttribute);
-                        oaAttributes.add(samlAttribute);
-                        break;
-                      case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY:  
-                        authAttributes.add(samlAttribute);
-                        break;
-                      case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: 
-                        oaAttributes.add(samlAttribute);
-                        break;
-                      default: 
-                        Logger.info("Invalid return value from method \"getAddToAUTHBlock()\" (" 
-                          + samlAttribute.getAddToAUTHBlock() + ") in SAML attribute number " 
-                          + (i+1) + " for infobox " + identifier);
-                        throw new ValidateException(
-                          "validator.47", new Object[] {friendlyName, String.valueOf((i+1))});
-                    } 
-                  } else {
-                    Logger.info("The type of SAML-Attribute number " + (i+1) + " returned from " + 
-                      identifier + "-infobox validator is not valid. Must be either \"java.Lang.String\"" + 
-                          " or \"org.w3c.dom.Element\"");
-                    throw new ValidateException(
-                      "validator.46", new Object[] {identifier, String.valueOf((i+1))});
-                  
-                  }
-                }
-                
-              }           
+              AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName);
             }
           } else {
             if ((verifyInfoboxParameter !=null) && (verifyInfoboxParameter.isRequired())) {
               Logger.info("Infobox \"" + identifier + "\" is required, but not returned from the BKU");
               throw new ValidateException(
                   "validator.48", new Object[] {verifyInfoboxParameter.getFriendlyName()});
-              
             }
             Logger.debug("Infobox \"" + identifier + "\" not returned from BKU.");
-          }               
+          }
         }
-        session.setExtendedSAMLAttributesAUTH(authAttributes);
-        session.setExtendedSAMLAttributesOA(oaAttributes);
       }
-    }    
+    }
   }
   
+  /**
+   * Intermediate processing of the infoboxes. The first pending infobox 
+   * validator may validate the provided input
+   * 
+   * @param session The current authentication session
+   * @param parameters The parameters got returned by the user input fields
+   */
+  public static void processInput(AuthenticationSession session, Map parameters) throws ValidateException
+  {  
+    
+    // post processing of the infoboxes
+    Iterator iter = session.getInfoboxValidatorIterator();
+    if (iter != null) {
+      while (iter.hasNext()) {
+        Vector infoboxValidatorVector = (Vector) iter.next();
+        InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
+        if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) {
+          String identifier = (String) infoboxValidatorVector.get(0);
+          String friendlyName = (String) infoboxValidatorVector.get(1);
+          InfoboxValidationResult infoboxValidationResult = null;
+          try {
+            infoboxValidationResult = infoboxvalidator.validate(parameters);
+          } catch (ValidateException e) {
+            Logger.error("Error validating "  + identifier + " infobox:" + e.getMessage());
+            throw new ValidateException(
+              "validator.44", new Object[] {friendlyName});
+          }
+          if (!infoboxValidationResult.isValid()) {
+            Logger.info("Validation of "  + identifier + " infobox failed.");
+            throw new ValidateException(
+              "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()});
+          }
+          AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName);
+        }
+      }
+    }
+  }
+
+  /**
+   * Adds given SAML Attributes to the current session. They will be appended
+   * to the final SAML Assertion or the AUTH block. If the attributes are 
+   * already in the list, they will be replaced.
+   * 
+   * @param session The current session
+   * @param extendedSAMLAttributes The SAML attributes to add
+   * @param identifier The infobox identifier for debug purposes
+   * @param friendlyNam The friendly name of the infobox for debug purposes
+   */
+  private static void AddAdditionalSAMLAttributes(AuthenticationSession session, ExtendedSAMLAttribute[] extendedSAMLAttributes, 
+      String identifier, String friendlyName) throws ValidateException
+  {
+    if (extendedSAMLAttributes == null) return; 
+    List oaAttributes = session.getExtendedSAMLAttributesOA();
+    if (oaAttributes==null) oaAttributes = new Vector();
+    List authAttributes = session.getExtendedSAMLAttributesAUTH();
+    if (authAttributes==null) authAttributes = new Vector();
+    int length = extendedSAMLAttributes.length; 
+    for (int i=0; i<length; i++) {
+      ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
+      Object value = verifySAMLAttribute(samlAttribute, i, identifier, friendlyName);
+      if ((value instanceof String) || (value instanceof Element)) {
+        switch (samlAttribute.getAddToAUTHBlock()) {
+          case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY:
+            replaceExtendedSAMLAttribute(authAttributes, samlAttribute);
+            break;
+          case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK:
+            replaceExtendedSAMLAttribute(authAttributes, samlAttribute);
+            replaceExtendedSAMLAttribute(oaAttributes, samlAttribute);
+            break;
+          case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: 
+            replaceExtendedSAMLAttribute(oaAttributes, samlAttribute);
+            break;
+          default: 
+            Logger.info("Invalid return value from method \"getAddToAUTHBlock()\" (" 
+              + samlAttribute.getAddToAUTHBlock() + ") in SAML attribute number " 
+              + (i+1) + " for infobox " + identifier);
+            throw new ValidateException(
+              "validator.47", new Object[] {friendlyName, String.valueOf((i+1))});
+        } 
+      } else {
+        Logger.info("The type of SAML-Attribute number " + (i+1) + " returned from " + 
+          identifier + "-infobox validator is not valid. Must be either \"java.Lang.String\"" + 
+              " or \"org.w3c.dom.Element\"");
+        throw new ValidateException(
+          "validator.46", new Object[] {identifier, String.valueOf((i+1))});
+      }
+    }
+    session.setExtendedSAMLAttributesAUTH(authAttributes);
+    session.setExtendedSAMLAttributesOA(oaAttributes);
+  }
+
+  private static void replaceExtendedSAMLAttribute(List attributes, ExtendedSAMLAttribute samlAttribute) {
+    if (null==attributes) {
+      attributes = new Vector();
+    } else {
+      String id = samlAttribute.getName();
+      int length = attributes.size();
+      for (int i=0; i<length; i++) {
+        ExtendedSAMLAttribute att = (ExtendedSAMLAttribute) attributes.get(i);
+        if (id.equals(att.getName())) {
+          // replace attribute
+          attributes.set(i, samlAttribute);
+          return;
+        }
+      }
+      attributes.add(samlAttribute);
+    }
+  }
+
+  
+  
   /**
    * Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
    * security layer implementation.<br>
@@ -728,7 +829,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
     // parses <CreateXMLSignatureResponse>
     CreateXMLSignatureResponse csresp =
-      new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse();   
+      new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse();
     try {
       String serializedAssertion = DOMUtils.serializeNode(csresp.getSamlAssertion());
       session.setAuthBlock(serializedAssertion);
@@ -768,11 +869,103 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       vsresp,
       session.getIdentityLink());
 
+    // post processing of the infoboxes
+    Iterator iter = session.getInfoboxValidatorIterator();
+    boolean formpending = false;
+    if (iter != null) {
+      while (!formpending && iter.hasNext()) {
+        Vector infoboxValidatorVector = (Vector) iter.next();
+        String identifier = (String) infoboxValidatorVector.get(0);
+        String friendlyName = (String) infoboxValidatorVector.get(1);
+        InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
+        InfoboxValidationResult infoboxValidationResult = null;
+        try {
+          infoboxValidationResult = infoboxvalidator.validate(csresp.getSamlAssertion());
+        } catch (ValidateException e) {
+          Logger.error("Error validating "  + identifier + " infobox:" + e.getMessage());
+          throw new ValidateException(
+            "validator.44", new Object[] {friendlyName});
+        }
+        if (!infoboxValidationResult.isValid()) {
+          Logger.info("Validation of "  + identifier + " infobox failed.");
+          throw new ValidateException(
+            "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()});
+        }
+        String form = infoboxvalidator.getForm();
+        if (ParepUtils.isEmpty(form)) {
+          AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName);
+        } else {
+          return "Redirect to Input Processor";
+        }
+      }
+    }
+
+    // Exchange person data information by a mandate if needed
+    List oaAttributes = session.getExtendedSAMLAttributesOA();
+    IdentityLink replacementIdentityLink = null;
+    if (session.isMandateCompatibilityMode() && oaAttributes != null && oaAttributes.size()>0) {
+      // look if we have a mandate
+      boolean foundMandate = false;
+      Iterator it = oaAttributes.iterator();
+      while (!foundMandate && it.hasNext()) {
+        ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next();
+        if (ParepValidator.EXT_SAML_MANDATE_RAW.equals(samlAttribute.getName())) {
+          Object value = samlAttribute.getValue();
+          if (value instanceof Element) {
+            Element mandate = (Element) value;
+            replacementIdentityLink = new IdentityLink();
+            Element mandator = ParepUtils.extractMandator(mandate);
+            String dateOfBirth = "";
+            Element prPerson = null;
+            String familyName = "";
+            String givenName = "";
+            String identificationType = "";
+            String identificationValue = "";
+            if (mandator != null) {
+              boolean physical = ParepUtils.isPhysicalPerson(mandator);
+              if (physical) {
+                familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+                givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+                dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+              } else {
+                familyName = ParepUtils.extractMandatorFullName(mandator);
+              }
+              identificationType = ParepUtils.getIdentification(mandator, "Type");
+              identificationValue = ParepUtils.extractMandatorWbpk(mandator);
+              prPerson = ParepUtils.extractPrPersonOfMandate(mandate);
+              if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) {
+                // now we calculate the wbPK and do so if we got it from the BKU
+                identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier();
+                identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier());
+                ParepUtils.HideStammZahlen(prPerson, true, null, null, true);
+              }
+
+            }
+            replacementIdentityLink.setDateOfBirth(dateOfBirth);
+            replacementIdentityLink.setFamilyName(familyName);
+            replacementIdentityLink.setGivenName(givenName);
+            replacementIdentityLink.setIdentificationType(identificationType);
+            replacementIdentityLink.setIdentificationValue(identificationValue);
+            replacementIdentityLink.setPrPerson(prPerson);
+            try {
+              replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion());
+            } catch (Exception e) {
+              throw new ValidateException("validator.64", null);
+            }
+          } else {
+            Logger.info("The type of Mandate SAML-Attribute is not \"org.w3c.dom.Element\"");
+            throw new ValidateException("validator.64", null);
+          }
+        }
+      }
+    }
+    
     // builds authentication data and stores it together with a SAML artifact
-    AuthenticationData authData = buildAuthenticationData(session, vsresp);
+    AuthenticationData authData = buildAuthenticationData(session, vsresp, replacementIdentityLink);
     String samlArtifact =
       new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
     storeAuthenticationData(samlArtifact, authData);
+    
     // invalidates the authentication session
     sessionStore.remove(sessionID);
     Logger.info(
@@ -790,10 +983,18 @@ public class AuthenticationServer implements MOAIDAuthConstants {
    */
   private AuthenticationData buildAuthenticationData(
     AuthenticationSession session,
-    VerifyXMLSignatureResponse verifyXMLSigResp)
+    VerifyXMLSignatureResponse verifyXMLSigResp,
+    IdentityLink replacementIdentityLink)
     throws ConfigurationException, BuildException {
 
-    IdentityLink identityLink = session.getIdentityLink();
+    IdentityLink identityLink;
+    if (replacementIdentityLink == null) {
+      identityLink = session.getIdentityLink();
+    } else {
+      // We have got data form a mandate we need now to use to stay compatible with applications
+      identityLink = replacementIdentityLink;
+    }
+      
     AuthenticationData authData = new AuthenticationData();
     OAAuthParameter oaParam =
       AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
@@ -804,7 +1005,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     authData.setAssertionID(Random.nextRandom());
     authData.setIssuer(session.getAuthURL());
     authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
-    
     authData.setIdentificationType(identityLink.getIdentificationType());    
     authData.setGivenName(identityLink.getGivenName());
     authData.setFamilyName(identityLink.getFamilyName());
@@ -817,7 +1017,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     if (provideStammzahl) {
       authData.setIdentificationValue(identityLink.getIdentificationValue());
     }
-    String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl);        
+    String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl);
     try {     
       String signerCertificateBase64 = "";
       if (oaParam.getProvideCertifcate()) {
@@ -832,12 +1032,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       if (businessService) {
         authData.setWBPK(identityLink.getIdentificationValue());        
       } else {
-        // only compute bPK if online applcation is a public service
-        String bpkBase64 =
-          new BPKBuilder().buildBPK(
-            identityLink.getIdentificationValue(),
-            session.getTarget());
-        authData.setBPK(bpkBase64);
+        authData.setBPK(identityLink.getIdentificationValue());
+        if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+          // only compute bPK if online applcation is a public service and we have the Stammzahl
+          String bpkBase64 = new BPKBuilder().buildBPK(
+              identityLink.getIdentificationValue(),
+              session.getTarget());
+          authData.setBPK(bpkBase64);
+        }
       }
       String ilAssertion =
         oaParam.getProvideIdentityLink()
@@ -858,6 +1060,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
           businessService,
           session.getExtendedSAMLAttributesOA());
       authData.setSamlAssertion(samlAssertion);
+      
+      
+      //ParepUtils.saveStringToFile(samlAssertion, new File("c:/saml_assertion.xml"));
+
       return authData;
     } catch (Throwable ex) {
       throw new BuildException(
@@ -1015,5 +1221,42 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     return param == null || param.length() == 0;
   }
 
-
+  /**
+   * Checks the correctness of SAML attributes and returns its value.
+   * @param param samlAttribute
+   * @param i the number of the verified attribute for messages
+   * @param identifier the infobox identifier for messages
+   * @param friendlyname the friendly name of the infobox for messages
+   * @return the SAML attribute value (Element or String)
+   */
+  private static Object verifySAMLAttribute(ExtendedSAMLAttribute samlAttribute, int i, String identifier, String friendlyName) 
+    throws ValidateException{
+    String name = samlAttribute.getName();
+    if (name == null) {
+      Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + 
+        identifier + "-infobox validator is null.");
+      throw new ValidateException(
+        "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "null"});
+    }
+    if (name == "") {
+      Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + 
+        identifier + "-infobox validator is empty.");
+      throw new ValidateException(
+        "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "leer"});
+    }
+    if (samlAttribute.getNameSpace() == null) {
+      Logger.info("The namespace of SAML-Attribute number " + (i+1) + " returned from " + 
+        identifier + "-infobox validator is null.");
+      throw new ValidateException(
+        "validator.45", new Object[] {friendlyName, "Namespace", String.valueOf((i+1)), "null"});
+    }
+    Object value = samlAttribute.getValue();
+    if (value == null) {
+      Logger.info("The value of SAML-Attribute number " + (i+1) + " returned from " + 
+        identifier + "-infobox validator is null.");
+      throw new ValidateException(
+        "validator.45", new Object[] {friendlyName ,"Wert", String.valueOf((i+1)), "null"});
+    }
+    return value;
+  }
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 43e88e7b5..4f9235949 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -19,6 +19,8 @@ public interface MOAIDAuthConstants {
   public static final String PARAM_BKU = "bkuURI";
   /** servlet parameter &quot;BKUSelectionTemplate&quot; */
   public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate";
+  /** servlet parameter &quot;BKUSelectionTemplate&quot; */
+  public static final String PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE = "InputProcessorSignTemplate";
   /** default BKU URL */
   public static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request";
   /** servlet parameter &quot;returnURI&quot; */
@@ -35,6 +37,8 @@ public interface MOAIDAuthConstants {
   public static final String REQ_START_AUTHENTICATION = "StartAuthentication";
   /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */
   public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink";
+  /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet} is mapped to */
+  public static final String REQ_PROCESS_VALIDATOR_INPUT = "ProcessInput";
   /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */
   public static final String REQ_VERIFY_AUTH_BLOCK = "VerifyAuthBlock";
   /** Logging hierarchy used for controlling debug output of XML structures to files */
@@ -62,14 +66,16 @@ public interface MOAIDAuthConstants {
   public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID = 
     new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission",
                   "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"};  
-  /**
-   * the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen"
-   */
+  /** the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" */
   public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1";
   /** 
    * the OID of the identity link signer certificate (Eigenschaft zur Ausstellung von Personenbindungen);
    * used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007
    */
   public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER);
+  /** the number of the certifcate extension for party representatives */
+  public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3";
+  /** the number of the certifcate extension for party organ representatives */
+  public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10";
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index 53520c846..11628517e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -126,6 +126,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
       pkValue = authData.getWBPK();
            
     } else {
+      // <saml:NameIdentifier NameQualifier> always has the bPK as type/value
       pkType = URN_PREFIX_BPK;
       pkValue = authData.getBPK();
     }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index 6cc8c1be8..cc228298b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -42,7 +42,37 @@ public class BPKBuilder {
       String hashBase64 = Base64Utils.encode(hash);
       return hashBase64;
     } catch (Exception ex) {
-      throw new BuildException("builder.00", new Object[] {"BPK", ex.toString()}, ex);
+      throw new BuildException("builder.00", new Object[] {"bPK", ex.toString()}, ex);
+    }
+  }
+
+  /**
+   * Builds the wbPK from the given parameters. 
+   * @param identificationValue Base64 encoded "Stammzahl" 
+   * @param registerAndOrdNr type of register + "+" + number in register.
+   * @return wbPK in a BASE64 encoding
+   * @throws BuildException if an error occurs on building the wbPK
+   */
+  public String buildWBPK(String identificationValue, String registerAndOrdNr) 
+    throws BuildException {
+    
+    if ((identificationValue == null || 
+         identificationValue.length() == 0 ||
+         registerAndOrdNr == null || 
+         registerAndOrdNr.length() == 0)) 
+    {
+      throw new BuildException("builder.00", 
+          new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" + 
+                        identificationValue + ",Register+Registernummer=" + registerAndOrdNr});
+    }
+    String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr;
+    try {
+      MessageDigest md = MessageDigest.getInstance("SHA-1");
+      byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
+      String hashBase64 = Base64Utils.encode(hash);
+      return hashBase64;
+    } catch (Exception ex) {
+      throw new BuildException("builder.00", new Object[] {"wbPK", ex.toString()}, ex);
     }
   }
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java
new file mode 100644
index 000000000..c053ee896
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java
@@ -0,0 +1,86 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import at.gv.egovernment.moa.id.BuildException;
+
+/**
+ * Builder for HTML form requesting a security layer request
+ *  
+ * @author Peter Danner
+ * @version $Id: GetIdentityLinkFormBuilder.java 769 2007-01-10 15:37:52Z peter.danner $
+ */
+public class GetVerifyAuthBlockFormBuilder extends Builder {
+ /** private static String NL contains the NewLine representation in Java*/
+  private static final String nl = "\n";
+  /** special tag in the HTML template to be substituted for the BKU URL */
+  private static final String BKU_TAG = "<BKU>";
+  /** special tag in the HTML template to be substituted for the XML request */
+  private static final String XMLREQUEST_TAG = "<XMLRequest>";
+  /** special tag in the HTML template to be substituted for the data URL */
+  private static final String DATAURL_TAG = "<DataURL>";
+  /** special tag in the HTML template to be substituted for the infoboxes to be pushed from the BKU */
+  private static final String PUSHINFOBOX_TAG = "<PushInfobox>";
+  /** private static int all contains the representation to replace all tags*/
+  private static final int ALL = -1;
+
+  /** default HTML template */
+  private static final String DEFAULT_HTML_TEMPLATE = 
+    "<html>" + nl +
+    "  <head>" + nl +
+    "    <meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\"/>" + nl +
+    "    <title>Signatur der Anmeldedaten</title>" + nl +
+    "  </head>" + nl +
+    "  <body onLoad=\"autoSubmit()\">" + nl +
+    "    <script type=\"text/javascript\">" + nl +
+    "      //<!-- "  +  nl +
+    "      function autoSubmit() { " +  nl +
+    "           document.VerifyAuthBlockForm.submitButton.disabled=true;" +  nl +
+    "           document.VerifyAuthBlockForm.submit(); " +  nl +
+    "      } //-->" + nl +
+    "    </script>" + nl +
+    "    <form name=\"VerifyAuthBlockForm\" action=\"" + BKU_TAG + "\" method=\"post\" enctype=\"application/x-www-form-urlencoded\">" + nl +
+    "      <input type=\"hidden\" name=\"XMLRequest\" value=\"" + XMLREQUEST_TAG + "\"/>" + nl +
+    "      <input type=\"hidden\" name=\"DataURL\" value=\"" + DATAURL_TAG + "\"/>" + nl +
+    "      <input type=\"hidden\" name=\"PushInfobox\" value=\"" + PUSHINFOBOX_TAG + "\"/>" + nl +
+    "      <input type=\"submit\" value=\"Signieren der Anmeldedaten\" id=\"submitButton\"/>" + nl +
+    "    </form>" + nl +
+    "  </body>" + nl +
+    "</html>";
+
+  /**
+   * Constructor for GetVerifyAuthBlockFormBuilder.
+   */
+  public GetVerifyAuthBlockFormBuilder() {
+    super();
+  }
+  /**
+   * Builds the HTML form, including XML Request and data URL as parameters.
+   * 
+   * @param htmlTemplate template to be used for the HTML form;
+   *         may be <code>null</code>, in this case a default layout will be produced
+   * @param xmlRequest XML Request to be sent as a parameter in the form
+   * @param bkuURL URL of the "B&uuml;rgerkartenumgebung" the form will be submitted to;
+   *         may be <code>null</code>, in this case the default URL will be used
+   * @param dataURL DataURL to be sent as a parameter in the form
+   */
+  public String build(
+  	String htmlTemplate, 
+    String bkuURL, 
+    String xmlRequest, 
+    String dataURL, 
+    String pushInfobox)
+  throws BuildException 
+  {      
+  	String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate;
+    htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL);
+    htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, GetIdentityLinkFormBuilder.encodeParameter(xmlRequest), true, ALL);
+    htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL);
+    if (null==pushInfobox) pushInfobox="";
+    htmlForm = replaceTag(htmlForm, PUSHINFOBOX_TAG, pushInfobox, false, ALL);
+  	return htmlForm;
+  }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
index 038e549be..e70b64a6a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
@@ -9,6 +9,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
 import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParamsImpl;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
 import at.gv.egovernment.moa.util.XPathUtils;
 
@@ -30,9 +31,7 @@ public class InfoboxValidatorParamsBuilder {
    * @param session                 The actual Authentication session.
    * @param verifyInfoboxParameter  The configuration parameters for the infobox.
    * @param infoboxTokenList        Contains the infobox token to be validated.
-   * @param hideStammzahl           Indicates whether source pins (<code>Stammzahl</code>en) 
-   *                                should be hidden in any SAML attributes returned by
-   *                                an infobox validator.
+   * @param oaParam                 The configuration parameters of the online application 
    * 
    * @return Parameters for validating an infobox token.
    */
@@ -40,7 +39,7 @@ public class InfoboxValidatorParamsBuilder {
     AuthenticationSession session, 
     VerifyInfoboxParameter verifyInfoboxParameter,
     List infoboxTokenList,
-    boolean hideStammzahl) 
+    OAAuthParameter oaParam)
   {
     InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl();
     IdentityLink identityLink = session.getIdentityLink(); 
@@ -54,6 +53,7 @@ public class InfoboxValidatorParamsBuilder {
     // authentication session parameters
     infoboxValidatorParams.setBkuURL(session.getBkuURL());
     infoboxValidatorParams.setTarget(session.getTarget());
+    infoboxValidatorParams.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
     infoboxValidatorParams.setBusinessApplication(session.getBusinessService());
     // parameters from the identity link
     infoboxValidatorParams.setFamilyName(identityLink.getFamilyName());
@@ -75,7 +75,7 @@ public class InfoboxValidatorParamsBuilder {
       }
       infoboxValidatorParams.setIdentityLink(identityLinkElem);
     }
-    infoboxValidatorParams.setHideStammzahl(hideStammzahl);
+    infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl());
     return infoboxValidatorParams;
   }
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 90d79a46d..946f0a9c4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -1,8 +1,13 @@
 package at.gv.egovernment.moa.id.auth.data;
 
+import java.util.ArrayList;
 import java.util.Date;
+import java.util.Iterator;
 import java.util.List;
+import java.util.Vector;
 
+import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 
@@ -15,6 +20,7 @@ import at.gv.egovernment.moa.util.Constants;
 public class AuthenticationSession {
   
     private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+";
+    private static String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + "+";
     
 	/**
 	 * session ID
@@ -37,14 +43,14 @@ public class AuthenticationSession {
 	 * URL of MOA ID authentication component
 	 */
 	private String authURL;
-  /**
-   * HTML template URL
-   */
-  private String templateURL;
-  /**
-   * URL of the BKU
-   */
-  private String bkuURL;
+    /**
+     * HTML template URL
+     */
+    private String templateURL;
+    /**
+     * URL of the BKU
+     */
+    private String bkuURL;
 	/**
 	 * identity link read from smartcard
 	 */
@@ -61,11 +67,11 @@ public class AuthenticationSession {
 	 * timestamp logging when identity link has been received
 	 */
 	private Date timestampIdentityLink; 
-  /**
-   * Indicates whether the corresponding online application is a business
-   * service or not
-   */
-  private boolean businessService;
+    /**
+     * Indicates whether the corresponding online application is a business
+     * service or not
+     */
+    private boolean businessService;
 
   /**
    * SAML attributes from an extended infobox validation to be appended
@@ -90,6 +96,33 @@ public class AuthenticationSession {
    */
   private String issueInstant;
   
+  /**
+   * If infobox validators are needed after signing, they can be stored in
+   * this list.
+   */
+  private List infoboxValidators;
+  
+  /**
+   * The register and number in the register parameter in case of a business 
+   * service application.
+   */
+  private String domainIdentifier;
+  
+  /**
+   * This string contains all identifiers of infoboxes, the online application 
+   * is configured to accept. The infobox identifiers are comma separated. 
+   */
+  private String pushInfobox;
+
+  /**
+   * AppSpecificConfiguration entry of then mandates infobox-validator. Tells 
+   * whether person data from the representative have to be exchanged by data 
+   * from the mandate
+   */
+  private boolean mandateCompatibilityMode = false;
+  
+  
+  
   /**
    * Constructor for AuthenticationSession.
    * 
@@ -98,6 +131,7 @@ public class AuthenticationSession {
   public AuthenticationSession(String id) {
     sessionID = id;
     setTimestampStart();
+    infoboxValidators = new ArrayList();
   }
 
   /**
@@ -380,4 +414,143 @@ public class AuthenticationSession {
     this.issueInstant = issueInstant;
   }
 
+  /**
+   * Returns the iterator to the stored infobox validators.
+   * @return Iterator
+   */
+  public Iterator getInfoboxValidatorIterator() {
+    if (infoboxValidators==null) return null;
+    return infoboxValidators.iterator();
+  }
+
+  /**
+   * Adds an infobox validator class to the stored infobox validators.
+   * @param infoboxIdentifier the identifier of the infobox the validator belongs to
+   * @param infoboxFriendlyName the friendly name of the infobox
+   * @param infoboxValidator the infobox validator to add
+   */
+  public Iterator addInfoboxValidator(String infoboxIdentifier, String infoboxFriendlyName, InfoboxValidator infoboxValidator) {
+    if (infoboxValidators==null) infoboxValidators = new ArrayList();
+    Vector v = new Vector(3);
+    v.add(infoboxIdentifier);
+    v.add(infoboxFriendlyName);
+    v.add(infoboxValidator);
+    infoboxValidators.add(v);
+    return infoboxValidators.iterator();
+  }
+
+  /**
+   * Tests for pending input events of the infobox validators.
+   * @return true if a validator has a form to show
+   */
+  public boolean isValidatorInputPending() {
+    boolean result = false;
+    Iterator iter = getInfoboxValidatorIterator();
+    if (iter != null) {
+      while (!result && iter.hasNext()) {
+        Vector infoboxValidatorVector = (Vector) iter.next();
+        InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
+        if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result=true;
+      }
+    }
+    return result;
+  }
+
+  /**
+   * Returns the first pending infobox validator.
+   * @return the infobox validator class
+   */
+  public InfoboxValidator getFirstPendingValidator() {
+    Iterator iter = getInfoboxValidatorIterator();
+    if (iter != null) {
+      while (iter.hasNext()) {
+        Vector infoboxValidatorVector = (Vector) iter.next();
+        InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
+        String form = infoboxvalidator.getForm();
+        if (!ParepUtils.isEmpty(form)) return infoboxvalidator;
+      }
+    }
+    return null;
+  }
+
+  /**
+   * Returns the input form of the first pending infobox validator input processor.
+   * @return the form to show
+   */
+  public String getFirstValidatorInputForm() {
+    Iterator iter = getInfoboxValidatorIterator();
+    if (iter != null) {
+      while (iter.hasNext()) {
+        Vector infoboxValidatorVector = (Vector) iter.next();
+        InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
+        String form = infoboxvalidator.getForm();
+        if (!ParepUtils.isEmpty(form)) return form;
+      }
+    }
+    return null;
+  }
+
+  /**
+   * @return the mandateCompatibilityMode
+   */
+  public boolean isMandateCompatibilityMode() {
+    return mandateCompatibilityMode;
+  }
+
+  /**
+   * @param mandateCompatibilityMode the mandateCompatibilityMode to set
+   */
+  public void setMandateCompatibilityMode(boolean mandateCompatibilityMode) {
+    this.mandateCompatibilityMode = mandateCompatibilityMode;
+  }
+
+  /**
+   * Returns domain identifier (the register and number in the register parameter).
+   * <code>null</code> in the case of not a business service.
+   * 
+   * @return the domainIdentifier
+   */
+  public String getDomainIdentifier() {
+    return domainIdentifier;
+  }
+
+  /**
+   * Sets the register and number in the register parameter if the application 
+   * is a business service.
+   * If the domain identifier includes the registerAndOrdNr prefix, the prefix 
+   * will be stripped off.
+   * 
+   * @param domainIdentifier the domain identifier to set
+   */
+  public void setDomainIdentifier(String domainIdentifier) {
+    if (domainIdentifier != null && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_))
+    {
+      // If domainIdentifier starts with prefix "urn:publicid:gv.at:wbpk+"; remove this prefix
+      this.domainIdentifier = domainIdentifier.substring(REGISTERANDORDNR_PREFIX_.length());
+      Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + this.domainIdentifier);
+    }
+    else
+    {
+      this.domainIdentifier = domainIdentifier;
+    }
+  }
+
+  /**
+   * Gets all identifiers of infoboxes, the online application 
+   * is configured to accept. The infobox identifiers are comma separated. 
+   *
+   * @return the string containing infobox identifiers
+   */
+  public String getPushInfobox() {
+    if (pushInfobox==null) return "";
+    return pushInfobox;
+  }
+
+  /**
+   * @param pushInfobox the infobox identifiers to set (comma separated)
+   */
+  public void setPushInfobox(String pushInfobox) {
+    this.pushInfobox = pushInfobox;
+  }
+  
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java
index c7a557290..01b9d9359 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java
@@ -62,6 +62,14 @@ public interface InfoboxValidatorParams {
    */
   public String getTarget();
   
+  /**
+   * Returns the register and number in the register parameter.
+   * <code>null</code> in the case of not a business service.
+   * 
+   * @return The register and number in the register parameter.
+   */
+  public String getDomainIdentifier();
+  
   /**
    * Returns <code>true</code> if the application is a business
    * service, otherwise <code>false</code>. This may be useful
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java
index 80ba5995f..3747fa93b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java
@@ -48,6 +48,11 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams {
    */
   protected String target_;
   
+  /**
+   * The domain identifier (register and number in the register parameter).
+   */
+  protected String domainIdentifier_;
+  
   /**
    * The family name from the identity link.
    */
@@ -134,6 +139,13 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams {
     return target_;
   }
 
+  /**
+   * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getDomainIdentifier()
+   */
+  public String getDomainIdentifier() {
+    return domainIdentifier_;
+  }
+
   /**
    * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getBusinessApplication()
    */
@@ -324,6 +336,15 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams {
   public void setTarget(String target) {
     target_ = target;
   }
+
+  /**
+   * Sets the domain identifier (register and number in the register parameter)
+   * 
+   * @param domainIdentifier the domainIdentifier to set
+   */
+  public void setDomainIdentifier(String domainIdentifier) {
+    this.domainIdentifier_ = domainIdentifier;
+  }
   
   /**
    * Sets the ID of the trust profile used for validating certificates.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
new file mode 100644
index 000000000..df480b624
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
@@ -0,0 +1,175 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.fileupload.FileUploadException;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.GetVerifyAuthBlockFormBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
+
+/**
+ * Servlet requested for processing user input forms of infobox validators
+ * 
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner
+ * @version $Id: ProcessValidatorInputServlet.java 769 2007-01-10 15:37:52Z peter.danner $
+ */
+public class ProcessValidatorInputServlet extends AuthServlet {
+
+  public static final long serialVersionUID = 1;
+  
+  /**
+   * Constructor for VerifyIdentityLinkServlet.
+   */
+  public ProcessValidatorInputServlet() {
+    super();
+  }
+
+  /**
+   * Shows the user input forms of infobox validators
+   *  
+   * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+   */
+  protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+    throws ServletException, IOException { 
+
+    Logger.debug("GET ProcessInput");
+    Map parameters;
+    try {
+      parameters = getParameters(req);
+    } catch (FileUploadException e) {
+      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+      throw new IOException(e.getMessage());
+    }
+    String sessionID = req.getParameter(PARAM_SESSIONID);
+    if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
+    if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
+    
+    try {
+      AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+      InfoboxValidator infoboxvalidator = session.getFirstPendingValidator();
+      String outputStream;
+      String dataURL = new DataURLBuilder().buildDataURL(
+          session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
+      if (infoboxvalidator!=null) {
+        outputStream = infoboxvalidator.getForm();
+        // replace strings the validators can not know
+        outputStream = ParepUtils.replaceAll(outputStream, "<BASE_href>", session.getAuthURL());
+        outputStream = ParepUtils.replaceAll(outputStream, "<MOASessionID>", sessionID);
+        outputStream = ParepUtils.replaceAll(outputStream, "<BKU>", session.getBkuURL());
+        outputStream = ParepUtils.replaceAll(outputStream, "<DataURL>", dataURL);
+        outputStream = ParepUtils.replaceAll(outputStream, "<PushInfobox>", session.getPushInfobox());
+      } else {
+        throw new ValidateException("validator.65", null);
+      }
+      //resp.setStatus(200);
+      resp.setContentType("text/html;charset=UTF-8");
+      OutputStream out = resp.getOutputStream();
+      out.write(outputStream.getBytes("UTF-8"));
+      out.flush();
+      out.close();
+      Logger.debug("Finished GET ProcessInput");
+    }
+    catch (MOAIDException ex) {
+      handleError(null, ex, req, resp);
+    }
+  }
+
+  /**
+   * Verifies the user input forms of infobox validators 
+   *
+   * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+   */
+  protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+    throws ServletException, IOException {
+
+		Logger.debug("POST ProcessInput");
+    Map parameters;
+    try {
+      parameters = getParameters(req);
+    } catch (FileUploadException e) {
+      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+      throw new IOException(e.getMessage());
+    }
+    String sessionID = req.getParameter(PARAM_SESSIONID);
+    if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
+    if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
+    
+    try {
+      AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+      AuthenticationServer.processInput(session, parameters);
+      String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
+      if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
+        // Now sign the AUTH Block
+        String dataURL = new DataURLBuilder().buildDataURL(
+            session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
+        
+        // Test if we have a user input form sign template
+        String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
+        String inputProcessorSignTemplate = null;
+        OAAuthParameter oaParam =
+          AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
+        // override template url by url from configuration file
+        if (oaParam.getInputProcessorSignTemplateURL() != null) {
+          inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();
+        }       
+        if (inputProcessorSignTemplateURL != null) {
+          try {
+            inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));
+          } catch (IOException ex) {
+            throw new AuthenticationException(
+              "auth.03",
+              new Object[] { inputProcessorSignTemplateURL, ex.toString()},
+              ex);
+          }
+        }
+
+        
+        
+        String htmlForm = new GetVerifyAuthBlockFormBuilder().build(
+            inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());
+        htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());
+        htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);
+        htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());
+        htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);
+        htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());
+        
+        resp.setContentType("text/html;charset=UTF-8");
+        
+        OutputStream out = resp.getOutputStream();
+        out.write(htmlForm.getBytes("UTF-8"));
+        out.flush();
+        out.close();
+        Logger.debug("Finished POST ProcessInput");
+      } else {
+        String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+        resp.setContentType("text/html");
+        resp.setStatus(302);
+        resp.addHeader("Location", redirectURL);
+        Logger.debug("REDIRECT TO: " + redirectURL);
+      }
+    }
+    catch (MOAIDException ex) {
+      handleError(null, ex, req, resp);
+    }
+  }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
index 4dc69c70b..6e2a932d8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
@@ -54,11 +54,11 @@ public class SelectBKUServlet extends AuthServlet {
     throws ServletException, IOException {
 
     Logger.debug("GET SelectBKU");
-    String authURL = 
-      req.getScheme() + "://" + 
-      req.getServerName() + ":" +
-      req.getServerPort() +
-      req.getContextPath() + "/";
+    String authURL = req.getScheme() + "://" + req.getServerName();
+    if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { 
+      authURL = authURL.concat(":" + req.getServerPort());
+    }
+    authURL = authURL.concat(req.getContextPath() + "/");
     String target = req.getParameter(PARAM_TARGET);
     String oaURL = req.getParameter(PARAM_OA);
     String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index 6098f5138..9f0cf6606 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -41,11 +41,11 @@ public class StartAuthenticationServlet extends AuthServlet {
     throws ServletException, IOException {
 
 		Logger.debug("GET StartAuthentication");
-    String authURL = 
-      req.getScheme() + "://" + 
-      req.getServerName() + ":" +
-      req.getServerPort() +
-      req.getContextPath() + "/";
+    String authURL = req.getScheme() + "://" + req.getServerName();
+    if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { 
+      authURL = authURL.concat(":" + req.getServerPort());
+    }
+    authURL = authURL.concat(req.getContextPath() + "/");
 		String target = req.getParameter(PARAM_TARGET);
 		String oaURL = req.getParameter(PARAM_OA);
     String bkuURL = req.getParameter(PARAM_BKU);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 6ec4a247d..b81107ff2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -1,8 +1,9 @@
 package at.gv.egovernment.moa.id.auth.servlet;
 
 import java.io.IOException;
-import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder;
+import java.util.Iterator;
 import java.util.Map;
+import java.util.Vector;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -12,8 +13,13 @@ import org.apache.commons.fileupload.FileUploadException;
 
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
+import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.URLEncoder;
 
 /**
  * Servlet requested for verifying the signed authentication block
@@ -80,17 +86,21 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
     }
 		String sessionID = req.getParameter(PARAM_SESSIONID);
 		String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
-		
+		String redirectURL = null;
 		try {
 			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
 			String samlArtifactBase64 = 
 				AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
-			String redirectURL = session.getOAURLRequested();
-			if (!session.getBusinessService()) {
-        redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
-      }
-			redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
-			redirectURL = resp.encodeRedirectURL(redirectURL);
+			if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
+			  redirectURL = session.getOAURLRequested();
+  			if (!session.getBusinessService()) {
+          redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
+        }
+  			redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+  			redirectURL = resp.encodeRedirectURL(redirectURL);
+			} else {
+	      redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+			}
 			resp.setContentType("text/html");
 			resp.setStatus(302);
 			resp.addHeader("Location", redirectURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 2134c1444..b9d8f8c75 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -1,22 +1,18 @@
 package at.gv.egovernment.moa.id.auth.servlet;
 
 import java.io.IOException;
-import java.io.OutputStream;
-import java.util.Enumeration;
 import java.util.Map;
 
-import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
 
 import org.apache.commons.fileupload.FileUploadException;
 
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.util.ServletUtils;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -79,25 +75,10 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
     }
     String sessionID = req.getParameter(PARAM_SESSIONID);
     
-    
     try {
       AuthenticationSession session = AuthenticationServer.getSession(sessionID);
-      
-      String createXMLSignatureRequest = 
-        AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters);
-      resp.setStatus(307);
-      String dataURL = new DataURLBuilder().buildDataURL(
-        session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
-      resp.addHeader("Location", dataURL);
-      
-      //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
-      resp.setContentType("text/xml;charset=UTF-8");
-      
-      OutputStream out = resp.getOutputStream();
-      out.write(createXMLSignatureRequest.getBytes("UTF-8"));
-      out.flush();
-      out.close();
-      Logger.debug("Finished POST VerifyIdentityLink");
+      String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters);
+      ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); 
     }
     catch (MOAIDException ex) {
       handleError(null, ex, req, resp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index e6c9f4bee..e0fd67d64 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -66,7 +66,7 @@ public class CreateXMLSignatureResponseValidator {
     IdentityLink identityLink = session.getIdentityLink();
     
     Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); 
-    String issuer = samlAssertion.getAttribute("Issuer");    
+    String issuer = samlAssertion.getAttribute("Issuer");
     if (issuer == null) {
       // should not happen, because parser would dedect this
       throw new ValidateException("validator.32", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java
index 95cd65608..74e61e076 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java
@@ -1,5 +1,9 @@
 package at.gv.egovernment.moa.id.auth.validator;
 
+import java.util.Map;
+
+import org.w3c.dom.Element;
+
 import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
 import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
 
@@ -18,7 +22,7 @@ public interface InfoboxValidator {
    * application.
    *
    * @param params {@link at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams
-   *                Parameters} needed by the validator.                
+   *                Parameters} needed by the validator.
    * 
    * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult}
    *                            
@@ -28,4 +32,50 @@ public interface InfoboxValidator {
   public InfoboxValidationResult validate (InfoboxValidatorParams params)
     throws ValidateException;
 
+  /**
+   * This method is used to do intermediate processing before signing the auth block.
+   * If a infobox validator threw a form to gather user input, this method is used
+   * to validate this input. In no further input is needed the form must be empty to 
+   * proceed, and also a valid <code>InfoboxValidationResult</code> is necessary.
+   * If more input is needed, the validator can build a new form and it is then shown 
+   * to the citizen. 
+   * The implementation of <code>InfoboxValidator</code> must hold its necessary 
+   * data and configuration internally, if this method is called - the class is 
+   * reused at this call
+   *
+   * @param parameters the parameters got returned by the input fields
+   * 
+   * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult}
+   *                            
+   * @throws ValidateException  If an error occurs on validating the 
+   *                            InfoboxReadResponse.
+   */
+  public InfoboxValidationResult validate (Map parameters)
+    throws ValidateException;
+
+  /**
+   * This method is used to do post processing after signing the auth block.
+   * The method validates the content of the <code>infoboxReadResponse</code 
+   * against the passed <code>samlAssertion</code> if needed.
+   * The implementation of <code>InfoboxValidator</code> must hold its necessary 
+   * data and configuration internally, if this method is called - the class is 
+   * reused at this call
+   *
+   * @param samlAssertion the SAML assertion needed by the validator
+   * 
+   * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult}
+   *                            
+   * @throws ValidateException  If an error occurs on validating the 
+   *                            InfoboxReadResponse.
+   */
+  public InfoboxValidationResult validate (Element samlAssertion)
+    throws ValidateException;
+  
+  /**
+   * form for user interaction for intermediate processing of infobox validation
+   * 
+   * @return answer form of the servlet request.
+   */
+  public String getForm();
+  
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java
new file mode 100644
index 000000000..58c28161f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java
@@ -0,0 +1,68 @@
+package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.util.Map;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest;
+import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
+
+/**
+ * Input processor for infobox validators.
+ */
+public interface ParepInputProcessor {
+  
+  /**
+   * Initialize user input processing. This function must initialize the 
+   * processor to remember its state. Fixed values for the current authentication 
+   * session are set here.
+   * 
+   * @param representationID The id of the provided standardized mandate 
+   * @param parepConfiguration The configuration of the party representation validator
+   * @param rpFamilyName The family name of the representative
+   * @param rpGivenName
+   * @param rpDateOfBirth
+   * @param request CreateMandateRequest containing the representative and the mandator
+   */
+
+  public void initialize(
+      String representationID, ParepConfiguration parepConfiguration, 
+      String rpFamilyName, String rpGivenName, String rpDateOfBirth,
+      CreateMandateRequest request); 
+
+  /**
+   * Starting point of user input processing. This function must initialize the 
+   * processor and remember its state.
+   * 
+   * @param physical Is person a physical person selected
+   * @param familyName The family name of the mandator
+   * @param givenName
+   * @param dateOfBirth
+   * @param streetName The address of the physical person
+   * @param buildingNumber
+   * @param unit
+   * @param postalCode
+   * @param municipality
+   * @param cbFullName
+   * @param cbIdentificationType
+   * @param cbIdentificationValue
+   * @return The initial user input form
+   */
+  public String start(
+      boolean physical, String familyName, String givenName, String dateOfBirth,
+      String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+      String cbFullName, String cbIdentificationType, String cbIdentificationValue); 
+  
+  /**
+   * Validation after the user submitted form
+   * 
+   * @param parameters Returned input field values
+   * @param extErrortext Error text from SZR-gateway to throw error page or form to correct user input data 
+   * @return User input form if needed, or empty form if everything is ok with the user input. Returns null on error.
+   */  
+  public String validate(Map parameters, String extErrortext);
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java
new file mode 100644
index 000000000..aff5d8a7a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java
@@ -0,0 +1,298 @@
+/**
+ * 
+ */
+package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Implements the standard party representation infobox validator input processor
+ * 
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ *
+ */
+public class ParepInputProcessorImpl implements ParepInputProcessor{
+
+  /** the requested representation ID (currently * or OID) */
+  private String representationID;
+  
+  /** contains the configuration of the owning validator */
+  private ParepConfiguration parepConfiguration;
+  
+  /** Family name of the representative */
+  private String rpFamilyName;
+
+  /** Given name of the representative */
+  private String rpGivenName;
+
+  /** The representatives date of birth */
+  private String rpDateOfBirth;
+  
+  /** The current CreateMandateRequest to the SZR-gateway */
+  private CreateMandateRequest request;
+  
+  /*
+   * (non-Javadoc)
+   * 
+   * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#initialize(String, ParepConfiguration, String, String, String, CreateMandateRequest)
+   */
+  public void initialize(
+      String representationID, ParepConfiguration parepConfiguration, 
+      String rpFamilyName, String rpGivenName, String rpDateOfBirth,
+      CreateMandateRequest request) 
+  {
+    // Initialization
+    this.representationID = representationID;
+    this.parepConfiguration = parepConfiguration;
+    this.rpFamilyName = rpFamilyName;
+    this.rpGivenName = rpGivenName;
+    this.rpDateOfBirth = rpDateOfBirth;
+    this.request = request;
+  }
+
+  /*
+   * (non-Javadoc)
+   * 
+   * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String)
+   */
+  public String start(
+      boolean physical, String familyName, String givenName, String dateOfBirth,
+      String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+      String cbFullName, String cbIdentificationType, String cbIdentificationValue) 
+  {
+    // Load the form
+    String form = loadForm(
+        physical, familyName, givenName, dateOfBirth,
+        streetName, buildingNumber, unit, postalCode, municipality,
+        cbFullName, cbIdentificationType, cbIdentificationValue, "");
+    try {
+      request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+          cbIdentificationType, cbIdentificationValue);
+    } catch (SZRGWClientException e) {
+      //e.printStackTrace();
+      Logger.info(e);
+      return null;
+    }
+    return form;
+  }
+  
+  /*
+   * (non-Javadoc)
+   * 
+   * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String)
+   */
+  public String validate(Map parameters, String extErrortext)
+  {
+    
+    // Process the gotten parameters
+    String form = null;
+    boolean formNecessary = false;
+    if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true;
+    String locErrortext = "Folgende Parameter fehlen: ";
+    
+    String familyName = (String) parameters.get("familyname");
+    if (null == familyName) familyName ="";
+    String givenName = (String) parameters.get("givenname");
+    if (null == givenName) givenName ="";
+    boolean physical = "true".equals(parameters.get("physical"));
+    String dobday = (String) parameters.get("dobday");
+    if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday="";
+    String dobmonth = (String) parameters.get("dobmonth");
+    if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth="";
+    String dobyear = (String) parameters.get("dobyear");
+    if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear="";
+    String dateOfBirth = "";
+    dobyear = ("    ".substring(0, 4-dobyear.length()) + dobyear);
+    dobmonth = ("    ".substring(0, 2-dobmonth.length()) + dobmonth);
+    dobday = ("    ".substring(0, 2-dobday.length()) + dobday);
+    dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday;
+    String cbFullName = (String) parameters.get("fullname");
+    if (null == cbFullName) cbFullName ="";
+    String cbIdentificationType = (String) parameters.get("cbidentificationtype");
+    if (null == cbIdentificationType) cbIdentificationType ="";
+    String cbIdentificationValue = (String) parameters.get("cbidentificationvalue");
+    if (null == cbIdentificationValue) cbIdentificationValue ="";
+    String postalCode = (String) parameters.get("postalcode");
+    if (null == postalCode) postalCode ="";
+    String municipality = (String) parameters.get("municipality");
+    if (null == municipality) municipality ="";
+    String streetName = (String) parameters.get("streetname");
+    if (null == streetName) streetName ="";
+    String buildingNumber = (String) parameters.get("buildingnumber");
+    if (null == buildingNumber) buildingNumber ="";
+    String unit = (String) parameters.get("unit");
+    if (null == unit) unit ="";
+
+    if (physical) {
+      if (ParepUtils.isEmpty(familyName)) {
+        formNecessary = true;
+        locErrortext = locErrortext + "Familienname";
+      }
+      if (ParepUtils.isEmpty(givenName)) {
+        formNecessary = true;
+        if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", ";
+        locErrortext = locErrortext + "Vorname";
+      }
+      // Auf existierendes Datum prüfen
+      SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
+      format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen
+      try {
+        format.parse(dateOfBirth);
+      }
+      catch(ParseException pe)
+      {
+        formNecessary = true;
+        if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+        locErrortext = locErrortext + "korrektes Geburtsdatum";
+      }
+    } else {
+      if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+        formNecessary = true;
+        if (ParepUtils.isEmpty(cbFullName)) {
+          locErrortext = locErrortext + "Name der Organisation";
+        }
+        if (ParepUtils.isEmpty(cbIdentificationType)) {
+          if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+          locErrortext = locErrortext + "Auswahl des Registers";
+        }
+        if (ParepUtils.isEmpty(cbIdentificationValue)) {
+          if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+          locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register";
+        }
+      }
+    }
+    try {
+      request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+          cbIdentificationType, cbIdentificationValue);
+      if (formNecessary) {
+        // Daten noch nicht vollständig oder anderer Fehler
+        if (locErrortext.endsWith("fehlen: ")) locErrortext ="";
+        String error = "";
+        if (!ParepUtils.isEmpty(extErrortext)) {
+          error = extErrortext;
+          if (!ParepUtils.isEmpty(locErrortext)) error = error + "; ";
+        }
+        if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext;
+        if (!ParepUtils.isEmpty(error)) {
+          error = "<div class=\"errortext\"> <img alt=\" Angabe bitte ergänzen oder richtig stellen! \" src=\"img/rufezeichen.gif\" width=\"10\" height=\"16\" />&nbsp; " + error + "</div>";
+        }
+        form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error);
+        if (form == null) {
+          return null;
+        }
+      } else {
+        return ""; // everything is ok
+      }
+    } catch (Exception e) {
+      //e.printStackTrace();
+      Logger.info(e);
+      return null;
+    }
+    return form;
+  }
+  
+  /**
+   * Loads the empty user input form and replaces tag occurences with given variables
+   * 
+   * @param physical
+   * @param familyName
+   * @param givenName
+   * @param dateOfBirth
+   * @param streetName
+   * @param buildingNumber
+   * @param unit
+   * @param postalCode
+   * @param municipality
+   * @param cbFullName
+   * @param cbIdentificationType
+   * @param cbIdentificationValue
+   * @param errorText
+   * @return
+   */
+  private String loadForm(
+      boolean physical, String familyName, String givenName, String dateOfBirth,
+      String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+      String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText) 
+  {
+    String form = "";
+    try {
+      String fileName = parepConfiguration.getInputProcessorTemplate(representationID);
+      InputStream instream = null;
+      File file = new File(fileName);
+      if (file.exists()) {
+        //if this resolves to a file, load it
+        instream = new FileInputStream(fileName);
+      } else {
+        fileName = parepConfiguration.getFullDirectoryName(fileName);
+        file = new File(fileName);
+        if (file.exists()) {
+          //if this resolves to a file, load it
+          instream = new FileInputStream(fileName);
+        } else {
+          //else load a named resource in our classloader. 
+          instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID));
+          if (instream == null) {
+            Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt");
+            return null;
+          }
+        }
+      }
+      ByteArrayOutputStream bos = new ByteArrayOutputStream();
+      ParepUtils.dumpInputOutputStream(instream, bos);
+      form = bos.toString("UTF-8");
+    } catch(Exception e) {
+      Logger.error("Fehler beim Einlesen des Input-Templates.", e);
+    }
+  
+    if (!ParepUtils.isEmpty(form)) {
+      boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID);
+      boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID);
+      boolean reducedSelection = (!physEnabled || !cbEnabled);
+      if (reducedSelection) {
+        physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar
+      }
+      if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT";
+      form = ParepUtils.replaceAll(form, "<rpgivenname>", rpGivenName);
+      form = ParepUtils.replaceAll(form, "<rpfamilyname>", rpFamilyName);
+      form = ParepUtils.replaceAll(form, "<rpdobyear>", rpDateOfBirth.substring(0,4));
+      form = ParepUtils.replaceAll(form, "<rpdobmonth>", rpDateOfBirth.substring(5,7));
+      form = ParepUtils.replaceAll(form, "<rpdobday>", rpDateOfBirth.substring(8,10));
+      //darf zw. phys. und jur. Person gewählt werden:
+      //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : "");
+      form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\"");
+      form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : "");
+      form = ParepUtils.replaceAll(form, "<givenname>", givenName);
+      form = ParepUtils.replaceAll(form, "<familyname>", familyName);
+      form = ParepUtils.replaceAll(form, "<dobyear>", dateOfBirth.substring(0,4).trim());
+      form = ParepUtils.replaceAll(form, "<dobmonth>", dateOfBirth.substring(5,7).trim());
+      form = ParepUtils.replaceAll(form, "<dobday>", dateOfBirth.substring(8,10).trim());
+      form = ParepUtils.replaceAll(form, "<streetname>", streetName);
+      form = ParepUtils.replaceAll(form, "<buildingnumber>", buildingNumber);
+      form = ParepUtils.replaceAll(form, "<unit>", unit);
+      form = ParepUtils.replaceAll(form, "<postalcode>", postalCode);
+      form = ParepUtils.replaceAll(form, "<municipality>", municipality);
+      form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\"");
+      form = ParepUtils.replaceAll(form, "<fullname>", cbFullName);
+      form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\"");
+      form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\"");
+      form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : "");
+      form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : "");
+      form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : "");
+      form = ParepUtils.replaceAll(form, "<cbidentificationvalue>", cbIdentificationValue);
+      form = ParepUtils.replaceAll(form, "<errortext>", errorText);
+    } 
+    return form;
+  }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
new file mode 100644
index 000000000..aed635502
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -0,0 +1,708 @@
+package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.xml.serialize.OutputFormat;
+import org.apache.xml.serialize.XMLSerializer;
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * This class implements a set of utility methods.
+ * 
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class ParepUtils {
+
+  /**
+   * Determines whether a string is null or empty
+   * 
+   * @param str the string to check.
+   * @return <code>true</code> if the string is null or empty,
+   *         <code>false</code> otherwise.
+   */
+  public static boolean isEmpty(String str) {
+    return str == null || "".equals(str);
+  }
+
+  /**
+   * Reads a XML document from an input stream (namespace-aware).
+   * 
+   * @param is
+   *          the input stream to read from.
+   * @return the read XML document.
+   * @throws SZRGWClientException
+   *           if an error occurs reading the document from the input stream.
+   */
+  public static Document readDocFromIs(InputStream is) throws SZRGWClientException {
+    try {
+      DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
+      f.setNamespaceAware(true);
+      return f.newDocumentBuilder().parse(is);
+    } catch (Exception e) {
+      throw new SZRGWClientException(e);
+    }
+  }
+
+  /*
+   * 
+   */
+  public static String extractRepresentativeID(Element mandate) throws ValidateException {
+    try {
+      Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+      Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode);
+      if (resultNode != null) {
+        return resultNode.getTextContent();
+      }
+      return null;
+    } catch (Exception e) {
+      throw new ValidateException("validator.62", null);
+    }
+  }
+
+  // TODO: remove unreferenced
+
+  /**
+   * Dumps all bytes from an input stream to the given output stream.
+   * 
+   * @param is
+   *          the input stream to dump from.
+   * @param os
+   *          the output stream to dump to.
+   * @throws IOException
+   *           if an error occurs while dumping.
+   */
+  public static void dumpInputOutputStream(InputStream is, OutputStream os) throws IOException {
+    if (is == null) {
+      return;
+    }
+    int ch;
+    while ((ch = is.read()) != -1) {
+      os.write(ch);
+    }
+  }
+
+  /**
+   * Gets a string that represents the date a mandate was issued.
+   * 
+   * @param mandate
+   *          the mandate to extract the issuing date from.
+   * @return the issuing date of the given mandate.
+   * @throws SZRGWClientException
+   *           if an exception occurs extracting the issuing date of the
+   *           mandate.
+   */
+  public static String getMandateIssuedDate(Element mandate) throws SZRGWClientException {
+    try {
+      Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+
+      Node dateNode = XPathAPI.selectSingleNode(mandate, "//md:Issued/md:Date/text()", nameSpaceNode);
+
+      if (dateNode == null) {
+        throw new Exception("Date in Mandate-Issued not found.");
+      }
+      return dateNode.getNodeValue();
+    } catch (Exception e) {
+      throw new SZRGWClientException(e);
+    }
+  }
+
+  /**
+   * Gets a string that represents the place a mandate was issued.
+   * 
+   * @param mandate
+   *          the mandate to extract the issuing place from.
+   * @return the issuing place of the given mandate.
+   * @throws SZRGWClientException
+   *           if an exception occurs extracting the issuing place of the
+   *           mandate.
+   */
+  public static String getMandateIssuedPlace(Element mandate) throws SZRGWClientException {
+    try {
+      Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+
+      Node placeNode = XPathAPI.selectSingleNode(mandate, "//md:Issued/md:Place/text()", nameSpaceNode);
+
+      if (placeNode == null) {
+        throw new Exception("Place in Mandate-Issued not found.");
+      }
+      return placeNode.getNodeValue();
+    } catch (Exception e) {
+      throw new SZRGWClientException(e);
+    }
+  }
+
+  /**
+   * Extracts the textual description of the mandate.
+   * 
+   * @param mandate
+   *          the mandate to extract the textual description from.
+   * @return the textual description of the mandate.
+   * @throws SZRGWClientException
+   *           if an exception occurs extracting the textual description.
+   */
+  public static String getMandateContent(Element mandate) throws SZRGWClientException {
+    try {
+      Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+
+      Node contentNode = XPathAPI.selectSingleNode(mandate, "//md:SimpleMandateContent/md:TextualDescription/text()", nameSpaceNode);
+
+      if (contentNode == null) {
+        throw new Exception("Content in Mandate not found.");
+      }
+      return contentNode.getNodeValue();
+    } catch (Exception e) {
+      throw new SZRGWClientException(e);
+    }
+  }
+
+  /**
+   * Extracts the md:Mandator element from a XML mandate element.
+   * 
+   * @param mandate
+   *          the md:Mandate element to extract the md:Mandator from.
+   * @return the md:Mandator element.
+   * @throws SZRGWClientException
+   *           if an error occurs extracting the md:Mandator element.
+   */
+  public static Element extractMandator(Element mandate) throws ParseException {
+    try {
+      
+      Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+      Element mandator = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR, nameSpaceNode);
+      if (mandator == null) {
+        // if we got the Mandator itself
+        if (mandate.getLocalName().equals(SZRGWConstants.MANDATOR)) return mandate;
+      }
+      if (mandator == null)
+        return null;
+      String nsPrefix = mandator.getPrefix();
+      String nsUri = mandator.getNamespaceURI();
+      Element mandatorClone = (Element) mandator.cloneNode(true);
+      mandatorClone.setAttribute("xmlns:" + nsPrefix, nsUri);
+      return mandatorClone;
+    } catch (Exception e) {
+      throw new ParseException(e.toString(), null);
+    }
+  }
+  
+  /**
+   * Tells wether a mandator is a physical person or not.
+   * 
+   * @param mandator
+   *          the XML md:Mandator element to extract from.
+   * @return <code>true<code> if the mandator is a physical person, <code>false</code> otherwise.
+   */
+  public static boolean isPhysicalPerson(Element mandator) {
+    try {
+      Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+      // check if physical person
+      Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode);
+      // Element physicalPerson = (Element)XPathAPI.selectSingleNode(mandator,
+      // "descendant-or-self::pr:CorporateBody", nameSpaceNode);
+      return physicalPerson != null;
+    } catch (Exception e) {
+      e.printStackTrace();
+      return false;
+    }
+  }
+
+  /**
+   * Extracts the <code>pr:PhysicalPerson</code> or <code>pr:CorporateBody</code> 
+   * element from a XML mandate element.
+   * 
+   * @param mandate
+   *          the md:Mandate element to extract the person from.
+   * @return the <code>pr:PhysicalPerson</code> or <code>pr:CorporateBody</code> element.
+   * @throws ParseException
+   *           if an error occurs extracting the element.
+   */
+  public static Element extractPersonOfMandate(Element mandate) throws ParseException {
+    try {
+      
+      Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+      Element person = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/pr:PhysicalPerson", nameSpaceNode);
+      if (person == null) {
+        person = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/pr:CorporateBody", nameSpaceNode);
+      }
+      if (person == null) return null;
+      String nsPrefix = person.getPrefix();
+      String nsUri = person.getNamespaceURI();
+      Element personClone = (Element) person.cloneNode(true);
+      personClone.setAttribute("xmlns:" + nsPrefix, nsUri);
+      return personClone;
+    } catch (Exception e) {
+      //e.printStackTrace();
+      throw new ParseException(e.toString(), null);
+    }
+  }
+
+  /**
+   * Benerates the </code>pr:Person</code> element form a 
+   * <code>pr:PhysicalPerson</code> or <code>pr:CorporateBody</code> 
+   * element of a XML mandate element.
+   * 
+   * @param mandate
+   *          the md:Mandate element to extract the person from.
+   * @return the <code>pr:Person</code> element.
+   * @throws ParseException
+   *           if an error occurs extracting the element.
+   */
+  public static Element extractPrPersonOfMandate(Element mandate) throws ParseException {
+
+    try {
+      Document document = ParepUtils.createEmptyDocument();
+      Element root = document.createElement(SZRGWConstants.PD_PREFIX + SZRGWConstants.PERSON);
+      root.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+      root.setAttribute("xmlns:" + Constants.XSI_PREFIX, Constants.XSI_NS_URI);
+
+      Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+      Element person = (Element) XPathAPI.selectSingleNode(mandate, "//" 
+          + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/" + SZRGWConstants.PD_PREFIX + SZRGWConstants.PHYSICALPERSON, nameSpaceNode);
+      if (person == null) {
+        person = (Element) XPathAPI.selectSingleNode(mandate, "//" 
+            + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/" + SZRGWConstants.PD_PREFIX + SZRGWConstants.CORPORATEBODY, nameSpaceNode);
+      }
+      if (person != null) {
+        root.setAttribute(Constants.XSI_PREFIX + ":type", SZRGWConstants.PD_PREFIX + person.getLocalName());
+        if (person != null) {
+          NodeList nl = person.getChildNodes();
+          for (int i = 0; i < nl.getLength(); i++) {
+            Node testNode = nl.item(i);
+            if (Node.ELEMENT_NODE == testNode.getNodeType()) {
+              root.appendChild(document.importNode(testNode, true));
+            }
+          }
+        }
+      }
+      
+      return root;
+    } catch (Exception e) {
+      //e.printStackTrace();
+      throw new ParseException(e.toString(), null);
+    }
+  }
+  
+  /**
+   * Extracts the name of the mandator as a string representation.
+   * 
+   * @param mandator
+   *          the XML md:Mandator element to extract from.
+   * @return the mandator name as a string.
+   */
+  public static String extractMandatorName(Element mandator) {
+    try {
+      Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+      // first check if physical person
+      Element name = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName", nameSpaceNode);
+      if (name != null) {
+        String givenName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()", nameSpaceNode).getNodeValue();
+        String familyName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()", nameSpaceNode).getNodeValue();
+
+        return givenName + " " + familyName;
+      }
+
+      // check if corporate body
+      Node fullName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:FullName/text()", nameSpaceNode);
+      if (fullName != null) {
+        return fullName.getNodeValue();
+      }
+      return "";
+    } catch (Exception e) {
+      //e.printStackTrace();
+      return "";
+    }
+  }
+
+  /**
+   * Extracts specific text of an element of a given md:Mandator element.
+   * 
+   * @param mandator
+   *          the XML md:Mandator to extract from.
+   * @return the resulting text of the mandator element.
+   */
+  public static String extractText(Element mandator, String xpath) {
+    try {
+      Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+      Node textNode = XPathAPI.selectSingleNode(mandator, xpath, nameSpaceNode);
+      if (textNode == null)
+        return null;
+      return textNode.getNodeValue();
+    } catch (Exception e) {
+      e.printStackTrace();
+      return null;
+    }
+  }
+
+  /**
+   * Extracts the date of birth of the mandator of a given md:Mandator element.
+   * 
+   * @param mandator
+   *          the XML md:Mandator to extract from.
+   * @return the dob of the mandator.
+   */
+  public static String extractMandatorDateOfBirth(Element mandator) {
+    try {
+      Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+      Node dobName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:DateOfBirth/text()", nameSpaceNode);
+      if (dobName == null)
+        return null;
+      return dobName.getNodeValue();
+    } catch (Exception e) {
+      e.printStackTrace();
+      return null;
+    }
+  }
+
+  /**
+   * Extracts the full name of the mandators corporate body of a given
+   * md:Mandator element.
+   * 
+   * @param mandator
+   *          the XML md:Mandator to extract from.
+   * @return the full name of the mandator.
+   */
+  public static String extractMandatorFullName(Element mandator) {
+    try {
+      Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+      Node fullName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:CorporateBody/pr:FullName/text()", nameSpaceNode);
+      if (fullName == null)
+        return null;
+      return fullName.getNodeValue();
+    } catch (Exception e) {
+      e.printStackTrace();
+      return null;
+    }
+  }
+
+  /**
+   * Extracts the identification value of the mandator of a given mandate.
+   * 
+   * @param mandator
+   *          the XML md:Mandator element.
+   * @return the identification value.
+   */
+  public static String extractMandatorWbpk(Element mandator) {
+    try {
+      Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+      Node idValue = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Identification/pr:Value/text()", nameSpaceNode);
+      if (idValue != null) {
+        return idValue.getNodeValue();
+      }
+      return "";
+    } catch (Exception e) {
+      e.printStackTrace();
+      return "";
+    }
+  }
+
+  /**
+   * Extracts the identification type of the mandator of a given mandate.
+   * 
+   * @param mandator
+   *          the XML md:Mandator element.
+   * @return the identification type.
+   */
+  public static String extractMandatorIdentificationType(Element mandator) {
+    try {
+      Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+      Node idType = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Identification/pr:Type/text()", nameSpaceNode);
+      if (idType != null) {
+        return idType.getNodeValue();
+      }
+      return "";
+    } catch (Exception e) {
+      e.printStackTrace();
+      return "";
+    }
+  }
+
+  /*
+   * 
+   */
+  public static String getIdentification(Element personElement, String element) throws ParseException {
+    try {
+
+      Element nameSpaceNode = personElement.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+      return XPathAPI.selectSingleNode(personElement, "descendant-or-self::pr:Identification/pr:" + element + "/text()", nameSpaceNode)
+          .getNodeValue();
+    } catch (Exception e) {
+      throw new ParseException(e.toString(), null);
+    }
+  }
+
+  /*
+   * 
+   */
+  private static Element extractRepresentative(Element mandate) throws SZRGWClientException {
+    try {
+      Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+      Element mandator = (Element) XPathAPI.selectSingleNode(mandate, "//md:Representative/child::*[1]", nameSpaceNode);
+      String nsPrefix = mandator.getPrefix();
+      String nsUri = mandator.getNamespaceURI();
+
+      Element mandatorClone = (Element) mandator.cloneNode(true);
+      mandatorClone.setAttribute("xmlns:" + nsPrefix, nsUri);
+
+      return mandatorClone;
+    } catch (Exception e) {
+      throw new SZRGWClientException(e);
+    }
+  }
+
+  /**
+   * Serializes a XML element to a given output stream.
+   * 
+   * @param element
+   *          the XML element to serialize.
+   * @param out
+   *          the output streamt o serialize to.
+   * @throws IOException
+   *           if an I/O error occurs during serialization.
+   */
+  public static void serializeElement(Element element, OutputStream out) throws IOException {
+    OutputFormat format = new OutputFormat();
+    format.setOmitXMLDeclaration(true);
+    format.setEncoding("UTF-8");
+    format.setPreserveSpace(true);
+    XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out, "UTF-8"), format);
+    serializer.serialize(element);
+  }
+
+  public static void serializeElementAsDocument(Element element, OutputStream out) throws IOException {
+    OutputFormat format = new OutputFormat();
+    format.setOmitXMLDeclaration(false);
+    format.setEncoding("UTF-8");
+    format.setPreserveSpace(true);
+    XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out, "UTF-8"), format);
+    serializer.serialize(element);
+  }
+
+  public static void serializeElementWithoutEncoding(Element element, OutputStream out) throws IOException {
+    OutputFormat format = new OutputFormat();
+    format.setOmitXMLDeclaration(true);
+    format.setEncoding("UTF-8");
+    format.setPreserveSpace(true);
+    XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out), format);
+    serializer.serialize(element);
+  }
+
+  public static void saveStringToFile(String str, File file) throws IOException {
+    FileOutputStream fos = new FileOutputStream(file);
+    fos.write(str.getBytes());
+    fos.flush();
+    fos.close();
+  }
+
+  public static void saveBytesToFile(byte[] str, File file) throws IOException {
+    FileOutputStream fos = new FileOutputStream(file);
+    fos.write(str);
+    fos.flush();
+    fos.close();
+  }
+
+  public static void saveElementToFile(Element elem, File file) throws IOException {
+    FileOutputStream fos = new FileOutputStream(file);
+    serializeElementWithoutEncoding(elem, fos);
+    fos.flush();
+    fos.close();
+  }
+
+  /**
+   * Creates an empty XML document.
+   * 
+   * @return a newly created empty XML document.
+   * @throws SZRGWClientException
+   *           if an error occurs creating the empty document.
+   */
+  public static Document createEmptyDocument() throws SZRGWClientException {
+    try {
+      DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+      factory.setNamespaceAware(true);
+      return factory.newDocumentBuilder().newDocument();
+    } catch (Exception e) {
+      throw new SZRGWClientException(e);
+    }
+  }
+
+
+  /**
+   * Tells if the Validator of an Infobox is enabled. If the corresponding application
+   * specific configuration element <code>EnableInfoboxValidator</code> is missing, a default value <code>true</code> is assumed
+   * 
+   * @param applicationSpecificParams
+   *          the XML element of the infobox configuration.
+   * @return the boolean value of the determination.
+   * @throws ConfigurationException
+   *           if an error occurs reading the configuration.
+   */
+  public static boolean isValidatorEnabled(Element applicationSpecificParams) throws ConfigurationException {
+    try {
+      Element nameSpaceNode = applicationSpecificParams.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+      
+      //ParepUtils.serializeElement(applicationSpecificParams, System.out);
+      Node validatorEnabledNode = XPathAPI.selectSingleNode(applicationSpecificParams, Constants.MOA_ID_CONFIG_PREFIX
+          + ":EnableInfoboxValidator/text()", nameSpaceNode);
+      if (validatorEnabledNode != null) {
+        return BoolUtils.valueOf(validatorEnabledNode.getNodeValue());
+      }
+      return true;
+    } catch (Exception e) {
+      // e.printStackTrace();
+      throw new ConfigurationException("config.02", null);
+    }
+  }
+
+  /**
+   * Delivers a String with the description of the register which is described 
+   * through the identification Type of a corporate body of the persondata schema 
+   * 
+   * @param identificationType
+   *          the identification type.
+   * @return the register description.
+   */
+  public static String getRegisterString(String identificationType) {
+    String corporateBase = Constants.URN_PREFIX_BASEID + "+";
+    if (ParepUtils.isEmpty(identificationType) || !identificationType.startsWith(corporateBase)) return null;
+    String register = identificationType.substring(corporateBase.length());
+    if (ParepUtils.isEmpty(register)) return null;
+    if (register.equals("FN") || register.equals("XFN")) return "Firmenbuchnummer";
+    if (register.equals("VR") || register.equals("XZVR") || register.equals("XVR") || register.equals("ZVR")) return "Nummer im Vereinsregister";
+    if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Ergänzungsregister für sonstige Betroffene";
+    return null;
+  }
+  
+  /**
+   * Hides Stammzahlen in the given element 
+   * 
+   * @param hideElement The element where Stammzahlen should be replaced.
+   * @param businessApplication For decision whether to calc a bPK or wbPK.
+   * @param target Target for calculating a bPK.
+   * @param registerID Necessary string for calculating a wbPK (example <code>FN+4096i</code>).
+   * @param blank Switch for behaviour.
+   *          <code>true</code> if Stammzahlen are blinded. All occurences will be replaced by empty strings.
+   *          <code>false</code> calculates (w)bPKs and changes also the <code>pr:Identifivation/pr:Type</code> elements.
+   * @return The element where Stammzahlen are hidden.
+   */
+  public static Element HideStammZahlen(Element hideElement, boolean businessApplication, String target, String registerID, boolean blank) 
+    throws BuildException {
+    try {
+      if (hideElement != null) {
+        Element nameSpaceNode = hideElement.getOwnerDocument().createElement("NameSpaceNode");
+        nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+        NodeList identifications = XPathAPI.selectNodeList(hideElement, "descendant-or-self::pr:Identification", nameSpaceNode);
+        for (int i = 0; i < identifications.getLength(); i++) {
+          Element identificationElement = (Element) identifications.item(i);
+          Node idTypeNode = XPathAPI.selectSingleNode(identificationElement, "descendant-or-self::pr:Identification/pr:Type/text()", nameSpaceNode);
+          if (idTypeNode != null && Constants.URN_PREFIX_BASEID.equals(idTypeNode.getNodeValue())) {
+            Node idValueNode = XPathAPI.selectSingleNode(identificationElement, "descendant-or-self::pr:Identification/pr:Value/text()", nameSpaceNode);
+            if (idValueNode == null || ParepUtils.isEmpty(idValueNode.getNodeValue())) {
+              Logger.error("HideStammZahlen: Problem beim Parsen des erhaltenen Elements - Value Element(-Inhalt) von pr:Identification nicht vorhanden.");
+              throw new BuildException("builder.02", null);
+            }
+            if (blank) {
+              idValueNode.setNodeValue("");
+            } else {
+              String idValue = idValueNode.getNodeValue();
+              if (businessApplication) {
+                // wbPK berechnen
+                idTypeNode.setNodeValue(Constants.URN_PREFIX_WBPK + "+" + registerID);
+                String bpkBase64 = new BPKBuilder().buildWBPK(idValueNode.getNodeValue(), registerID);
+                idValueNode.setNodeValue(bpkBase64);
+
+              } else {
+                // bPK berechnen
+                idTypeNode.setNodeValue(Constants.URN_PREFIX_BPK);
+                String bpkBase64 = new BPKBuilder().buildBPK(idValueNode.getNodeValue(), target);
+                idValueNode.setNodeValue(bpkBase64);
+              }
+            }
+          }
+        }
+      }
+    } catch (Exception e) {
+      throw new BuildException("builder.02", null);
+    }
+    return hideElement;
+  }
+
+  /**
+   * Replaces each substring of string <code>s</code> that matches the given
+   * <code>search</code> string by the given <code>replace</code> string.
+   * 
+   * @param s         The string where the replacement should take place.
+   * @param search    The pattern that should be replaced.
+   * @param replace   The string that should replace all each <code>search</code>
+   *                  string within <code>s</code>.
+   * @return          A string where all occurrence of <code>search</code> are
+   *                  replaced with <code>replace</code>.
+   */
+  public static String replaceAll (String s, String search, String replace) {
+    if (replace==null) replace = "";
+    return StringUtils.replaceAll(s, search, replace);
+  }
+
+  
+//  public static void main(String[] args) throws Exception {
+//    Document mandate = readDocFromIs(new FileInputStream("c:/Doku/work/Organwalter/schemas/Vertretung_OW_Max_Mustermann.xml"));
+//    Document mandate = readDocFromIs(new FileInputStream("c:/mandator.xml"));
+//    Document mandate = readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1.xml"));
+//    Element mandatorElement = extractMandator(mandate.getDocumentElement());
+//    System.out.println(extractMandatorName(mandatorElement));
+//    System.out.println(extractMandatorDateOfBirth(mandatorElement));
+//    System.out.println(extractMandatorWbpk(mandatorElement));
+//    //serializeElement(mandatorElement, System.out);
+//      serializeElement((extractPrPersonOfMandate(mandate.getDocumentElement())), System.out);
+//  }
+  
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
new file mode 100644
index 000000000..acd193a68
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
@@ -0,0 +1,576 @@
+package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.io.File;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Vector;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
+import at.gv.egovernment.moa.id.auth.data.InfoboxToken;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResultImpl;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateResponse;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * This class implements a MOA-ID Infobox Validator for validating
+ * a standardized XML mandate using the SZR-gateway.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner
+ */
+public class ParepValidator implements InfoboxValidator {
+
+  /** activates debug settings */
+  private boolean PAREP_DEBUG = false;
+  
+  /** contains the parameters the validator initially was called with */
+  private InfoboxValidatorParams params = null;
+
+  /** contains the configuration of the validator */
+  private ParepConfiguration parepConfiguration = null;
+  
+  /** the requested representation ID (currently * or OID) */
+  private String representationID = null;
+  
+  /** holds the information of the SZR-request */
+  private CreateMandateRequest request = null;
+  
+  /** List of extended SAML attributes. */
+  private Vector extendedSamlAttributes = new Vector();
+  
+  /** the class which processes the user input */
+  private ParepInputProcessor inputProcessor = null;
+  
+  /** The form if user input is necessary */
+  private String form = null;
+  
+  /** unspecified error of parep-validator (must not know more about)*/
+  private final static String COMMON_ERROR = "Es ist ein Fehler bei der Überprüfung für berufliche Parteienvetretung aufgetreten";
+  
+  /** Default class to gather remaining mandator data. */
+  public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl";
+  
+  /** Default template to gather remaining mandator data. */
+  public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html";
+  
+  /** kind of representation text in AUTH block*/
+  public final static String STANDARD_REPRESENTATION_TEXT = "beruflicher Parteienvertreter";
+  
+  /** Names of the produced SAML-attributes. */
+  public final static String EXT_SAML_MANDATE_RAW = "Vollmacht";
+  public final static String EXT_SAML_MANDATE_NAME = "MachtgeberName";
+  public final static String EXT_SAML_MANDATE_DOB = "MachtgeberGeburtsdatum";
+  public final static String EXT_SAML_MANDATE_WBPK = "MachtgeberWbpk";
+  public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "VertretungsArt";
+
+  /** register and register number for non physical persons - the domain identifier for business applications*/
+  public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MachtgeberRegisternummer";
+
+  /**
+   * Parses the XML configuration element and creates the validators configuration
+   * Use this function if you want to preconfigure the validator.
+   * 
+   * @param configElem
+   *          the XML configuration element to parse.
+   * @throws ConfigurationException
+   *           if an error occurs during the configuration process
+   */
+  public void Configure(Element configElem) throws ConfigurationException {
+    if (this.parepConfiguration == null) {
+      Logger.debug("Lade Konfiguration.");
+      parepConfiguration = new ParepConfiguration(configElem);
+      Logger.debug("Konfiguration erfolgreich geladen.");
+    }
+  }
+
+  /*
+   * (non-Javadoc)
+   * 
+   * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams)
+   */
+  public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException {
+
+    InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+
+    try {
+      Logger.debug("Starte Organwalter-/berufliche Parteienvertreterprüfung.");
+      this.params = params;
+      
+      Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList());
+      // ParepUtils.serializeElement(mandate, System.out);
+      this.representationID = ParepUtils.extractRepresentativeID(mandate);
+      if (ParepUtils.isEmpty(representationID)) {
+        validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht");
+        return validationResult;
+      }
+
+      // Überprüfen der Identifikation (Type/Value). 
+      String identificationType = this.params.getIdentificationType();
+      String identificationValue = this.params.getIdentificationValue();
+      if (this.params.getBusinessApplication()) {
+        if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+          validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen.");
+          return validationResult;
+          
+        } else {
+          Logger.debug("Parteienvertreter wird mit wbPK identifiziert");
+        }
+      } else {
+        if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+          //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt
+          if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+            Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu übermitteln. In der MOA-ID Konfiguration muss die Übermittlung Stammzahl aktiviert sein.");
+            validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+            return validationResult;
+          } else {
+            Logger.debug("Organwalter wird mit Stammzahl identifiziert");
+          }
+        } else {
+          if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+            // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist 
+            identificationType = Constants.URN_PREFIX_CDID;
+            String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget());
+            identificationValue = bpkBase64;
+            Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert");
+          } else {
+            Logger.debug("Parteienvertreter wird mit bPK identifiziert");
+          }
+        }
+      }
+
+      Configure(this.params.getApplicationSpecificParams());
+      // check if we have a configured party representative for that
+      if (!parepConfiguration.isPartyRepresentative(representationID)) {
+        Logger.info("Kein beruflicher Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
+        validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+        return validationResult;
+      }
+
+      // Vertreter
+      this.request = new CreateMandateRequest();
+      request.setRepresentative(this.params, identificationType, identificationValue);
+      // ParepUtils.serializeElement(request.getRepresentative(), System.out);
+      //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml"));
+
+      Logger.debug("Prüfe vorausgefüllte Daten...");
+      boolean physical = true;
+      String familyName = "";
+      String givenName = "";
+      String dateOfBirth = "";
+      String cbFullName = "";
+      String cbIdentificationType = "";
+      String cbIdentificationValue = "";
+      String postalCode = "";
+      String municipality = "";
+      String streetName = "";
+      String buildingNumber = "";
+      String unit = "";
+
+      boolean formNecessary = false;
+      // Vertretener (erstes Vorkommen)
+      Element mandator = ParepUtils.extractMandator(mandate);
+      if (mandator != null) {
+        // ParepUtils.serializeElement(mandator, System.out);
+        // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml"));
+        if (ParepUtils.isPhysicalPerson(mandator)) {
+          familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+          givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+          dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+        } else {
+          physical = false;
+          cbFullName = ParepUtils.extractMandatorFullName(mandator);
+          cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+          cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+        }
+        postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+        municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+        streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+        buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+        unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+
+      }
+      if (physical) {
+        if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) {
+          validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+          return validationResult;
+        }
+        if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) {
+          formNecessary = true;
+        }
+      } else {
+        if (!parepConfiguration.isRepresentingCorporateParty(representationID)) {
+          validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+          return validationResult;
+        }
+        if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+          formNecessary = true;
+        }
+      }
+      
+      //Zeigen wir, dass die Daten übernommen wurden:
+      if (parepConfiguration.isAlwaysShowForm()) formNecessary=true;
+      
+      // Input processor
+      this.form = "";
+      if (formNecessary) {
+        ParepInputProcessor inputProcessor= getInputProcessor();
+        this.form = inputProcessor.start(
+            physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, 
+            cbFullName, cbIdentificationType, cbIdentificationValue);
+        if (this.form == null) {
+          validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+          return validationResult;
+        }
+      } else {
+        // Request vorbereiten mit vorgegebenen Daten
+        request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+            cbIdentificationType, cbIdentificationValue);
+      }
+        
+
+      // ParepUtils.serializeElement(request.getMandator(), System.out);
+      // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml"));
+      
+      addAuthBlockExtendedSamlAttributes();
+      validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+      Logger.debug("Überprüfung der vertretenen Partei erfolgreich beendet");
+      validationResult.setValid(true);
+      return validationResult;
+    } catch (Exception e) {
+      e.printStackTrace();
+      Logger.info(e);
+      validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+      return validationResult;
+    }
+  }
+
+  /*
+   * (non-Javadoc)
+   * 
+   * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map)
+   */
+  public InfoboxValidationResult validate(Map parameters) throws ValidateException {
+
+    InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+    Logger.debug("Intermediate processing von Organwalter-/beruflicher Parteienvertreterprüfung");
+    Logger.debug("Prüfe im Formular ausgefüllte Daten...");
+    if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString());
+
+    // Input processor
+    ParepInputProcessor inputProcessor= getInputProcessor();
+    this.form = inputProcessor.validate(parameters, null);
+    if (this.form == null) {
+      validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+      return validationResult;
+    }
+    extendedSamlAttributes.clear();
+    addAuthBlockExtendedSamlAttributes();
+    validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+    validationResult.setValid(true);
+    Logger.debug("Intermediate processing von Organwalter-/beruflicher Parteienvertreterprüfung erfolgreich beendet");
+    return validationResult;
+  }
+  
+  /*
+   * (non-Javadoc)
+   * 
+   * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element)
+   */
+  public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException {
+
+    InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+    Logger.debug("Post processing von Organwalter-/beruflicher Parteienvertreterprüfung");
+    this.form = "";
+    try {
+      
+      // TODO: Frage ob OID im Zertifikat zu prüfen ist (macht derzeit das SZR-gateway). Dies würde aber zu eine Performanceeinbuße führen.
+      
+      request.setSignature(samlAssertion);
+
+//DPO debug      
+//      Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement();
+//      String id = representationID;
+//      CreateMandateResponse response;
+//      if (true) {
+//        if (this.params.getHideStammzahl()) {
+//          if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
+//          // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilitätsmodus Personendaten ersetzt werden können. 
+//          // Würden die Stammzahlen gelöscht (geblindet) werden, würde der Identifikationswert des Vertretenen gänzlich fehlen.
+//          // Im Falle einen business Anwendung berechnet MOA-ID nach Rückkehr das wbPK
+//          ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+//        }
+//        if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml"));
+     
+      //ParepUtils.serializeElement(request.toElement(), System.out);
+      if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml"));
+
+      // configure szrgw client
+      Logger.debug("Lade SZR-GW Client.");
+      SZRGWClient client = new SZRGWClient();
+      // System.out.println("Parameters: " + cfg.getConnectionParameters());
+      Logger.debug("Initialisiere Verbindung...");
+      ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID);
+      // Logger.debug("Connection Parameters: " + connectionParameters);
+      Logger.debug("SZR-GW URL: " + connectionParameters.getUrl());
+      client.setAddress(connectionParameters.getUrl());
+      if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+        Logger.debug("Initialisiere SSL Verbindung");
+        client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+      }
+      
+      Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway...");
+      CreateMandateResponse response;
+      Element requ = request.toElement();
+      try {
+        response = client.createMandateResponse(requ);
+      } catch (SZRGWClientException e) {
+        // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+        Logger.debug("2. Versuch - Kommunikation mit dem Stammzahlenregister Gateway...");
+        client = new SZRGWClient(connectionParameters.getUrl());
+        if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+        response = client.createMandateResponse(requ);
+      }
+      if (response.getResultCode()==2000) {
+        if(response.getMandate()==null) {
+          Logger.error("Keine Vollmacht vom SZR-Gateway erhalten");
+          validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+          return validationResult;
+        }
+
+        
+        //DPO debug output (2lines)
+        String id = representationID;
+        if (id.equals("*")) id="standardisiert";
+        
+        Element mandate = response.getMandate();
+        // Replace Stammzahlen
+        if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
+        if (this.params.getHideStammzahl()) {
+          ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+          if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml"));
+        }
+        
+        extendedSamlAttributes.clear();
+        // Vollmacht
+        extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+        validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+        validationResult.setValid(true);
+        Logger.debug("Post processing von Organwalter-/beruflicher Parteienvertreterprüfung erfolgreich beendet");
+      } else {
+        String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage";
+        String responseInfo = response.getInfo();
+        if (response.getResultCode()>4000 && response.getResultCode()<4999) {
+          if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+          validationResult.setErrorMessage(errorMsg);
+        } else if (response.getResultCode()>=3000 && response.getResultCode()<=3000) {
+          // Person not found
+          ParepInputProcessor inputProcessor= getInputProcessor();
+          if (response.getResultCode()==3000) {  //TODO: verify code
+            errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Bitte ergänzen/ändern Sie ihre Angaben.";
+          } else {
+            if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+          }
+
+          this.form = inputProcessor.validate(generateParameters(), errorMsg);
+          if (this.form == null) {
+            validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+            return validationResult;
+          }
+          validationResult.setValid(true);
+        } else {
+          // Do not inform the user too much
+          Logger.error(errorMsg);
+          validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+        }
+        
+      }
+      return validationResult;
+    } catch (Exception e) {
+      e.printStackTrace();
+      Logger.info(e);
+      validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+      return validationResult;
+    }
+  }
+
+  /**
+   * provides the primary infobox token of the given list.
+   * 
+   * @param infoBoxTokens
+   *          the list of infobox tokens.
+   * @return
+   *          the XML element of the primary token.
+   * @throws ValidateException
+   *           if an error occurs or list is not suitable.
+   */
+  public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException {
+    if (infoBoxTokens == null || infoBoxTokens.size() == 0) {
+      throw new ValidateException("validator.62", null);
+    }
+    for (int i = 0; i < infoBoxTokens.size(); i++) {
+      InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i);
+      if (token.isPrimary()) {
+        return token.getXMLToken();
+      }
+    }
+    throw new ValidateException("validator.62", null);
+  }
+
+  /*
+   * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes()
+   */
+  public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
+    ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
+    extendedSamlAttributes.copyInto(ret);
+    Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length);
+    return ret;
+  }
+  
+
+  /**
+   * @return The next pending user input form, which is "" if no form is to be shown, and null on errors.
+   */
+  public String getForm() {
+    return this.form;
+    }
+
+  /** 
+   * Gets the user form input processor (class) assigned to the current party representative
+   * If the method is called for the first time it initializes the input processor.
+   * 
+   * @return The user form input processor
+   */
+  private ParepInputProcessor getInputProcessor() {
+    
+    if (this.inputProcessor!=null) return inputProcessor;
+    String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID);
+    ParepInputProcessor inputProcessor = null;
+    try {
+      Class inputProcessorClass = Class.forName(inputProcessorName);
+      inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance();
+      inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request);
+    } catch (Exception e) {
+      Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage());
+    }
+    this.inputProcessor = inputProcessor;
+    return inputProcessor;
+  }
+  
+  /**
+   * Generates the parameter list, which is needed to simulate a return from 
+   * an user form. 
+   * 
+   * @return the form parameters
+   */
+  private Map generateParameters() {
+    Map parameters = new HashMap();
+    boolean physical = true;
+    String familyName = "";
+    String givenName = "";
+    String dateOfBirth = "";
+    String cbFullName = "";
+    String cbIdentificationType = "";
+    String cbIdentificationValue = "";
+    String postalCode = "";
+    String municipality = "";
+    String streetName = "";
+    String buildingNumber = "";
+    String unit = "";
+
+    try {
+      // Vertretener (erstes Vorkommen)
+      Element mandator = request.getMandator();
+       ParepUtils.saveElementToFile(mandator, new File("c:/mandator_test.xml"));
+      if (mandator != null) {
+        if (ParepUtils.isPhysicalPerson(mandator)) {
+          familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+          givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+          dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+        } else {
+          physical = false;
+          cbFullName = ParepUtils.extractMandatorFullName(mandator);
+          cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+          cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+        }
+        postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+        municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+        streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+        buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+        unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+      }
+    } catch (Exception e) {
+      Logger.error("Could not extract Mandator form SZR-gateway request");
+    }
+    parameters.put("familyname", familyName);
+    parameters.put("givenname", givenName);
+    parameters.put("dateofbirth", dateOfBirth);
+    parameters.put("dobyear", dateOfBirth.substring(0,4));
+    parameters.put("dobmonth", dateOfBirth.substring(5,7));
+    parameters.put("dobday", dateOfBirth.substring(8,10));
+    parameters.put("physical", physical ? "true" : "false");
+    parameters.put("fullname", cbFullName);
+    parameters.put("cbidentificationtype", cbIdentificationType);
+    parameters.put("cbidentificationvalue", cbIdentificationValue);
+    parameters.put("postalcode", postalCode);
+    parameters.put("municipality", municipality);
+    parameters.put("streetname", streetName);
+    parameters.put("buildingnumber", buildingNumber);
+    parameters.put("unit", unit);
+    return parameters;
+  }
+
+  /**
+   * Adds the AUTH block related SAML attributes to the validation result. 
+   * This is needed always before the AUTH block is to be signed, because the 
+   * name of the mandator has to be set
+   */
+  private void addAuthBlockExtendedSamlAttributes() {
+    extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+    Element mandator = request.getMandator();
+    extendedSamlAttributes.clear();
+    // Name
+    String name = ParepUtils.extractMandatorName(mandator);
+    extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+    // Geburtsdatum
+    String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
+    if (dob != null && !"".equals(dob)) {
+      extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+    }
+    // (w)bpk
+    String wbpk = ParepUtils.extractMandatorWbpk(mandator);
+    if (!ParepUtils.isEmpty(wbpk)) {
+      if (!ParepUtils.isPhysicalPerson(mandator)){
+        String idType = ParepUtils.extractMandatorIdentificationType(mandator);
+        if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) {
+          extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+        }
+      } else if (this.params.getBusinessApplication()) {
+        extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+      }
+    }
+  }
+  
+//  public static void main(String[] args) throws Exception {
+//  }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java
new file mode 100644
index 000000000..d6b71ad83
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java
@@ -0,0 +1,159 @@
+/**
+ * 
+ */
+package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+
+/**
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ *
+ */
+public class PartyRepresentative {
+
+	/** Object Identifier **/
+	private String oid;
+	
+	private boolean representPhysicalParty;
+	
+	private boolean representCorporateParty;
+	
+	/** 
+	 * Text for representation description in SAML Assertion (Auth-Block) 
+	 * */
+	private String representationText;
+	
+	/**
+	 * SZR-GW connection parameters.
+	 */
+	private ConnectionParameter connectionParameters = null;
+
+	private String inputProcessorClass = null;
+  private String inputProcessorTemplate = null;
+
+  /**
+   * Constructor
+   */
+public PartyRepresentative() {
+  this.oid = null;
+  this.representPhysicalParty = false;
+  this.representCorporateParty = false;
+  this.connectionParameters = null;
+  this.representationText = null;
+}
+
+/**
+	   * Constructor
+	   */
+	public PartyRepresentative(boolean representPhysicalParty, boolean representCorporateParty) {
+		this.oid = null;
+		this.representPhysicalParty = representPhysicalParty;
+		this.representCorporateParty = representCorporateParty;
+		this.connectionParameters = null;
+	  this.representationText = null;
+	  this.inputProcessorClass = null;
+    this.inputProcessorTemplate = null;
+	}
+	
+	/**
+	 * @return the oid
+	 */
+	public String getOid() {
+		return oid;
+	}
+
+	/**
+	 * @param oid the oid to set
+	 */
+	public void setOid(String oid) {
+		this.oid = oid;
+	}
+
+	/**
+	 * @return the representPhysicalParty
+	 */
+	public boolean isRepresentingPhysicalParty() {
+		return representPhysicalParty;
+	}
+
+	/**
+	 * @param representPhysicalParty the representPhysicalParty to set
+	 */
+	public void setRepresentingPhysicalParty(boolean representPhysicalParty) {
+		this.representPhysicalParty = representPhysicalParty;
+	}
+
+	/**
+	 * @return the representCorporateParty
+	 */
+	public boolean isRepresentingCorporateParty() {
+		return representCorporateParty;
+	}
+
+	/**
+	 * @param representCorporateParty the representCorporateParty to set
+	 */
+	public void setRepresentingCorporateParty(boolean representCorporateParty) {
+		this.representCorporateParty = representCorporateParty;
+	}
+
+	/**
+	 * @return the connectionParameters
+	 */
+	public ConnectionParameter getConnectionParameters() {
+		return connectionParameters;
+	}
+
+	/**
+	 * @param connectionParameters the connectionParameters to set
+	 */
+	public void setConnectionParameters(ConnectionParameter connectionParameters) {
+		this.connectionParameters = connectionParameters;
+	}
+
+
+  /**
+   * @return the representationText
+   */
+  public String getRepresentationText() {
+    return representationText;
+  }
+
+
+  /**
+   * @param representationText the representationText to set
+   */
+  public void setRepresentationText(String representationText) {
+    this.representationText = representationText;
+  }
+
+  /**
+   * @return the inputProcessorClass
+   */
+  public String getInputProcessorClass() {
+    return inputProcessorClass;
+  }
+
+  /**
+   * @param inputProcessorClass the inputProcessorClass to set
+   */
+  public void setInputProcessorClass(String inputProcessorClass) {
+    this.inputProcessorClass = inputProcessorClass;
+  }
+
+  /**
+   * @return the inputProcessorTemplate
+   */
+  public String getInputProcessorTemplate() {
+    return inputProcessorTemplate;
+  }
+
+  /**
+   * @param inputProcessorTemplate the inputProcessorTemplate to set
+   */
+  public void setInputProcessorTemplate(String inputProcessorTemplate) {
+    this.inputProcessorTemplate = inputProcessorTemplate;
+  }	
+	
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java
new file mode 100644
index 000000000..fe8e263ff
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java
@@ -0,0 +1,235 @@
+package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * This class implements a detailed CreateMandateRequest that
+ * will be sent to SZR-gateway.
+ * 
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class CreateMandateRequest {
+
+  /**
+   * The Request.
+   */
+  private Document document;
+	
+  /**
+   * List of mandate representatives as XML element.
+   */
+  private List representatives;
+  
+  /**
+   * The mandator.
+   */
+  private Element mandator;
+
+  /**
+   * The representative.
+   */
+  private Element representative;
+  
+  /**
+   * The signature to verify by the SZR-gateway
+   */
+  private Element signature;
+
+  
+  
+  /**
+   * Creates the CreateMandateRequest element that will
+   * be sent to SZR-gateway
+   * 
+   * @return the CreateMandateRequest element.
+   */
+  public Element toElement() throws SZRGWClientException{
+
+	  this.document = ParepUtils.createEmptyDocument();
+	  Element root = this.document.createElement(SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_REQUEST);
+	  root.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+	  root.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+	  if (this.representative!=null) root.appendChild(this.document.importNode(this.representative, true));
+	  if (this.mandator!=null) root.appendChild(this.document.importNode(this.mandator, true));
+	  if (this.signature!=null) root.appendChild(this.document.importNode(this.signature, true));
+    
+    return root;
+  }
+  
+  /**
+   * Adds a representative.
+   * 
+   * @param representative an XML representative to add. 
+   */
+  public void addRepresentative(Element representative) {
+    if (representatives == null) {
+      representatives = new ArrayList();
+    }
+    representatives.add(representative);
+  }
+  
+  /**
+   * Gets the representative.
+   * 
+   * @return the representative.
+   */
+  public Element getRepresentative() {
+    return representative;
+  }
+
+  /**
+   * Gets the mandator.
+   * 
+   * @return the mandator.
+   */
+  public Element getMandator() {
+    return mandator;
+  }
+  
+  /**
+   * Sets the mandator.
+   * 
+   * @param mandator the mandator.
+   */
+  public void setMandator(Element mandator) {
+    this.mandator = mandator;
+  }
+
+  /**
+   * Sets the Mandator.
+   * 
+   * @param familyName the family name of the mandator.
+   */
+  public void setMandator(String familyName, String givenName, String dateOfBirth, 
+		  String postalCode, String municipality, String streetName, String buildingNumber, String unit,
+		  boolean physical, String cbFullName, String cbIdentificationType, String cbIdentificationValue) throws SZRGWClientException {
+
+	  Document mandatorDocument = ParepUtils.createEmptyDocument();
+	  
+	  Element mandatorElem = mandatorDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.MANDATOR);
+//	  mandatorElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+///	  mandatorElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+	  
+	  if (physical) {
+		  Element physicalPersonElem = mandatorDocument.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.PHYSICALPERSON);
+		  physicalPersonElem.appendChild(createNameElem(mandatorDocument, givenName, familyName));
+		  physicalPersonElem.appendChild(createPersonDataElem(mandatorDocument, SZRGWConstants.DATEOFBIRTH, dateOfBirth));
+		  mandatorElem.appendChild(physicalPersonElem);
+		  Element postalAddressElement = createPostalAddressElem(mandatorDocument, postalCode, municipality, streetName, buildingNumber, unit); 
+		  if (null!=postalAddressElement) mandatorElem.appendChild(postalAddressElement);
+	  } else {
+		  Element corporateBodyElem = mandatorDocument.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.CORPORATEBODY);
+		  corporateBodyElem.appendChild(createIdentificationElem(mandatorDocument, cbIdentificationType, cbIdentificationValue));
+		  corporateBodyElem.appendChild(createPersonDataElem(mandatorDocument, SZRGWConstants.FULLNAME, cbFullName));
+		  mandatorElem.appendChild(corporateBodyElem);
+	  }
+
+	  
+	  this.mandator = mandatorElem;
+  }
+
+  private Element createPersonDataElem(Document document, String elementName, String elementValue) {
+	  Element elem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + elementName);
+	  Node value = document.createTextNode(elementValue);
+	  elem.appendChild(value);
+	  return elem;
+  }
+
+  private Element createIdentificationElem(Document document, String identificationType, String identificationValue) {
+	  Element identificationElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.IDENTIFICATION);
+	  identificationElem.appendChild(createPersonDataElem(document, SZRGWConstants.VALUE, identificationValue));
+    identificationElem.appendChild(createPersonDataElem(document, SZRGWConstants.TYPE, identificationType));
+	  return identificationElem;
+  }
+  private Element createNameElem(Document document, String givenName, String familyName) {
+	  Element nameElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.NAME);
+	  nameElem.appendChild(createPersonDataElem(document, SZRGWConstants.GIVENNAME, givenName));
+	  nameElem.appendChild(createPersonDataElem(document, SZRGWConstants.FAMILYNAME, familyName));
+	  return nameElem;
+  }
+  private Element createPostalAddressElem(Document document, String postalCode, String municipality, String streetName, String buildingNumber, String unit) {
+
+    if (ParepUtils.isEmpty(postalCode) && ParepUtils.isEmpty(municipality) && ParepUtils.isEmpty(streetName)
+        && ParepUtils.isEmpty(buildingNumber) && ParepUtils.isEmpty(unit)) return null;
+    Element postalAddressElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.POSTALADDRESS);
+
+	  if (!ParepUtils.isEmpty(postalCode)) {
+		  postalAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.POSTALCODE, postalCode));
+	  }
+	  if (!ParepUtils.isEmpty(municipality)) {
+		  postalAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.MUNICIPALITY, municipality));
+	  }
+	  if (!ParepUtils.isEmpty(streetName) || !ParepUtils.isEmpty(buildingNumber) || !ParepUtils.isEmpty(unit)) {
+		  Element deliveryAddressElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.DELIVERYADDRESS);
+		  
+		  if (!ParepUtils.isEmpty(streetName)) {
+			  deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.STREETNAME, streetName));
+		  }
+		  if (!ParepUtils.isEmpty(buildingNumber)) {
+			  deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.BUILDINGNUMBER, buildingNumber));
+		  }
+		  if (!ParepUtils.isEmpty(unit)) {
+			  deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.UNIT, unit));
+		  }
+		  postalAddressElem.appendChild(deliveryAddressElem);
+	  }
+	  return postalAddressElem;
+  }
+
+  
+  
+  /**
+   * Sets the Representative.
+   * 
+   * @param params InfoboxValidatorParams contain the data of the representative.
+   * @param identificationType the type of the identification of the representative (has to be urn:publicid:gv.at:cdid).
+   * @param identificationValue the identification value (bPK).
+   */
+  public void setRepresentative(InfoboxValidatorParams params, String identificationType, String identificationValue) throws SZRGWClientException {
+
+	  Document representativeDocument = ParepUtils.createEmptyDocument();
+	  
+	  Element representativeElem = representativeDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE);
+//	  representativeElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+//	  representativeElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+	  
+	  representativeElem.appendChild(createIdentificationElem(representativeDocument, identificationType, identificationValue));
+	  representativeElem.appendChild(createNameElem(representativeDocument, params.getGivenName(), params.getFamilyName()));
+	  representativeElem.appendChild(createPersonDataElem(representativeDocument, SZRGWConstants.DATEOFBIRTH, params.getDateOfBirth()));
+	  
+	  this.representative = representativeElem;
+  }
+
+  /**
+   * @return the signature
+   */
+  public Element getSignature() {
+    return signature;
+  }
+
+  /**
+   * @param signature the signature to set
+   */
+  public void setSignature(Element signature) throws SZRGWClientException{
+    Document signatureDocument = ParepUtils.createEmptyDocument();
+    Element signatureElem = signatureDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + "Signature");
+    //SZR-gateway takes the first Signature
+    //signatureElem.setAttribute("SignatureLocation", "//saml:Assertion/dsig:Signature");
+    signatureElem.appendChild(signatureDocument.importNode(signature, true));
+    this.signature = signatureElem;
+  }
+  
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java
new file mode 100644
index 000000000..0f6ed8abf
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java
@@ -0,0 +1,130 @@
+package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.io.FileInputStream;
+import java.util.Hashtable;
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * This class implements a SZR-gateway CreateMandate Response.
+ * 
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class CreateMandateResponse {
+  
+  /**
+   * Result code of the request.
+   */
+  private int resultCode;
+  
+  /**
+   * Description of the result.
+   */
+  private String resultInfo;
+  
+  /**
+   * The returned mandate.
+   */
+  private Element mandate;
+
+  /**
+   * @return the resultCode
+   */
+  public int getResultCode() {
+    return resultCode;
+  }
+
+  /**
+   * @param resultCode the resultCode to set
+   */
+  public void setResultCode(String resultCode) {
+    if (resultCode!=null) {
+      this.resultCode = Integer.parseInt(resultCode);
+    } else {
+      this.resultCode = 0;
+    }
+  }
+
+  /**
+   * @return the resultInfo
+   */
+  public String getInfo() {
+    return resultInfo;
+  }
+
+  /**
+   * @param resultInfo the resultInfo to set
+   */
+  public void setInfo(String resultInfo) {
+    this.resultInfo = resultInfo;
+  }
+
+  /**
+   * @return the mandate
+   */
+  public Element getMandate() {
+    return mandate;
+  }
+
+  /**
+   * @param mandate the mandate to set
+   */
+  public void setMandate(Element mandate) {
+    this.mandate = mandate;
+  }
+
+  
+  /**
+   * Parses the SZR-gateway response.
+   * 
+   * @param response the SZR-gateway response.
+   * @throws SZRGWClientException if an error occurs.
+   */
+  public void parse(Element response) throws SZRGWClientException {
+    try {
+      
+      //  first check if response is a soap error
+      NodeList list = response.getElementsByTagName("faultstring");
+      if (list.getLength() > 0) {
+        throw new SZRGWClientException("Fehler bei SZR-Gateway: "+list.item(0).getChildNodes().item(0).getNodeValue());
+      }
+      
+      this.mandate = null;
+      this.resultCode = 2000;
+      this.resultInfo = null;
+      // parse single SZR-gateway results
+      Element nameSpaceNode = response.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+      
+      Node mandateNode = XPathAPI.selectSingleNode(response, "//" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_RESPONSE + "/" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATE, nameSpaceNode);
+      if (mandateNode!=null) {
+        this.mandate = (Element) mandateNode;
+      } else {
+        String errorResponse = "//" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_RESPONSE + "/" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.ERROR_RESPONSE + "/"; 
+        Node errorCode = XPathAPI.selectSingleNode(response, errorResponse + SZRGWConstants.SZRGW_PREFIX + "ErrorCode/text()", nameSpaceNode);
+        if (errorCode!=null) setResultCode(errorCode.getNodeValue());
+        Node errorInfo = XPathAPI.selectSingleNode(response, errorResponse + SZRGWConstants.SZRGW_PREFIX + "Info/text()", nameSpaceNode);
+        this.setInfo(errorInfo.getNodeValue());
+      }
+    } catch(Exception e) {
+      e.printStackTrace();
+      throw new SZRGWClientException(e);
+    }
+  }
+  
+  public static void main(String[] args) throws Exception {
+//    CreateMandateResponse resp = new CreateMandateResponse();
+//    Document doc = ParepUtils.readDocFromIs(new FileInputStream("c:/response2.xml"));
+//    Element response = doc.getDocumentElement();
+//    resp.parse(response);
+//    System.out.println(resp.getResultCode());
+//    System.out.println(resp.getInfo());
+//    if (resp.getMandate()!=null) ParepUtils.serializeElement(resp.getMandate(), System.out);
+  }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java
new file mode 100644
index 000000000..d9d248c81
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java
@@ -0,0 +1,23 @@
+package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+/**
+ * SOAP Envelope Constants.
+ * 
+ * @author <a href="mailto:arne.tauber@egiz.gv.at">Arne Tauber</a>
+ * @version $ $
+ **/
+public interface SOAPConstants {
+
+  /*
+   * Namespaces and namespace prefixes for SOAP message handling
+   */  
+  String SOAP_ENV_NS = "http://schemas.xmlsoap.org/soap/envelope/";
+  String SOAP_ENV_ENCODING_STYLE = "http://schemas.xmlsoap.org/soap/encoding/";
+  String SOAP_ENV_PREFIX = "soapenv:";
+  String SOAP_ENV_POSTFIX = ":soapenv";
+
+  String ENVELOPE = "Envelope";
+  String BODY = "Body";
+  String ENCODING_STYLE = "encodingStyle";
+  
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
new file mode 100644
index 000000000..1e6dc1039
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
@@ -0,0 +1,144 @@
+
+package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.security.Security;
+
+import javax.net.ssl.SSLSocketFactory;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.logging.Logger;
+
+
+/**
+ * This class implements a client for communication with the SZR-gateway
+ * <p>
+ * Two types of requests are supported
+ * <ol>
+ * <li>Basic Request</li>
+ * <li>Detailed Request</li>
+ * </ol>
+ * 
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWClient {
+  /**
+   * The URL of the SZR-gateway webservice.
+   */
+  private String address;
+  
+  /**
+   * The SSL socket factory when using a secure connection.
+   */
+  private SSLSocketFactory sSLSocketFactory;
+  
+  /**
+   * Constructor
+   */
+  public SZRGWClient() {
+  }
+
+  /**
+   * Constructor
+   * 
+   * @param address the URL of the SZR-gateway webservice.
+   */
+  public SZRGWClient(String address) {
+    this.address = address;
+  }
+  /**
+   * Sets the SSL socket factory.
+   * 
+   * @param factory the SSL socket factory.
+   */
+  public void setSSLSocketFactory(SSLSocketFactory factory) {
+    this.sSLSocketFactory = factory;
+  }
+  
+  /**
+   * Sets the SZR webservice URL
+   * 
+   * @param address the URL of the SZR-gateway webservice.
+   */
+  public void setAddress(String address) {
+    this.address = address;
+  }
+  
+  /**
+   * Creates a mandate.
+   * 
+   * @param reqElem the request.
+   * @return a SZR-gateway response containing the result
+   * @throws SZRGWException when an error occurs creating the mandate.
+   */
+  public CreateMandateResponse createMandateResponse(Element reqElem) throws SZRGWClientException {
+    Logger.info("Connecting to SZR-gateway.");
+    try {
+      if (address == null) {
+        throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null.");
+      }
+      HttpClient client = new HttpClient();
+      PostMethod method = new PostMethod(address);
+      method.setRequestHeader("SOAPAction", "");
+
+      
+      // ssl settings
+      if (sSLSocketFactory != null) {
+        SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); 
+        Protocol.registerProtocol("https", new Protocol("https", fac, 443));
+      }
+      
+      // create soap body
+      Element soapBody = getSOAPBody();
+      Document doc = soapBody.getOwnerDocument();
+      soapBody.appendChild(doc.importNode(reqElem, true));
+      Element requestElement = soapBody.getOwnerDocument().getDocumentElement();
+      
+      ByteArrayOutputStream bos = new ByteArrayOutputStream();
+      ParepUtils.serializeElementAsDocument(requestElement, bos);
+      
+      method.setRequestBody(new ByteArrayInputStream(bos.toByteArray()));
+
+      client.executeMethod(method);
+      CreateMandateResponse response = new CreateMandateResponse();
+      
+      bos = new ByteArrayOutputStream();
+      doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream());
+      
+      response.parse(doc.getDocumentElement());
+      
+      
+      return response;
+    } catch(Exception e) {
+      //e.printStackTrace();
+      throw new SZRGWClientException(e);
+    }
+  }
+  
+  /*
+   * builds an XML soap envelope
+   */
+  private Element getSOAPBody() throws SZRGWClientException {
+    Document doc_ = ParepUtils.createEmptyDocument();
+    Element root = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENVELOPE);
+    doc_.appendChild(root);
+    
+    root.setAttribute("xmlns" + SOAPConstants.SOAP_ENV_POSTFIX, SOAPConstants.SOAP_ENV_NS);
+    //root.setAttribute(SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENCODING_STYLE, SOAPConstants.SOAP_ENV_ENCODING_STYLE);
+    root.setAttribute("xmlns:xsd", "http://www.w3.org/2001/XMLSchema");
+    root.setAttribute("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance");
+        
+    Element body = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.BODY);
+    root.appendChild(body);
+    
+    return body;
+  }
+  
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java
new file mode 100644
index 000000000..11aaf289b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java
@@ -0,0 +1,37 @@
+package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+/**
+ * This class implements the basic exception type for the SZR-gateway client
+ * 
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWClientException extends Exception {
+
+  /*
+   * see super constructor.
+   */
+  public SZRGWClientException() {
+    super();
+  }
+
+  /*
+   * see super constructor.
+   */
+  public SZRGWClientException(String arg0) {
+    super(arg0);
+  }
+
+  /*
+   * see super construction.
+   */
+  public SZRGWClientException(Throwable arg0) {
+    super(arg0);
+  }
+
+  /*
+   * see super constructor
+   */
+  public SZRGWClientException(String arg0, Throwable arg1) {
+    super(arg0, arg1);
+  }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java
new file mode 100644
index 000000000..4f815f1e7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java
@@ -0,0 +1,51 @@
+package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+/**
+ * This interface specifies all the constants needed for the communication with the SZR-gateway.
+ * 
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public interface SZRGWConstants {
+
+  //PersonData
+  String PD_PREFIX = "pr:";
+  String PD_POSTFIX = ":pr";
+  String PERSON = "Person";
+  String PHYSICALPERSON = "PhysicalPerson";
+  String CORPORATEBODY = "CorporateBody";
+  String IDENTIFICATION = "Identification";
+  String VALUE = "Value";
+  String TYPE = "Type";
+  String NAME = "Name";
+  String GIVENNAME = "GivenName";
+  String FAMILYNAME = "FamilyName";
+  String DATEOFBIRTH = "DateOfBirth";
+  String FULLNAME = "FullName";
+  String ORGANIZATION = "Organization";
+  
+  String POSTALADDRESS = "PostalAddress";
+  String DELIVERYADDRESS = "DeliveryAddress";
+  String MUNICIPALITY = "Municipality";
+  String POSTALCODE = "PostalCode";
+  String STREETNAME = "StreetName";
+  String BUILDINGNUMBER = "BuildingNumber";
+  String UNIT = "Unit";
+  //String ADDRESS = "Address";
+  //String COUNTRYCODE = "CountryCode";
+  //String DOORNUMBER = "DoorNumber";
+
+  // SZR-gateway constants
+  String SZRGW_REQUEST_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
+  String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#";
+  String SZRGW_PREFIX = "sgw:";
+  String SZRGW_POSTFIX = ":sgw";
+  String CREATE_MANDATE_REQUEST = "CreateMandateRequest";
+  String CREATE_MANDATE_RESPONSE = "CreateMandateResponse";
+  String ERROR_RESPONSE = "ErrorResponse";
+  String MANDATOR = "Mandator";
+  String REPRESENTATIVE = "Representative";
+  String MANDATE = "Mandate";
+  String MANDATE_PREFIX = "md:";
+  String MANDATE_POSTFIX = ":md";
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java
new file mode 100644
index 000000000..41a07d146
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java
@@ -0,0 +1,94 @@
+package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import javax.net.ssl.SSLSocketFactory;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+
+
+/**
+ * This class implements a secure protocol socket factory
+ * for the Apache HTTP client.
+ * 
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory {
+
+  /**
+   * The SSL socket factory.
+   */
+  private SSLSocketFactory factory;
+  
+  /**
+   * Creates a new Secure socket factory for the
+   * Apache HTTP client.
+   * 
+   * @param factory the SSL socket factory to use.
+   */
+  public SZRGWSecureSocketFactory(SSLSocketFactory factory) {
+    this.factory = factory;
+  }
+  
+  
+  /**
+   * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
+   */
+  public Socket createSocket(
+      String host,
+      int port,
+      InetAddress clientHost,
+      int clientPort)
+      throws IOException, UnknownHostException {
+
+      return this.factory.createSocket(
+          host,
+          port,
+          clientHost,
+          clientPort
+      );
+  }
+
+  /**
+   * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
+   */
+  public Socket createSocket(String host, int port)
+      throws IOException, UnknownHostException {
+      return this.factory.createSocket(
+          host,
+          port
+      );
+  }
+
+  /**
+   * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
+   */
+  public Socket createSocket(
+      Socket socket,
+      String host,
+      int port,
+      boolean autoClose)
+      throws IOException, UnknownHostException {
+      return this.factory.createSocket(
+          socket,
+          host,
+          port,
+          autoClose
+      );
+  }
+
+  /**
+   * @see java.lang.Object#equals(java.lang.Object)
+   */
+  public boolean equals(Object obj) {
+      return ((obj != null) && obj.getClass().equals(SZRGWSecureSocketFactory.class));
+  }
+
+  /**
+   * @see java.lang.Object#hashCode()
+   */
+  public int hashCode() {
+      return SZRGWSecureSocketFactory.class.hashCode();
+  }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java
new file mode 100644
index 000000000..c56555b2e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java
@@ -0,0 +1,411 @@
+package at.gv.egovernment.moa.id.auth.validator.parep.config;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.util.HashMap;
+
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
+import at.gv.egovernment.moa.id.auth.validator.parep.PartyRepresentative;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * This class implements the Configuration.
+ * 
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class ParepConfiguration {
+
+  /**
+   * System property for config file.
+   */
+  public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config";
+
+  /**
+   * SZR-GW connection parameters.
+   */
+  private ConnectionParameter standardConnectionParameters;
+
+  /**
+   * Input field processor.
+   */
+  private String standardInputProcessorClass;
+
+  /**
+   * Input field processor template.
+   */
+  private String standardInputProcessorTemplate;
+  
+  /**
+   * Configured party representatives.
+   */
+  private HashMap partyRepresentatives;
+
+  /**
+   * The configuration element.
+   */
+  private Element configElement = null;
+
+  /**
+   * Defines whether the user input form must be shown on each 
+   * request or not (also predefined mandates)
+   */
+  private boolean alwaysShowForm = false;
+
+  /**
+   * The configuration base directory.
+   */
+  private String baseDir_;
+
+  /**
+   * Gets the SZR-GW connection parameters.
+   * 
+   * @return the connection parameters.
+   */
+  public ConnectionParameter getConnectionParameters(String representationID) {
+    if (partyRepresentatives == null || "*".equals(representationID))
+      return standardConnectionParameters;
+    PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+    ConnectionParameter connectionParameters = pr.getConnectionParameters();
+    if (connectionParameters==null) connectionParameters = standardConnectionParameters;
+    return connectionParameters;
+  }
+
+  /**
+   * Sets the SZR-GW connection parameters for standard connection.
+   * 
+   * @param connectionParameters
+   *          the connection parameters.
+   */
+  public void setStandardConnectionParameters(ConnectionParameter connectionParameters) {
+    this.standardConnectionParameters = connectionParameters;
+  }
+
+  /*
+   * 
+   */
+  public String getFullDirectoryName(String fileString) {
+    return makeAbsoluteURL(fileString, baseDir_);
+  }
+
+  /*
+   * 
+   */
+  private static String makeAbsoluteURL(String url, String root) {
+    // if url is relative to rootConfigFileDirName make it absolute
+
+    File keyFile;
+    String newURL = url;
+
+    if (null == url)
+      return null;
+
+    if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) {
+      return url;
+    } else {
+      // check if absolute - if not make it absolute
+      keyFile = new File(url);
+      if (!keyFile.isAbsolute()) {
+        keyFile = new File(root, url);
+        newURL = keyFile.getPath();
+      }
+      return newURL;
+    }
+  }
+
+  /**
+   * Initializes the configuration with a given XML configuration element found
+   * in the MOA-ID configuration.
+   * 
+   * @param configElem
+   *          the configuration element.
+   * @throws ConfigurationException
+   *           if an error occurs initializing the configuration.
+   */
+  public ParepConfiguration(Element configElem) throws ConfigurationException {
+
+    partyRepresentatives = new HashMap();
+    partyRepresentatives.put("*", new PartyRepresentative(true, true));
+
+    String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
+
+    try {
+
+      baseDir_ = (new File(fileName)).getParentFile().toURL().toString();
+      Logger.trace("Config base directory: " + baseDir_);
+      // check for configuration in system properties
+      if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) {
+        Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG)));
+        this.configElement = doc.getDocumentElement();
+      } else {
+        this.configElement = configElem;
+      }
+    } catch (Exception e) {
+      throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e);
+    }
+    load();
+  }
+
+  /*
+   * 
+   */
+  private void load() throws ConfigurationException {
+    Logger.debug("Parse ParepValidator Konfiguration");
+    try {
+      Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+      // nameSpaceNode.setAttribute("xmlns:sgw",
+      // SZRGWConstants.SZRGW_PROFILE_NS);
+
+      Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+          + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+      if (inputProcessorNode != null) {
+        this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template");
+        Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+            + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode);
+        if (inputProcessorClassNode != null) {
+          this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue();
+        }
+      }
+      Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+          + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode);
+      if (alwaysShowFormNode != null) {
+        this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue());
+      }
+
+      // load connection parameters
+      Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter");
+      Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+          + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode);
+      if (connectionParamElement != null) {
+        // parse connection parameters
+        // ParepUtils.serializeElement(connectionParamElement, System.out);
+        this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode);
+      }
+
+      Logger.debug("Lade Konfiguration der Parteienvertreter");
+      NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+          + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode);
+      for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) {
+
+        PartyRepresentative partyRepresentative = new PartyRepresentative();
+
+        Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i);
+        boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false;
+        boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false;
+        partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid"));
+        partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty);
+        partyRepresentative.setRepresentingCorporateParty(representCorporateParty);
+        partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText"));
+        
+        Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+        if (inputProcessorSubNode != null) {
+          partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template"));
+          Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX 
+              + ":InputProcessor/text()", nameSpaceNode);
+          if (inputProcessorClassSubNode != null) {
+            partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue());
+          }
+        }
+
+        Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+            + ":ConnectionParameter", nameSpaceNode);
+        if (connectionParamSubElement == null) {
+          if (this.standardConnectionParameters == null) {
+            throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter "
+                + partyRepresentative.getOid() + " fehlen.", null, null);
+          }
+        } else {
+          // parse connection parameters
+          // ParepUtils.serializeElement(connectionParamSubElement, System.out);
+          partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode));
+        }
+        partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative);
+        Logger.info("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty="
+            + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty() 
+            + ", representationText=" + partyRepresentative.getRepresentationText()
+            + ")");
+      }
+
+      Logger.debug("ParepValidator Konfiguration erfolgreich geparst.");
+    } catch (Exception e) {
+      throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e);
+    }
+  }
+
+  /*
+   * 
+   */
+  private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException {
+    try {
+      ConnectionParameter connectionParameter = new ConnectionParameter();
+
+      // parse connection url
+      String URL = connParamElement.getAttribute("URL");
+      connectionParameter.setUrl(URL);
+
+      // accepted server certificates
+      Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()",
+          nameSpaceNode);
+      if (accServerCertsNode != null) {
+
+        String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue());
+        Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir);
+        connectionParameter.setAcceptedServerCertificates(serverCertsDir);
+      }
+
+      // client key store
+      Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode);
+      if (clientKeyStoreNode != null) {
+        String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue());
+        connectionParameter.setClientKeyStore(clientKeystore);
+      }
+
+      // client key store password
+      Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password",
+          nameSpaceNode);
+      if (clientKeyStorePasswordNode != null) {
+        connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue());
+      }
+
+      return connectionParameter;
+    } catch (Exception e) {
+      throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
+    }
+  }
+
+  public boolean isPartyRepresentative(String representationID) {
+    if (partyRepresentatives == null)
+      return false;
+    PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+    return pr != null;
+  }
+
+  public boolean isRepresentingCorporateParty(String representationID) {
+    if (partyRepresentatives == null) return false;
+    PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+    if (pr == null) return false;
+    return pr.isRepresentingCorporateParty();
+  }
+
+  public boolean isRepresentingPhysicalParty(String representationID) {
+    if (partyRepresentatives == null) return false;
+    PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+    if (pr == null) return false;
+    return pr.isRepresentingPhysicalParty();
+  }
+  
+  public String getRepresentationText(String representationID) {
+    String result = ParepValidator.STANDARD_REPRESENTATION_TEXT;
+    if (partyRepresentatives != null) {
+      PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+      if (pr != null) {
+        if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText();
+      }
+    }
+    return result;
+  }
+
+  /**
+   * @return the input processor classname corresponding to <code>representationID</code>
+   * @param representationID
+   *          the representation ID.
+   */
+  public String getInputProcessorClass(String representationID) {
+    String inputProcessorClass = standardInputProcessorClass;
+    if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR;
+    if (!(partyRepresentatives == null || "*".equals(representationID))) {
+      PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+      if (pr!=null) {
+        String prInputProcessorClass = pr.getInputProcessorClass();
+        if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass;
+      }
+    }
+    return inputProcessorClass;
+  }
+
+  /**
+   * @param standardInputProcessorClass the standardInputProcessorClass to set
+   */
+  public void setStandardInputProcessorClass(String standardInputProcessorClass) {
+    this.standardInputProcessorClass = standardInputProcessorClass;
+  }
+
+  /**
+   * @return the InputProcessorTemplate
+   */
+  public String getInputProcessorTemplate(String representationID) {
+    String inputProcessorTemplate = standardInputProcessorTemplate;
+    if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE;
+    if (!(partyRepresentatives == null || "*".equals(representationID))) {
+      PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+      if (pr!=null) {
+        String prInputProcessorTemplate = pr.getInputProcessorTemplate();
+        if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate;
+      }
+    }
+    return inputProcessorTemplate;
+  }
+
+  /**
+   * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set
+   */
+  public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) {
+    this.standardInputProcessorTemplate = standardInputProcessorTemplate;
+  }
+
+  /**
+   * @return the alwaysShowForm
+   */
+  public boolean isAlwaysShowForm() {
+    return alwaysShowForm;
+  }
+
+  /**
+   * @param alwaysShowForm the alwaysShowForm to set
+   */
+  public void setAlwaysShowForm(String alwaysShowForm) {
+    if (ParepUtils.isEmpty(alwaysShowForm)) {
+      this.alwaysShowForm = false;
+    } else {
+      this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true");
+    }
+  }
+
+  public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException {
+    try {
+      Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+      Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode);
+      if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) {
+        return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true");
+      }
+      return false; 
+    } catch (Exception e) {
+      throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
+    }
+
+  }
+  
+  
+//  public static void main(String[] args) throws Exception {
+//  System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml");
+//  System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml");
+//  System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties");
+//  Configuration cfg = new Configuration(null);
+//  System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110"));
+//}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index 90b780526..27955602f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -79,6 +79,9 @@ public class ConfigurationBuilder {
   /** an XPATH-Expression */ 
   protected static final String AUTH_TEMPLATE_XPATH =
     ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "Template/@URL";
+  /** an XPATH-Expression */ 
+  protected static final String INPUT_PROCESSOR_TEMPLATE_XPATH =
+    ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "InputProcessorSignTemplate/@URL";
   /** an XPATH-Expression */ 
 	public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH =
     ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename";
@@ -392,6 +395,8 @@ public class ConfigurationBuilder {
     	  XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null);
     String templateURL =     
         XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null);
+    String inputProcessorSignTemplateURL =     
+      XPathUtils.getAttributeValue(configElem_, INPUT_PROCESSOR_TEMPLATE_XPATH, null);
     
     List OA_set = new ArrayList();
     NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH);
@@ -457,6 +462,7 @@ public class ConfigurationBuilder {
         oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate")));        
         oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL));
         oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL));        
+        oap.setInputProcessorSignTemplateURL(buildTemplateURL(authComponent, INPUT_PROCESSOR_TEMPLATE_XPATH, inputProcessorSignTemplateURL));        
         // load OA specific transforms if present
         String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH);        
         try {
@@ -669,7 +675,7 @@ public class ConfigurationBuilder {
     String identifier = number.getAttribute("Identifier");
     // remove all blanks
     identificationNumber = StringUtils.removeBlanks(identificationNumber);
-    if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn")) {
+    if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn") || identifier.equalsIgnoreCase("xfn")) {
       // delete zeros from the beginning of the number
       identificationNumber = StringUtils.deleteLeadingZeros(identificationNumber);
       // remove hyphens
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index ba3b61f9d..132bebce3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -64,6 +64,10 @@ public class OAAuthParameter extends OAParameter {
    * template for web page "Anmeldung mit B&uuml;rgerkarte"
    */
   private String templateURL;
+  /**
+   * template for web page "Signatur der Anmeldedaten"
+   */
+  private String inputProcessorSignTemplateURL;
   /**
    * Parameters for verifying infoboxes.
    */
@@ -163,6 +167,15 @@ public class OAAuthParameter extends OAParameter {
     return templateURL;
   } 
   
+  /**
+   * Returns the inputProcessorSignTemplateURL url.
+   * @return The inputProcessorSignTemplateURL url or <code>null</code> if no url for
+   *         a input processor sign template is set.
+   */
+  public String getInputProcessorSignTemplateURL() {
+    return inputProcessorSignTemplateURL;
+  }
+
   /**
    * Returns the parameters for verifying additional infoboxes.
    *
@@ -257,6 +270,16 @@ public class OAAuthParameter extends OAParameter {
 		this.templateURL = templateURL;
 	}
 
+  /**
+   * Sets the input processor sign form template url.
+   *
+   * @param inputProcessorSignTemplateURL The url string specifying the 
+   * location of the input processor sign form
+   */
+  public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) {
+    this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL;
+  }
+
   /**
    * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes.
    *
@@ -265,4 +288,5 @@ public class OAAuthParameter extends OAParameter {
   public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) {
     this.verifyInfoboxParameters = verifyInfoboxParameters;
   }
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
new file mode 100644
index 000000000..a4a89e183
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
@@ -0,0 +1,63 @@
+/**
+ * 
+ */
+package at.gv.egovernment.moa.id.util;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ *
+ */
+public class ServletUtils {
+  
+  /**
+   * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing 
+   * depending on the requests starting text.
+   * 
+   * @param resp The httpServletResponse
+   * @param session The current AuthenticationSession
+   * @param createXMLSignatureRequestOrRedirect The request
+   * @param servletGoal The servlet to which the redirect should happen
+   * @param servletName The servlet name for debug purposes
+   * @throws MOAIDException
+   * @throws IOException
+   */
+  public static void writeCreateXMLSignatureRequestOrRedirect(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName) 
+  throws MOAIDException,
+         IOException
+  { 
+    if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
+      resp.setStatus(307);
+      String dataURL = new DataURLBuilder().buildDataURL(
+        session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, session.getSessionID());
+      resp.addHeader("Location", dataURL);
+      
+      //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
+      resp.setContentType("text/xml;charset=UTF-8");
+      
+      OutputStream out = resp.getOutputStream();
+      out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
+      out.flush();
+      out.close();
+      Logger.debug("Finished POST " + servletName);
+    } else {
+      String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), servletGoal, session.getSessionID());
+      resp.setContentType("text/html");
+      resp.setStatus(302);
+      resp.addHeader("Location", redirectURL);
+      Logger.debug("REDIRECT TO: " + redirectURL);
+      
+    }
+  }
+
+}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 4cfa6f765..8e8f9583b 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -64,6 +64,7 @@ parser.07=Fehler beim Parsen: Assoziatives Array im {0}-InfoboxResponse enth
 
 builder.00=Fehler beim Aufbau der Struktur "{0}": {1}
 builder.01=Fehlerhaftes Template: Kennung "{0}" fehlt
+builder.02=Fehler beim Ausblenden von Stammzahlen
 
 service.00=Fehler beim Aufruf des Web Service: {0}
 service.01=Fehler beim Aufruf des Web Service: kein Endpoint
@@ -156,5 +157,11 @@ validator.49=Beim Ermitteln der Personenbindungs-OID im Zertifikat, mit dem die
 
 validator.50=Transformationskette in der Signatur stimmt mit keiner Transformationskette aus dem Prüfprofil überein.
 
+validator.60=Überprüfung der {0}-Infobox fehlgeschlagen: Vollmachtenprüfung ist für diesen Typ von Vollmachten nicht aktiviert. Die übermittelte Vollmacht kann nicht für eine Anmeldung verwendet werden.
+validator.61=Überprüfung der {0}-Infobox fehlgeschlagen: Vollmachtenprüfung ist für diesen Typ von Vollmachten für berufliche Parteienvertreter nicht aktiviert. Die übermittelte Vollmacht kann nicht für eine Anmeldung verwendet werden.
+validator.62=Fehler in der Übermittlung: keine primäre Vollmacht übergeben.
+validator.63=Es ist ein Fehler bei der Formulargenerierung für berufliche Parteienvetretung aufgetreten.
+validator.64=Fehler beim Austausch von Vollmachtsdaten
+validator.65=Es ist ein Fehler bei der Formulargenerierung für berufliche Parteienvetretung aufgetreten - kein Formular zur Anzeige vorhanden.
 
 ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html
new file mode 100644
index 000000000..a7608b9b4
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html
@@ -0,0 +1,134 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
+<html>
+<head>
+<BASE href="<BASE_href>">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Berufliche Parteieinvertretung</title>
+</head>
+<body>
+Berufliche Parteienvertretung einer nat&uuml;rlichen/juristischen Person
+<form name="ProcessInputForm" method="post" accept-charset="UTF-8" enctype="application/x-www-form-urlencoded"  action="<BASE_href>ProcessInput"> 
+  <table width="80%" border="0">
+    <tr/>  
+    <tr/>  
+    <tr>
+      <td colspan="3">
+          <em>Vertreter:</em></td>
+    </tr>
+    <tr>
+      <td align="right" width="20%">Vorname&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td ><input name="rpgivenname" type="text" disabled="true" id="rpgivenname" value="<rpgivenname>" size="50" readonly="true" />
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <td align="right">Name&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td><input name="rpfamilyname" type="text" disabled="true" id="rpfamilyname" value="<rpfamilyname>" size="50" readonly="true" />
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <td align="right">Geburtsdatum&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td><input name="rpdobyear" type="text" disabled="true" id="rpdobyear" value="<rpdobyear>" size="4" maxlength="4" readonly="true" />
+      - <input name="rpdobmonth" type="text" disabled="true" id="rpdobmonth" value="<rpdobmonth>" size="2" maxlength="2" readonly="true" />
+      - <input name="rpdobday" type="text" disabled="true" id="rpdobday" value="<rpdobday>" size="2" maxlength="2" readonly="true" />
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <td colspan="2"><br/>
+        <em>Ich bin berufsm&auml;&szlig;ig berechtigt  f&uuml;r die nachfolgend genannte Person in dessen Namen mit der B&uuml;rgerkarte einzuschreiten.</em></td>
+      <td>&nbsp;</td>
+    </tr>
+    <tr>
+      <td colspan="3"><br/>
+          <em>Vetretene Person:</em></td>
+    </tr>
+    <tr>
+      <td  colspan="3"><input name="physical" type="radio" physdisabled="" value="true" physselected="" />&nbsp;nat&uuml;rliche Person:&nbsp;</td>
+    </tr>
+    <tr>
+      <td align="right">Vorname&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td><input name="givenname" type="text" id="givenname" value="<givenname>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" alt="Vorname laut ZMR Schreibweise" border="0"/>
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <td align="right">Name&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td><input name="familyname" type="text" id="familyname" value="<familyname>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" alt="Familienname laut ZMR Schreibweise" border="0"/>
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <td align="right">Geburtsdatum&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td><input name="dobyear" type="text" id="dobyear" size="4" maxlength="4" value="<dobyear>" physdisabled="" />
+      - <input name="dobmonth" type="text" id="dobmonth" size="2" maxlength="2" value="<dobmonth>" physdisabled="" />
+      - <input name="dobday" type="text" id="dobday" size="2" maxlength="2" value="<dobday>" physdisabled="" />&nbsp;<img src="img/info.gif" alt="Format: JJJJ-MM-TT" border="0"/>
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <!--td align="right"><em>otional:</em> &nbsp;</td-->
+      <td align="center"><em>otional:</em></td>
+      <td colspan="2"/>
+    </tr>
+    <tr>
+      <td align="right">Stra&szlig;e&nbsp;</td>
+      <td><input name="streetname" type="text" id="streetname" value="<streetname>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" alt="Stra&uuml;e laut ZMR Schreibweise" border="0"/>
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <td align="right">Hausnmummer&nbsp;</td>
+      <td><input name="buildingnumber" type="text" id="buildingnumber" value="<buildingnumber>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" alt="Hausnummer laut ZMR Schreibweise" border="0"/>
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <td align="right">Einh. Nr.&nbsp;</td>
+      <td><input name="unit" type="text" id="unit" value="<unit>" size="50" physdisabled="" />&nbsp;<img src="img/info.gif" alt="Nutzungseinheitsnummer laut ZMR Schreibweise" border="0"/>
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <td align="right">Postleitzahl&nbsp;</td>
+      <td><input name="postalcode" type="text" id="postalcode" value="<postalcode>" size="50" physdisabled="" />&nbsp;<img src="img/info.gif" alt="Postleitzahl laut ZMR Schreibweise" border="0"/>
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <td align="right">Gemeinde&nbsp;</td>
+      <td><input name="municipality" type="text" id="municipality" value="<municipality>" size="50" physdisabled="" />&nbsp;<img src="img/info.gif" alt="Gemeinde laut ZMR Schreibweise" border="0"/>
+      </td>
+      <td></td>
+    </tr>
+    <tr>  
+	  <td colspan="3">&nbsp;</td>
+    </tr>  
+    <tr>
+      <td  colspan="3"><input name="physical" type="radio" cbdisabled="" value="false" cbselected=""/ >&nbsp;juristische Person:&nbsp;</td>
+    </tr>
+    <tr>
+      <td align="right">Name&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td><input name="fullname" type="text" cbdisabled="" id="fullname" value="<fullname>" size="50" />&nbsp;<img src="img/info.gif" alt="Name der Organisation laut ZMR Schreibweise" border="0"/>
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <td align="right"><select name="cbidentificationtype" size="1" cbseldisabled="">
+        <option value="urn:publicid:gv.at:baseid+XFN" fnselected="">Firmenbuchnummer</option>
+        <option value="urn:publicid:gv.at:baseid+XZVR" vrselected="">Vereinsnummer</option>
+        <option value="urn:publicid:gv.at:baseid+XERSB" ersbselected="">Ord.Nr.im Erg&auml;nzungsreg.</option>
+      </select>&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td><input name="cbidentificationvalue" type="text" cbdisabled="" id="cbidentificationvalue" value="<cbidentificationvalue>" size="50" />&nbsp;<img src="img/info.gif" alt="Ordnungsbegriff laut ZMR Schreibweise" border="0" />
+      </td>
+      <td></td>
+    </tr>
+  </table>
+  <br/><errortext>  
+  <p><em>Bitte halten Sie Ihre B&uuml;rgerkartenumgebung bereit.</em></p>  <p>   
+  <input name="MOASessionID" type="hidden" id="MOASessionID" value="<MOASessionID>"/>    
+  <input type="submit" name="Submit" value="      Weiter      "/>    
+  <input name="Clear" type="reset" id="Clear" value="Formular zur&uuml;cksetzen"/>  </p></form>
+</body>
+</html>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html
new file mode 100644
index 000000000..acfd9ead6
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html
@@ -0,0 +1,171 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
+
+<html>
+<head>
+<BASE href="<BASE_href>">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Berufliche Parteieinvertretung</title>
+<link href="css/styles.css" type="text/css" rel="stylesheet">
+<link href="css/styles_opera.css" type="text/css" rel="stylesheet">
+<link href="css/mandates.css" type="text/css" rel="stylesheet">
+
+<script src="formallg.js" type="text/javascript"></script>
+<script src="fa.js" type="text/javascript"></script>
+</head>
+<body>
+
+
+<div class="hleft">
+<!--Stammzahlenregisterbehörde<br/>-->
+<!--Ballhausplatz 2<br/>-->
+<!--1014 Wien-->
+</div>
+<div class="hright" align="right"><img src="img/egov_schrift.gif" alt="E-Gov Logo"/></div>
+<div class="htitle" align="left">
+  <h1>Berufliche Parteienvertretung</h1>
+</div>
+<div class="leiste1" align="center">
+Bitte beachten Sie
+</div>
+<div class="leiste2" align="center">
+</div>
+<div class="leiste3">
+<img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" />&nbsp; Feld muss ausgef&uuml;llt sein
+</div>
+<div class="leiste3">
+<img alt=" Hilfe zum Ausfüllen " src="img/info.gif" width="10" height="16" />&nbsp; Ausf&uuml;llhilfe
+</div>
+<div class="leiste3">
+<img alt=" Angabe bitte ergänzen oder richtig stellen! " src="img/rufezeichen.gif" width="10" height="16" />&nbsp; Fehlerhinweis</div>
+<div style="clear: both">&nbsp;</div>
+
+<h2>Berufliche Parteienvertretung einer nat&uuml;rlichen/juristischen Person
+</h2>
+<div class="boundingbox">
+<form name="ProcessInputForm" method="post" accept-charset="UTF-8" enctype="application/x-www-form-urlencoded"  action="<BASE_href>ProcessInput"> 
+  <table width="80%" border="0">
+    <tr/>  
+    <tr/>  
+    <tr>
+      <td colspan="3">
+          <em>Vertreter:</em></td>
+    </tr>
+    <tr>
+      <td align="right" width="20%">Vorname&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td ><input name="rpgivenname" type="text" disabled="true" id="rpgivenname" value="<rpgivenname>" size="50" readonly="true" />
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <td align="right">Name&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td><input name="rpfamilyname" type="text" disabled="true" id="rpfamilyname" value="<rpfamilyname>" size="50" readonly="true" />
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <td align="right">Geburtsdatum&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td><input name="rpdobyear" type="text" disabled="true" id="rpdobyear" value="<rpdobyear>" size="4" maxlength="4" readonly="true" />
+      - <input name="rpdobmonth" type="text" disabled="true" id="rpdobmonth" value="<rpdobmonth>" size="2" maxlength="2" readonly="true" />
+      - <input name="rpdobday" type="text" disabled="true" id="rpdobday" value="<rpdobday>" size="2" maxlength="2" readonly="true" />
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <td colspan="2"><br/>
+        <em>Ich bin berufsm&auml;&szlig;ig berechtigt  f&uuml;r die nachfolgend genannte Person in dessen Namen mit der B&uuml;rgerkarte einzuschreiten.</em></td>
+      <td>&nbsp;</td>
+    </tr>
+    <tr>
+      <td colspan="3"><br/>
+          <em>Vetretene Person:</em></td>
+    </tr>
+    <tr>
+      <td  colspan="3"><input name="physical" type="radio" physdisabled="" value="true" physselected="" />&nbsp;nat&uuml;rliche Person:&nbsp;</td>
+    </tr>
+    <tr>
+      <td align="right">Vorname&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td><input name="givenname" type="text" id="givenname" value="<givenname>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" alt="Vorname laut ZMR Schreibweise" border="0"/>
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <td align="right">Name&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td><input name="familyname" type="text" id="familyname" value="<familyname>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" alt="Familienname laut ZMR Schreibweise" border="0"/>
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <td align="right">Geburtsdatum&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td><input name="dobyear" type="text" id="dobyear" size="4" maxlength="4" value="<dobyear>" physdisabled="" />
+      - <input name="dobmonth" type="text" id="dobmonth" size="2" maxlength="2" value="<dobmonth>" physdisabled="" />
+      - <input name="dobday" type="text" id="dobday" size="2" maxlength="2" value="<dobday>" physdisabled="" />&nbsp;<img src="img/info.gif" alt="Format: JJJJ-MM-TT" border="0"/>
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <!--td align="right"><em>otional:</em> &nbsp;</td-->
+      <td align="center"><em>otional:</em></td>
+      <td colspan="2"/>
+    </tr>
+    <tr>
+      <td align="right">Stra&szlig;e&nbsp;</td>
+      <td><input name="streetname" type="text" id="streetname" value="<streetname>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" alt="Stra&uuml;e laut ZMR Schreibweise" border="0"/>
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <td align="right">Hausnmummer&nbsp;</td>
+      <td><input name="buildingnumber" type="text" id="buildingnumber" value="<buildingnumber>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" alt="Hausnummer laut ZMR Schreibweise" border="0"/>
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <td align="right">Einh. Nr.&nbsp;</td>
+      <td><input name="unit" type="text" id="unit" value="<unit>" size="50" physdisabled="" />&nbsp;<img src="img/info.gif" alt="Nutzungseinheitsnummer laut ZMR Schreibweise" border="0"/>
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <td align="right">Postleitzahl&nbsp;</td>
+      <td><input name="postalcode" type="text" id="postalcode" value="<postalcode>" size="50" physdisabled="" />&nbsp;<img src="img/info.gif" alt="Postleitzahl laut ZMR Schreibweise" border="0"/>
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <td align="right">Gemeinde&nbsp;</td>
+      <td><input name="municipality" type="text" id="municipality" value="<municipality>" size="50" physdisabled="" />&nbsp;<img src="img/info.gif" alt="Gemeinde laut ZMR Schreibweise" border="0"/>
+      </td>
+      <td></td>
+    </tr>
+    <tr>  
+	  <td colspan="3">&nbsp;</td>
+    </tr>  
+    <tr>
+      <td  colspan="3"><input name="physical" type="radio" cbdisabled="" value="false" cbselected=""/ >&nbsp;juristische Person:&nbsp;</td>
+    </tr>
+    <tr>
+      <td align="right">Name&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td><input name="fullname" type="text" cbdisabled="" id="fullname" value="<fullname>" size="50" />&nbsp;<img src="img/info.gif" alt="Name der Organisation laut ZMR Schreibweise" border="0"/>
+      </td>
+      <td></td>
+    </tr>
+    <tr>
+      <td align="right"><select name="cbidentificationtype" size="1" cbseldisabled="">
+        <option value="urn:publicid:gv.at:baseid+XFN" fnselected="">Firmenbuchnummer</option>
+        <option value="urn:publicid:gv.at:baseid+XZVR" vrselected="">Vereinsnummer</option>
+        <option value="urn:publicid:gv.at:baseid+XERSB" ersbselected="">Ord.Nr.im Erg&auml;nzungsreg.</option>
+      </select>&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td><input name="cbidentificationvalue" type="text" cbdisabled="" id="cbidentificationvalue" value="<cbidentificationvalue>" size="50" />&nbsp;<img src="img/info.gif" alt="Ordnungsbegriff laut ZMR Schreibweise" border="0" />
+      </td>
+      <td></td>
+    </tr>
+  </table>
+  <br/><errortext>  
+  <p><em>Bitte halten Sie Ihre B&uuml;rgerkartenumgebung bereit.</em></p>  <p>   
+  <input name="MOASessionID" type="hidden" id="MOASessionID" value="<MOASessionID>"/>    
+  <input type="submit" name="Submit" value="      Weiter      "/>    
+  <input name="Clear" type="reset" id="Clear" value="Formular zur&uuml;cksetzen"/>  </p></form>
+
+</div>
+</body>
+</html>
diff --git a/id/server/pom.xml b/id/server/pom.xml
index 246aec38d..c7c938666 100644
--- a/id/server/pom.xml
+++ b/id/server/pom.xml
@@ -4,14 +4,14 @@
     <parent>
         <groupId>MOA</groupId>
         <artifactId>id</artifactId>
-        <version>1.4.2beta1</version>
+        <version>1.4.2beta2</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>MOA.id</groupId>
     <artifactId>moa-id</artifactId>
     <packaging>pom</packaging>
-    <version>1.4.2beta1</version>
+    <version>1.4.2beta2</version>
     <name>MOA ID Server</name>
 
     <modules>
diff --git a/id/server/proxy/.classpath b/id/server/proxy/.classpath
new file mode 100644
index 000000000..5d93de69c
--- /dev/null
+++ b/id/server/proxy/.classpath
@@ -0,0 +1,4 @@
+<classpath>
+  <classpathentry kind="output" path="target/classes"/>
+  <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+</classpath>
\ No newline at end of file
diff --git a/id/server/proxy/.project b/id/server/proxy/.project
new file mode 100644
index 000000000..4e175804c
--- /dev/null
+++ b/id/server/proxy/.project
@@ -0,0 +1,14 @@
+<projectDescription>
+  <name>moa-id-proxy</name>
+  <comment/>
+  <projects/>
+  <buildSpec>
+    <buildCommand>
+      <name>org.eclipse.jdt.core.javabuilder</name>
+      <arguments/>
+    </buildCommand>
+  </buildSpec>
+  <natures>
+    <nature>org.eclipse.jdt.core.javanature</nature>
+  </natures>
+</projectDescription>
\ No newline at end of file
diff --git a/id/server/proxy/.settings/org.eclipse.jdt.core.prefs b/id/server/proxy/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 000000000..5ffa1b7e5
--- /dev/null
+++ b/id/server/proxy/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,5 @@
+#Wed Aug 22 09:50:03 CEST 2007
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.3
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.3
+org.eclipse.jdt.core.compiler.compliance=1.3
diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml
index 218ee02f9..172bb99b5 100644
--- a/id/server/proxy/pom.xml
+++ b/id/server/proxy/pom.xml
@@ -2,7 +2,7 @@
 	<parent>
 		<groupId>MOA.id</groupId>
 		<artifactId>moa-id</artifactId>
-		<version>1.4.2beta1</version>
+		<version>1.4.2beta2</version>
 	</parent>
 	
 	<properties>
@@ -13,7 +13,7 @@
 	<groupId>MOA.id.server</groupId>
 	<artifactId>moa-id-proxy</artifactId>
 	<packaging>war</packaging>
-	<version>1.4.2beta1</version>
+	<version>1.4.2beta2</version>
 	<name>MOA ID-Proxy WebService</name>
 	
 	<build>
diff --git a/id/templates/.classpath b/id/templates/.classpath
new file mode 100644
index 000000000..5d93de69c
--- /dev/null
+++ b/id/templates/.classpath
@@ -0,0 +1,4 @@
+<classpath>
+  <classpathentry kind="output" path="target/classes"/>
+  <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+</classpath>
\ No newline at end of file
diff --git a/id/templates/.project b/id/templates/.project
new file mode 100644
index 000000000..f0a8631ce
--- /dev/null
+++ b/id/templates/.project
@@ -0,0 +1,14 @@
+<projectDescription>
+  <name>moa-id-templates</name>
+  <comment/>
+  <projects/>
+  <buildSpec>
+    <buildCommand>
+      <name>org.eclipse.jdt.core.javabuilder</name>
+      <arguments/>
+    </buildCommand>
+  </buildSpec>
+  <natures>
+    <nature>org.eclipse.jdt.core.javanature</nature>
+  </natures>
+</projectDescription>
\ No newline at end of file
diff --git a/id/templates/.settings/org.eclipse.jdt.core.prefs b/id/templates/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 000000000..c959c9def
--- /dev/null
+++ b/id/templates/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,5 @@
+#Wed Aug 22 09:50:02 CEST 2007
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.3
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.3
+org.eclipse.jdt.core.compiler.compliance=1.3
diff --git a/id/templates/pom.xml b/id/templates/pom.xml
index bbcd53262..ea6ac7c4f 100644
--- a/id/templates/pom.xml
+++ b/id/templates/pom.xml
@@ -4,14 +4,14 @@
     <parent>
         <groupId>MOA</groupId>
         <artifactId>id</artifactId>
-        <version>1.4.2beta1</version>
+        <version>1.4.2beta2</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>MOA.id</groupId>
     <artifactId>moa-id-templates</artifactId>
     <packaging>war</packaging>
-    <version>1.4.2beta1</version>
+    <version>1.4.2beta2</version>
     <name>MOA ID Sample Templates</name>
 
     <properties>
diff --git a/id/templates/src/main/webapp/SampleInputProcessorSignTemplate.html b/id/templates/src/main/webapp/SampleInputProcessorSignTemplate.html
new file mode 100644
index 000000000..c9b0a37b3
--- /dev/null
+++ b/id/templates/src/main/webapp/SampleInputProcessorSignTemplate.html
@@ -0,0 +1,45 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>MOA ID - Identifizierter Zugang mit B&uuml;rgerkarte</title>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+  <meta name="Author" content="Max Mustermann">
+  <meta name="keywords" content="MOA-ID">
+  <link rel="stylesheet" type="text/css" href="/moaid-templates/css/main.css">
+  <link rel="stylesheet" type="text/css" href="/moaid-templates/css/display.css" media="screen,projection,tv,handheld">
+  <script language="javascript" type="text/javascript">
+    //<!--
+    function autoSubmit() {
+      document.VerifyAuthBlockForm.submitButton.disabled=true;
+      document.VerifyAuthBlockForm.submit();
+    } //-->
+  </script>
+</head>
+
+<body onLoad="autoSubmit()">
+<img src="/moaid-templates/SampleLogo.gif" alt='Organisation XY'>
+<h1 align="center">Sicherer Zugang zur Online-Anwendung mit B&uuml;rgerkarte</h1>
+<p></p>
+
+Der identifizierte Zugang erfolgt &uuml;ber die Module f&uuml;r Online Applikationen (MOA) unter Verwendung einer B&uuml;rgerkarte und deren Signaturfunktion.
+
+<p></p>
+<p>Sie werden in ku&uuml;rze zur Signatur der Anmeldedaten aufgefordert. Wenn sie diese
+signieren, so werden sie zur Online-Anwendung weitergeleitet und angemeldet.</p>
+
+<form name="VerifyAuthBlockForm" action="<BKU>" method="post" enctype="application/x-www-form-urlencoded">
+  <div align="center">
+    <input type="hidden" name="XMLRequest" value="<XMLRequest>"/>
+    <input type="hidden" name="DataURL" value="<DataURL>"/>
+    <input type="hidden" name="PushInfobox" value="<PushInfobox>"/>
+    <input type="submit" value="Signieren der Anmeldedaten" id="submitButton"/>
+  </div>
+</form>
+
+<div align="right"><a href="http://validator.w3.org/check?uri=http://localhost:8080/moaid-templates/SampleTemplate.html"><img border="0"
+          src="/moaid-templates/valid-html401.gif"
+          alt="Valid HTML 4.01!" height="31" width="88"></a> </div>
+<p align="right">&nbsp; </p>
+
+</body>
+</html>
diff --git a/id/templates/src/main/webapp/SampleTemplate.html b/id/templates/src/main/webapp/SampleTemplate.html
index e9756a036..824c7153c 100644
--- a/id/templates/src/main/webapp/SampleTemplate.html
+++ b/id/templates/src/main/webapp/SampleTemplate.html
@@ -2,11 +2,11 @@
 <html>
 <head>
 <title>MOA ID - Identifizierter Zugang mit B&uuml;rgerkarte</title>
-	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-	<meta name="Author" content="Max Mustermann">
-	<meta name="keywords" content="MOA-ID">
-    <link rel="stylesheet" type="text/css" href="/moaid-templates/css/main.css">
-    <link rel="stylesheet" type="text/css" href="/moaid-templates/css/display.css" media="screen,projection,tv,handheld">
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+  <meta name="Author" content="Max Mustermann">
+  <meta name="keywords" content="MOA-ID">
+  <link rel="stylesheet" type="text/css" href="/moaid-templates/css/main.css">
+  <link rel="stylesheet" type="text/css" href="/moaid-templates/css/display.css" media="screen,projection,tv,handheld">
 </head>
 
 <body>
@@ -24,33 +24,18 @@ signieren, so werden sie zur Online-Anwendung weitergeleitet und angemeldet.</p>
 
 <form name="CustomizedForm" action="<BKU>" method="post">
   <div align="center">
-    <input type="hidden"
-        name="XMLRequest"
-        value="<XMLRequest>"/>
-    <input type="hidden"
-        name="DataURL"
-        value="<DataURL>"/>
-    <input type="hidden"
-        name="PushInfobox"
-        value="<PushInfobox>"/>
+    <input type="hidden" name="XMLRequest" value="<XMLRequest>"/>
+    <input type="hidden" name="DataURL" value="<DataURL>"/>
+    <input type="hidden" name="PushInfobox" value="<PushInfobox>"/>
     <input type="submit" value="Anmeldung mit B&uuml;rgerkarte" name="submit"/>
   </div>
 </form>
-<form name="CustomizedInfoForm"
- action="<BKU>"
- method="post">
-  <input type="hidden"
-        name="XMLRequest"
-        value="<CertInfoXMLRequest>"/>
-    <input type="hidden"
-        name="DataURL"
-        value="<CertInfoDataURL>"/>
-
-
+<form name="CustomizedInfoForm" action="<BKU>" method="post">
+  <input type="hidden" name="XMLRequest" value="<CertInfoXMLRequest>"/>
+  <input type="hidden" name="DataURL" value="<CertInfoDataURL>"/>
 <br/>
 <p></p>
-
- <input type="hidden" value="Weitere Info"/>
+  <input type="hidden" value="Weitere Info"/>
 </form>
 
 <div align="right"><a href="http://validator.w3.org/check?uri=http://localhost:8080/moaid-templates/SampleTemplate.html"><img border="0"
diff --git a/pom.xml b/pom.xml
index 8a8ddde0c..c39c0b8ac 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
     <groupId>MOA</groupId>
     <artifactId>MOA</artifactId>
     <packaging>pom</packaging>
-    <version>1.4.2beta1</version>
+    <version>1.4.2beta2</version>
     <name>MOA</name>
 
     <properties>
@@ -154,6 +154,11 @@
                 <artifactId>commons-fileupload</artifactId>
                 <version>1.1.1</version>
             </dependency>
+            <dependency>
+               <groupId>commons-httpclient</groupId>
+               <artifactId>commons-httpclient</artifactId>
+               <version>2.0.2</version>
+            </dependency>
             <dependency>
                 <groupId>dav4j</groupId>
                 <artifactId>dav4j</artifactId>
@@ -176,25 +181,25 @@
             <dependency>
                 <groupId>MOA</groupId>
                 <artifactId>moa-common</artifactId>
-                <version>1.4.2beta1</version>
+                <version>1.4.2beta2</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
                 <groupId>MOA.id.server</groupId>
                 <artifactId>moa-id-lib</artifactId>
-                <version>1.4.2beta1</version>
+                <version>1.4.2beta2</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
                 <groupId>MOA.spss.server</groupId>
                 <artifactId>moa-spss-lib</artifactId>
-                <version>1.4.2beta1</version>
+                <version>1.4.2beta2</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
                 <groupId>MOA</groupId>
                 <artifactId>moa-common</artifactId>
-                <version>1.4.2beta1</version>
+                <version>1.4.2beta2</version>
                 <type>test-jar</type>
                 <scope>test</scope>
             </dependency>
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar
new file mode 100644
index 000000000..cd45919a0
Binary files /dev/null and b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar differ
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.md5 b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.md5
new file mode 100644
index 000000000..b509a4bd0
--- /dev/null
+++ b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.md5
@@ -0,0 +1 @@
+bab560c68f9b32974db19ac6b819ab05
\ No newline at end of file
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.sha1 b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.sha1
new file mode 100644
index 000000000..49cea445c
--- /dev/null
+++ b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.sha1
@@ -0,0 +1 @@
+020581160238796f10fe534e335f0f7cbe29159c
\ No newline at end of file
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom
new file mode 100644
index 000000000..4e3a79da1
--- /dev/null
+++ b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?><project>
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>at.gv.egovernment.moa.id</groupId>
+  <artifactId>mandate-validate</artifactId>
+  <version>1.0</version>
+  <description>Mandate Infobox Validator for MOA-ID</description>
+</project>
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.md5 b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.md5
new file mode 100644
index 000000000..489105d20
--- /dev/null
+++ b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.md5
@@ -0,0 +1 @@
+aede47770bdc200272ab25dc592ba9a2
\ No newline at end of file
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.sha1 b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.sha1
new file mode 100644
index 000000000..9a8d887f5
--- /dev/null
+++ b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.sha1
@@ -0,0 +1 @@
+6ab04e68a562187282f0ec40209a07353f12c325
\ No newline at end of file
diff --git a/spss/handbook/.settings/org.eclipse.jdt.core.prefs b/spss/handbook/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 000000000..93a06227e
--- /dev/null
+++ b/spss/handbook/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,5 @@
+#Fri Aug 31 11:22:24 CEST 2007
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.3
+org.eclipse.jdt.core.compiler.compliance=1.3
+org.eclipse.jdt.core.compiler.source=1.3
diff --git a/spss/handbook/clients/api/.classpath b/spss/handbook/clients/api/.classpath
new file mode 100644
index 000000000..d8f291998
--- /dev/null
+++ b/spss/handbook/clients/api/.classpath
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/spss/handbook/clients/api/.project b/spss/handbook/clients/api/.project
new file mode 100644
index 000000000..e46cff8c4
--- /dev/null
+++ b/spss/handbook/clients/api/.project
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>moa-spss-handbook-apiClient</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.maven.ide.eclipse.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>org.maven.ide.eclipse.maven2Nature</nature>
+	</natures>
+</projectDescription>
diff --git a/spss/handbook/clients/referencedData/.classpath b/spss/handbook/clients/referencedData/.classpath
new file mode 100644
index 000000000..d8f291998
--- /dev/null
+++ b/spss/handbook/clients/referencedData/.classpath
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/spss/handbook/clients/referencedData/.project b/spss/handbook/clients/referencedData/.project
new file mode 100644
index 000000000..dc5cac687
--- /dev/null
+++ b/spss/handbook/clients/referencedData/.project
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>moa-spss-handbook-referencedData</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.maven.ide.eclipse.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>org.maven.ide.eclipse.maven2Nature</nature>
+	</natures>
+</projectDescription>
diff --git a/spss/handbook/clients/webservice/.classpath b/spss/handbook/clients/webservice/.classpath
new file mode 100644
index 000000000..0e7468e05
--- /dev/null
+++ b/spss/handbook/clients/webservice/.classpath
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" path="src/main/java"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/spss/handbook/clients/webservice/.project b/spss/handbook/clients/webservice/.project
new file mode 100644
index 000000000..4ba485b19
--- /dev/null
+++ b/spss/handbook/clients/webservice/.project
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>moa-spss-handbook-webserviceClient</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.maven.ide.eclipse.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>org.maven.ide.eclipse.maven2Nature</nature>
+	</natures>
+</projectDescription>
diff --git a/spss/handbook/clients/webservice/.settings/org.eclipse.jdt.core.prefs b/spss/handbook/clients/webservice/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 000000000..1e3e5d4c9
--- /dev/null
+++ b/spss/handbook/clients/webservice/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,5 @@
+#Tue Sep 04 14:06:58 CEST 2007
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.2
+org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.source=1.3
diff --git a/spss/handbook/clients/webservice/resources/requests/CreateXMLSignatureRequest.Simple.response.xml b/spss/handbook/clients/webservice/resources/requests/CreateXMLSignatureRequest.Simple.response.xml
new file mode 100644
index 000000000..cb966151b
--- /dev/null
+++ b/spss/handbook/clients/webservice/resources/requests/CreateXMLSignatureRequest.Simple.response.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<CreateXMLSignatureResponse xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><SignatureEnvironment><dsig:Signature Id="signature-1-1"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/><dsig:Reference Id="reference-1-1" URI="#xpointer(id('signed-data-1-1-1')/node())"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>tLODyeiWFbAkQKwhrR23jtcgu4k=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>2tI1Wv/LsUKr0hcsWSYXSHne7kbCBXGFrIiI/1WfAH2ba8vT5kVfJn4NOBOBatLA</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIELjCCAxagAwIBAgIBEzANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJBVDEQ
+MA4GA1UEChMHVFUgR3JhejENMAsGA1UECxMERUdJWjEUMBIGA1UEAxMLTU9BIFRl
+c3QgQ0EwHhcNMDcwODIzMTM1ODU0WhcNMTIwODIzMTM1ODU0WjBpMQswCQYDVQQG
+EwJBVDEQMA4GA1UEChMHVFUgR1JBWjENMAsGA1UECxMERUdJWjE5MDcGA1UEAxMw
+VGVzdCBTaWduYXR1cmRpZW5zdCBhbGxlciBLdW5kZW46IEVDRFNBIChQMTkydjEp
+MIHzMIG8BgcqhkjOPQIBMIGwAgEBMCQGByqGSM49AQECGQD/////////////////
+///+//////////8wNAQY/////////////////////v/////////8BBhkIQUZ5ZyA
+5w+n6atyJDBJ/rje7MFGubEEMQQYjagOsDCQ9ny/IOtDoYgA9P8K/YL/EBIHGSuV
+/8jaeGMQEe1rJM3Vc/l3oR55SBECGQD///////////////+Z3vg2FGvJsbTSKDEC
+AQEDMgAExf78b6N6BUhK+FHmunDUCQefSxpQmC6m4yq/+pqdDMJalTWATFhQwZqE
+qSMXJ2Tqo4IBNDCCATAwDgYDVR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYD
+VR0OBBYEFBrwapQSMwabwPPOijtgOu3iNlt3MHAGA1UdIARpMGcwZQYMKwYBBAGV
+EgECewEBMFUwUwYIKwYBBQUHAgIwRxpFVGhpcyBjZXJ0aWZpY2F0ZSBvbmx5IG1h
+eSBiZSB1c2VkIGZvciBkZW1vbnN0cmF0aW9uIGFuZCB0ZXN0IHB1cnBvc2VzMEYG
+A1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9tb2EtaWRzcHNzLmVnb3ZsYWJzLmd2LmF0
+L2NybHMvbW9hLXRlc3QtY2EuY3JsMBYGByooAAoBAQEECxMJRUdJWi1UZXN0MB8G
+A1UdIwQYMBaAFFKXvB3Ugd6H51ClcBGdjhYJNiRSMA0GCSqGSIb3DQEBBQUAA4IB
+AQB60RLi9zIwF/Rmy/Wo0yf1/ZktElIt91vfBsXlpgLJ4Q6ol/4hTjMJ4FIa8GOl
+0b9dIkEe+WGq77JFJVgltsRoJfQBSvnK9jdLfB5YJD0ETDnMdckBV+RsxkEtl5Lr
+IrT6vExyJUAWz15XJiHgkYZncJCBTy1oh8f3V8cR1VZYwO4QBRDwRdVdZsaL5PME
+vvLrcAMJhF5fS4AiqMex2Eh2kav5t6/I5bmB4CKEe+0+dPO8DGl7areEfzQEPd8p
+jkkX5PnxriQvZfgVzwrdXGDqMTnBNaRtCGMiQU/0kp21a6BVtT4am27yr9p3ddhl
+z7sJ4Z6ys1bwB0on/O65tdn7</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="signed-data-1-1-1">Diese Daten werden signiert.</dsig:Object></dsig:Signature></SignatureEnvironment></CreateXMLSignatureResponse>
\ No newline at end of file
diff --git a/spss/handbook/clients/webservice/resources/requests/CreateXMLSignatureRequest.Supplements.response.xml b/spss/handbook/clients/webservice/resources/requests/CreateXMLSignatureRequest.Supplements.response.xml
new file mode 100644
index 000000000..ac5d0a52f
--- /dev/null
+++ b/spss/handbook/clients/webservice/resources/requests/CreateXMLSignatureRequest.Supplements.response.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<CreateXMLSignatureResponse xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><ErrorResponse><ErrorCode>2237</ErrorCode><Info>Fehler beim Auflösen der internen Referenz (URI=Para2)</Info></ErrorResponse></CreateXMLSignatureResponse>
\ No newline at end of file
diff --git a/spss/handbook/conf/moa-spss/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 b/spss/handbook/conf/moa-spss/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9
new file mode 100644
index 000000000..cac44093a
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 differ
diff --git a/spss/handbook/conf/moa-spss/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 b/spss/handbook/conf/moa-spss/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330
new file mode 100644
index 000000000..32893db7f
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 differ
diff --git a/spss/handbook/conf/moa-spss/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/069519EC949AC6B91D4C33A3F3665441F0220D20 b/spss/handbook/conf/moa-spss/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/069519EC949AC6B91D4C33A3F3665441F0220D20
new file mode 100644
index 000000000..8b501d747
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/069519EC949AC6B91D4C33A3F3665441F0220D20 differ
diff --git a/spss/handbook/conf/moa-spss/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/2F5EBA5055E9F7444852ADCEEB769E5DE157A03D b/spss/handbook/conf/moa-spss/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/2F5EBA5055E9F7444852ADCEEB769E5DE157A03D
new file mode 100644
index 000000000..b4b128903
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/2F5EBA5055E9F7444852ADCEEB769E5DE157A03D differ
diff --git a/spss/handbook/conf/moa-spss/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/A149EE01A250491C07D5A279D3B58A646288DA22 b/spss/handbook/conf/moa-spss/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/A149EE01A250491C07D5A279D3B58A646288DA22
new file mode 100644
index 000000000..7c6adedf5
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/A149EE01A250491C07D5A279D3B58A646288DA22 differ
diff --git a/spss/handbook/conf/moa-spss/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/AD8ECBB67B9DC59406F92A296A38192297A4F169 b/spss/handbook/conf/moa-spss/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/AD8ECBB67B9DC59406F92A296A38192297A4F169
new file mode 100644
index 000000000..70f5b7c91
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/AD8ECBB67B9DC59406F92A296A38192297A4F169 differ
diff --git a/spss/handbook/conf/moa-spss/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914 b/spss/handbook/conf/moa-spss/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914
new file mode 100644
index 000000000..911640d0e
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914 differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer
new file mode 100644
index 000000000..32893db7f
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer
new file mode 100644
index 000000000..cac44093a
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer differ
diff --git a/spss/pom.xml b/spss/pom.xml
index ca95ac9d0..97ccf975e 100644
--- a/spss/pom.xml
+++ b/spss/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <groupId>MOA</groupId>
         <artifactId>MOA</artifactId>
-        <version>1.4.2beta1</version>
+        <version>1.4.2beta2</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/spss/server/history.txt b/spss/server/history.txt
index 8e81af838..55e595d9d 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -1,5 +1,5 @@
 ##############
-1.4.2 beta 1
+1.4.2 beta1
 ##############
 
 - Performance-Verbesserungen bei der Verwendnung von externen Referenzen. Diese 
diff --git a/spss/server/serverlib/.classpath b/spss/server/serverlib/.classpath
new file mode 100644
index 000000000..01edb156d
--- /dev/null
+++ b/spss/server/serverlib/.classpath
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" path="src/main/java"/>
+	<classpathentry kind="src" path="src/test/java"/>
+	<classpathentry excluding="**" kind="src" output="src/main/resources" path="src/main/resources"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/spss/server/serverlib/.project b/spss/server/serverlib/.project
new file mode 100644
index 000000000..8038e29f2
--- /dev/null
+++ b/spss/server/serverlib/.project
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>moa-spss-lib</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.wst.common.project.facet.core.builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.maven.ide.eclipse.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.wst.validation.validationbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>org.maven.ide.eclipse.maven2Nature</nature>
+		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
+		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
+		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
+	</natures>
+</projectDescription>
diff --git a/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs b/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 000000000..c7b8a7c31
--- /dev/null
+++ b/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,7 @@
+#Wed Oct 10 21:50:15 CEST 2007
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
+org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=warning
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=warning
+org.eclipse.jdt.core.compiler.source=1.4
diff --git a/spss/server/serverlib/.settings/org.eclipse.wst.common.component b/spss/server/serverlib/.settings/org.eclipse.wst.common.component
new file mode 100644
index 000000000..ebc030867
--- /dev/null
+++ b/spss/server/serverlib/.settings/org.eclipse.wst.common.component
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+<wb-module deploy-name="moa-spss-lib">
+<wb-resource deploy-path="/" source-path="/src/main/java"/>
+<wb-resource deploy-path="/" source-path="/src/test/java"/>
+<wb-resource deploy-path="/" source-path="/src/main/resources"/>
+</wb-module>
+</project-modules>
diff --git a/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml b/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml
new file mode 100644
index 000000000..30c02fe23
--- /dev/null
+++ b/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<faceted-project>
+  <fixed facet="jst.java"/>
+  <fixed facet="jst.utility"/>
+  <installed facet="jst.java" version="1.4"/>
+  <installed facet="jst.utility" version="1.0"/>
+</faceted-project>
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml
index 514b43b82..b5c9c1ec2 100644
--- a/spss/server/serverlib/pom.xml
+++ b/spss/server/serverlib/pom.xml
@@ -9,7 +9,7 @@
 	<groupId>MOA.spss.server</groupId>
 	<artifactId>moa-spss-lib</artifactId>
 	<packaging>jar</packaging>
-	<version>1.4.2beta1</version>
+	<version>1.4.2beta2</version>
 	<name>MOA SP/SS API</name>
 
 	<properties>
diff --git a/spss/server/serverlib/src/main/java/META-INF/MANIFEST.MF b/spss/server/serverlib/src/main/java/META-INF/MANIFEST.MF
new file mode 100644
index 000000000..5e9495128
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/META-INF/MANIFEST.MF
@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Class-Path: 
+
diff --git a/spss/server/serverws/.classpath b/spss/server/serverws/.classpath
new file mode 100644
index 000000000..8cd9e4eb8
--- /dev/null
+++ b/spss/server/serverws/.classpath
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+	<classpathentry kind="con" path="org.eclipse.jst.server.core.container/org.eclipse.jst.server.tomcat.runtimeTarget/Apache Tomcat v5.0"/>
+	<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.web.container"/>
+	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/spss/server/serverws/.project b/spss/server/serverws/.project
new file mode 100644
index 000000000..692cf0e90
--- /dev/null
+++ b/spss/server/serverws/.project
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>moa-spss-ws</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.wst.common.project.facet.core.builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.wst.validation.validationbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.maven.ide.eclipse.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>org.maven.ide.eclipse.maven2Nature</nature>
+		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
+		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
+		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
+	</natures>
+</projectDescription>
diff --git a/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs b/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 000000000..920508ded
--- /dev/null
+++ b/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,7 @@
+#Mon Sep 03 15:53:43 CEST 2007
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
+org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+org.eclipse.jdt.core.compiler.source=1.4
diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.component b/spss/server/serverws/.settings/org.eclipse.wst.common.component
new file mode 100644
index 000000000..06aa22f01
--- /dev/null
+++ b/spss/server/serverws/.settings/org.eclipse.wst.common.component
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+<wb-module deploy-name="moa-spss">
+<wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+<property name="context-root" value="moa-spss"/>
+<property name="java-output-path" value="target/classes"/>
+</wb-module>
+</project-modules>
diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml b/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml
new file mode 100644
index 000000000..94d50aad1
--- /dev/null
+++ b/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<faceted-project>
+  <installed facet="jst.java" version="1.4"/>
+  <installed facet="jst.web" version="2.4"/>
+</faceted-project>
diff --git a/spss/server/serverws/WebContent/META-INF/MANIFEST.MF b/spss/server/serverws/WebContent/META-INF/MANIFEST.MF
new file mode 100644
index 000000000..5e9495128
--- /dev/null
+++ b/spss/server/serverws/WebContent/META-INF/MANIFEST.MF
@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Class-Path: 
+
diff --git a/spss/server/serverws/WebContent/WEB-INF/web.xml b/spss/server/serverws/WebContent/WEB-INF/web.xml
new file mode 100644
index 000000000..b3b3ad52d
--- /dev/null
+++ b/spss/server/serverws/WebContent/WEB-INF/web.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
+	<display-name>
+	moa-spss-ws</display-name>
+	<welcome-file-list>
+		<welcome-file>index.html</welcome-file>
+		<welcome-file>index.htm</welcome-file>
+		<welcome-file>index.jsp</welcome-file>
+		<welcome-file>default.html</welcome-file>
+		<welcome-file>default.htm</welcome-file>
+		<welcome-file>default.jsp</welcome-file>
+	</welcome-file-list>
+</web-app>
diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml
index 82293df82..b96ddf39f 100644
--- a/spss/server/serverws/pom.xml
+++ b/spss/server/serverws/pom.xml
@@ -10,7 +10,7 @@
     <groupId>MOA.spss.server</groupId>
     <artifactId>moa-spss-ws</artifactId>
     <packaging>war</packaging>
-    <version>1.4.2beta1</version>
+    <version>1.4.2beta2</version>
     <name>MOA SP/SS WebService</name>
 
     <properties>
diff --git a/spss/server/tools/.classpath b/spss/server/tools/.classpath
new file mode 100644
index 000000000..82972d400
--- /dev/null
+++ b/spss/server/tools/.classpath
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" path="src/main/java"/>
+	<classpathentry excluding="**" kind="src" output="src/main/resources" path="src/main/resources"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/spss/server/tools/.project b/spss/server/tools/.project
new file mode 100644
index 000000000..4b3ffd512
--- /dev/null
+++ b/spss/server/tools/.project
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>moa-spss-tools</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.maven.ide.eclipse.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>org.maven.ide.eclipse.maven2Nature</nature>
+	</natures>
+</projectDescription>
diff --git a/spss/server/tools/.settings/org.eclipse.jdt.core.prefs b/spss/server/tools/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 000000000..cc6503a3c
--- /dev/null
+++ b/spss/server/tools/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,5 @@
+#Wed Sep 12 09:45:48 CEST 2007
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
+org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.source=1.4
-- 
cgit v1.2.3


From 6f2ee1010dac8d42aba52d33a716a91a50f1f136 Mon Sep 17 00:00:00 2001
From: pdanner <pdanner@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Fri, 19 Oct 2007 10:04:39 +0000
Subject: Changed language of mandate SAML-attributes

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1026 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../conf/moa-id/SampleMOAIDConfiguration.xml       |   6 +--
 .../conf/moa-id/SampleMOAIDConfigurationProxy.xml  |   6 +--
 .../SampleMOAIDConfiguration_withTestBKs.xml       |   6 +--
 .../SampleMOAIDConfiguration_withTestBKsProxy.xml  |   6 +--
 .../conf/moa-id/SampleMOAWIDConfiguration.xml      |   6 +--
 .../conf/moa-id/SampleMOAWIDConfigurationProxy.xml |   6 +--
 .../SampleMOAWIDConfiguration_withTestBKs.xml      |   6 +--
 .../SampleMOAWIDConfiguration_withTestBKsProxy.xml |   6 +--
 .../moa-id/transforms/TransformsInfoAuthBlock.xml  |  26 ++++++------
 .../transforms/TransformsInfoAuthBlockText.xml     |  22 +++++------
 .../TransformsInfoAuthBlockText_deprecated.xml     |  22 +++++------
 .../TransformsInfoAuthBlock_deprecated.xml         |  26 ++++++------
 .../moa-spss/profiles/MOAIDTransformAuthBlock.xml  |  24 +++++------
 .../profiles/MOAIDTransformAuthBlockText.xml       |  22 +++++------
 .../MOAIDTransformAuthBlockText_deprecated.xml     |  22 +++++------
 .../MOAIDTransformAuthBlock_deprecated.xml         |  28 ++++++-------
 .../moa/id/auth/AuthenticationServer.java          |   2 +-
 .../validator/parep/ParepInputProcessorImpl.java   |   2 +-
 .../id/auth/validator/parep/ParepValidator.java    |  32 +++++++--------
 .../resources/templates/ParepMinTemplate.html      |  36 ++++++++---------
 .../resources/templates/ParepTemplate.html         |  44 ++++++++++-----------
 .../mandate-validate/1.0/mandate-validate-1.0.jar  | Bin 24357 -> 24293 bytes
 .../1.0/mandate-validate-1.0.jar.md5               |   2 +-
 .../1.0/mandate-validate-1.0.jar.sha1              |   2 +-
 24 files changed, 180 insertions(+), 180 deletions(-)

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index 0f3f9dbba..43846cc2d 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -78,12 +78,12 @@
               <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
             </ConnectionParameter>
             <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
             <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
             <!-- Ziviltechniker -->
             <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
               <!- - Standardklasse, die Daten vervollstaendigt - ->
               <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index ab99176dd..d72e91c47 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -78,12 +78,12 @@
               <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
             </ConnectionParameter>
             <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
             <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
             <!-- Ziviltechniker -->
             <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
               <!- - Standardklasse, die Daten vervollstaendigt - ->
               <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 25485432d..89b0e03f8 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -87,12 +87,12 @@
               <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
             </ConnectionParameter>
             <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
             <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
             <!-- Ziviltechniker -->
             <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
               <!- - Standardklasse, die Daten vervollstaendigt - ->
               <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index 05db0b923..2d39157b8 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -86,12 +86,12 @@
               <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
             </ConnectionParameter>
             <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
             <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
             <!-- Ziviltechniker -->
             <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
               <!- - Standardklasse, die Daten vervollstaendigt - ->
               <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index 0b2fc2189..d3441754e 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -78,12 +78,12 @@
               <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
             </ConnectionParameter>
             <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
             <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
             <!-- Ziviltechniker -->
             <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
               <!- - Standardklasse, die Daten vervollstaendigt - ->
               <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index 8643998d5..c2bd2ec78 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -78,12 +78,12 @@
               <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
             </ConnectionParameter>
             <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
             <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
             <!-- Ziviltechniker -->
             <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
               <!- - Standardklasse, die Daten vervollstaendigt - ->
               <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index 1b21fa767..3d843364b 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -86,12 +86,12 @@
               <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
             </ConnectionParameter>
             <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
             <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
             <!-- Ziviltechniker -->
             <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
               <!- - Standardklasse, die Daten vervollstaendigt - ->
               <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 55d1654fe..62c1c0c58 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -86,12 +86,12 @@
               <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
             </ConnectionParameter>
             <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
             <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
             <!-- Ziviltechniker -->
             <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
               <!- - Standardklasse, die Daten vervollstaendigt - ->
               <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
index 2ee27aae1..5549f12e0 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
@@ -55,13 +55,13 @@
 										<xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
 									</td>
 								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+								<xsl:if test="//saml:Attribute[@AttributeName='Target']">
 									<tr>
 										<td class="boldstyle">
 											Geschäftsbereich:
 										</td>
 										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='Target']/saml:AttributeValue"/>
 										</td>
 									</tr>
 								</xsl:if>
@@ -114,43 +114,43 @@
 									</tr>
 								</xsl:if>
 							</table>
-							<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']">
-								<p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p>
+							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+								<p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p>
 								<table>
 									<tr>
 										<td class="boldstyle">
 											Name:
 										</td>
 										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
 										</td>
 									</tr>
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
 										<tr>
 											<td class="boldstyle">
 												Geburtsdatum:
 											</td>
 											<td>
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>.
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>.
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/>
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>.
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>.
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
 											</td>
 										</tr>
 									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
 										<tr>
 											<td colspan="2">
-												<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/>
+												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
 											</td>
 										</tr>
 									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']">
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
 										<tr>
 											<td class="boldstyle">
 												wbPK (*):
 											</td>
 											<td>
-												<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/>
+												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
 											</td>
 										</tr>
 									</xsl:if>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
index ecc60a481..2db5a8334 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
@@ -42,20 +42,20 @@
 							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
 								<h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4>
 							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']">
+							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
 								<hr/>
-								<h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/>
-									von <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">, geboren am 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/>
+								<h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+									von <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">, geboren am 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
 									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">, 
-										<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">, 
+										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
 									</xsl:if>, in dessen Auftrag zu handeln.
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']">
-										<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/></h4>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+										<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
 									</xsl:if>
 								</h4>
 								<p/>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
index 894e82ff8..87d489719 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
@@ -38,20 +38,20 @@
 							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
 								<h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4>
 							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']">
+							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
 								<hr/>
-								<h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/>
-									von <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">, geboren am 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/>
+								<h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+									von <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">, geboren am 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
 									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">, 
-										<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">, 
+										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
 									</xsl:if>, in dessen Auftrag zu handeln.
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']">
-										<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/></h4>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+										<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
 									</xsl:if>
 								</h4>
 								<p/>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml
index 348546f8d..ab58ac772 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml
@@ -49,13 +49,13 @@
 										<xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
 									</td>
 								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+								<xsl:if test="//saml:Attribute[@AttributeName='Target']">
 									<tr>
 										<td>
 											<b>Geschäftsbereich:</b>
 										</td>
 										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='Target']/saml:AttributeValue"/>
 										</td>
 									</tr>
 								</xsl:if>
@@ -108,43 +108,43 @@
 									</tr>
 								</xsl:if>
 							</table>
-							<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']">
-								<p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p>
+							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+								<p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p>
 								<table>
 									<tr>
 										<td>
 											<b>Name:</b>
 										</td>
 										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
 										</td>
 									</tr>
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
 										<tr>
 											<td>
 												<b>Geburtsdatum:</b>
 											</td>
 											<td>
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>.
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>.
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/>
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>.
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>.
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
 											</td>
 										</tr>
 									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
 										<tr>
 											<td colspan="2">
-												<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/>
+												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
 											</td>
 										</tr>
 									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']">
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
 										<tr>
 											<td>
 												<b>wbPK (*):</b>
 											</td>
 											<td>
-												<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/>
+												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
 											</td>
 										</tr>
 									</xsl:if>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
index b84093ed1..e13b1da9d 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
@@ -29,7 +29,7 @@
 								</tr>
 								<tr>
 									<td class="boldstyle">
-										Geburtsdatum:
+										Geburtdatum:
 									</td>
 									<td>
 										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
@@ -115,43 +115,43 @@
 									</tr>
 								</xsl:if>
 							</table>
-							<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']">
-								<p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p>
+							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+								<p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p>
 								<table>
 									<tr>
 										<td class="boldstyle">
 											Name:
 										</td>
 										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
 										</td>
 									</tr>
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
 										<tr>
 											<td class="boldstyle">
 												Geburtsdatum:
 											</td>
 											<td>
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>.
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>.
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/>
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>.
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>.
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
 											</td>
 										</tr>
 									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
 										<tr>
 											<td colspan="2">
-												<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/>
+												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
 											</td>
 										</tr>
 									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']">
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
 										<tr>
 											<td class="boldstyle">
 												wbPK (*):
 											</td>
 											<td>
-												<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/>
+												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
 											</td>
 										</tr>
 									</xsl:if>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
index cd207e04c..d28d58c10 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
@@ -43,20 +43,20 @@
 							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
 								<h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4>
 							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']">
+							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
 								<hr/>
-								<h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/>
-									von <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">, geboren am 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/>
+								<h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+									von <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">, geboren am 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
 									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">, 
-										<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">, 
+										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
 									</xsl:if>, in dessen Auftrag zu handeln.
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']">
-										<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/></h4>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+										<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
 									</xsl:if>
 								</h4>
 								<p/>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml
index 31e00ec9f..b151346bc 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml
@@ -39,20 +39,20 @@
 							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
 								<h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4>
 							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']">
+							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
 								<hr/>
-								<h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/>
-									von <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">, geboren am 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/>
+								<h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+									von <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">, geboren am 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>.
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
 									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">, 
-										<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">, 
+										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
 									</xsl:if>, in dessen Auftrag zu handeln.
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']">
-										<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/></h4>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+										<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
 									</xsl:if>
 								</h4>
 								<p/>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml
index bcf0cd7ce..00acc5720 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml
@@ -34,7 +34,7 @@
 								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
 									<tr>
 										<td>
-											<b>Rolle im Gesundheitsbereich:</b>
+											<b>Rolle im Gesundheitsbereich:<b>
 										</td>
 										<td>
 											<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
@@ -50,13 +50,13 @@
 										<xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
 									</td>
 								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+								<xsl:if test="//saml:Attribute[@AttributeName='Target']">
 									<tr>
 										<td>
 											<b>Geschäftsbereich:</b>
 										</td>
 										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='Target']/saml:AttributeValue"/>
 										</td>
 									</tr>
 								</xsl:if>
@@ -109,43 +109,43 @@
 									</tr>
 								</xsl:if>
 							</table>
-							<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']">
-								<p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p>
+							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+								<p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p>
 								<table>
 									<tr>
 										<td>
 											<b>Name:</b>
 										</td>
 										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
 										</td>
 									</tr>
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
 										<tr>
 											<td>
 												<b>Geburtsdatum:</b>
 											</td>
 											<td>
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>.
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>.
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/>
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>.
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>.
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
 											</td>
 										</tr>
 									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
 										<tr>
 											<td colspan="2">
-												<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/>
+												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
 											</td>
 										</tr>
 									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']">
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
 										<tr>
 											<td>
 												<b>wbPK (*):</b>
 											</td>
 											<td>
-												<xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/>
+												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
 											</td>
 										</tr>
 									</xsl:if>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index bf5bd70bd..bac66eeab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1096,7 +1096,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       boolean keepAssertion = false;
       try {
         String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.KeepAssertion");
-        if ((null!=boolStr && boolStr.equalsIgnoreCase("true"))) keepAssertion = true;//Only allowed for debug purposes!!!
+        if (null!=boolStr && boolStr.equalsIgnoreCase("true")) keepAssertion = true;//Only allowed for debug purposes!!!
       } catch (ConfigurationException ex) {
         throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString()});
       }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java
index 80ef7c304..bfbbaede6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java
@@ -185,7 +185,7 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{
         }
         if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext;
         if (!ParepUtils.isEmpty(error)) {
-          error = "<div class=\"errortext\"> <img alt=\" Angabe bitte ergänzen oder richtig stellen! \" src=\"img/rufezeichen.gif\" width=\"10\" height=\"16\" />&nbsp; " + error + "</div>";
+          error = "<div class=\"errortext\"> <img alt=\"Rufezeichen\" src=\"img/rufezeichen.gif\" width=\"10\" height=\"16\" />&nbsp; " + error + "</div>";
         }
         form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error);
         if (form == null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
index cfe84dbc2..30a8da50c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
@@ -64,7 +64,7 @@ public class ParepValidator implements InfoboxValidator {
   private String form = null;
   
   /** unspecified error of parep-validator (must not know more about)*/
-  private final static String COMMON_ERROR = "Es ist ein Fehler bei der Überprüfung für berufliche Parteienvetretung aufgetreten";
+  private final static String COMMON_ERROR = "Es ist ein Fehler bei der Überprüfung für berufsmäßige Parteienvetretung aufgetreten";
   
   /** Default class to gather remaining mandator data. */
   public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl";
@@ -73,17 +73,17 @@ public class ParepValidator implements InfoboxValidator {
   public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html";
   
   /** kind of representation text in AUTH block*/
-  public final static String STANDARD_REPRESENTATION_TEXT = "beruflicher Parteienvertreter";
+  public final static String STANDARD_REPRESENTATION_TEXT = "berufsmäßige(r) Parteienvertreter(in)";
   
   /** Names of the produced SAML-attributes. */
-  public final static String EXT_SAML_MANDATE_RAW = "Vollmacht";
-  public final static String EXT_SAML_MANDATE_NAME = "MachtgeberName";
-  public final static String EXT_SAML_MANDATE_DOB = "MachtgeberGeburtsdatum";
-  public final static String EXT_SAML_MANDATE_WBPK = "MachtgeberWbpk";
-  public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "VertretungsArt";
+  public final static String EXT_SAML_MANDATE_RAW = "Mandate";
+  public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
+  public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
+  public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
+  public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
 
   /** register and register number for non physical persons - the domain identifier for business applications*/
-  public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MachtgeberRegisternummer";
+  public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
 
   /**
    * Parses the XML configuration element and creates the validators configuration
@@ -112,7 +112,7 @@ public class ParepValidator implements InfoboxValidator {
     InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
 
     try {
-      Logger.debug("Starte Organwalter-/berufliche Parteienvertreterprüfung.");
+      Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung.");
       this.params = params;
       
       Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList());
@@ -160,7 +160,7 @@ public class ParepValidator implements InfoboxValidator {
       Configure(this.params.getApplicationSpecificParams());
       // check if we have a configured party representative for that
       if (!parepConfiguration.isPartyRepresentative(representationID)) {
-        Logger.info("Kein beruflicher Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
+        Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
         validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
         return validationResult;
       }
@@ -271,7 +271,7 @@ public class ParepValidator implements InfoboxValidator {
   public InfoboxValidationResult validate(Map parameters) throws ValidateException {
 
     InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
-    Logger.debug("Intermediate processing von Organwalter-/beruflicher Parteienvertreterprüfung");
+    Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
     Logger.debug("Prüfe im Formular ausgefüllte Daten...");
     if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString());
 
@@ -282,11 +282,11 @@ public class ParepValidator implements InfoboxValidator {
       validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
       return validationResult;
     }
-    extendedSamlAttributes.clear();
+
     addAuthBlockExtendedSamlAttributes();
     validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
     validationResult.setValid(true);
-    Logger.debug("Intermediate processing von Organwalter-/beruflicher Parteienvertreterprüfung erfolgreich beendet");
+    Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
     return validationResult;
   }
   
@@ -298,7 +298,7 @@ public class ParepValidator implements InfoboxValidator {
   public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException {
 
     InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
-    Logger.debug("Post processing von Organwalter-/beruflicher Parteienvertreterprüfung");
+    Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
     this.form = "";
     try {
       
@@ -375,7 +375,7 @@ public class ParepValidator implements InfoboxValidator {
 
         validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
         validationResult.setValid(true);
-        Logger.debug("Post processing von Organwalter-/beruflicher Parteienvertreterprüfung erfolgreich beendet");
+        Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
       } else {
         String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage";
         String responseInfo = response.getInfo();
@@ -548,9 +548,9 @@ public class ParepValidator implements InfoboxValidator {
    * name of the mandator has to be set
    */
   private void addAuthBlockExtendedSamlAttributes() {
+    extendedSamlAttributes.clear();
     extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
     Element mandator = request.getMandator();
-    extendedSamlAttributes.clear();
     // Name
     String name = ParepUtils.extractMandatorName(mandator);
     extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html
index 40421d7d5..84aaf2072 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html
@@ -6,7 +6,7 @@
 <title>Berufliche Parteieinvertretung</title>
 </head>
 <body>
-Berufliche Parteienvertretung einer nat&uuml;rlichen/juristischen Person
+Berufsm&auml;&szlig;ige Parteienvertretung einer nat&uuml;rlichen/juristischen Person
 <form name="ProcessInputForm" method="post" accept-charset="UTF-8" enctype="application/x-www-form-urlencoded"  action="<BASE_href>ProcessInput"> 
   <table width="80%" border="0">
     <tr/>  
@@ -16,19 +16,19 @@ Berufliche Parteienvertretung einer nat&uuml;rlichen/juristischen Person
           <em>Vertreter:</em></td>
     </tr>
     <tr>
-      <td align="right" width="20%">Vorname&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td align="right" width="20%">Vorname&nbsp;<img title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern" src="img/stern.gif" width="10" height="16" /></td>
       <td ><input name="rpgivenname_" type="text" disabled="true" id="rpgivenname" value="<rpgivenname>" size="50" readonly="true" />
       </td>
       <td></td>
     </tr>
     <tr>
-      <td align="right">Name&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td align="right">Name&nbsp;<img title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern" src="img/stern.gif" width="10" height="16" /></td>
       <td><input name="rpfamilyname_" type="text" disabled="true" id="rpfamilyname" value="<rpfamilyname>" size="50" readonly="true" />
       </td>
       <td></td>
     </tr>
     <tr>
-      <td align="right">Geburtsdatum&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td align="right">Geburtsdatum&nbsp;<img title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern" src="img/stern.gif" width="10" height="16" /></td>
       <td><input name="rpdobyear_" type="text" disabled="true" id="rpdobyear" value="<rpdobyear>" size="4" maxlength="4" readonly="true" />
       - <input name="rpdobmonth_" type="text" disabled="true" id="rpdobmonth" value="<rpdobmonth>" size="2" maxlength="2" readonly="true" />
       - <input name="rpdobday_" type="text" disabled="true" id="rpdobday" value="<rpdobday>" size="2" maxlength="2" readonly="true" />
@@ -48,22 +48,22 @@ Berufliche Parteienvertretung einer nat&uuml;rlichen/juristischen Person
       <td  colspan="3"><input name="physical_" type="radio" physdisabled="" value="true" physselected="" />&nbsp;nat&uuml;rliche Person:&nbsp;</td>
     </tr>
     <tr>
-      <td align="right">Vorname&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td align="right">Vorname&nbsp;<img title=" Dieses Feld muss ausgef&uuml;llt sein!"  alt="Stern" src="img/stern.gif" width="10" height="16" /></td>
       <td><input name="givenname_" type="text" id="givenname" value="<givenname>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" alt="Vorname laut ZMR Schreibweise" border="0"/>
       </td>
       <td></td>
     </tr>
     <tr>
-      <td align="right">Name&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
-      <td><input name="familyname_" type="text" id="familyname" value="<familyname>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" alt="Familienname laut ZMR Schreibweise" border="0"/>
+      <td align="right">Name&nbsp;<img title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern" src="img/stern.gif" width="10" height="16" /></td>
+      <td><input name="familyname_" type="text" id="familyname" value="<familyname>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" title="Familienname laut ZMR Schreibweise" alt="Info" border="0"/>
       </td>
       <td></td>
     </tr>
     <tr>
-      <td align="right">Geburtsdatum&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td align="right">Geburtsdatum&nbsp;<img title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern" src="img/stern.gif" width="10" height="16" /></td>
       <td><input name="dobyear_" type="text" id="dobyear" size="4" maxlength="4" value="<dobyear>" physdisabled="" />
       - <input name="dobmonth_" type="text" id="dobmonth" size="2" maxlength="2" value="<dobmonth>" physdisabled="" />
-      - <input name="dobday_" type="text" id="dobday" size="2" maxlength="2" value="<dobday>" physdisabled="" />&nbsp;<img src="img/info.gif" alt="Format: JJJJ-MM-TT" border="0"/>
+      - <input name="dobday_" type="text" id="dobday" size="2" maxlength="2" value="<dobday>" physdisabled="" />&nbsp;<img src="img/info.gif" title="Format: JJJJ-MM-TT" alt="Info" border="0"/>
       </td>
       <td></td>
     </tr>
@@ -74,31 +74,31 @@ Berufliche Parteienvertretung einer nat&uuml;rlichen/juristischen Person
     </tr>
     <tr>
       <td align="right">Stra&szlig;e&nbsp;</td>
-      <td><input name="streetname_" type="text" id="streetname" value="<streetname>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" alt="Stra&uuml;e laut ZMR Schreibweise" border="0"/>
+      <td><input name="streetname_" type="text" id="streetname" value="<streetname>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" title="Stra&uuml;e laut ZMR Schreibweise" border="0"/>
       </td>
       <td></td>
     </tr>
     <tr>
       <td align="right">Hausnmummer&nbsp;</td>
-      <td><input name="buildingnumber_" type="text" id="buildingnumber" value="<buildingnumber>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" alt="Hausnummer laut ZMR Schreibweise" border="0"/>
+      <td><input name="buildingnumber_" type="text" id="buildingnumber" value="<buildingnumber>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" title="Hausnummer laut ZMR Schreibweise" alt="Info" border="0"/>
       </td>
       <td></td>
     </tr>
     <tr>
       <td align="right">Einh. Nr.&nbsp;</td>
-      <td><input name="unit_" type="text" id="unit" value="<unit>" size="50" physdisabled="" />&nbsp;<img src="img/info.gif" alt="Nutzungseinheitsnummer laut ZMR Schreibweise" border="0"/>
+      <td><input name="unit_" type="text" id="unit" value="<unit>" size="50" physdisabled="" />&nbsp;<img src="img/info.gif" title="Nutzungseinheitsnummer laut ZMR Schreibweise" alt="Info" border="0"/>
       </td>
       <td></td>
     </tr>
     <tr>
       <td align="right">Postleitzahl&nbsp;</td>
-      <td><input name="postalcode_" type="text" id="postalcode" value="<postalcode>" size="50" physdisabled="" />&nbsp;<img src="img/info.gif" alt="Postleitzahl laut ZMR Schreibweise" border="0"/>
+      <td><input name="postalcode_" type="text" id="postalcode" value="<postalcode>" size="50" physdisabled="" />&nbsp;<img src="img/info.gif" title="Postleitzahl laut ZMR Schreibweise" alt="Info" border="0"/>
       </td>
       <td></td>
     </tr>
     <tr>
       <td align="right">Gemeinde&nbsp;</td>
-      <td><input name="municipality_" type="text" id="municipality" value="<municipality>" size="50" physdisabled="" />&nbsp;<img src="img/info.gif" alt="Gemeinde laut ZMR Schreibweise" border="0"/>
+      <td><input name="municipality_" type="text" id="municipality" value="<municipality>" size="50" physdisabled="" />&nbsp;<img src="img/info.gif" title="Gemeinde laut ZMR Schreibweise" alt="Info" border="0"/>
       </td>
       <td></td>
     </tr>
@@ -109,8 +109,8 @@ Berufliche Parteienvertretung einer nat&uuml;rlichen/juristischen Person
       <td  colspan="3"><input name="physical_" type="radio" cbdisabled="" value="false" cbselected=""/ >&nbsp;juristische Person:&nbsp;</td>
     </tr>
     <tr>
-      <td align="right">Name&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
-      <td><input name="fullname_" type="text" cbdisabled="" id="fullname" value="<fullname>" size="50" />&nbsp;<img src="img/info.gif" alt="Name der Organisation laut ZMR Schreibweise" border="0"/>
+      <td align="right">Name&nbsp;<img title=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" alt="Stern" width="10" height="16" /></td>
+      <td><input name="fullname_" type="text" cbdisabled="" id="fullname" value="<fullname>" size="50" />&nbsp;<img src="img/info.gif" title="Name der Organisation laut ZMR Schreibweise" alt="Info" border="0"/>
       </td>
       <td></td>
     </tr>
@@ -119,8 +119,8 @@ Berufliche Parteienvertretung einer nat&uuml;rlichen/juristischen Person
         <option value="urn:publicid:gv.at:baseid+XFN" fnselected="">Firmenbuchnummer</option>
         <option value="urn:publicid:gv.at:baseid+XZVR" vrselected="">Vereinsnummer</option>
         <option value="urn:publicid:gv.at:baseid+XERSB" ersbselected="">Ord.Nr.im Erg&auml;nzungsreg.</option>
-      </select>&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
-      <td><input name="cbidentificationvalue_" type="text" cbdisabled="" id="cbidentificationvalue" value="<cbidentificationvalue>" size="50" />&nbsp;<img src="img/info.gif" alt="Ordnungsbegriff laut ZMR Schreibweise" border="0" />
+      </select>&nbsp;<img title=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" alt="Stern" width="10" height="16" /></td>
+      <td><input name="cbidentificationvalue_" type="text" cbdisabled="" id="cbidentificationvalue" value="<cbidentificationvalue>" size="50" />&nbsp;<img src="img/info.gif" title="Ordnungsbegriff laut ZMR Schreibweise" alt="Info" border="0" />
       </td>
       <td></td>
     </tr>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html
index eabbea348..be07400a8 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html
@@ -22,7 +22,7 @@
 </div>
 <div class="hright" align="right"><img src="img/egov_schrift.gif" alt="E-Gov Logo"/></div>
 <div class="htitle" align="left">
-  <h1>Berufliche Parteienvertretung</h1>
+  <h1>Berufsm&auml;&szlig;ige Parteienvertretung</h1>
 </div>
 <div class="leiste1" align="center">
 Bitte beachten Sie
@@ -30,16 +30,16 @@ Bitte beachten Sie
 <div class="leiste2" align="center">
 </div>
 <div class="leiste3">
-<img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" />&nbsp; Feld muss ausgef&uuml;llt sein
+<img title=" Dieses Feld muss ausgefüllt sein!" alt="Stern" src="img/stern.gif" width="10" height="16" />&nbsp; Feld muss ausgef&uuml;llt sein
 </div>
 <div class="leiste3">
-<img alt=" Hilfe zum Ausfüllen " src="img/info.gif" width="10" height="16" />&nbsp; Ausf&uuml;llhilfe
+<img title=" Hilfe zum Ausfüllen " alt="Info" src="img/info.gif" width="10" height="16" />&nbsp; Ausf&uuml;llhilfe
 </div>
 <div class="leiste3">
-<img alt=" Angabe bitte ergänzen oder richtig stellen! " src="img/rufezeichen.gif" width="10" height="16" />&nbsp; Fehlerhinweis</div>
+<img title=" Angabe bitte ergänzen oder richtig stellen! " alt="Rufezeichen" src="img/rufezeichen.gif" width="10" height="16" />&nbsp; Fehlerhinweis</div>
 <div style="clear: both">&nbsp;</div>
 
-<h2>Berufliche Parteienvertretung einer nat&uuml;rlichen/juristischen Person
+<h2>Berufsm&auml;&szlig;ige Parteienvertretung einer nat&uuml;rlichen/juristischen Person
 </h2>
 <div class="boundingbox">
 <form name="ProcessInputForm" method="post" accept-charset="UTF-8" enctype="application/x-www-form-urlencoded"  action="<BASE_href>ProcessInput"> 
@@ -51,19 +51,19 @@ Bitte beachten Sie
           <em>Vertreter:</em></td>
     </tr>
     <tr>
-      <td align="right" width="20%">Vorname&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td align="right" width="20%">Vorname&nbsp;<img title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern" src="img/stern.gif" width="10" height="16" /></td>
       <td ><input name="rpgivenname_" type="text" disabled="true" id="rpgivenname" value="<rpgivenname>" size="50" readonly="true" />
       </td>
       <td></td>
     </tr>
     <tr>
-      <td align="right">Name&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td align="right">Name&nbsp;<img title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern" src="img/stern.gif" width="10" height="16" /></td>
       <td><input name="rpfamilyname_" type="text" disabled="true" id="rpfamilyname" value="<rpfamilyname>" size="50" readonly="true" />
       </td>
       <td></td>
     </tr>
     <tr>
-      <td align="right">Geburtsdatum&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td align="right">Geburtsdatum&nbsp;<img title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern" src="img/stern.gif" width="10" height="16" /></td>
       <td><input name="rpdobyear_" type="text" disabled="true" id="rpdobyear" value="<rpdobyear>" size="4" maxlength="4" readonly="true" />
       - <input name="rpdobmonth_" type="text" disabled="true" id="rpdobmonth" value="<rpdobmonth>" size="2" maxlength="2" readonly="true" />
       - <input name="rpdobday_" type="text" disabled="true" id="rpdobday" value="<rpdobday>" size="2" maxlength="2" readonly="true" />
@@ -83,22 +83,22 @@ Bitte beachten Sie
       <td  colspan="3"><input name="physical_" type="radio" physdisabled="" value="true" physselected="" />&nbsp;nat&uuml;rliche Person:&nbsp;</td>
     </tr>
     <tr>
-      <td align="right">Vorname&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td align="right">Vorname&nbsp;<img title=" Dieses Feld muss ausgef&uuml;llt sein!"  alt="Stern" src="img/stern.gif" width="10" height="16" /></td>
       <td><input name="givenname_" type="text" id="givenname" value="<givenname>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" alt="Vorname laut ZMR Schreibweise" border="0"/>
       </td>
       <td></td>
     </tr>
     <tr>
-      <td align="right">Name&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
-      <td><input name="familyname_" type="text" id="familyname" value="<familyname>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" alt="Familienname laut ZMR Schreibweise" border="0"/>
+      <td align="right">Name&nbsp;<img title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern" src="img/stern.gif" width="10" height="16" /></td>
+      <td><input name="familyname_" type="text" id="familyname" value="<familyname>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" title="Familienname laut ZMR Schreibweise" alt="Info" border="0"/>
       </td>
       <td></td>
     </tr>
     <tr>
-      <td align="right">Geburtsdatum&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
+      <td align="right">Geburtsdatum&nbsp;<img title=" Dieses Feld muss ausgef&uuml;llt sein!" alt="Stern" src="img/stern.gif" width="10" height="16" /></td>
       <td><input name="dobyear_" type="text" id="dobyear" size="4" maxlength="4" value="<dobyear>" physdisabled="" />
       - <input name="dobmonth_" type="text" id="dobmonth" size="2" maxlength="2" value="<dobmonth>" physdisabled="" />
-      - <input name="dobday_" type="text" id="dobday" size="2" maxlength="2" value="<dobday>" physdisabled="" />&nbsp;<img src="img/info.gif" alt="Format: JJJJ-MM-TT" border="0"/>
+      - <input name="dobday_" type="text" id="dobday" size="2" maxlength="2" value="<dobday>" physdisabled="" />&nbsp;<img src="img/info.gif" title="Format: JJJJ-MM-TT" alt="Info" border="0"/>
       </td>
       <td></td>
     </tr>
@@ -109,31 +109,31 @@ Bitte beachten Sie
     </tr>
     <tr>
       <td align="right">Stra&szlig;e&nbsp;</td>
-      <td><input name="streetname_" type="text" id="streetname" value="<streetname>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" alt="Stra&uuml;e laut ZMR Schreibweise" border="0"/>
+      <td><input name="streetname_" type="text" id="streetname" value="<streetname>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" title="Stra&uuml;e laut ZMR Schreibweise" border="0"/>
       </td>
       <td></td>
     </tr>
     <tr>
       <td align="right">Hausnmummer&nbsp;</td>
-      <td><input name="buildingnumber_" type="text" id="buildingnumber" value="<buildingnumber>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" alt="Hausnummer laut ZMR Schreibweise" border="0"/>
+      <td><input name="buildingnumber_" type="text" id="buildingnumber" value="<buildingnumber>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" title="Hausnummer laut ZMR Schreibweise" alt="Info" border="0"/>
       </td>
       <td></td>
     </tr>
     <tr>
       <td align="right">Einh. Nr.&nbsp;</td>
-      <td><input name="unit_" type="text" id="unit" value="<unit>" size="50" physdisabled="" />&nbsp;<img src="img/info.gif" alt="Nutzungseinheitsnummer laut ZMR Schreibweise" border="0"/>
+      <td><input name="unit_" type="text" id="unit" value="<unit>" size="50" physdisabled="" />&nbsp;<img src="img/info.gif" title="Nutzungseinheitsnummer laut ZMR Schreibweise" alt="Info" border="0"/>
       </td>
       <td></td>
     </tr>
     <tr>
       <td align="right">Postleitzahl&nbsp;</td>
-      <td><input name="postalcode_" type="text" id="postalcode" value="<postalcode>" size="50" physdisabled="" />&nbsp;<img src="img/info.gif" alt="Postleitzahl laut ZMR Schreibweise" border="0"/>
+      <td><input name="postalcode_" type="text" id="postalcode" value="<postalcode>" size="50" physdisabled="" />&nbsp;<img src="img/info.gif" title="Postleitzahl laut ZMR Schreibweise" alt="Info" border="0"/>
       </td>
       <td></td>
     </tr>
     <tr>
       <td align="right">Gemeinde&nbsp;</td>
-      <td><input name="municipality_" type="text" id="municipality" value="<municipality>" size="50" physdisabled="" />&nbsp;<img src="img/info.gif" alt="Gemeinde laut ZMR Schreibweise" border="0"/>
+      <td><input name="municipality_" type="text" id="municipality" value="<municipality>" size="50" physdisabled="" />&nbsp;<img src="img/info.gif" title="Gemeinde laut ZMR Schreibweise" alt="Info" border="0"/>
       </td>
       <td></td>
     </tr>
@@ -144,8 +144,8 @@ Bitte beachten Sie
       <td  colspan="3"><input name="physical_" type="radio" cbdisabled="" value="false" cbselected=""/ >&nbsp;juristische Person:&nbsp;</td>
     </tr>
     <tr>
-      <td align="right">Name&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
-      <td><input name="fullname_" type="text" cbdisabled="" id="fullname" value="<fullname>" size="50" />&nbsp;<img src="img/info.gif" alt="Name der Organisation laut ZMR Schreibweise" border="0"/>
+      <td align="right">Name&nbsp;<img title=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" alt="Stern" width="10" height="16" /></td>
+      <td><input name="fullname_" type="text" cbdisabled="" id="fullname" value="<fullname>" size="50" />&nbsp;<img src="img/info.gif" title="Name der Organisation laut ZMR Schreibweise" alt="Info" border="0"/>
       </td>
       <td></td>
     </tr>
@@ -154,8 +154,8 @@ Bitte beachten Sie
         <option value="urn:publicid:gv.at:baseid+XFN" fnselected="">Firmenbuchnummer</option>
         <option value="urn:publicid:gv.at:baseid+XZVR" vrselected="">Vereinsnummer</option>
         <option value="urn:publicid:gv.at:baseid+XERSB" ersbselected="">Ord.Nr.im Erg&auml;nzungsreg.</option>
-      </select>&nbsp;<img alt=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" width="10" height="16" /></td>
-      <td><input name="cbidentificationvalue_" type="text" cbdisabled="" id="cbidentificationvalue" value="<cbidentificationvalue>" size="50" />&nbsp;<img src="img/info.gif" alt="Ordnungsbegriff laut ZMR Schreibweise" border="0" />
+      </select>&nbsp;<img title=" Dieses Feld muss ausgef&uuml;llt sein!" src="img/stern.gif" alt="Stern" width="10" height="16" /></td>
+      <td><input name="cbidentificationvalue_" type="text" cbdisabled="" id="cbidentificationvalue" value="<cbidentificationvalue>" size="50" />&nbsp;<img src="img/info.gif" title="Ordnungsbegriff laut ZMR Schreibweise" alt="Info" border="0" />
       </td>
       <td></td>
     </tr>
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar
index 2542e3030..21d86c338 100644
Binary files a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar and b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar differ
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.md5 b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.md5
index f29de0e61..c32158b3b 100644
--- a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.md5
+++ b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.md5
@@ -1 +1 @@
-3f803068427bf75b4127010d5bf6be36
\ No newline at end of file
+2d3655dea63771be43ece3eaa16b82ad
\ No newline at end of file
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.sha1 b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.sha1
index b33c59877..f2dcb61bf 100644
--- a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.sha1
+++ b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.sha1
@@ -1 +1 @@
-a2bad8ea2339c64c5315996c2ce1b72fdb07d05f
\ No newline at end of file
+2685c61f99bda72813f1d8961fca7454a51d5b3a
\ No newline at end of file
-- 
cgit v1.2.3


From d15fb7cedb1215f90fd542679536ee43cfb43ead Mon Sep 17 00:00:00 2001
From: pdanner <pdanner@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Fri, 19 Oct 2007 15:24:13 +0000
Subject: Changed wording in templates

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1030 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../transforms/TransformsInfoAuthBlockText.xml     |  2 +-
 .../TransformsInfoAuthBlockText_deprecated.xml     |  2 +-
 .../profiles/MOAIDTransformAuthBlockText.xml       |  2 +-
 .../MOAIDTransformAuthBlockText_deprecated.xml     |  2 +-
 .../resources/templates/ParepMinTemplate.html      | 20 +++++++++----------
 .../resources/templates/ParepTemplate.html         | 23 +++++++++++-----------
 6 files changed, 25 insertions(+), 26 deletions(-)

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
index 2db5a8334..04ea47b87 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
@@ -53,7 +53,7 @@
 									</xsl:if>
 									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">, 
 										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>, in dessen Auftrag zu handeln.
+									</xsl:if>, in deren Auftrag zu handeln.
 									<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
 										<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
 									</xsl:if>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
index 87d489719..a41bf93c6 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
@@ -49,7 +49,7 @@
 									</xsl:if>
 									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">, 
 										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>, in dessen Auftrag zu handeln.
+									</xsl:if>, in deren Auftrag zu handeln.
 									<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
 										<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
 									</xsl:if>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
index d28d58c10..cbc1eb593 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
@@ -54,7 +54,7 @@
 									</xsl:if>
 									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">, 
 										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>, in dessen Auftrag zu handeln.
+									</xsl:if>, in deren Auftrag zu handeln.
 									<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
 										<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
 									</xsl:if>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml
index b151346bc..802c4d11c 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml
@@ -50,7 +50,7 @@
 									</xsl:if>
 									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">, 
 										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>, in dessen Auftrag zu handeln.
+									</xsl:if>, in deren Auftrag zu handeln.
 									<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
 										<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
 									</xsl:if>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html
index 958f486da..a73ee7df4 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html
@@ -3,14 +3,14 @@
 <head>
 <BASE href="<BASE_href>">
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-<title>Berufliche Parteieinvertretung</title>
+<title>Berufsm&auml;&szlig;ige Parteieinvertretung</title>
 </head>
 <body>
 Berufsm&auml;&szlig;ige Parteienvertretung einer nat&uuml;rlichen/juristischen Person
 <form name="ProcessInputForm" method="post" accept-charset="UTF-8" enctype="application/x-www-form-urlencoded"  action="<BKU>"> 
   <table width="80%" border="0">
-    <tr/>  
-    <tr/>  
+    <tr/>
+    <tr/>
     <tr>
       <td colspan="3">
           <em>Vertreter:</em></td>
@@ -37,7 +37,7 @@ Berufsm&auml;&szlig;ige Parteienvertretung einer nat&uuml;rlichen/juristischen P
     </tr>
     <tr>
       <td colspan="2"><br/>
-        <em>Ich bin berufsm&auml;&szlig;ig berechtigt  f&uuml;r die nachfolgend genannte Person in dessen Namen mit der B&uuml;rgerkarte einzuschreiten.</em></td>
+        <em>Ich bin berufsm&auml;&szlig;ig berechtigt f&uuml;r die nachfolgend genannte Person in deren Namen mit der B&uuml;rgerkarte einzuschreiten.</em></td>
       <td>&nbsp;</td>
     </tr>
     <tr>
@@ -49,7 +49,7 @@ Berufsm&auml;&szlig;ige Parteienvertretung einer nat&uuml;rlichen/juristischen P
     </tr>
     <tr>
       <td align="right">Vorname&nbsp;<img title=" Dieses Feld muss ausgef&uuml;llt sein!"  alt="Stern" src="img/stern.gif" width="10" height="16" /></td>
-      <td><input name="givenname_" type="text" id="givenname" value="<givenname>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" alt="Vorname laut ZMR Schreibweise" border="0"/>
+      <td><input name="givenname_" type="text" id="givenname" value="<givenname>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" title="Vorname laut ZMR Schreibweise" alt="Info" border="0"/>
       </td>
       <td></td>
     </tr>
@@ -68,8 +68,7 @@ Berufsm&auml;&szlig;ige Parteienvertretung einer nat&uuml;rlichen/juristischen P
       <td></td>
     </tr>
     <tr>
-      <!--td align="right"><em>otional:</em> &nbsp;</td-->
-      <td align="center"><em>otional:</em></td>
+      <td align="center"><em>optional:</em></td>
       <td colspan="2"/>
     </tr>
     <tr>
@@ -79,7 +78,7 @@ Berufsm&auml;&szlig;ige Parteienvertretung einer nat&uuml;rlichen/juristischen P
       <td></td>
     </tr>
     <tr>
-      <td align="right">Hausnmummer&nbsp;</td>
+      <td align="right">Hausnummer&nbsp;</td>
       <td><input name="buildingnumber_" type="text" id="buildingnumber" value="<buildingnumber>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" title="Hausnummer laut ZMR Schreibweise" alt="Info" border="0"/>
       </td>
       <td></td>
@@ -115,7 +114,7 @@ Berufsm&auml;&szlig;ige Parteienvertretung einer nat&uuml;rlichen/juristischen P
       <td></td>
     </tr>
     <tr>
-      <td align="right"><select name="cbidentificationtype_" size="1" cbseldisabled="">
+      <td align="right" nowrap="nowrap"><select name="cbidentificationtype_" size="1" cbseldisabled="">
         <option value="urn:publicid:gv.at:baseid+XFN" fnselected="">Firmenbuchnummer</option>
         <option value="urn:publicid:gv.at:baseid+XZVR" vrselected="">Vereinsnummer</option>
         <option value="urn:publicid:gv.at:baseid+XERSB" ersbselected="">Ord.Nr.im Erg&auml;nzungsreg.</option>
@@ -130,6 +129,7 @@ Berufsm&auml;&szlig;ige Parteienvertretung einer nat&uuml;rlichen/juristischen P
   <input name="XMLRequest" type="hidden" value="&lt;?xml version='1.0' encoding='UTF-8'?>&lt;NullOperationRequest xmlns='http://www.buergerkarte.at/namespaces/securitylayer/1.2#'/>"/>
   <input name="DataURL" type="hidden" value="<DataURL>"/>
   <input type="submit" name="Submit" value="      Weiter      "/>    
-  <input name="Clear" type="reset" id="Clear" value="Formular zur&uuml;cksetzen"/>  </p></form>
+  <input name="Clear" type="reset" id="Clear" value="Formular zur&uuml;cksetzen"/></p><br/>
+</form>
 </body>
 </html>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html
index dc35b644c..c90709fa5 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html
@@ -4,7 +4,7 @@
 <head>
 <BASE href="<BASE_href>">
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-<title>Berufliche Parteieinvertretung</title>
+<title>Berufsm&auml;&szlig;ige Parteieinvertretung</title>
 <link href="css/styles.css" type="text/css" rel="stylesheet">
 <link href="css/styles_opera.css" type="text/css" rel="stylesheet">
 <link href="css/mandates.css" type="text/css" rel="stylesheet">
@@ -16,7 +16,7 @@
 
 
 <div class="hleft">
-<!--Stammzahlenregisterbehörde<br/>-->
+<!--Stammzahlenregisterbehörde<br/>-->&nbsp;
 <!--Ballhausplatz 2<br/>-->
 <!--1014 Wien-->
 </div>
@@ -44,8 +44,8 @@ Bitte beachten Sie
 <div class="boundingbox">
 <form name="ProcessInputForm" method="post" accept-charset="UTF-8" enctype="application/x-www-form-urlencoded"  action="<BKU>"> 
   <table width="80%" border="0">
-    <tr/>  
-    <tr/>  
+    <tr/>
+    <tr/>
     <tr>
       <td colspan="3">
           <em>Vertreter:</em></td>
@@ -72,7 +72,7 @@ Bitte beachten Sie
     </tr>
     <tr>
       <td colspan="2"><br/>
-        <em>Ich bin berufsm&auml;&szlig;ig berechtigt  f&uuml;r die nachfolgend genannte Person in dessen Namen mit der B&uuml;rgerkarte einzuschreiten.</em></td>
+        <em>Ich bin berufsm&auml;&szlig;ig berechtigt f&uuml;r die nachfolgend genannte Person in deren Namen mit der B&uuml;rgerkarte einzuschreiten.</em></td>
       <td>&nbsp;</td>
     </tr>
     <tr>
@@ -84,7 +84,7 @@ Bitte beachten Sie
     </tr>
     <tr>
       <td align="right">Vorname&nbsp;<img title=" Dieses Feld muss ausgef&uuml;llt sein!"  alt="Stern" src="img/stern.gif" width="10" height="16" /></td>
-      <td><input name="givenname_" type="text" id="givenname" value="<givenname>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" alt="Vorname laut ZMR Schreibweise" border="0"/>
+      <td><input name="givenname_" type="text" id="givenname" value="<givenname>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" title="Vorname laut ZMR Schreibweise" alt="Info" border="0"/>
       </td>
       <td></td>
     </tr>
@@ -103,8 +103,7 @@ Bitte beachten Sie
       <td></td>
     </tr>
     <tr>
-      <!--td align="right"><em>otional:</em> &nbsp;</td-->
-      <td align="center"><em>otional:</em></td>
+      <td align="center"><em>optional:</em></td>
       <td colspan="2"/>
     </tr>
     <tr>
@@ -114,7 +113,7 @@ Bitte beachten Sie
       <td></td>
     </tr>
     <tr>
-      <td align="right">Hausnmummer&nbsp;</td>
+      <td align="right">Hausnummer&nbsp;</td>
       <td><input name="buildingnumber_" type="text" id="buildingnumber" value="<buildingnumber>" physdisabled="" size="50" />&nbsp;<img src="img/info.gif" title="Hausnummer laut ZMR Schreibweise" alt="Info" border="0"/>
       </td>
       <td></td>
@@ -150,7 +149,7 @@ Bitte beachten Sie
       <td></td>
     </tr>
     <tr>
-      <td align="right"><select name="cbidentificationtype_" size="1" cbseldisabled="">
+      <td align="right" nowrap="nowrap"><select name="cbidentificationtype_" size="1" cbseldisabled="">
         <option value="urn:publicid:gv.at:baseid+XFN" fnselected="">Firmenbuchnummer</option>
         <option value="urn:publicid:gv.at:baseid+XZVR" vrselected="">Vereinsnummer</option>
         <option value="urn:publicid:gv.at:baseid+XERSB" ersbselected="">Ord.Nr.im Erg&auml;nzungsreg.</option>
@@ -165,8 +164,8 @@ Bitte beachten Sie
   <input name="XMLRequest" type="hidden" value="&lt;?xml version='1.0' encoding='UTF-8'?>&lt;NullOperationRequest xmlns='http://www.buergerkarte.at/namespaces/securitylayer/1.2#'/>"/>
   <input name="DataURL" type="hidden" value="<DataURL>"/>
   <input type="submit" name="Submit" value="      Weiter      "/>    
-  <input name="Clear" type="reset" id="Clear" value="Formular zur&uuml;cksetzen"/>  </p></form>
-
+  <input name="Clear" type="reset" id="Clear" value="Formular zur&uuml;cksetzen"/></p><br/>
+</form>
 </div>
 </body>
 </html>
-- 
cgit v1.2.3


From 6213a0acabf382f7469b9fefbee57cbbc13fa79b Mon Sep 17 00:00:00 2001
From: pdanner <pdanner@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Sat, 20 Oct 2007 08:04:14 +0000
Subject: Fixed integrity

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1031 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml       | 2 +-
 .../conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml
index ab58ac772..479a12745 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml
@@ -33,7 +33,7 @@
 								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
 									<tr>
 										<td>
-											<b>Rolle im Gesundheitsbereich:<b>
+											<b>Rolle im Gesundheitsbereich:</b>
 										</td>
 										<td>
 											<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml
index 00acc5720..e1106942d 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml
@@ -34,7 +34,7 @@
 								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
 									<tr>
 										<td>
-											<b>Rolle im Gesundheitsbereich:<b>
+											<b>Rolle im Gesundheitsbereich:</b>
 										</td>
 										<td>
 											<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
-- 
cgit v1.2.3


From 9e75655198e0815c2ae78ce0036599c3dab061c6 Mon Sep 17 00:00:00 2001
From: pdanner <pdanner@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Wed, 7 Nov 2007 17:25:38 +0000
Subject: Provided new IAIK libraries

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1037 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../deploy/conf/moa-id/SampleMOAIDConfiguration.xml    |   2 +-
 .../conf/moa-id/SampleMOAIDConfigurationProxy.xml      |   2 +-
 .../moa-id/SampleMOAIDConfiguration_withTestBKs.xml    |   2 +-
 .../SampleMOAIDConfiguration_withTestBKsProxy.xml      |   2 +-
 .../deploy/conf/moa-id/SampleMOAWIDConfiguration.xml   |   2 +-
 .../conf/moa-id/SampleMOAWIDConfigurationProxy.xml     |   2 +-
 .../moa-id/SampleMOAWIDConfiguration_withTestBKs.xml   |   2 +-
 .../SampleMOAWIDConfiguration_withTestBKsProxy.xml     |   2 +-
 pom.xml                                                |   4 ++--
 repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.jar     | Bin 285185 -> 0 bytes
 repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.jar.md5 |   1 -
 .../iaik/prod/iaik_cms/3.2/iaik_cms-3.2.jar.sha1       |   1 -
 repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.pom     |   7 -------
 repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.pom.md5 |   1 -
 .../iaik/prod/iaik_cms/3.2/iaik_cms-3.2.pom.sha1       |   1 -
 .../iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.jar    | Bin 0 -> 339292 bytes
 .../prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.jar.md5     |   1 +
 .../prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.jar.sha1    |   1 +
 .../iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.pom    |   6 ++++++
 .../prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.pom.md5     |   1 +
 .../prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.pom.sha1    |   1 +
 .../iaik/prod/iaik_cms/maven-metadata-central.xml      |  12 ++++++------
 .../iaik/prod/iaik_cms/maven-metadata-central.xml.md5  |   2 +-
 .../iaik/prod/iaik_cms/maven-metadata-central.xml.sha1 |   2 +-
 repository/iaik/prod/iaik_cms/maven-metadata.xml       |  12 ++++++------
 repository/iaik/prod/iaik_cms/maven-metadata.xml.md5   |   2 +-
 repository/iaik/prod/iaik_cms/maven-metadata.xml.sha1  |   2 +-
 .../3.142_MOA/iaik_jce_full-3.142_MOA.jar              | Bin 837275 -> 0 bytes
 .../3.142_MOA/iaik_jce_full-3.142_MOA.jar.md5          |   1 -
 .../3.142_MOA/iaik_jce_full-3.142_MOA.jar.sha1         |   1 -
 .../3.142_MOA/iaik_jce_full-3.142_MOA.pom              |   7 -------
 .../3.142_MOA/iaik_jce_full-3.142_MOA.pom.md5          |   1 -
 .../3.142_MOA/iaik_jce_full-3.142_MOA.pom.sha1         |   1 -
 .../iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar  | Bin 0 -> 854872 bytes
 .../3.16_MOA/iaik_jce_full-3.16_MOA.jar.md5            |   1 +
 .../3.16_MOA/iaik_jce_full-3.16_MOA.jar.sha1           |   1 +
 .../iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom  |   6 ++++++
 .../3.16_MOA/iaik_jce_full-3.16_MOA.pom.md5            |   1 +
 .../3.16_MOA/iaik_jce_full-3.16_MOA.pom.sha1           |   1 +
 .../iaik/prod/iaik_jce_full/maven-metadata-central.xml |  12 ++++++------
 .../prod/iaik_jce_full/maven-metadata-central.xml.md5  |   2 +-
 .../prod/iaik_jce_full/maven-metadata-central.xml.sha1 |   2 +-
 repository/iaik/prod/iaik_jce_full/maven-metadata.xml  |  12 ++++++------
 .../iaik/prod/iaik_jce_full/maven-metadata.xml.md5     |   2 +-
 .../iaik/prod/iaik_jce_full/maven-metadata.xml.sha1    |   2 +-
 45 files changed, 62 insertions(+), 64 deletions(-)
 delete mode 100644 repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.jar
 delete mode 100644 repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.jar.md5
 delete mode 100644 repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.jar.sha1
 delete mode 100644 repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.pom
 delete mode 100644 repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.pom.md5
 delete mode 100644 repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.pom.sha1
 create mode 100644 repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.jar
 create mode 100644 repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.jar.md5
 create mode 100644 repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.jar.sha1
 create mode 100644 repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.pom
 create mode 100644 repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.pom.md5
 create mode 100644 repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.pom.sha1
 delete mode 100644 repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.jar
 delete mode 100644 repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.jar.md5
 delete mode 100644 repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.jar.sha1
 delete mode 100644 repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.pom
 delete mode 100644 repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.pom.md5
 delete mode 100644 repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.pom.sha1
 create mode 100644 repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar
 create mode 100644 repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar.md5
 create mode 100644 repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar.sha1
 create mode 100644 repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom
 create mode 100644 repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom.md5
 create mode 100644 repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom.sha1

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index 43846cc2d..8de2fff3c 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -57,7 +57,7 @@
         <FriendlyName>Vollmachten</FriendlyName>
         <ApplicationSpecificParameters>
           <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
-          <CompatibilityMode>true</CompatibilityMode>
+          <CompatibilityMode>false</CompatibilityMode>
           <!--
           <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
             <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index d72e91c47..8e15b8872 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -57,7 +57,7 @@
         <FriendlyName>Vollmachten</FriendlyName>
         <ApplicationSpecificParameters>
           <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
-          <CompatibilityMode>true</CompatibilityMode>
+          <CompatibilityMode>false</CompatibilityMode>
           <!--
           <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
             <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 89b0e03f8..8d8ab56dc 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -66,7 +66,7 @@
         <FriendlyName>Vollmachten</FriendlyName>
         <ApplicationSpecificParameters>
           <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
-          <CompatibilityMode>true</CompatibilityMode>
+          <CompatibilityMode>false</CompatibilityMode>
           <!--
           <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
             <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index 2d39157b8..f143387c4 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -65,7 +65,7 @@
         <FriendlyName>Vollmachten</FriendlyName>
         <ApplicationSpecificParameters>
           <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
-          <CompatibilityMode>true</CompatibilityMode>
+          <CompatibilityMode>false</CompatibilityMode>
           <!--
           <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
             <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index d3441754e..d244dfe2e 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -57,7 +57,7 @@
         <FriendlyName>Vollmachten</FriendlyName>
         <ApplicationSpecificParameters>
           <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
-          <CompatibilityMode>true</CompatibilityMode>
+          <CompatibilityMode>false</CompatibilityMode>
           <!--
           <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
             <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index c2bd2ec78..a94a7210e 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -57,7 +57,7 @@
         <FriendlyName>Vollmachten</FriendlyName>
         <ApplicationSpecificParameters>
           <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
-          <CompatibilityMode>true</CompatibilityMode>
+          <CompatibilityMode>false</CompatibilityMode>
           <!--
           <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
             <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index 3d843364b..7dc11d0c9 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -65,7 +65,7 @@
         <FriendlyName>Vollmachten</FriendlyName>
         <ApplicationSpecificParameters>
           <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
-          <CompatibilityMode>true</CompatibilityMode>
+          <CompatibilityMode>false</CompatibilityMode>
           <!--
           <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
             <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 62c1c0c58..883076fc2 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -65,7 +65,7 @@
         <FriendlyName>Vollmachten</FriendlyName>
         <ApplicationSpecificParameters>
           <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
-          <CompatibilityMode>true</CompatibilityMode>
+          <CompatibilityMode>false</CompatibilityMode>
           <!--
           <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
             <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
diff --git a/pom.xml b/pom.xml
index c38847c32..15ef5d2c9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -243,7 +243,7 @@
             <dependency>
                 <groupId>iaik.prod</groupId>
                 <artifactId>iaik_jce_full</artifactId>
-                <version>3.142_MOA</version>
+                <version>3.16_MOA</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
@@ -255,7 +255,7 @@
             <dependency>
                 <groupId>iaik.prod</groupId>
                 <artifactId>iaik_cms</artifactId>
-                <version>3.2</version>
+                <version>4.0_MOA</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
diff --git a/repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.jar b/repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.jar
deleted file mode 100644
index 7264a68f3..000000000
Binary files a/repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.jar.md5 b/repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.jar.md5
deleted file mode 100644
index 135ca88b4..000000000
--- a/repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.jar.md5
+++ /dev/null
@@ -1 +0,0 @@
-df156c243844deb2ecb9bb0fcac3e9d2
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.jar.sha1 b/repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.jar.sha1
deleted file mode 100644
index 0b2893963..000000000
--- a/repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-d8124f1cd0dad11a0700d832fcd1479ca7d85216
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.pom b/repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.pom
deleted file mode 100644
index 50ac46bd6..000000000
--- a/repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.pom
+++ /dev/null
@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_cms</artifactId>
-  <version>3.2</version>
-  <description>POM was created from install:install-file</description>
-</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.pom.md5 b/repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.pom.md5
deleted file mode 100644
index 60d003cc6..000000000
--- a/repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.pom.md5
+++ /dev/null
@@ -1 +0,0 @@
-7c2aabea82fe69f10b43a49d8cfd9078
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.pom.sha1 b/repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.pom.sha1
deleted file mode 100644
index 3d66164a0..000000000
--- a/repository/iaik/prod/iaik_cms/3.2/iaik_cms-3.2.pom.sha1
+++ /dev/null
@@ -1 +0,0 @@
-24165b6ca4328e1e542aa4a492c7a2a2d3609c38
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.jar b/repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.jar
new file mode 100644
index 000000000..e6012f1d4
Binary files /dev/null and b/repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.jar differ
diff --git a/repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.jar.md5 b/repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.jar.md5
new file mode 100644
index 000000000..995e0aad4
--- /dev/null
+++ b/repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.jar.md5
@@ -0,0 +1 @@
+457425ed68aa6e9b8dac634b7a6e9dbc
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.jar.sha1 b/repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.jar.sha1
new file mode 100644
index 000000000..0fcf5cf19
--- /dev/null
+++ b/repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.jar.sha1
@@ -0,0 +1 @@
+1d13f7c42b559f8202e854e26e138fde610e5332
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.pom b/repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.pom
new file mode 100644
index 000000000..be12a3df4
--- /dev/null
+++ b/repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.pom
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?><project>
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>iaik.prod</groupId>
+  <artifactId>iaik_cms</artifactId>
+  <version>4.0_MOA</version>
+</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.pom.md5 b/repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.pom.md5
new file mode 100644
index 000000000..129663711
--- /dev/null
+++ b/repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.pom.md5
@@ -0,0 +1 @@
+3e83613fc473c68fd1179abe211102a2
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.pom.sha1 b/repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.pom.sha1
new file mode 100644
index 000000000..621386b72
--- /dev/null
+++ b/repository/iaik/prod/iaik_cms/4.0_MOA/iaik_cms-4.0_MOA.pom.sha1
@@ -0,0 +1 @@
+62c4a38841a1fefa16229b992a28e93a42220766
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/maven-metadata-central.xml b/repository/iaik/prod/iaik_cms/maven-metadata-central.xml
index 60bd594f9..1677f1544 100644
--- a/repository/iaik/prod/iaik_cms/maven-metadata-central.xml
+++ b/repository/iaik/prod/iaik_cms/maven-metadata-central.xml
@@ -1,13 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?><metadata>
   <groupId>iaik.prod</groupId>
   <artifactId>iaik_cms</artifactId>
-  <version>3.2</version>
+  <version>4.0_MOA</version>
   <versioning>
-    <latest>3.2</latest>
-    <release>3.2</release>
+    <latest>4.0_MOA</latest>
+    <release>4.0_MOA</release>
     <versions>
-      <version>3.2</version>
+      <version>4.0_MOA</version>
     </versions>
-    <lastUpdated>20070814085134</lastUpdated>
+    <lastUpdated>20071107170700</lastUpdated>
   </versioning>
-</metadata>
\ No newline at end of file
+</metadata>
diff --git a/repository/iaik/prod/iaik_cms/maven-metadata-central.xml.md5 b/repository/iaik/prod/iaik_cms/maven-metadata-central.xml.md5
index fa588f4b1..afe4a66a7 100644
--- a/repository/iaik/prod/iaik_cms/maven-metadata-central.xml.md5
+++ b/repository/iaik/prod/iaik_cms/maven-metadata-central.xml.md5
@@ -1 +1 @@
-4f7c312cd075be35ef0eb948a2226c59
\ No newline at end of file
+7b5f54db70c1dc13bc0ab5fc371aa24e
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/maven-metadata-central.xml.sha1 b/repository/iaik/prod/iaik_cms/maven-metadata-central.xml.sha1
index 501cc0951..1c4aace3d 100644
--- a/repository/iaik/prod/iaik_cms/maven-metadata-central.xml.sha1
+++ b/repository/iaik/prod/iaik_cms/maven-metadata-central.xml.sha1
@@ -1 +1 @@
-2b8b98390bf81926e1933aab3b183e397c568f17
\ No newline at end of file
+3bd11c6b5ea3cc9e1ef2ee2fa2589f99e83251e2
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/maven-metadata.xml b/repository/iaik/prod/iaik_cms/maven-metadata.xml
index 60bd594f9..1677f1544 100644
--- a/repository/iaik/prod/iaik_cms/maven-metadata.xml
+++ b/repository/iaik/prod/iaik_cms/maven-metadata.xml
@@ -1,13 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?><metadata>
   <groupId>iaik.prod</groupId>
   <artifactId>iaik_cms</artifactId>
-  <version>3.2</version>
+  <version>4.0_MOA</version>
   <versioning>
-    <latest>3.2</latest>
-    <release>3.2</release>
+    <latest>4.0_MOA</latest>
+    <release>4.0_MOA</release>
     <versions>
-      <version>3.2</version>
+      <version>4.0_MOA</version>
     </versions>
-    <lastUpdated>20070814085134</lastUpdated>
+    <lastUpdated>20071107170700</lastUpdated>
   </versioning>
-</metadata>
\ No newline at end of file
+</metadata>
diff --git a/repository/iaik/prod/iaik_cms/maven-metadata.xml.md5 b/repository/iaik/prod/iaik_cms/maven-metadata.xml.md5
index fa588f4b1..afe4a66a7 100644
--- a/repository/iaik/prod/iaik_cms/maven-metadata.xml.md5
+++ b/repository/iaik/prod/iaik_cms/maven-metadata.xml.md5
@@ -1 +1 @@
-4f7c312cd075be35ef0eb948a2226c59
\ No newline at end of file
+7b5f54db70c1dc13bc0ab5fc371aa24e
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/maven-metadata.xml.sha1 b/repository/iaik/prod/iaik_cms/maven-metadata.xml.sha1
index 501cc0951..1c4aace3d 100644
--- a/repository/iaik/prod/iaik_cms/maven-metadata.xml.sha1
+++ b/repository/iaik/prod/iaik_cms/maven-metadata.xml.sha1
@@ -1 +1 @@
-2b8b98390bf81926e1933aab3b183e397c568f17
\ No newline at end of file
+3bd11c6b5ea3cc9e1ef2ee2fa2589f99e83251e2
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.jar b/repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.jar
deleted file mode 100644
index 7288bc39d..000000000
Binary files a/repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.jar and /dev/null differ
diff --git a/repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.jar.md5 b/repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.jar.md5
deleted file mode 100644
index 990b796e4..000000000
--- a/repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.jar.md5
+++ /dev/null
@@ -1 +0,0 @@
-c78f934b46ed4fcdc57807496d756d60
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.jar.sha1 b/repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.jar.sha1
deleted file mode 100644
index a29e73055..000000000
--- a/repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-79fd66f6969bbcd5ea7c96163bb86b1790ccfde1
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.pom b/repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.pom
deleted file mode 100644
index cd5e49bc3..000000000
--- a/repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.pom
+++ /dev/null
@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>iaik.prod</groupId>
-  <artifactId>iaik_jce_full</artifactId>
-  <version>3.142_MOA</version>
-  <description>POM was created from install:install-file</description>
-</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.pom.md5 b/repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.pom.md5
deleted file mode 100644
index ad09e7e62..000000000
--- a/repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.pom.md5
+++ /dev/null
@@ -1 +0,0 @@
-129227c823c9c03e6620f4bdc30991f9
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.pom.sha1 b/repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.pom.sha1
deleted file mode 100644
index 496dbe4d6..000000000
--- a/repository/iaik/prod/iaik_jce_full/3.142_MOA/iaik_jce_full-3.142_MOA.pom.sha1
+++ /dev/null
@@ -1 +0,0 @@
-38e98211d8f9c64c6768c9be9d37652dee2cf3c4
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar b/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar
new file mode 100644
index 000000000..4cb8ce274
Binary files /dev/null and b/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar differ
diff --git a/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar.md5 b/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar.md5
new file mode 100644
index 000000000..16c49ae10
--- /dev/null
+++ b/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar.md5
@@ -0,0 +1 @@
+eb3456b843ffe6a7f6bb0a96579fbc56
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar.sha1 b/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar.sha1
new file mode 100644
index 000000000..f001288ea
--- /dev/null
+++ b/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.jar.sha1
@@ -0,0 +1 @@
+9d6ed37423e93765e38fa8791278ba43d3e6c320
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom b/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom
new file mode 100644
index 000000000..ae3f8e03a
--- /dev/null
+++ b/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?><project>
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>iaik.prod</groupId>
+  <artifactId>iaik_jce_full</artifactId>
+  <version>3.16_MOA</version>
+</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom.md5 b/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom.md5
new file mode 100644
index 000000000..dacc772d7
--- /dev/null
+++ b/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom.md5
@@ -0,0 +1 @@
+c4474c1a43d0b50ebdafaebebb190c06
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom.sha1 b/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom.sha1
new file mode 100644
index 000000000..4f3bdee9b
--- /dev/null
+++ b/repository/iaik/prod/iaik_jce_full/3.16_MOA/iaik_jce_full-3.16_MOA.pom.sha1
@@ -0,0 +1 @@
+ba6cad038de86b5a0a726df0f7c95e1d99d7f5e7
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/maven-metadata-central.xml b/repository/iaik/prod/iaik_jce_full/maven-metadata-central.xml
index 809243838..c3e6e8720 100644
--- a/repository/iaik/prod/iaik_jce_full/maven-metadata-central.xml
+++ b/repository/iaik/prod/iaik_jce_full/maven-metadata-central.xml
@@ -1,13 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?><metadata>
   <groupId>iaik.prod</groupId>
   <artifactId>iaik_jce_full</artifactId>
-  <version>3.142_MOA</version>
+  <version>3.16_MOA</version>
   <versioning>
-    <latest>3.142_MOA</latest>
-    <release>3.142_MOA</release>
+    <latest>3.16_MOA</latest>
+    <release>3.16_MOA</release>
     <versions>
-      <version>3.142_MOA</version>
+      <version>3.16_MOA</version>
     </versions>
-    <lastUpdated>20070814085134</lastUpdated>
+    <lastUpdated>20071107170702</lastUpdated>
   </versioning>
-</metadata>
\ No newline at end of file
+</metadata>
diff --git a/repository/iaik/prod/iaik_jce_full/maven-metadata-central.xml.md5 b/repository/iaik/prod/iaik_jce_full/maven-metadata-central.xml.md5
index 6b82bce5a..b2649df04 100644
--- a/repository/iaik/prod/iaik_jce_full/maven-metadata-central.xml.md5
+++ b/repository/iaik/prod/iaik_jce_full/maven-metadata-central.xml.md5
@@ -1 +1 @@
-be9deda114cc93cf8a834062811cf11f
\ No newline at end of file
+b6459ba36ffaca26573025ce4c04438a
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/maven-metadata-central.xml.sha1 b/repository/iaik/prod/iaik_jce_full/maven-metadata-central.xml.sha1
index 6ff869214..068cd9d40 100644
--- a/repository/iaik/prod/iaik_jce_full/maven-metadata-central.xml.sha1
+++ b/repository/iaik/prod/iaik_jce_full/maven-metadata-central.xml.sha1
@@ -1 +1 @@
-243eff519b9cb4460f68c1ad4f29118a22c56aad
\ No newline at end of file
+7a3567045becfbffc7e97c91664cf3c43a15a9ea
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/maven-metadata.xml b/repository/iaik/prod/iaik_jce_full/maven-metadata.xml
index 809243838..c3e6e8720 100644
--- a/repository/iaik/prod/iaik_jce_full/maven-metadata.xml
+++ b/repository/iaik/prod/iaik_jce_full/maven-metadata.xml
@@ -1,13 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?><metadata>
   <groupId>iaik.prod</groupId>
   <artifactId>iaik_jce_full</artifactId>
-  <version>3.142_MOA</version>
+  <version>3.16_MOA</version>
   <versioning>
-    <latest>3.142_MOA</latest>
-    <release>3.142_MOA</release>
+    <latest>3.16_MOA</latest>
+    <release>3.16_MOA</release>
     <versions>
-      <version>3.142_MOA</version>
+      <version>3.16_MOA</version>
     </versions>
-    <lastUpdated>20070814085134</lastUpdated>
+    <lastUpdated>20071107170702</lastUpdated>
   </versioning>
-</metadata>
\ No newline at end of file
+</metadata>
diff --git a/repository/iaik/prod/iaik_jce_full/maven-metadata.xml.md5 b/repository/iaik/prod/iaik_jce_full/maven-metadata.xml.md5
index 6b82bce5a..b2649df04 100644
--- a/repository/iaik/prod/iaik_jce_full/maven-metadata.xml.md5
+++ b/repository/iaik/prod/iaik_jce_full/maven-metadata.xml.md5
@@ -1 +1 @@
-be9deda114cc93cf8a834062811cf11f
\ No newline at end of file
+b6459ba36ffaca26573025ce4c04438a
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/maven-metadata.xml.sha1 b/repository/iaik/prod/iaik_jce_full/maven-metadata.xml.sha1
index 6ff869214..068cd9d40 100644
--- a/repository/iaik/prod/iaik_jce_full/maven-metadata.xml.sha1
+++ b/repository/iaik/prod/iaik_jce_full/maven-metadata.xml.sha1
@@ -1 +1 @@
-243eff519b9cb4460f68c1ad4f29118a22c56aad
\ No newline at end of file
+7a3567045becfbffc7e97c91664cf3c43a15a9ea
\ No newline at end of file
-- 
cgit v1.2.3


From 1e27484671f068e6a6176556e84d2970b97a606a Mon Sep 17 00:00:00 2001
From: pdanner <pdanner@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Thu, 8 Nov 2007 15:18:19 +0000
Subject: Minor modifications

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1038 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 id/history.txt                                     |  12 +-
 id/readme_1.4.2.txt                                | 237 +++++++++++++++++++++
 id/server/data/deploy/conf/moa-id/log4j.properties |   2 +-
 .../clients/webservice/conf/log4j.properties       |   2 +-
 spss/handbook/conf/moa-spss/log4j.properties       |   4 +-
 spss/server/history.txt                            |   9 +
 6 files changed, 260 insertions(+), 6 deletions(-)
 create mode 100644 id/readme_1.4.2.txt

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/history.txt b/id/history.txt
index 6370accf3..4f87b1a4e 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -2,6 +2,13 @@ Dieses Dokument zeigt die Ver
 von MOA-ID auf.
 
 History MOA-ID:
+=====
+Version MOA-ID 1.4.2: Änderungen seit Version MOA-ID 1.4.2 beta2:
+
+- IAIK Libraries aktualisiert:
+   Versionsnummern:
+     iaik-jce:           Version 3.16_MOA
+     iaik-cms:           Version 4.0_MOA
 
 =====
 Version MOA-ID 1.4.2 beta2: Änderungen seit Version MOA-ID 1.4.2 beta1:
@@ -13,8 +20,9 @@ Verbesserungen/Erweiterungen:
   Vetreterdaten durch die des Vertretenen zu ersetzen. Somit können in diesem 
   Modus Applikationen Vollmachten benutzen ohne modifiziert werden zu müssen  
 
-- Vertretung durch berufliche Parteienvertreter kann durch Einsatz als Infobox 
-  Validator (Validatorklasse ParepValidator) durchgeführt werden
+- Integration berufliche Parteienvertretung gemäß §5 Abs.3 E-GovG. Vertretung 
+  durch berufliche Parteienvertreter kann durch Einsatz eines Infobox Validators
+  (Validatorklasse ParepValidator) durchgeführt werden.
   
 - Neue A-Trust Testzertifikate für Tespersonenbindungen in die Testprofile 
   aufgenommen.
diff --git a/id/readme_1.4.2.txt b/id/readme_1.4.2.txt
new file mode 100644
index 000000000..dc87f8dc6
--- /dev/null
+++ b/id/readme_1.4.2.txt
@@ -0,0 +1,237 @@
+===============================================================================
+MOA ID Version 1.4.2 - Wichtige Informationen zur Installation
+===============================================================================
+
+-------------------------------------------------------------------------------
+A. Neuerungen/Änderungen
+-------------------------------------------------------------------------------
+
+Mit MOA ID Version 1.4.2 wurden folgende Neuerungen eingeführt, die jetzt 
+erstmals in der Veröffentlichung enthalten sind (siehe auch history.txt im 
+gleichen Verzeichnis):
+
+- Vollmachtsprüfung in MOA-ID integriert
+
+- MOA-ID kann Vollmachten in einem Kompatibilitätsmodus dazu benutzen 
+  Vetreterdaten durch die des Vertretenen zu ersetzen. Somit können in diesem 
+  Modus Applikationen Vollmachten benutzen ohne modifiziert werden zu müssen  
+
+- Integration berufliche Parteienvertretung gemäß §5 Abs.3 E-GovG. Vertretung 
+  durch berufliche Parteienvertreter kann durch Einsatz eines Infobox Validators
+  (Validatorklasse ParepValidator) durchgeführt werden.
+  
+- Neue A-Trust Testzertifikate für Tespersonenbindungen in die Testprofile 
+  aufgenommen.
+  
+- Infobox Validatoren können über das Servlet InputProcessor Daten nachfordern 
+  und Formulare für den Datenfluss zur Verfügung stellen. Die Klasse die die 
+  Realisierung des Form Input Prozessors enthält, wird in der Passage für die 
+  Infobox-Validatoren der MOA-ID Konfiguration angegeben.
+     
+-------------------------------------------------------------------------------
+B. Durchführung eines Updates
+-------------------------------------------------------------------------------
+
+Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch
+eine Aktualisierung bestehender Installationen möglich.
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 1.4.1 (oder 1.4.2 beta 1)
+...............................................................................
+
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+   
+2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.2.zip) in
+   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
+   bezeichnet.   
+
+3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+   JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach.
+
+4. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\ext in das 
+   Verzeichnis JAVA_HOME\jre\lib\ext.
+
+5. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
+   auch das komplette Verzeichnis moa-id-auth.
+   
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+   CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die vier Dateien aus dem Verzeichnis  
+   MOA_ID_AUTH_INST/conf/moa-id/transforms in das Verzeichnis transforms Ihres
+   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
+   davon ausgegangen).
+   
+8. Kopieren Sie die vier Dateien aus dem Verzeichnis 
+   MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
+   Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_SPSS/conf/moa-spss, wobei 
+   CATALINA_HOME_SPSS für das Basisverzeichnis der Tomcat-Installation 
+   für MOA SPSS steht; wenn Sie MOA SPSS nicht als eigenes Webservice 
+   betreiben, sondern es von MOA ID über die API-Schnittstelle angesprochen
+   wird, lautet dieses Stammverzeichnis für gewöhnlich
+   CATALINA_HOME_ID/conf/moa-spss; in weiterer Folge wird von letzterer 
+   Variante ausgegangen).   
+
+9. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+   Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
+
+...............................................................................
+B.2 Durchführung eines Updates von Version 1.3.1, 1.3.2 oder 1.3.3
+...............................................................................
+
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+   
+2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.2.zip) in
+   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
+   bezeichnet.   
+
+3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+   JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach.
+
+4. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\ext in das 
+   Verzeichnis JAVA_HOME\jre\lib\ext.
+
+5. Erstellen Sie eine Sicherungskopie aller Dateien im Verzeichnis 
+   CATALINA_HOME\common\endorsed und löschen Sie die dort eventuell vorhandene 
+   Dateien xmlParserAPIs.jar
+   
+6. Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\endorsed
+   in das Verzeichnis CATALINA_HOME\common\endorsed. Überschreiben Sie dabei
+   etwaige gleichnamige Dateien.
+	 
+7. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
+   auch das komplette Verzeichnis moa-id-auth.
+   
+8. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+   CATALINA_HOME_ID/webapps.
+   
+9. Kopieren Sie die vier Dateien aus dem Verzeichnis  
+   MOA_ID_AUTH_INST/conf/moa-id/transforms in das Verzeichnis transforms Ihres
+   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
+   davon ausgegangen).
+   
+10.Kopieren Sie die vier Dateien aus dem Verzeichnis 
+   MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
+   Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_SPSS/conf/moa-spss, wobei 
+   CATALINA_HOME_SPSS für das Basisverzeichnis der Tomcat-Installation 
+   für MOA SPSS steht; wenn Sie MOA SPSS nicht als eigenes Webservice 
+   betreiben, sondern es von MOA ID über die API-Schnittstelle angesprochen
+   wird, lautet dieses Stammverzeichnis für gewöhnlich
+   CATALINA_HOME_ID/conf/moa-spss; in weiterer Folge wird von letzterer 
+   Variante ausgegangen).   
+
+11.Update des Cert-Stores.
+   Kopieren Sie den Inhalt des Verzeichnisses
+   MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+   CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie 
+   vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann 
+   bejahen sie das.
+
+12.Sollen zusätzliche Templates für ältere Bürgerkartenumgebungen aktiviert
+   werden, öffnen Sie die XML-Konfiguration von MOA ID (für gewöhnlich finden 
+   Sie diese XML-Datei direkt im Stammverzeichnis für die MOA ID Konfiguration, 
+   z.B. CATALINA_HOME_ID/conf/moa-id/SampleMOAIDConfiguration.xml); führen Sie 
+   folgende Modifikationen an der XML-Konfiguration durch:
+   
+   a. Ändern Sie die applikationsübergreifende Konfiguration der AuthBlock
+      Transformationen. Sie finden diese Konfiguration im XML-Element
+      /MOA-IDConfiguration/AuthComponent/SecurityLayer. Fügen Sie zusätzlich zum
+      bisherigen Inhalt dieses Elements (für gewöhnlich ein Element
+      TransformsInfo, dessen Attribut filname den Wert
+      transforms/TransformsInfoAuthBlockText.xml aufweist) ein Element 
+      TransformsInfo an, dessen Attribut filename auf die Datei für ältere BKU 
+      zeigt. Sie können auch auf die vordefinierten Elemente aus den 
+      Musterkonfigurationen dieser Distribution (
+      MOA_ID_AUTH_INST/conf/moa-id/SampleMOAIDConfiguration.xml) zurückgreifen.
+      
+   b. Fügen Sie Profilbezeichner für die Transformationsprofile in der
+      Konfiguration für MOA SP an. Sie finden diesen Bezeichner im XML-
+      Element /MOA-IDConfiguration/AuthComponent/MOA-SP/VerifyAuthBlock.
+      Hängen Sie ein Element VerifyTransformsInfoProfileID an, das für die Über-
+      prüfung der Transformation älterer BKU vorgesehen ist.
+      Siehe auch Inhalt des Elements VerifyAuthBlock aus der Musterkonfiguration 
+      dieser Distribution (
+      MOA_ID_AUTH_INST/conf/moa-id/SampleMOAIDConfiguration.xml).
+      
+   c. Ändern Sie gegebenenfalls die applikationsspezifische Konfiguration
+      der Authblock-Tranformationen. Führen Sie dazu die folgende Tätigkeit
+      für jedes XML-Element /MOA-IDConfiguration/OnlineApplicaton/AuthComponent
+      durch: Fügen Sie zusätzlich zu einem bestehenden Element TransformsInfo 
+      ein Elemnet TransformsInfo an, das die Transformation für ältere BKU 
+      enthält - gleich wie dies bereits in Schritt a. durchgeführt wurde (wenn 
+      Sie dieses Element nicht vorfinden, oder es auskommentiert ist, muss 
+      Schritt c. nicht durchgeführt werden).
+      
+   Öffnen Sie die XML-Konfiguration von MOA SPSS (für gewöhnlich finden Sie 
+   XML-Datei direkt im Stammverzeichnisses für die MOA SPSS Konfiguration, z.B.
+   CATALINA_HOME_ID/conf/moa-spss/SampleMOASPSSConfiguration.xml); führen Sie 
+   folgende Modifikationen an der XML-Konfiguration durch:
+   
+   a. Ändern Sie die konfigurierten Profile für die zulässigen Transformationen
+      über die signierten Daten. Sie finden diese Profile am Ende der XML-Konfi-
+      guration von MOA SPSS (Elemente des Namens 
+      cfg:VerifyTransformsInfoProfile). Fügen Sie zusätzlich zu den vorkommenden 
+      Elementen dieses Namens (für gewöhnlich zwei Elemente) zwei weitere 
+      Elemente dieses Namens hinzu, die die Profile für die älteren Bürger-
+      kartenumgebungen aufnehmen - diese sind durch den Namensteil "_deprecated" 
+      gekennzeichnet (siehe auch Musterkonfigurationen dieser Distribution 
+      MOA_ID_AUTH_INST/conf/moa-spss/SampleMOASPSSConfiguration.xml).
+      
+13.Update der Trust-Profile. Achten sie bei Case-sensitiven Betriebssystemen auf 
+   die Profilbezeichnungen. Aus trustprofiles wurde trustProfiles.  
+   Wenn Sie Ihre alten Trust-Profile durch die neuen ersetzen wollen, dann gehen  
+   Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile beibehalten 
+   wollen, dann gehen Sie vor, wie in Punkt b).
+	
+   a.	Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+	
+    1)	Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+    2)	Kopieren Sie das Verzeichnis 
+        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis 
+        CATALINA_HOME\conf\moa-spss.
+		
+   b.	Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie folgt
+      	vor, um die Profile auf den aktuellen Stand zu bringen:
+	  
+    1)  Benennen Sie ein eventuell vorhandenes Verzeichnis trustprofiles in
+        trustProfiles um (vergessen Sie nicht, diese Änderung in Ihrer MOA-SP/SS
+        Konfigurationsdatei ebenfalls zu berücksichtigen und benennen Sie dort 
+        alle gleichartigen Vorkommen von trustprofiles in trustProfiles um)
+	
+    2)	Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den 
+        entsprechenden Profilen im Verzeichnis 
+        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren 
+        Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt der 
+        einzelnen Profile aus der Distribution (
+        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden 
+        Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) 
+        kopieren und dabei die vorhandenen gleichnamigen Zertifikate 
+        überschreiben), also z.B: Kopieren des Inhalts von 
+        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach 
+        CATALINA_HOME\conf\moa-spss\trustProfiles\
+        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+14.Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+   Logging von MOA ID beim Einlesen der erneuerten Konfiguration.     
+
+...............................................................................
+B.3 Durchführung eines Updates von einer älteren Version
+...............................................................................
+
+Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen
+Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter 
+Zuhilfenahme Ihrer bisherigen Konfiguration an.
+
diff --git a/id/server/data/deploy/conf/moa-id/log4j.properties b/id/server/data/deploy/conf/moa-id/log4j.properties
index debdb146c..0f31f4891 100644
--- a/id/server/data/deploy/conf/moa-id/log4j.properties
+++ b/id/server/data/deploy/conf/moa-id/log4j.properties
@@ -17,7 +17,7 @@ log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20.2
 
 # configure the rolling file appender (R)
 log4j.appender.R=org.apache.log4j.RollingFileAppender
-log4j.appender.R.File=${catalina.home}/logs/moa-id.log
+log4j.appender.R.File=${catalina.base}/logs/moa-id.log
 log4j.appender.R.MaxFileSize=10000KB
 log4j.appender.R.MaxBackupIndex=1
 log4j.appender.R.layout=org.apache.log4j.PatternLayout
diff --git a/spss/handbook/clients/webservice/conf/log4j.properties b/spss/handbook/clients/webservice/conf/log4j.properties
index acef53003..bf7c98c0c 100644
--- a/spss/handbook/clients/webservice/conf/log4j.properties
+++ b/spss/handbook/clients/webservice/conf/log4j.properties
@@ -17,7 +17,7 @@ log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20.2
 
 # configure the rolling file appender (R)
 log4j.appender.R=org.apache.log4j.RollingFileAppender
-log4j.appender.R.File=${catalina.home}/logs/moa-id.log
+log4j.appender.R.File=${catalina.base}/logs/moa-id.log
 log4j.appender.R.MaxFileSize=10000KB
 log4j.appender.R.MaxBackupIndex=1
 log4j.appender.R.layout=org.apache.log4j.PatternLayout
diff --git a/spss/handbook/conf/moa-spss/log4j.properties b/spss/handbook/conf/moa-spss/log4j.properties
index f6abfd495..02b767b87 100644
--- a/spss/handbook/conf/moa-spss/log4j.properties
+++ b/spss/handbook/conf/moa-spss/log4j.properties
@@ -16,10 +16,10 @@ log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
 log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c |  %10t | %m%n
 
 # Configure the 'moaspss' appender to write moa-spss related logging output
-# to the file '${catalina.home}/logs/moa-spss.log'. The file is rolled over every 1000KB,
+# to the file '${catalina.base}/logs/moa-spss.log'. The file is rolled over every 1000KB,
 # and a maximum history of 10 log files is being kept.
 log4j.appender.moaspss=org.apache.log4j.RollingFileAppender
-log4j.appender.moaspss.File=${catalina.home}/logs/moa-spss.log
+log4j.appender.moaspss.File=${catalina.base}/logs/moa-spss.log
 log4j.appender.moaspss.MaxFileSize=1000KB
 log4j.appender.moaspss.MaxBackupIndex=10
 log4j.appender.moaspss.layout=org.apache.log4j.PatternLayout
diff --git a/spss/server/history.txt b/spss/server/history.txt
index 55e595d9d..de661156b 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -1,3 +1,12 @@
+##############
+1.4.2
+##############
+
+- IAIK Libraries aktualisiert:
+   Versionsnummern:
+     iaik-jce:           Version 3.16_MOA
+     iaik-cms:           Version 4.0_MOA
+
 ##############
 1.4.2 beta1
 ##############
-- 
cgit v1.2.3


From de1331212b42603ed762ec69c234b32a71fa764d Mon Sep 17 00:00:00 2001
From: pdanner <pdanner@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Fri, 16 Nov 2007 15:18:03 +0000
Subject: Refined Eclipse WTP settings; changed standard configuration

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1041 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 common/.classpath                                  |    1 +
 common/.project                                    |   13 +
 common/.settings/org.eclipse.jdt.core.prefs        |   13 +-
 common/.settings/org.eclipse.wst.common.component  |    8 +
 .../org.eclipse.wst.common.project.facet.core.xml  |    7 +
 .../schemas/MOA-ID-Configuration-1.4.2.xsd         | 1107 +++++++++++---------
 id/history.txt                                     |    4 +
 id/server/auth/.project                            |    5 +-
 .../auth/.settings/org.eclipse.jdt.core.prefs      |    7 +-
 .../.settings/org.eclipse.wst.common.component     |    5 +-
 .../conf/moa-id/SampleMOAIDConfiguration.xml       |   22 +-
 .../conf/moa-id/SampleMOAIDConfigurationProxy.xml  |   22 +-
 .../SampleMOAIDConfiguration_withTestBKs.xml       |   22 +-
 .../SampleMOAIDConfiguration_withTestBKsProxy.xml  |   22 +-
 .../conf/moa-id/SampleMOAWIDConfiguration.xml      |   24 +-
 .../conf/moa-id/SampleMOAWIDConfigurationProxy.xml |   24 +-
 .../SampleMOAWIDConfiguration_withTestBKs.xml      |   24 +-
 .../SampleMOAWIDConfiguration_withTestBKsProxy.xml |   24 +-
 .../idserverlib/src/main/java/META-INF/MANIFEST.MF |    3 -
 .../moa/id/auth/AuthenticationServer.java          |   16 +-
 .../moa/id/auth/MOAIDAuthConstants.java            |    2 +
 .../auth/builder/GetIdentityLinkFormBuilder.java   |    1 -
 .../auth/servlet/StartAuthenticationServlet.java   |    2 +-
 .../moa/id/config/ConfigurationBuilder.java        |    2 +
 .../moa/id/config/auth/VerifyInfoboxParameter.java |   27 +
 .../resources/properties/id_messages_de.properties |    1 +
 .../resources/templates/ParepMinTemplate.html      |   14 +-
 .../resources/templates/ParepTemplate.html         |   14 +-
 .../test/abnahme/A/Test100StartAuthentication.java |   15 +-
 .../test/java/test/abnahme/AbnahmeTestCase.java    |    1 +
 .../moa/id/auth/AuthenticationServerTest.java      |    2 +-
 spss/server/serverlib/.classpath                   |    2 +-
 32 files changed, 838 insertions(+), 618 deletions(-)
 create mode 100644 common/.settings/org.eclipse.wst.common.component
 create mode 100644 common/.settings/org.eclipse.wst.common.project.facet.core.xml
 delete mode 100644 id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/common/.classpath b/common/.classpath
index 01edb156d..220005c68 100644
--- a/common/.classpath
+++ b/common/.classpath
@@ -5,5 +5,6 @@
 	<classpathentry excluding="**" kind="src" output="src/main/resources" path="src/main/resources"/>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
 	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+	<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/>
 	<classpathentry kind="output" path="target/classes"/>
 </classpath>
diff --git a/common/.project b/common/.project
index d8e7fc611..57d49b107 100644
--- a/common/.project
+++ b/common/.project
@@ -5,6 +5,11 @@
 	<projects>
 	</projects>
 	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.wst.common.project.facet.core.builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
 		<buildCommand>
 			<name>org.eclipse.jdt.core.javabuilder</name>
 			<arguments>
@@ -15,9 +20,17 @@
 			<arguments>
 			</arguments>
 		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.wst.validation.validationbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
 	</buildSpec>
 	<natures>
 		<nature>org.eclipse.jdt.core.javanature</nature>
 		<nature>org.maven.ide.eclipse.maven2Nature</nature>
+		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
+		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
+		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
 	</natures>
 </projectDescription>
diff --git a/common/.settings/org.eclipse.jdt.core.prefs b/common/.settings/org.eclipse.jdt.core.prefs
index 99f54a8bf..88a20b6aa 100644
--- a/common/.settings/org.eclipse.jdt.core.prefs
+++ b/common/.settings/org.eclipse.jdt.core.prefs
@@ -1,5 +1,12 @@
-#Wed Sep 12 10:16:21 CEST 2007
+#Fri Nov 16 14:43:51 CET 2007
 eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
+org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.2
+org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
 org.eclipse.jdt.core.compiler.compliance=1.4
-org.eclipse.jdt.core.compiler.source=1.4
+org.eclipse.jdt.core.compiler.debug.lineNumber=generate
+org.eclipse.jdt.core.compiler.debug.localVariable=generate
+org.eclipse.jdt.core.compiler.debug.sourceFile=generate
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=warning
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=warning
+org.eclipse.jdt.core.compiler.source=1.3
diff --git a/common/.settings/org.eclipse.wst.common.component b/common/.settings/org.eclipse.wst.common.component
new file mode 100644
index 000000000..41f61a290
--- /dev/null
+++ b/common/.settings/org.eclipse.wst.common.component
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+    <wb-module deploy-name="moa-common">
+        <wb-resource deploy-path="/" source-path="/src/main/java"/>
+        <wb-resource deploy-path="/" source-path="/src/test/java"/>
+        <wb-resource deploy-path="/" source-path="/src/main/resources"/>
+    </wb-module>
+</project-modules>
diff --git a/common/.settings/org.eclipse.wst.common.project.facet.core.xml b/common/.settings/org.eclipse.wst.common.project.facet.core.xml
new file mode 100644
index 000000000..8b6262d32
--- /dev/null
+++ b/common/.settings/org.eclipse.wst.common.project.facet.core.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<faceted-project>
+  <fixed facet="jst.utility"/>
+  <fixed facet="jst.java"/>
+  <installed facet="jst.java" version="1.4"/>
+  <installed facet="jst.utility" version="1.0"/>
+</faceted-project>
diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.2.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.2.xsd
index 16ff4a564..4488a1eda 100644
--- a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.2.xsd
+++ b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.2.xsd
@@ -1,508 +1,615 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->
-<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1">
-  <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
-  <xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
-  <xsd:element name="Configuration">
-    <xsd:complexType>
-      <xsd:sequence>
-        <xsd:element name="LoginType" type="LoginType" default="stateful"/>
-        <xsd:element name="Binding" minOccurs="0">
-          <xsd:simpleType>
-            <xsd:restriction base="xsd:string">
-              <xsd:enumeration value="full"/>
-              <xsd:enumeration value="userName"/>
-              <xsd:enumeration value="none"/>
-            </xsd:restriction>
-          </xsd:simpleType>
-        </xsd:element>
-        <xsd:choice>
-          <xsd:element ref="ParamAuth"/>
-          <xsd:element ref="BasicAuth"/>
-          <xsd:element ref="HeaderAuth"/>
-        </xsd:choice>
-      </xsd:sequence>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:simpleType name="LoginType">
-    <xsd:restriction base="xsd:token">
-      <xsd:enumeration value="stateless"/>
-      <xsd:enumeration value="stateful"/>
-    </xsd:restriction>
-  </xsd:simpleType>
-  <xsd:element name="ParamAuth">
-    <xsd:complexType>
-      <xsd:sequence>
-        <xsd:element ref="Parameter" maxOccurs="unbounded"/>
-      </xsd:sequence>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:element name="Parameter">
-    <xsd:complexType>
-      <xsd:attribute name="Name" type="xsd:token" use="required"/>
-      <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:element name="BasicAuth">
-    <xsd:complexType>
-      <xsd:sequence>
-        <xsd:element name="UserID" type="MOAAuthDataType"/>
-        <xsd:element name="Password" type="MOAAuthDataType"/>
-      </xsd:sequence>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:element name="HeaderAuth">
-    <xsd:complexType>
-      <xsd:sequence>
-        <xsd:element ref="Header" maxOccurs="unbounded"/>
-      </xsd:sequence>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:element name="Header">
-    <xsd:complexType>
-      <xsd:attribute name="Name" type="xsd:token" use="required"/>
-      <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:simpleType name="MOAAuthDataType">
-    <xsd:restriction base="xsd:token">
-      <xsd:enumeration value="MOAGivenName"/>
-      <xsd:enumeration value="MOAFamilyName"/>
-      <xsd:enumeration value="MOADateOfBirth"/>
-      <xsd:enumeration value="MOABPK"/>
-      <xsd:enumeration value="MOAWBPK"/>
-      <xsd:enumeration value="MOAPublicAuthority"/>
-      <xsd:enumeration value="MOABKZ"/>
-      <xsd:enumeration value="MOAQualifiedCertificate"/>
-      <xsd:enumeration value="MOAStammzahl"/>
-      <xsd:enumeration value="MOAIdentificationValueType"/>
-      <xsd:enumeration value="MOAIPAddress"/>
-    </xsd:restriction>
-  </xsd:simpleType>
-  <xsd:simpleType name="MOAKeyBoxSelector">
-    <xsd:restriction base="xsd:token">
-      <xsd:enumeration value="SecureSignatureKeypair"/>
-      <xsd:enumeration value="CertifiedKeypair"/>
-    </xsd:restriction>
-  </xsd:simpleType>
-  <!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
-  <xsd:element name="MOA-IDConfiguration">
-    <xsd:complexType>
-      <xsd:sequence>
-        <xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
-          <xsd:annotation>
-            <xsd:documentation>enthält Parameter der 
-							Authentisierungs-Komponente</xsd:documentation>
-          </xsd:annotation>
-        </xsd:element>
-        <xsd:element name="ProxyComponent" minOccurs="0">
-          <xsd:annotation>
-            <xsd:documentation>enthält Konfigurationsparameter der 
-							Proxy-Komponente</xsd:documentation>
-          </xsd:annotation>
-          <xsd:complexType>
-            <xsd:sequence>
-              <xsd:element name="AuthComponent">
-                <xsd:annotation>
-                  <xsd:documentation>enthält Parameter für die Kommunikation zw. 
-										Proxykomponente und Authenttisierungskomponente</xsd:documentation>
-                </xsd:annotation>
-                <xsd:complexType>
-                  <xsd:sequence>
-                    <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-                      <xsd:annotation>
-                        <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der 
-													Proxy-Komponente zur Auth-Komponente (vgl. 
-													AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
-                      </xsd:annotation>
-                    </xsd:element>
-                  </xsd:sequence>
-                </xsd:complexType>
-              </xsd:element>
-            </xsd:sequence>
-          </xsd:complexType>
-        </xsd:element>
-        <xsd:element name="OnlineApplication" maxOccurs="unbounded">
-          <xsd:annotation>
-            <xsd:documentation>enthält Parameter für die OA</xsd:documentation>
-          </xsd:annotation>
-          <xsd:complexType>
-            <xsd:complexContent>
-              <xsd:extension base="OnlineApplicationType">
-                <xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
-                <xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
-                <xsd:attribute name="type" use="optional" default="publicService">
-                  <xsd:simpleType>
-                    <xsd:restriction base="xsd:NMTOKEN">
-                      <xsd:enumeration value="businessService"/>
-                      <xsd:enumeration value="publicService"/>
-                    </xsd:restriction>
-                  </xsd:simpleType>
-                </xsd:attribute>
-                <xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
-              </xsd:extension>
-            </xsd:complexContent>
-          </xsd:complexType>
-        </xsd:element>
-        <xsd:element name="ChainingModes" minOccurs="0">
-          <xsd:annotation>
-            <xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die 
-							Zertifikatspfadvalidierung</xsd:documentation>
-          </xsd:annotation>
-          <xsd:complexType>
-            <xsd:sequence minOccurs="0" maxOccurs="unbounded">
-              <xsd:element name="TrustAnchor">
-                <xsd:annotation>
-                  <xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann 
-										für jeden TrustAnchor gesetzt werden</xsd:documentation>
-                </xsd:annotation>
-                <xsd:complexType>
-                  <xsd:complexContent>
-                    <xsd:extension base="dsig:X509IssuerSerialType">
-                      <xsd:attribute name="mode" type="ChainingModeType" use="required"/>
-                    </xsd:extension>
-                  </xsd:complexContent>
-                </xsd:complexType>
-              </xsd:element>
-            </xsd:sequence>
-            <xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
-          </xsd:complexType>
-        </xsd:element>
-        <xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
-          <xsd:annotation>
-            <xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA 
-							(Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
-          </xsd:annotation>
-        </xsd:element>
-        <xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
-          <xsd:complexType>
-            <xsd:attribute name="name" use="required">
-              <xsd:simpleType>
-                <xsd:restriction base="xsd:string">
-                  <xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
-                  <xsd:enumeration value="AuthenticationSession.TimeOut"/>
-                  <xsd:enumeration value="AuthenticationData.TimeOut"/>
-                  <xsd:enumeration value="TrustManager.RevocationChecking"/>
-                  <xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
-                  <xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
-                  <xsd:enumeration value="AuthenticationServer.KeepAssertion"/>
-                  <xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>
-                </xsd:restriction>
-              </xsd:simpleType>
-            </xsd:attribute>
-            <xsd:attribute name="value" type="xsd:string" use="required"/>
-          </xsd:complexType>
-        </xsd:element>
-      </xsd:sequence>
-    </xsd:complexType>
-  </xsd:element>
-  <xsd:complexType name="AuthComponentType">
-    <xsd:sequence>
-      <xsd:element name="BKUSelection" minOccurs="0">
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
-          </xsd:sequence>
-          <xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
-        </xsd:complexType>
-      </xsd:element>
-      <xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
-      <xsd:element name="SecurityLayer">
-        <xsd:annotation>
-          <xsd:documentation>enthält Parameter für die Kommunikation mit dem 
-						Security-Layer</xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
-          </xsd:sequence>
-        </xsd:complexType>
-      </xsd:element>
-      <xsd:element name="MOA-SP">
-        <xsd:annotation>
-          <xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA 
-						SP Modul</xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-              <xsd:annotation>
-                <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der 
-									AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; 
-									wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; 
-									wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben 
-									werden; wird das Element nicht verwendet dann wird MOA-SP über das API 
-									aufgerufen</xsd:documentation>
-              </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="VerifyIdentityLink">
-              <xsd:annotation>
-                <xsd:documentation>enthält Parameter für die Überprüfung der 
-									Personenbindung</xsd:documentation>
-              </xsd:annotation>
-              <xsd:complexType>
-                <xsd:sequence>
-                  <xsd:element ref="TrustProfileID"/>
-                </xsd:sequence>
-              </xsd:complexType>
-            </xsd:element>
-            <xsd:element name="VerifyAuthBlock">
-              <xsd:annotation>
-                <xsd:documentation>enthält Parameter für die Überprüfung des 
-									AUTH-Blocks</xsd:documentation>
-              </xsd:annotation>
-              <xsd:complexType>
-                <xsd:sequence>
-                  <xsd:element ref="TrustProfileID"/>
-                  <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
-                </xsd:sequence>
-              </xsd:complexType>
-            </xsd:element>
-          </xsd:sequence>
-        </xsd:complexType>
-      </xsd:element>
-      <xsd:element name="IdentityLinkSigners" minOccurs="0">
-        <xsd:annotation>
-          <xsd:documentation>enthält Informationen über akzeptierte Signers des 
-						IdentityLinks</xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
-              <xsd:annotation>
-                <xsd:documentation>akzeptierte Signer des IdentityLinks werden per 
-									X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
-              </xsd:annotation>
-            </xsd:element>
-          </xsd:sequence>
-        </xsd:complexType>
-      </xsd:element>
-      <xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
-        <xsd:annotation>
-          <xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
-        </xsd:annotation>
-      </xsd:element>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="TransformsInfoType">
-    <xsd:annotation>
-      <xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem 
-				Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo 
-				werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks 
-				inkludiert</xsd:documentation>
-    </xsd:annotation>
-    <xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
-  </xsd:complexType>
-  <xsd:complexType name="TemplatesType">
-    <xsd:sequence>
-      <xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
-      <xsd:element name="Template" type="TemplateType" minOccurs="0"/>
-      <xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="TemplateType">
-    <xsd:annotation>
-      <xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
-    </xsd:annotation>
-    <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
-  </xsd:complexType>
-  <xsd:complexType name="VerifyInfoboxesType">
-    <xsd:annotation>
-      <xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
-    </xsd:annotation>
-    <xsd:sequence>
-      <xsd:element name="DefaultTrustProfile" minOccurs="0">
-        <xsd:annotation>
-          <xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:element ref="TrustProfileID"/>
-          </xsd:sequence>
-        </xsd:complexType>
-      </xsd:element>
-      <xsd:element name="Infobox" maxOccurs="unbounded">
-        <xsd:annotation>
-          <xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
-              <xsd:annotation>
-                <xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll;
-								z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird
-								das Identifier-Attribut verwendet</xsd:documentation>
-              </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
-              <xsd:annotation>
-                <xsd:documentation>TrustProfil, das für die Überprüfung der Infobox
-								verwendet werden soll</xsd:documentation>
-              </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
-              <xsd:annotation>
-                <xsd:documentation>Validatorklasse, die für die Prüfung der Infobox
-								verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname
-								vom Default Package- und Klassennamen abweichen</xsd:documentation>
-              </xsd:annotation>
-            </xsd:element>
-            <xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
-            <xsd:element name="ApplicationSpecificParameters" minOccurs="0">
-              <xsd:annotation>
-                <xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation
-									 übergeben werden</xsd:documentation>
-              </xsd:annotation>
-              <xsd:complexType>
-                <xsd:sequence>
-                  <xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
-                </xsd:sequence>
-              </xsd:complexType>
-            </xsd:element>
-          </xsd:sequence>
-          <xsd:attribute name="Identifier" type="xsd:string" use="required"/>
-          <xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
-          <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
-          <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
-        </xsd:complexType>
-      </xsd:element>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="SchemaLocationType">
-    <xsd:annotation>
-      <xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
-    </xsd:annotation>
-    <xsd:sequence>
-      <xsd:element name="Schema" maxOccurs="unbounded">
-        <xsd:complexType>
-          <xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
-          <xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
-        </xsd:complexType>
-      </xsd:element>
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="ProxyComponentType"/>
-  <xsd:complexType name="OnlineApplicationType">
-    <xsd:sequence>
-      <xsd:element name="AuthComponent" minOccurs="0">
-        <xsd:annotation>
-          <xsd:documentation>enthält Parameter über die OA, die die 
-						Authentisierungs-Komponente betreffen</xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexType>
-          <xsd:sequence>
-            <!--xsd:element name="IdentificationNumber" minOccurs="0">
+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.2">
+	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
+	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
+	<xsd:element name="Configuration">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="LoginType" type="LoginType" default="stateful"/>
+				<xsd:element name="Binding" minOccurs="0">
+					<xsd:simpleType>
+						<xsd:restriction base="xsd:string">
+							<xsd:enumeration value="full"/>
+							<xsd:enumeration value="userName"/>
+							<xsd:enumeration value="none"/>
+						</xsd:restriction>
+					</xsd:simpleType>
+				</xsd:element>
+				<xsd:choice>
+					<xsd:element ref="ParamAuth"/>
+					<xsd:element ref="BasicAuth"/>
+					<xsd:element ref="HeaderAuth"/>
+				</xsd:choice>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:simpleType name="LoginType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="stateless"/>
+			<xsd:enumeration value="stateful"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:element name="ParamAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="Parameter" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Parameter">
+		<xsd:complexType>
+			<xsd:attribute name="Name" type="xsd:token" use="required"/>
+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="BasicAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="UserID" type="MOAAuthDataType"/>
+				<xsd:element name="Password" type="MOAAuthDataType"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="HeaderAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="Header" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Header">
+		<xsd:complexType>
+			<xsd:attribute name="Name" type="xsd:token" use="required"/>
+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:simpleType name="MOAAuthDataType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="MOAGivenName"/>
+			<xsd:enumeration value="MOAFamilyName"/>
+			<xsd:enumeration value="MOADateOfBirth"/>
+			<xsd:enumeration value="MOABPK"/>
+			<xsd:enumeration value="MOAWBPK"/>
+			<xsd:enumeration value="MOAPublicAuthority"/>
+			<xsd:enumeration value="MOABKZ"/>
+			<xsd:enumeration value="MOAQualifiedCertificate"/>
+			<xsd:enumeration value="MOAStammzahl"/>
+			<xsd:enumeration value="MOAIdentificationValueType"/>
+			<xsd:enumeration value="MOAIPAddress"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="MOAKeyBoxSelector">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="SecureSignatureKeypair"/>
+			<xsd:enumeration value="CertifiedKeypair"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
+	<xsd:element name="MOA-IDConfiguration">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+				<xsd:element name="ProxyComponent" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>enthält Konfigurationsparameter der Proxy-Komponente</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:sequence>
+							<xsd:element name="AuthComponent">
+								<xsd:annotation>
+									<xsd:documentation>enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente</xsd:documentation>
+								</xsd:annotation>
+								<xsd:complexType>
+									<xsd:sequence>
+										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+											<xsd:annotation>
+												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
+											</xsd:annotation>
+										</xsd:element>
+									</xsd:sequence>
+								</xsd:complexType>
+							</xsd:element>
+						</xsd:sequence>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="OnlineApplication" maxOccurs="unbounded">
+					<xsd:annotation>
+						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:complexContent>
+							<xsd:extension base="OnlineApplicationType">
+								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
+								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
+								<xsd:attribute name="type" use="optional" default="publicService">
+									<xsd:simpleType>
+										<xsd:restriction base="xsd:NMTOKEN">
+											<xsd:enumeration value="businessService"/>
+											<xsd:enumeration value="publicService"/>
+										</xsd:restriction>
+									</xsd:simpleType>
+								</xsd:attribute>
+								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
+							</xsd:extension>
+						</xsd:complexContent>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="ChainingModes" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:sequence minOccurs="0" maxOccurs="unbounded">
+							<xsd:element name="TrustAnchor">
+								<xsd:annotation>
+									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden</xsd:documentation>
+								</xsd:annotation>
+								<xsd:complexType>
+									<xsd:complexContent>
+										<xsd:extension base="dsig:X509IssuerSerialType">
+											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>
+										</xsd:extension>
+									</xsd:complexContent>
+								</xsd:complexType>
+							</xsd:element>
+						</xsd:sequence>
+						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
+					<xsd:complexType>
+						<xsd:attribute name="name" use="required">
+							<xsd:simpleType>
+								<xsd:restriction base="xsd:string">
+									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
+									<xsd:enumeration value="AuthenticationSession.TimeOut"/>
+									<xsd:enumeration value="AuthenticationData.TimeOut"/>
+									<xsd:enumeration value="TrustManager.RevocationChecking"/>
+									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
+									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
+									<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>
+									<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>
+								</xsd:restriction>
+							</xsd:simpleType>
+						</xsd:attribute>
+						<xsd:attribute name="value" type="xsd:string" use="required"/>
+					</xsd:complexType>
+				</xsd:element>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="AuthComponentType">
+		<xsd:sequence>
+			<xsd:element name="BKUSelection" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
+					</xsd:sequence>
+					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+			<xsd:element name="SecurityLayer">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter für die Kommunikation mit dem Security-Layer</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="MOA-SP">
+				<xsd:annotation>
+					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+						<xsd:element name="VerifyIdentityLink">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die Überprüfung der Personenbindung</xsd:documentation>
+							</xsd:annotation>
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="TrustProfileID"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="VerifyAuthBlock">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die Überprüfung des AUTH-Blocks</xsd:documentation>
+							</xsd:annotation>
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="TrustProfileID"/>
+									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="IdentityLinkSigners" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Informationen über akzeptierte Signers des IdentityLinks</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
+							<xsd:annotation>
+								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="TransformsInfoType">
+		<xsd:annotation>
+			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert</xsd:documentation>
+		</xsd:annotation>
+		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="TemplatesType">
+		<xsd:sequence>
+			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
+			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>
+			<xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="TemplateType">
+		<xsd:annotation>
+			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
+		</xsd:annotation>
+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="VerifyInfoboxesType">
+		<xsd:annotation>
+			<xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="DefaultTrustProfile" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="TrustProfileID"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="Infobox" type="InfoboxType" minOccurs="0" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="InfoboxType">
+		<xsd:annotation>
+			<xsd:documentation>Parameter zur Überprüfung einzelner Infoboxen</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>TrustProfil, das für die Überprüfung der Infobox verwendet werden soll</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
+			<xsd:element name="ApplicationSpecificParameters" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ParepSpecificParameters" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="CompatibilityMode" minOccurs="0">
+							<xsd:annotation>
+								<xsd:documentation>Legt fest ob Machtgeber und Machtnehmer in den Anmeldedaten ausgetauscht werden sollen. Lediglich die übermittelte Vollmacht gibt dann Aufschluss darüber, dass eine Vertretung vorliegt. Ziel dieses Schalters ist, dass bisherige Applikationen mit Vollmachten und beruflicher Parteienvertretung nachgerüstet werden können, ohne der Erfordernis Änderungen durchführen zu müssen.</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+						<xsd:element ref="EnableInfoboxValidator" minOccurs="0">
+							<xsd:annotation>
+								<xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant.</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+						<xsd:element name="PartyRepresentation" type="PartyRepresentationType">
+							<xsd:annotation>
+								<xsd:documentation>Eigentlicher Konfigurationsteil für berufliche Parteienvertretung</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+		<xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
+		<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+		<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+	</xsd:complexType>
+	<xsd:complexType name="SchemaLocationType">
+		<xsd:annotation>
+			<xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="Schema" maxOccurs="unbounded">
+				<xsd:complexType>
+					<xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
+					<xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ProxyComponentType"/>
+	<xsd:complexType name="OnlineApplicationType">
+		<xsd:sequence>
+			<xsd:element name="AuthComponent" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<!--xsd:element name="IdentificationNumber" minOccurs="0">
 							<xsd:complexType>
 								<xsd:sequence>
 									<xsd:element ref="pr:AbstractSimpleIdentification"/>
 								</xsd:sequence>
 							</xsd:complexType>
 						</xsd:element-->
-            <xsd:element name="IdentificationNumber" minOccurs="0">
-              <xsd:complexType>
-                <xsd:choice>
-                  <xsd:element ref="pr:Firmenbuchnummer"/>
-                  <xsd:element ref="pr:ZMRzahl"/>
-                  <xsd:element ref="pr:Vereinsnummer"/>
-                  <xsd:element ref="pr:ERJPZahl"/>
-                  <xsd:element name="AnyNumber">
-                    <xsd:complexType>
-                      <xsd:simpleContent>
-                        <xsd:extension base="xsd:string">
-                          <xsd:attribute name="Identifier" type="xsd:string" use="required"/>
-                        </xsd:extension>
-                      </xsd:simpleContent>
-                    </xsd:complexType>
-                  </xsd:element>
-                </xsd:choice>
-              </xsd:complexType>
-            </xsd:element>
-            <xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
-            <xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
-            <xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
-          </xsd:sequence>
-          <xsd:attribute name="slVersion" use="optional" default="1.1">
-            <xsd:simpleType>
-              <xsd:restriction base="xsd:string">
-                <xsd:enumeration value="1.1"/>
-                <xsd:enumeration value="1.2"/>
-              </xsd:restriction>
-            </xsd:simpleType>
-          </xsd:attribute>
-          <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
-          <xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
-          <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
-          <xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
-          <!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
-        </xsd:complexType>
-      </xsd:element>
-      <xsd:element name="ProxyComponent" minOccurs="0">
-        <xsd:annotation>
-          <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente 
-						betreffen</xsd:documentation>
-        </xsd:annotation>
-        <xsd:complexType>
-          <xsd:sequence>
-            <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
-              <xsd:annotation>
-                <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente 
-									betreffen</xsd:documentation>
-              </xsd:annotation>
-            </xsd:element>
-          </xsd:sequence>
-          <xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
-          <xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
-          <xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
-          <xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
-          <xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
-        </xsd:complexType>
-      </xsd:element>
-      <!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
-    </xsd:sequence>
-  </xsd:complexType>
-  <xsd:complexType name="ConnectionParameterServerAuthType">
-    <xsd:sequence>
-      <xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
-        <xsd:annotation>
-          <xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der 
-						TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
-        </xsd:annotation>
-      </xsd:element>
-    </xsd:sequence>
-    <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
-  </xsd:complexType>
-  <xsd:complexType name="ConnectionParameterClientAuthType">
-    <xsd:complexContent>
-      <xsd:extension base="ConnectionParameterServerAuthType">
-        <xsd:sequence>
-          <xsd:element name="ClientKeyStore" minOccurs="0">
-            <xsd:annotation>
-              <xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für 
-								die TLS-Client-Authentisierung verwendetwird, enthält</xsd:documentation>
-            </xsd:annotation>
-            <xsd:complexType>
-              <xsd:simpleContent>
-                <xsd:extension base="xsd:anyURI">
-                  <xsd:attribute name="password" type="xsd:string" use="optional"/>
-                </xsd:extension>
-              </xsd:simpleContent>
-            </xsd:complexType>
-          </xsd:element>
-        </xsd:sequence>
-      </xsd:extension>
-    </xsd:complexContent>
-  </xsd:complexType>
-  <xsd:element name="TrustProfileID" type="xsd:string"/>
-  <xsd:simpleType name="ChainingModeType">
-    <xsd:restriction base="xsd:string">
-      <xsd:enumeration value="chaining"/>
-      <xsd:enumeration value="pkix"/>
-    </xsd:restriction>
-  </xsd:simpleType>
-  <xsd:simpleType name="BKUSelectionType">
-    <xsd:restriction base="xsd:token">
-      <xsd:enumeration value="HTMLComplete"/>
-      <xsd:enumeration value="HTMLSelect"/>
-    </xsd:restriction>
-  </xsd:simpleType>
+						<xsd:element name="IdentificationNumber" minOccurs="0">
+							<xsd:complexType>
+								<xsd:choice>
+									<xsd:element ref="pr:Firmenbuchnummer"/>
+									<xsd:element ref="pr:ZMRzahl"/>
+									<xsd:element ref="pr:Vereinsnummer"/>
+									<xsd:element ref="pr:ERJPZahl"/>
+									<xsd:element name="AnyNumber">
+										<xsd:complexType>
+											<xsd:simpleContent>
+												<xsd:extension base="xsd:string">
+													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+												</xsd:extension>
+											</xsd:simpleContent>
+										</xsd:complexType>
+									</xsd:element>
+								</xsd:choice>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
+						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
+					</xsd:sequence>
+					<xsd:attribute name="slVersion" use="optional" default="1.1">
+						<xsd:simpleType>
+							<xsd:restriction base="xsd:string">
+								<xsd:enumeration value="1.1"/>
+								<xsd:enumeration value="1.2"/>
+							</xsd:restriction>
+						</xsd:simpleType>
+					</xsd:attribute>
+					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
+					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ProxyComponent" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
+					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
+					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
+					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
+					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
+				</xsd:complexType>
+			</xsd:element>
+			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ConnectionParameterServerAuthType">
+		<xsd:sequence>
+			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="ConnectionParameterClientAuthType">
+		<xsd:complexContent>
+			<xsd:extension base="ConnectionParameterServerAuthType">
+				<xsd:sequence>
+					<xsd:element name="ClientKeyStore" minOccurs="0">
+						<xsd:annotation>
+							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendetwird, enthält</xsd:documentation>
+						</xsd:annotation>
+						<xsd:complexType>
+							<xsd:simpleContent>
+								<xsd:extension base="xsd:anyURI">
+									<xsd:attribute name="password" type="xsd:string" use="optional"/>
+								</xsd:extension>
+							</xsd:simpleContent>
+						</xsd:complexType>
+					</xsd:element>
+				</xsd:sequence>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:element name="TrustProfileID" type="xsd:string"/>
+	<xsd:simpleType name="ChainingModeType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="chaining"/>
+			<xsd:enumeration value="pkix"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="BKUSelectionType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="HTMLComplete"/>
+			<xsd:enumeration value="HTMLSelect"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:element name="CompatibilityMode" default="false">
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:element name="EnableInfoboxValidator" default="true">
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:element name="AlwaysShowForm" default="false">
+		<xsd:annotation>
+			<xsd:documentation>Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
+		</xsd:annotation>
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:complexType name="InputProcessorType">
+		<xsd:annotation>
+			<xsd:documentation>Kommentar</xsd:documentation>
+		</xsd:annotation>
+		<xsd:attribute name="template" type="xsd:anyURI" use="optional">
+			<xsd:annotation>
+				<xsd:documentation>Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll</xsd:documentation>
+			</xsd:annotation>
+		</xsd:attribute>
+	</xsd:complexType>
+	<xsd:complexType name="PartyRepresentationType">
+		<xsd:sequence>
+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="AlwaysShowForm" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="PartyRepresentativeType">
+		<xsd:sequence>
+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="AlwaysShowForm" minOccurs="0"/>
+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Optionale Verbindungsparameter zu speziellem (SZR-)Gateway</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="oid" use="required">
+			<xsd:annotation>
+				<xsd:documentation>OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>
+			</xsd:annotation>
+			<!--xsd:simpleType>
+				<xsd:restriction/>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="1.2.40.0.10.3.1"/>
+					<xsd:enumeration value="1.2.40.0.10.3.2"/>
+					<xsd:enumeration value="1.2.40.0.10.3.3"/>
+					<xsd:enumeration value="1.2.40.0.10.3.10"/>
+					<xsd:enumeration value="1.2.40.0.10.3.10.IdentifiedVoiceChannel"/>
+				</xsd:restriction>
+			</xsd:simpleType-->
+		</xsd:attribute>
+		<xsd:attribute name="representPhysicalParty" use="optional" default="false">
+			<xsd:annotation>
+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist</xsd:documentation>
+			</xsd:annotation>
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:boolean"/>
+			</xsd:simpleType>
+		</xsd:attribute>
+		<xsd:attribute name="representCorporateParty" use="optional" default="false">
+			<xsd:annotation>
+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)</xsd:documentation>
+			</xsd:annotation>
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:boolean"/>
+			</xsd:simpleType>
+		</xsd:attribute>
+		<xsd:attribute name="representationText" use="optional">
+			<xsd:annotation>
+				<xsd:documentation>Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird</xsd:documentation>
+			</xsd:annotation>
+			<!--xsd:simpleType>
+				<xsd:restriction/>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"/>
+					<xsd:enumeration value="Organwalter"/>
+					<xsd:enumeration value="Parteienvertreter(in) über einen identifizierten Sprachkanal"/>
+				</xsd:restriction>
+			</xsd:simpleType-->
+		</xsd:attribute>
+	</xsd:complexType>
 </xsd:schema>
diff --git a/id/history.txt b/id/history.txt
index 4f87b1a4e..1ac895bb9 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -5,6 +5,10 @@ History MOA-ID:
 =====
 Version MOA-ID 1.4.2: Änderungen seit Version MOA-ID 1.4.2 beta2:
 
+- Das Tag <BKU> in Templates wird jetzt gemäß dem aufrufenden Protokollschema 
+  gesetzt. Damit ist im Falle von SSL/TLS Verbindungen, durchgängige 
+  Konnektivität mit dem gleichen Protokoll gewährleistet
+
 - IAIK Libraries aktualisiert:
    Versionsnummern:
      iaik-jce:           Version 3.16_MOA
diff --git a/id/server/auth/.project b/id/server/auth/.project
index a8a455ff2..c397a88ee 100644
--- a/id/server/auth/.project
+++ b/id/server/auth/.project
@@ -3,6 +3,7 @@
 	<name>moa-id-auth</name>
 	<comment></comment>
 	<projects>
+		<project>moa-common</project>
 		<project>moa-id-lib</project>
 		<project>moa-spss-lib</project>
 	</projects>
@@ -23,12 +24,12 @@
 			</arguments>
 		</buildCommand>
 		<buildCommand>
-			<name>org.maven.ide.eclipse.maven2Builder</name>
+			<name>kr.javanese.devtools.m2wtp.wtpDepBuilder</name>
 			<arguments>
 			</arguments>
 		</buildCommand>
 		<buildCommand>
-			<name>kr.javanese.devtools.m2wtp.wtpDepBuilder</name>
+			<name>org.maven.ide.eclipse.maven2Builder</name>
 			<arguments>
 			</arguments>
 		</buildCommand>
diff --git a/id/server/auth/.settings/org.eclipse.jdt.core.prefs b/id/server/auth/.settings/org.eclipse.jdt.core.prefs
index 1b042e027..63fe7cb8a 100644
--- a/id/server/auth/.settings/org.eclipse.jdt.core.prefs
+++ b/id/server/auth/.settings/org.eclipse.jdt.core.prefs
@@ -1,7 +1,12 @@
-#Fri Sep 14 14:27:19 CEST 2007
+#Fri Nov 16 13:12:23 CET 2007
 eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
 org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
+org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
 org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.debug.lineNumber=generate
+org.eclipse.jdt.core.compiler.debug.localVariable=generate
+org.eclipse.jdt.core.compiler.debug.sourceFile=generate
 org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
 org.eclipse.jdt.core.compiler.problem.enumIdentifier=warning
 org.eclipse.jdt.core.compiler.source=1.4
diff --git a/id/server/auth/.settings/org.eclipse.wst.common.component b/id/server/auth/.settings/org.eclipse.wst.common.component
index f256fdc92..5f3e4a378 100644
--- a/id/server/auth/.settings/org.eclipse.wst.common.component
+++ b/id/server/auth/.settings/org.eclipse.wst.common.component
@@ -10,7 +10,10 @@
 <dependency-type>uses</dependency-type>
 <wb-resource deploy-path="/WEB-INF/LIB" source-path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
 </dependent-module>
+        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
+            <dependency-type>uses</dependency-type>
+        </dependent-module>
 <property name="java-output-path" value="target/classes"/>
-<property name="context-root" value="moa-id-auth"/>
+        <property name="context-root" value="moa-id-auth"/>
 </wb-module>
 </project-modules>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index 8de2fff3c..800d621d0 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -53,18 +53,22 @@
     </MOA-SP>
     
     <VerifyInfoboxes>
-      <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+      <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
+      <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
         <FriendlyName>Vollmachten</FriendlyName>
+        <!--
         <ApplicationSpecificParameters>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-          <!--
           <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
             <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
             <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
           </ConnectionParameter>
           <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          -->
+        </ApplicationSpecificParameters>
+        -->
+        <!-- Konfigurationsteil für berufliche Parteienvertretung -->
+        <ParepSpecificParameters>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
+          <CompatibilityMode>false</CompatibilityMode>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
           <PartyRepresentation>
@@ -83,12 +87,12 @@
             <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
             <!-- Ziviltechniker -->
             <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
               <!- - Standardklasse, die Daten vervollstaendigt - ->
               <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
               <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Standard-Stammzahlenregister-Gateway - ->
+              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
               <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
                 <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
                 <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
@@ -98,8 +102,8 @@
             <!-- Organwalter -->
             <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
           </PartyRepresentation>
-        </ApplicationSpecificParameters>
-      </Infobox>
+        </ParepSpecificParameters>
+      </Infobox?>
     </VerifyInfoboxes>
     
   </AuthComponent>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index 8e15b8872..c5c7ab729 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -53,18 +53,22 @@
     </MOA-SP>
     
     <VerifyInfoboxes>
-      <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+      <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
+      <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
         <FriendlyName>Vollmachten</FriendlyName>
+        <!--
         <ApplicationSpecificParameters>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-          <!--
           <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
             <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
             <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
           </ConnectionParameter>
           <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          -->
+        </ApplicationSpecificParameters>
+        -->
+        <!-- Konfigurationsteil für berufliche Parteienvertretung -->
+        <ParepSpecificParameters>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
+          <CompatibilityMode>false</CompatibilityMode>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
           <PartyRepresentation>
@@ -83,12 +87,12 @@
             <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
             <!-- Ziviltechniker -->
             <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
               <!- - Standardklasse, die Daten vervollstaendigt - ->
               <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
               <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Standard-Stammzahlenregister-Gateway - ->
+              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
               <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
                 <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
                 <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
@@ -98,8 +102,8 @@
             <!-- Organwalter -->
             <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
           </PartyRepresentation>
-        </ApplicationSpecificParameters>
-      </Infobox>
+        </ParepSpecificParameters>
+      </Infobox?>
     </VerifyInfoboxes>
     
   </AuthComponent>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 8d8ab56dc..7a4f79aba 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -62,18 +62,22 @@
     <!--/IdentityLinkSigners-->
 
     <VerifyInfoboxes>
-      <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+      <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
+      <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
         <FriendlyName>Vollmachten</FriendlyName>
+        <!--
         <ApplicationSpecificParameters>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-          <!--
           <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
             <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
             <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
           </ConnectionParameter>
           <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          -->
+        </ApplicationSpecificParameters>
+        -->
+        <!-- Konfigurationsteil für berufliche Parteienvertretung -->
+        <ParepSpecificParameters>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
+          <CompatibilityMode>false</CompatibilityMode>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
           <PartyRepresentation>
@@ -92,12 +96,12 @@
             <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
             <!-- Ziviltechniker -->
             <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
               <!- - Standardklasse, die Daten vervollstaendigt - ->
               <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
               <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Standard-Stammzahlenregister-Gateway - ->
+              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
               <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
                 <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
                 <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
@@ -107,8 +111,8 @@
             <!-- Organwalter -->
             <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
           </PartyRepresentation>
-        </ApplicationSpecificParameters>
-      </Infobox>
+        </ParepSpecificParameters>
+      </Infobox?>
     </VerifyInfoboxes>
 
   </AuthComponent>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index f143387c4..898d707a2 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -61,18 +61,22 @@
     <!--/IdentityLinkSigners-->
 
     <VerifyInfoboxes>
-      <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+      <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
+      <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
         <FriendlyName>Vollmachten</FriendlyName>
+        <!--
         <ApplicationSpecificParameters>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-          <!--
           <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
             <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
             <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
           </ConnectionParameter>
           <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          -->
+        </ApplicationSpecificParameters>
+        -->
+        <!-- Konfigurationsteil für berufliche Parteienvertretung -->
+        <ParepSpecificParameters>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
+          <CompatibilityMode>false</CompatibilityMode>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
           <PartyRepresentation>
@@ -91,12 +95,12 @@
             <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
             <!-- Ziviltechniker -->
             <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
               <!- - Standardklasse, die Daten vervollstaendigt - ->
               <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
               <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Standard-Stammzahlenregister-Gateway - ->
+              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
               <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
                 <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
                 <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
@@ -106,8 +110,8 @@
             <!-- Organwalter -->
             <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
           </PartyRepresentation>
-        </ApplicationSpecificParameters>
-      </Infobox>
+        </ParepSpecificParameters>
+      </Infobox?>
     </VerifyInfoboxes>
 
   </AuthComponent>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index d244dfe2e..98c6e7b1e 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -53,18 +53,22 @@
     </MOA-SP>
     
     <VerifyInfoboxes>
-      <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+      <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
+      <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
         <FriendlyName>Vollmachten</FriendlyName>
+        <!--
         <ApplicationSpecificParameters>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-          <!--
           <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
             <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
             <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
           </ConnectionParameter>
           <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          -->
+        </ApplicationSpecificParameters>
+        -->
+        <!-- Konfigurationsteil für berufliche Parteienvertretung -->
+        <ParepSpecificParameters>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
+          <CompatibilityMode>false</CompatibilityMode>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
           <PartyRepresentation>
@@ -83,23 +87,21 @@
             <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
             <!-- Ziviltechniker -->
             <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
               <!- - Standardklasse, die Daten vervollstaendigt - ->
               <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
               <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Standard-Stammzahlenregister-Gateway - ->
+              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
               <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
                 <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
                 <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
               </ConnectionParameter>
             </PartyRepresentative>
             -->
-            <!-- Organwalter -->
-            <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
           </PartyRepresentation>
-        </ApplicationSpecificParameters>
-      </Infobox>
+        </ParepSpecificParameters>
+      </Infobox?>
     </VerifyInfoboxes>
     
   </AuthComponent>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index a94a7210e..cc37809f2 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -53,18 +53,22 @@
     </MOA-SP>
     
     <VerifyInfoboxes>
-      <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+      <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
+      <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
         <FriendlyName>Vollmachten</FriendlyName>
+        <!--
         <ApplicationSpecificParameters>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-          <!--
           <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
             <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
             <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
           </ConnectionParameter>
           <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          -->
+        </ApplicationSpecificParameters>
+        -->
+        <!-- Konfigurationsteil für berufliche Parteienvertretung -->
+        <ParepSpecificParameters>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
+          <CompatibilityMode>false</CompatibilityMode>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
           <PartyRepresentation>
@@ -83,23 +87,21 @@
             <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
             <!-- Ziviltechniker -->
             <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
               <!- - Standardklasse, die Daten vervollstaendigt - ->
               <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
               <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Standard-Stammzahlenregister-Gateway - ->
+              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
               <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
                 <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
                 <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
               </ConnectionParameter>
             </PartyRepresentative>
             -->
-            <!-- Organwalter -->
-            <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
           </PartyRepresentation>
-        </ApplicationSpecificParameters>
-      </Infobox>
+        </ParepSpecificParameters>
+      </Infobox?>
     </VerifyInfoboxes>
     
   </AuthComponent>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index 7dc11d0c9..217ac226f 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -61,18 +61,22 @@
     <!--/IdentityLinkSigners-->
 
     <VerifyInfoboxes>
-      <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+      <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
+      <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
         <FriendlyName>Vollmachten</FriendlyName>
+        <!--
         <ApplicationSpecificParameters>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-          <!--
           <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
             <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
             <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
           </ConnectionParameter>
           <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          -->
+        </ApplicationSpecificParameters>
+        -->
+        <!-- Konfigurationsteil für berufliche Parteienvertretung -->
+        <ParepSpecificParameters>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
+          <CompatibilityMode>false</CompatibilityMode>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
           <PartyRepresentation>
@@ -91,23 +95,21 @@
             <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
             <!-- Ziviltechniker -->
             <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
               <!- - Standardklasse, die Daten vervollstaendigt - ->
               <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
               <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Standard-Stammzahlenregister-Gateway - ->
+              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
               <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
                 <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
                 <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
               </ConnectionParameter>
             </PartyRepresentative>
             -->
-            <!-- Organwalter -->
-            <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
           </PartyRepresentation>
-        </ApplicationSpecificParameters>
-      </Infobox>
+        </ParepSpecificParameters>
+      </Infobox?>
     </VerifyInfoboxes>
     
   </AuthComponent>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 883076fc2..765c33238 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -61,18 +61,22 @@
     <!--/IdentityLinkSigners-->
 
     <VerifyInfoboxes>
-      <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+      <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
+      <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
         <FriendlyName>Vollmachten</FriendlyName>
+        <!--
         <ApplicationSpecificParameters>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-          <!--
           <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
             <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
             <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
           </ConnectionParameter>
           <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          -->
+        </ApplicationSpecificParameters>
+        -->
+        <!-- Konfigurationsteil für berufliche Parteienvertretung -->
+        <ParepSpecificParameters>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
+          <CompatibilityMode>false</CompatibilityMode>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
           <PartyRepresentation>
@@ -91,23 +95,21 @@
             <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
             <!-- Ziviltechniker -->
             <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"
+            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
               <!- - Standardklasse, die Daten vervollstaendigt - ->
               <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
               <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Standard-Stammzahlenregister-Gateway - ->
+              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
               <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
                 <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
                 <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
               </ConnectionParameter>
             </PartyRepresentative>
             -->
-            <!-- Organwalter -->
-            <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
           </PartyRepresentation>
-        </ApplicationSpecificParameters>
-      </Infobox>
+        </ParepSpecificParameters>
+      </Infobox?>
     </VerifyInfoboxes>
 
   </AuthComponent>
diff --git a/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF b/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF
deleted file mode 100644
index 5e9495128..000000000
--- a/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF
+++ /dev/null
@@ -1,3 +0,0 @@
-Manifest-Version: 1.0
-Class-Path: 
-
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index bac66eeab..caeff905b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -265,7 +265,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
    * @param oaURL online application URL requested
    * @param bkuURL URL of the "B&uuml;rgerkartenumgebung" to be used; 
    *                may be <code>null</code>; in this case, the default location will be used
-   * @param templateURL URL providing an HTML template for the HTML form generated 
+   * @param templateURL URL providing an HTML template for the HTML form generated
+   * @param scheme determines the protocol used 
    * @return HTML form
    * @throws AuthenticationException
    * @see GetIdentityLinkFormBuilder
@@ -277,7 +278,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     String oaURL,
     String templateURL,
     String bkuURL,
-    String sessionID)
+    String sessionID,
+    String scheme)
     throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
 
     if (isEmpty(sessionID)) {
@@ -322,7 +324,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     }
     // BKU URL has not been set yet, even if session already exists
     if (bkuURL == null) {
-      bkuURL = DEFAULT_BKU;
+      if (scheme!=null && scheme.equalsIgnoreCase("https")) {
+        bkuURL = DEFAULT_BKU_HTTPS;
+      } else {
+        bkuURL = DEFAULT_BKU;
+      }
     }
     session.setBkuURL(bkuURL);
     session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
@@ -602,6 +608,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
               }
               // check for party representation in mandates infobox
               if (Constants.INFOBOXIDENTIFIER_MANDATES.equalsIgnoreCase(identifier) && !((infoboxTokenList == null || infoboxTokenList.size() == 0))){
+                //We need app specific parameters
+                if (null==verifyInfoboxParameter.getApplicationSpecificParams()) {
+                  throw new ValidateException("validator.66", new Object[] {friendlyName});
+                }
                 session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams()));
                 Element mandate = ParepValidator.extractPrimaryToken(infoboxTokenList);
                 //ParepUtils.serializeElement(mandate, System.out);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 4f9235949..72f29ed40 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -23,6 +23,8 @@ public interface MOAIDAuthConstants {
   public static final String PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE = "InputProcessorSignTemplate";
   /** default BKU URL */
   public static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request";
+  /** default BKU URL for https connections*/
+  public static final String DEFAULT_BKU_HTTPS = "https://127.0.0.1:3496/https-security-layer-request";
   /** servlet parameter &quot;returnURI&quot; */
   public static final String PARAM_RETURN = "returnURI";
   /** servlet parameter &quot;Template&quot; */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index 0d0595b69..9a6c4801f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -95,7 +95,6 @@ public class GetIdentityLinkFormBuilder extends Builder {
   throws BuildException 
   {      
   	String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate;
-//    String bku = bkuURL == null ? DEFAULT_BKU : bkuURL;
     htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL);
     htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL);
     htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index 9f0cf6606..912b20a0f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -57,7 +57,7 @@ public class StartAuthenticationServlet extends AuthServlet {
     resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
 		try {
 			String getIdentityLinkForm =
-				AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID);
+				AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme());
 			resp.setContentType("text/html;charset=UTF-8");
 			PrintWriter out = new PrintWriter(resp.getOutputStream());
 			out.print(getIdentityLinkForm);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index 27955602f..d4398102c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -821,6 +821,8 @@ public class ConfigurationBuilder {
             verifyInfoboxParameter.setSchemaLocations(schemaLocations);            
           } else if (paramName.equals("ApplicationSpecificParameters")) {
             verifyInfoboxParameter.setApplicationSpecificParams(paramElem);
+          } else if (paramName.equals("ParepSpecificParameters")) {
+            verifyInfoboxParameter.appendParepSpecificParams(paramElem);
           }
         }        
         // use default values for those parameters not yet set by local configuration
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java
index fbd42f975..b64303ce5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java
@@ -6,9 +6,13 @@ import java.util.List;
 
 import javax.xml.transform.TransformerException;
 
+import org.apache.xpath.XPathAPI;
 import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
 
 import at.gv.egovernment.moa.id.auth.data.Schema;
+import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 
@@ -121,6 +125,29 @@ public class VerifyInfoboxParameter {
     applicationSpecificParams_ = applicationSpecificParams;
   }
 
+  /**
+   * Appends special application specific parameters for party representation.
+   * 
+   * @param applicationSpecificParams The application specific parameters for party representation to set.
+   */
+  public void appendParepSpecificParams(Element applicationSpecificParams) {
+    try {
+      if (applicationSpecificParams_==null) {
+        applicationSpecificParams_ = applicationSpecificParams.getOwnerDocument().createElement("ApplicationSpecificParameters");
+      } 
+      Element nameSpaceNode = applicationSpecificParams.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+      NodeList nodeList = XPathAPI.selectNodeList(applicationSpecificParams, "*", nameSpaceNode);
+      if (null!=nodeList) {
+        for (int i=0; i<nodeList.getLength(); i++) {
+          applicationSpecificParams_.appendChild((Node) nodeList.item(i));
+        }
+      }
+    } catch (TransformerException e) {
+      //Do nothing
+    }
+  }
+  
   /**
    * Returns the friendly name.
    * 
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 8e8f9583b..825434b91 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -163,5 +163,6 @@ validator.62=Fehler in der 
 validator.63=Es ist ein Fehler bei der Formulargenerierung für berufliche Parteienvetretung aufgetreten.
 validator.64=Fehler beim Austausch von Vollmachtsdaten
 validator.65=Es ist ein Fehler bei der Formulargenerierung für berufliche Parteienvetretung aufgetreten - kein Formular zur Anzeige vorhanden.
+validator.66=Überprüfung der {0}-Infobox fehlgeschlagen: berufliche Parteienvetretung ist nicht konfiguriert.
 
 ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html
index 61e5adcaa..0ce83ba12 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html
@@ -7,7 +7,7 @@
 </head>
 <body>
 Berufsm&auml;&szlig;ige Parteienvertretung einer nat&uuml;rlichen/juristischen Person
-<form name="ProcessInputForm" method="post" accept-charset="UTF-8" enctype="application/x-www-form-urlencoded"  action="<BKU>"> 
+<form name="ProcessInputForm" method="post" accept-charset="UTF-8" enctype="application/x-www-form-urlencoded"  action="<BKU>">
   <table width="80%" border="0">
     <tr/>
     <tr/>
@@ -42,7 +42,7 @@ Berufsm&auml;&szlig;ige Parteienvertretung einer nat&uuml;rlichen/juristischen P
     </tr>
     <tr>
       <td colspan="3"><br/>
-          <em>Vetretene Person:</em></td>
+          <em>Vertretene Person:</em></td>
     </tr>
     <tr>
       <td  colspan="3"><input name="physical_" type="radio" physdisabled="" value="true" physselected="" />&nbsp;nat&uuml;rliche Person:&nbsp;</td>
@@ -101,9 +101,9 @@ Berufsm&auml;&szlig;ige Parteienvertretung einer nat&uuml;rlichen/juristischen P
       </td>
       <td></td>
     </tr>
-    <tr>  
+    <tr>
 	  <td colspan="3">&nbsp;</td>
-    </tr>  
+    </tr>
     <tr>
       <td  colspan="3"><input name="physical_" type="radio" cbdisabled="" value="false" cbselected=""/ >&nbsp;juristische Person:&nbsp;</td>
     </tr>
@@ -124,11 +124,11 @@ Berufsm&auml;&szlig;ige Parteienvertretung einer nat&uuml;rlichen/juristischen P
       <td></td>
     </tr>
   </table>
-  <br/><errortext>  
-  <p><em>Bitte halten Sie Ihre B&uuml;rgerkartenumgebung bereit.</em></p>  <p>   
+  <br/><errortext>
+  <p><em>Bitte halten Sie Ihre B&uuml;rgerkartenumgebung bereit.</em></p>  <p>
   <input name="XMLRequest" type="hidden" value="&lt;?xml version='1.0' encoding='UTF-8'?>&lt;NullOperationRequest xmlns='http://www.buergerkarte.at/namespaces/securitylayer/1.2#'/>"/>
   <input name="DataURL" type="hidden" value="<DataURL>"/>
-  <input type="submit" name="Submit" value="      Weiter      "/>    
+  <input type="submit" name="Submit" value="      Weiter      "/>
   <input name="Clear" type="reset" id="Clear" value="Formular zur&uuml;cksetzen"/></p><br/>
 </form>
 </body>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html
index c7b95f598..cd3221b6e 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html
@@ -42,7 +42,7 @@ Bitte beachten Sie
 <h2>Berufsm&auml;&szlig;ige Parteienvertretung einer nat&uuml;rlichen/juristischen Person
 </h2>
 <div class="boundingbox">
-<form name="ProcessInputForm" method="post" accept-charset="UTF-8" enctype="application/x-www-form-urlencoded"  action="<BKU>"> 
+<form name="ProcessInputForm" method="post" accept-charset="UTF-8" enctype="application/x-www-form-urlencoded"  action="<BKU>">
   <table width="80%" border="0">
     <tr/>
     <tr/>
@@ -77,7 +77,7 @@ Bitte beachten Sie
     </tr>
     <tr>
       <td colspan="3"><br/>
-          <em>Vetretene Person:</em></td>
+          <em>Vertretene Person:</em></td>
     </tr>
     <tr>
       <td  colspan="3"><input name="physical_" type="radio" physdisabled="" value="true" physselected="" />&nbsp;nat&uuml;rliche Person:&nbsp;</td>
@@ -136,9 +136,9 @@ Bitte beachten Sie
       </td>
       <td></td>
     </tr>
-    <tr>  
+    <tr>
 	  <td colspan="3">&nbsp;</td>
-    </tr>  
+    </tr>
     <tr>
       <td  colspan="3"><input name="physical_" type="radio" cbdisabled="" value="false" cbselected=""/ >&nbsp;juristische Person:&nbsp;</td>
     </tr>
@@ -159,11 +159,11 @@ Bitte beachten Sie
       <td></td>
     </tr>
   </table>
-  <br/><errortext>  
-  <p><em>Bitte halten Sie Ihre B&uuml;rgerkartenumgebung bereit.</em></p>  <p>   
+  <br/><errortext>
+  <p><em>Bitte halten Sie Ihre B&uuml;rgerkartenumgebung bereit.</em></p>  <p>
   <input name="XMLRequest" type="hidden" value="&lt;?xml version='1.0' encoding='UTF-8'?>&lt;NullOperationRequest xmlns='http://www.buergerkarte.at/namespaces/securitylayer/1.2#'/>"/>
   <input name="DataURL" type="hidden" value="<DataURL>"/>
-  <input type="submit" name="Submit" value="      Weiter      "/>    
+  <input type="submit" name="Submit" value="      Weiter      "/>
   <input name="Clear" type="reset" id="Clear" value="Formular zur&uuml;cksetzen"/></p><br/>
 </form>
 </div>
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
index 0d72691aa..66256446e 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
@@ -22,7 +22,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
         "http://localhost:9080/", //oaURL
         "file:" + findXmldata("AuthTemplate.html"), 
         "http://localhost:3495/http-security-layer-request",
-         null);
+         null, null);
       htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
       //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
       assertEquals(readXmldata("htmlForm.html"),htmlForm);
@@ -40,7 +40,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
         "gb", //target
         "http://localhost:9080/", //oaURL
         null, 
-        "http://localhost:3495/http-security-layer-request", null);
+        "http://localhost:3495/http-security-layer-request", null, null);
       htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
       //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
       assertEquals(readXmldata("htmlForm.html"),htmlForm);
@@ -58,6 +58,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
         "gb", //target
         "http://localhost:9080/", //oaURL
         "file:" + findXmldata("AuthTemplate.html"), 
+         null,
          null,
          null);
       htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
@@ -77,7 +78,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
         server.startAuthentication(null, //authURL
         "gb", //target
         "http://localhost:9080/", //oaURL
-        null, null, null);
+        null, null, null, null);
         //assertEquals("",htmlForm);  
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
@@ -97,7 +98,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
       try {
         server.startAuthentication("http://localhost:8080/auth", //authURL
         "gb", "http://localhost:9080/", //oaURL
-        null, null, null);
+        null, null, null, null);
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
       }
@@ -115,7 +116,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
       try {
         server.startAuthentication("https://localhost:8443/auth", //authURL
         "gb", "http://host_not_in_config/", //oaURL
-        null, null, null);
+        null, null, null, null);
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
       }
@@ -134,7 +135,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
       try {
         server.startAuthentication("https://localhost:8443/auth", //authURL
         "gb", null, //oaURL
-        null, null, null);
+        null, null, null, null);
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
       }
@@ -153,7 +154,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
       try {
         server.startAuthentication("https://localhost:8443/auth", //authURL
         null, "http://localhost:9080/", //oaURL
-        null, null, null);
+        null, null, null, null);
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
       }
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
index e0e6fc183..eaafd9ac8 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
@@ -115,6 +115,7 @@ public class AbnahmeTestCase extends MOAIDTestCase {
       oaURL,
       null,
       null,
+      null,
       null);
     String sessionID = parseSessionIDFromForm(htmlForm);
     return sessionID;
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
index 5acb23dc2..dcabd79a4 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
@@ -30,7 +30,7 @@ public class AuthenticationServerTest extends UnitTestCase {
   public void doTest(String testdataDirectory, String authURL, String target, String oaURL, String bkuURL, String templateURL) throws Exception {
   	String testdataRoot = TESTDATA_ROOT + "xmldata/" + testdataDirectory + "/";
   	AuthenticationServer server = AuthenticationServer.getInstance();
-  	String htmlForm = server.startAuthentication(authURL, target, oaURL, templateURL, bkuURL, null);
+  	String htmlForm = server.startAuthentication(authURL, target, oaURL, templateURL, bkuURL, null, null);
   	String sessionID = parseSessionIDFromForm(htmlForm);
   	String infoboxReadResponse = readFile(TESTDATA_ROOT + "xmldata/testperson1/" + "InfoboxReadResponse.xml");
     HashMap parameters = new HashMap(1);
diff --git a/spss/server/serverlib/.classpath b/spss/server/serverlib/.classpath
index eac66f93e..01edb156d 100644
--- a/spss/server/serverlib/.classpath
+++ b/spss/server/serverlib/.classpath
@@ -3,7 +3,7 @@
 	<classpathentry kind="src" path="src/main/java"/>
 	<classpathentry kind="src" path="src/test/java"/>
 	<classpathentry excluding="**" kind="src" output="src/main/resources" path="src/main/resources"/>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/jdk1.5.0"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
 	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
 	<classpathentry kind="output" path="target/classes"/>
 </classpath>
-- 
cgit v1.2.3


From 4d92d1f3c7a94df1078583b728fbba20c42fdef6 Mon Sep 17 00:00:00 2001
From: pdanner <pdanner@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Thu, 6 Dec 2007 16:34:41 +0000
Subject: Fixed location of CompatibilityMode configuration option for mandates

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1051 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml        | 4 ++--
 id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml   | 4 ++--
 .../data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml  | 4 ++--
 .../deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml  | 4 ++--
 id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml       | 4 ++--
 id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml  | 4 ++--
 .../data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml | 4 ++--
 .../deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml | 4 ++--
 .../moa/id/auth/validator/parep/config/ParepConfiguration.java        | 2 +-
 9 files changed, 17 insertions(+), 17 deletions(-)

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index 800d621d0..11e582249 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -63,12 +63,12 @@
             <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
           </ConnectionParameter>
           <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
+          <CompatibilityMode>false</CompatibilityMode>
         </ApplicationSpecificParameters>
         -->
         <!-- Konfigurationsteil für berufliche Parteienvertretung -->
         <ParepSpecificParameters>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
           <PartyRepresentation>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index c5c7ab729..4283c04e8 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -63,12 +63,12 @@
             <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
           </ConnectionParameter>
           <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
+          <CompatibilityMode>false</CompatibilityMode>
         </ApplicationSpecificParameters>
         -->
         <!-- Konfigurationsteil für berufliche Parteienvertretung -->
         <ParepSpecificParameters>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
           <PartyRepresentation>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 7a4f79aba..9ed1266d0 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -72,12 +72,12 @@
             <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
           </ConnectionParameter>
           <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
+          <CompatibilityMode>false</CompatibilityMode>
         </ApplicationSpecificParameters>
         -->
         <!-- Konfigurationsteil für berufliche Parteienvertretung -->
         <ParepSpecificParameters>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
           <PartyRepresentation>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index 898d707a2..abe569f0b 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -71,12 +71,12 @@
             <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
           </ConnectionParameter>
           <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
+          <CompatibilityMode>false</CompatibilityMode>
         </ApplicationSpecificParameters>
         -->
         <!-- Konfigurationsteil für berufliche Parteienvertretung -->
         <ParepSpecificParameters>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
           <PartyRepresentation>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index 98c6e7b1e..3b1130852 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -63,12 +63,12 @@
             <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
           </ConnectionParameter>
           <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
+          <CompatibilityMode>false</CompatibilityMode>
         </ApplicationSpecificParameters>
         -->
         <!-- Konfigurationsteil für berufliche Parteienvertretung -->
         <ParepSpecificParameters>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
           <PartyRepresentation>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index cc37809f2..c475e3b8c 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -63,12 +63,12 @@
             <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
           </ConnectionParameter>
           <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
+          <CompatibilityMode>false</CompatibilityMode>
         </ApplicationSpecificParameters>
         -->
         <!-- Konfigurationsteil für berufliche Parteienvertretung -->
         <ParepSpecificParameters>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
           <PartyRepresentation>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index 217ac226f..656de5011 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -71,12 +71,12 @@
             <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
           </ConnectionParameter>
           <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
+          <CompatibilityMode>false</CompatibilityMode>
         </ApplicationSpecificParameters>
         -->
         <!-- Konfigurationsteil für berufliche Parteienvertretung -->
         <ParepSpecificParameters>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
           <PartyRepresentation>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 765c33238..5d7072158 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -71,12 +71,12 @@
             <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
           </ConnectionParameter>
           <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
+          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
+          <CompatibilityMode>false</CompatibilityMode>
         </ApplicationSpecificParameters>
         -->
         <!-- Konfigurationsteil für berufliche Parteienvertretung -->
         <ParepSpecificParameters>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
           <PartyRepresentation>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java
index c56555b2e..16daa5452 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java
@@ -394,7 +394,7 @@ public class ParepConfiguration {
       }
       return false; 
     } catch (Exception e) {
-      throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
+      throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e);
     }
 
   }
-- 
cgit v1.2.3


From 79a56c1181b76d633ad99d136de786cc23285e71 Mon Sep 17 00:00:00 2001
From: pdanner <pdanner@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Tue, 1 Apr 2008 16:45:56 +0000
Subject: Changed css to be able to be used with bdc hotSign 2.0

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1063 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../conf/moa-id/transforms/TransformsInfoAuthBlock.xml    |  9 +++++----
 .../moa-id/transforms/TransformsInfoAuthBlockText.xml     |  2 +-
 .../conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml    | 15 ++++++++-------
 .../moa-spss/profiles/MOAIDTransformAuthBlockText.xml     |  2 +-
 4 files changed, 15 insertions(+), 13 deletions(-)

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
index 5549f12e0..103e6aaf7 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
@@ -10,13 +10,14 @@
 							<style type="text/css" media="screen">
 							.boldstyle {font-weight: bold; }
 							.italicstyle { font-style: italic; } 
-							.annotationstyle { font-size: 0.8em; }
-							table { border:1px solid #000;}
-							td { border:1px solid #000; padding:4px;}
+							.annotationstyle { font-size: small; }
+							/* table { border:1px solid #000;}
+							td { border:1px solid #000; padding:4px;} */
+							td { padding-top:2px; padding-bottom:2px; padding-left:2px; padding-right:2px;}
 							</style>
 						</head>
 						<body>
-							<p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p>
+							<h1>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</h1>
 							<table>
 								<tr>
 									<td class="boldstyle">
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
index 04ea47b87..bbf2f4608 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
@@ -10,7 +10,7 @@
 							<style type="text/css" media="screen">
 							.boldstyle { font-weight: bold; }
 							.italicstyle { font-style: italic; }
-							.annotationstyle { font-size: 0.8em; }
+							.annotationstyle { font-size: small; }
 							</style>
 						</head>
 						<body>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
index e13b1da9d..2f4914e2d 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
@@ -11,13 +11,14 @@
 							<style type="text/css" media="screen">
 							.boldstyle {font-weight: bold; }
 							.italicstyle { font-style: italic; } 
-							.annotationstyle { font-size: 0.8em; }
-							table { border:1px solid #000;}
-							td { border:1px solid #000; padding:4px;}
+							.annotationstyle { font-size: small; }
+							/* table { border:1px solid #000;}
+							td { border:1px solid #000; padding:4px;} */
+							td { padding-top:2px; padding-bottom:2px; padding-left:2px; padding-right:2px;}
 							</style>
 						</head>
 						<body>
-							<p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p>
+							<h1>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</h1>
 							<table>
 								<tr>
 									<td class="boldstyle">
@@ -29,7 +30,7 @@
 								</tr>
 								<tr>
 									<td class="boldstyle">
-										Geburtdatum:
+										Geburtsdatum:
 									</td>
 									<td>
 										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
@@ -56,13 +57,13 @@
 										<xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
 									</td>
 								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+								<xsl:if test="//saml:Attribute[@AttributeName='Target']">
 									<tr>
 										<td class="boldstyle">
 											Geschäftsbereich:
 										</td>
 										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='Target']/saml:AttributeValue"/>
 										</td>
 									</tr>
 								</xsl:if>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
index cbc1eb593..7feeb563f 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
@@ -11,7 +11,7 @@
 							<style type="text/css" media="screen">
 							.boldstyle { font-weight: bold; }
 							.italicstyle { font-style: italic; }
-							.annotationstyle { font-size: 0.8em; }
+							.annotationstyle { font-size: small; }
 							</style>
 						</head>
 						<body>
-- 
cgit v1.2.3


From 27daa243710a65daff08ce37345552eacd3b48cc Mon Sep 17 00:00:00 2001
From: pdanner <pdanner@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Fri, 9 May 2008 18:56:38 +0000
Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1075
 d688527b-c9ab-4aba-bd8d-4036d912da1d

---
 id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml          | 2 +-
 id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml     | 2 +-
 .../data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml    | 2 +-
 .../deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml    | 2 +-
 id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml         | 2 +-
 id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml    | 2 +-
 .../data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml   | 2 +-
 .../deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml   | 2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index 11e582249..5e44365fb 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -67,7 +67,7 @@
           <CompatibilityMode>false</CompatibilityMode>
         </ApplicationSpecificParameters>
         -->
-        <!-- Konfigurationsteil für berufliche Parteienvertretung -->
+        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
         <ParepSpecificParameters>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index 4283c04e8..8bd43a96c 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -67,7 +67,7 @@
           <CompatibilityMode>false</CompatibilityMode>
         </ApplicationSpecificParameters>
         -->
-        <!-- Konfigurationsteil für berufliche Parteienvertretung -->
+        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
         <ParepSpecificParameters>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 9ed1266d0..f62c5c728 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -76,7 +76,7 @@
           <CompatibilityMode>false</CompatibilityMode>
         </ApplicationSpecificParameters>
         -->
-        <!-- Konfigurationsteil für berufliche Parteienvertretung -->
+        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
         <ParepSpecificParameters>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index abe569f0b..142edb046 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -75,7 +75,7 @@
           <CompatibilityMode>false</CompatibilityMode>
         </ApplicationSpecificParameters>
         -->
-        <!-- Konfigurationsteil für berufliche Parteienvertretung -->
+        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
         <ParepSpecificParameters>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index 3b1130852..1ae2078fa 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -67,7 +67,7 @@
           <CompatibilityMode>false</CompatibilityMode>
         </ApplicationSpecificParameters>
         -->
-        <!-- Konfigurationsteil für berufliche Parteienvertretung -->
+        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
         <ParepSpecificParameters>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index c475e3b8c..dbffd665e 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -67,7 +67,7 @@
           <CompatibilityMode>false</CompatibilityMode>
         </ApplicationSpecificParameters>
         -->
-        <!-- Konfigurationsteil für berufliche Parteienvertretung -->
+        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
         <ParepSpecificParameters>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index 656de5011..dba7516bf 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -75,7 +75,7 @@
           <CompatibilityMode>false</CompatibilityMode>
         </ApplicationSpecificParameters>
         -->
-        <!-- Konfigurationsteil für berufliche Parteienvertretung -->
+        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
         <ParepSpecificParameters>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 5d7072158..547737885 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -75,7 +75,7 @@
           <CompatibilityMode>false</CompatibilityMode>
         </ApplicationSpecificParameters>
         -->
-        <!-- Konfigurationsteil für berufliche Parteienvertretung -->
+        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
         <ParepSpecificParameters>
           <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
           <EnableInfoboxValidator>false</EnableInfoboxValidator>
-- 
cgit v1.2.3


From 4ab06c52e31583167f65a2231f0afd9ce829297d Mon Sep 17 00:00:00 2001
From: pdanner <pdanner@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Mon, 19 May 2008 11:34:40 +0000
Subject: Added real SZR-Gateway-Links

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1080 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml        | 4 ++--
 id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml   | 4 ++--
 .../data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml  | 4 ++--
 .../deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml  | 4 ++--
 id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml       | 4 ++--
 id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml  | 4 ++--
 .../data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml | 4 ++--
 .../deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml | 4 ++--
 8 files changed, 16 insertions(+), 16 deletions(-)

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index 5e44365fb..d6bfe1ddd 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -77,7 +77,7 @@
             <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
             <!--AlwaysShowForm>true</AlwaysShowForm-->
             <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation">
+            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
               <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
               <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
             </ConnectionParameter>
@@ -93,7 +93,7 @@
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
               <!- - AlwaysShowForm>true</AlwaysShowForm- ->
               <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
+              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
                 <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
                 <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
               </ConnectionParameter>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index 8bd43a96c..fcf0e2ac5 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -77,7 +77,7 @@
             <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
             <!--AlwaysShowForm>true</AlwaysShowForm-->
             <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation">
+            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
               <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
               <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
             </ConnectionParameter>
@@ -93,7 +93,7 @@
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
               <!- - AlwaysShowForm>true</AlwaysShowForm- ->
               <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
+              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
                 <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
                 <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
               </ConnectionParameter>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index f62c5c728..bf71e21f9 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -86,7 +86,7 @@
             <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
             <!--AlwaysShowForm>true</AlwaysShowForm-->
             <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation">
+            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
               <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
               <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
             </ConnectionParameter>
@@ -102,7 +102,7 @@
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
               <!- - AlwaysShowForm>true</AlwaysShowForm- ->
               <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
+              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
                 <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
                 <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
               </ConnectionParameter>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index 142edb046..b03285f43 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -85,7 +85,7 @@
             <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
             <!--AlwaysShowForm>true</AlwaysShowForm-->
             <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation">
+            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
               <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
               <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
             </ConnectionParameter>
@@ -101,7 +101,7 @@
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
               <!- - AlwaysShowForm>true</AlwaysShowForm- ->
               <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
+              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
                 <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
                 <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
               </ConnectionParameter>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index 1ae2078fa..3d2ccec9f 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -77,7 +77,7 @@
             <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
             <!--AlwaysShowForm>true</AlwaysShowForm-->
             <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation">
+            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
               <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
               <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
             </ConnectionParameter>
@@ -93,7 +93,7 @@
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
               <!- - AlwaysShowForm>true</AlwaysShowForm- ->
               <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
+              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
                 <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
                 <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
               </ConnectionParameter>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index dbffd665e..69f2e17e1 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -77,7 +77,7 @@
             <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
             <!--AlwaysShowForm>true</AlwaysShowForm-->
             <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation">
+            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
               <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
               <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
             </ConnectionParameter>
@@ -93,7 +93,7 @@
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
               <!- - AlwaysShowForm>true</AlwaysShowForm- ->
               <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
+              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
                 <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
                 <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
               </ConnectionParameter>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index dba7516bf..116485d33 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -85,7 +85,7 @@
             <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
             <!--AlwaysShowForm>true</AlwaysShowForm-->
             <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation">
+            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
               <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
               <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
             </ConnectionParameter>
@@ -101,7 +101,7 @@
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
               <!- - AlwaysShowForm>true</AlwaysShowForm- ->
               <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
+              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
                 <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
                 <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
               </ConnectionParameter>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 547737885..5a158951d 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -85,7 +85,7 @@
             <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
             <!--AlwaysShowForm>true</AlwaysShowForm-->
             <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation">
+            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
               <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
               <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
             </ConnectionParameter>
@@ -101,7 +101,7 @@
               <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
               <!- - AlwaysShowForm>true</AlwaysShowForm- ->
               <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation">
+              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
                 <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
                 <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
               </ConnectionParameter>
-- 
cgit v1.2.3


From 3bbc64da1cd1a70fd255442574b354dad49bf3ed Mon Sep 17 00:00:00 2001
From: pdanner <pdanner@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Tue, 3 Jun 2008 12:37:28 +0000
Subject: Changes for load balancing and szr-gateway communication

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1082 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../schemas/MOA-ID-Configuration-1.4.3.xsd         |  1 +
 id/history.txt                                     | 24 +++++++++-
 .../ca-certs/gateway.stammzahlenregister.gv.at.cer | 31 ++++++++++++
 id/server/doc/MOA-ID-Configuration-1.4.3.xsd       |  1 +
 .../moa/id/auth/builder/SAMLArtifactBuilder.java   | 55 ++++++++++++++--------
 .../parep/client/szrgw/CreateMandateRequest.java   | 29 ++++++++++--
 .../parep/client/szrgw/SZRGWConstants.java         |  2 +
 7 files changed, 119 insertions(+), 24 deletions(-)
 create mode 100644 id/server/data/deploy/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.3.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.3.xsd
index 02183819c..570bebd37 100644
--- a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.3.xsd
+++ b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.3.xsd
@@ -179,6 +179,7 @@
 									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
 									<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>
 									<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>
+									<xsd:enumeration value="AuthenticationServer.SourceID"/>
 								</xsd:restriction>
 							</xsd:simpleType>
 						</xsd:attribute>
diff --git a/id/history.txt b/id/history.txt
index c0f80c7c6..95ea0c78d 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -2,6 +2,27 @@ Dieses Dokument zeigt die Ver
 von MOA-ID auf.
 
 History MOA-ID:
+=====
+Version MOA-ID 1.4.4: Änderungen seit Version MOA-ID 1.4.3:
+
+Verbesserungen/Erweiterungen:
+- Bei der beruflichen Parteienvertretung wurde das Stammzahlenregister in den 
+  Beispielkonfigurationen vorkonfiguriert.
+  
+- MOA-ID erlaubt ab sofort Load-Balancing. Dies wird durch die Konfigurations-
+  möglichkeit der Source-ID für das SAML-Artifact gewährleistet. Das Border-
+  Gateway kann dann anhand dieser Kennung an den zuständigen Server zur Abholung
+  der SAML-Assertion weiterleiten. Über den Konfigurationsparameter
+  <GenericConfiguration name="AuthenticationServer.SourceID" value="Cluster-A"/>
+  kann die authURL bei der Kodierung des SAML-Artifakts durch eine fix 
+  definierte URI (z.B. "Cluster-A") ersetzt werden.
+  
+Fixes:
+- In der Kommunikation mit dem Stammzahlenregistergateway die beim Einsatz der 
+  beruflichen Parteienvertretung notwendig ist, verlangt das Service ein 
+  adaptiertes Anfrageformat. MOA-ID wurde im Zuge dessen auf dieses Anfrage-
+  format umgestellt (Version SZR-GW-0.0.2.xsd).
+
 =====
 Version MOA-ID 1.4.3-1 (Bugfix Release): Änderungen seit Version MOA-ID 1.4.3:
 
@@ -9,7 +30,7 @@ Verbesserungen/Erweiterungen:
 - keine
  
 Fixes:
-- Falscher Schemabenennung in Constants.java des common-Projekts wurde korrigiert.
+- Falsche Schemabenennung in Constants.java des common-Projekts wurde korrigiert.
 
 =====
 Version MOA-ID 1.4.3: Änderungen seit Version MOA-ID 1.4.2:
@@ -41,6 +62,7 @@ Fixes:
       iaik-cms:          Version 4.01_MOA
       aik-moa:           Version 1.23
       iaik-ecc:          Version 2.16
+
 =====
 Version MOA-ID 1.4.2: Änderungen seit Version MOA-ID 1.4.2 beta2:
 
diff --git a/id/server/data/deploy/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer b/id/server/data/deploy/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer
new file mode 100644
index 000000000..c3b67e05d
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFSDCCBDCgAwIBAgIDA/o/MA0GCSqGSIb3DQEBBQUAMIGHMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRYwFAYDVQQLDA1hLXNpZ24tU1NM
+LTAzMRYwFAYDVQQDDA1hLXNpZ24tU1NMLTAzMB4XDTA4MDUxOTA4MzUzNloXDTEz
+MDUxOTA4MzUzNlowgZYxCzAJBgNVBAYTAkFUMR4wHAYDVQQKDBVEYXRlbnNjaHV0
+emtvbW1pc3Npb24xJDAiBgNVBAsMG1N0YW1temFobGVucmVnaXN0ZXJiZWhvZXJk
+ZTEqMCgGA1UEAwwhZ2F0ZXdheS5zdGFtbXphaGxlbnJlZ2lzdGVyLmd2LmF0MRUw
+EwYDVQQFEww2NTYwNzMwNDAyNjIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCtAK7fsx5MgRrm7EIF3sxWKroNi+EBitJ1itnXix3L3npMIRUduDLIaMZm
+oLHSMkJmk0ePB74Wvsk/yJt2qTf6N0rDqmn9+lORF242cZeljJ9vVYhIRwbyj5IL
+Qng9vnIr0esCVadknSo357wQSss6oRBuclzf99cNt7zaPqT3+4kyLVtj3/N+ipgn
+8l5ZCNHq+kx+HjssXGARDUFgTFAFcJPDDR6bNWHjsa6Kq6DgXTqUX/tHaJATwkP8
+3bkn0ECAWF5hCVhzGd20MWzSVejkyWnjxxYSXVEsLM17hApDb5Ui01Qyb1RHyYuC
+hXpVuUqHXIZK4MyrUkfBcvMIExYJAgMBAAGjggGqMIIBpjATBgNVHSMEDDAKgAhA
+PqHTYrQD3TByBggrBgEFBQcBAQRmMGQwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3Nw
+LmEtdHJ1c3QuYXQvb2NzcDA5BggrBgEFBQcwAoYtaHR0cDovL3d3dy5hLXRydXN0
+LmF0L2NlcnRzL2Etc2lnbi1zc2wtMDMuY3J0MEsGA1UdIAREMEIwQAYGKigAEQEU
+MDYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuYS10cnVzdC5hdC9kb2NzL2NwL2Et
+c2lnbi1zc2wwgY8GA1UdHwSBhzCBhDCBgaB/oH2Ge2xkYXA6Ly9sZGFwLmEtdHJ1
+c3QuYXQvb3U9YS1zaWduLVNTTC0wMyxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0
+ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlv
+bkF1dGhvcml0eTARBgNVHQ4ECgQIT1qEKtHyOygwDgYDVR0PAQH/BAQDAgWgMAkG
+A1UdEwQCMAAwDgYHKigACgEBAQQDAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBtb/dG
+Qn/r/MTqnjwFeHTlGwsuKyzx13PE3ZxBa5Q1YvNO9IbTHEi7dIb7LjdFQkkzn/sa
+PREGTRdaukD6JiUNFP0FV1hTNOUfctjiLy212VupdIyC6GYouL11A5UzBoZ5l5xq
+IpYWGJq0JP26jYlu93sSY0m35vVX6FLxJAuy8zQpOoqP4XcIZE4qDC5SqTvmRtLR
+AFCQD3C59/SaBKc73z3GQrfkXfUqKLd+8l0b58FnLNKjHCUvTlt/egmqb6ar/rGj
+fD9pCROYB6H1ryYWTbqCYyG4oNuZ9AwodY7GcDWpIPBP/VVyARgF6V1pEhAdAXMH
+zh/WsPsLHrdYA0/3
+-----END CERTIFICATE-----
diff --git a/id/server/doc/MOA-ID-Configuration-1.4.3.xsd b/id/server/doc/MOA-ID-Configuration-1.4.3.xsd
index 02183819c..570bebd37 100644
--- a/id/server/doc/MOA-ID-Configuration-1.4.3.xsd
+++ b/id/server/doc/MOA-ID-Configuration-1.4.3.xsd
@@ -179,6 +179,7 @@
 									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
 									<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>
 									<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>
+									<xsd:enumeration value="AuthenticationServer.SourceID"/>
 								</xsd:restriction>
 							</xsd:simpleType>
 						</xsd:attribute>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
index 27e19e830..b5d18b451 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
@@ -4,6 +4,9 @@ import java.io.ByteArrayOutputStream;
 import java.security.MessageDigest;
 
 import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 
 /**
@@ -15,6 +18,11 @@ import at.gv.egovernment.moa.util.Base64Utils;
  */
 public class SAMLArtifactBuilder {
 
+  /**
+   * The generic configuration parameter for an alternative SourceID.
+   */
+  private static final String GENERIC_CONFIG_PARAM_SOURCEID = "AuthenticationServer.SourceID";
+
   /**
    * Constructor for SAMLArtifactBuilder.
    */
@@ -36,25 +44,34 @@ public class SAMLArtifactBuilder {
    * @return the 42-byte SAML artifact, encoded BASE64
    */
   public String build(String authURL, String sessionID) throws BuildException {
-		try {
-			MessageDigest md = MessageDigest.getInstance("SHA-1");
-	  	byte[] sourceID = md.digest(authURL.getBytes());
-	  	byte[] assertionHandle = md.digest(sessionID.getBytes());
-			ByteArrayOutputStream out = new ByteArrayOutputStream(42);
-			out.write(0);
-			out.write(1);
-			out.write(sourceID, 0, 20);
-			out.write(assertionHandle, 0, 20);
-			byte[] samlArtifact = out.toByteArray();
-  		String samlArtifactBase64 = Base64Utils.encode(samlArtifact);
-			return samlArtifactBase64;
-  	}
-		catch (Throwable ex) {
-			throw new BuildException(
-				"builder.00", 
-				new Object[] {"SAML Artifact, MOASessionID=" + sessionID, ex.toString()}, 
-				ex);
-		}
+    try {
+      MessageDigest md = MessageDigest.getInstance("SHA-1");
+      byte[] sourceID;
+      // alternative sourceId
+      String alternativeSourceID = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(GENERIC_CONFIG_PARAM_SOURCEID);
+      if (!ParepUtils.isEmpty(alternativeSourceID)) {
+        // if generic config parameter "AuthenticationServer.SourceID" is given, use that sourceID instead of authURL;
+        sourceID = md.digest(alternativeSourceID.getBytes());
+        Logger.info("Building SAMArtifact from sourceID \"" + alternativeSourceID + "\" instead of authURL \"" + authURL + "\".");
+      } else {
+        sourceID = md.digest(authURL.getBytes());
+      }
+      byte[] assertionHandle = md.digest(sessionID.getBytes());
+      ByteArrayOutputStream out = new ByteArrayOutputStream(42);
+      out.write(0);
+      out.write(1);
+      out.write(sourceID, 0, 20);
+      out.write(assertionHandle, 0, 20);
+      byte[] samlArtifact = out.toByteArray();
+      String samlArtifactBase64 = Base64Utils.encode(samlArtifact);
+      return samlArtifactBase64;
+    }
+    catch (Throwable ex) {
+      throw new BuildException(
+        "builder.00", 
+        new Object[] {"SAML Artifact, MOASessionID=" + sessionID, ex.toString()}, 
+        ex);
+    }
   }
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java
index fe8e263ff..3077ba185 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java
@@ -6,6 +6,7 @@ import java.util.List;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 
+import org.apache.xpath.XPathAPI;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -204,11 +205,31 @@ public class CreateMandateRequest {
 	  Element representativeElem = representativeDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE);
 //	  representativeElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
 //	  representativeElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+
+	  //Old Version 0.0.1 of SZR-Gateway
+//	  representativeElem.appendChild(createIdentificationElem(representativeDocument, identificationType, identificationValue));
+//	  representativeElem.appendChild(createNameElem(representativeDocument, params.getGivenName(), params.getFamilyName()));
+//	  representativeElem.appendChild(createPersonDataElem(representativeDocument, SZRGWConstants.DATEOFBIRTH, params.getDateOfBirth()));
 	  
-	  representativeElem.appendChild(createIdentificationElem(representativeDocument, identificationType, identificationValue));
-	  representativeElem.appendChild(createNameElem(representativeDocument, params.getGivenName(), params.getFamilyName()));
-	  representativeElem.appendChild(createPersonDataElem(representativeDocument, SZRGWConstants.DATEOFBIRTH, params.getDateOfBirth()));
-	  
+	  //New since version 0.0.2 of SZR-Gateway:
+	  // we need to send an identity link and must replace its identification value
+    representativeElem.appendChild(representativeElem.getOwnerDocument().importNode(params.getIdentityLink(), true));
+    try {
+      Element nameSpaceNode = representativeElem.getOwnerDocument().createElement("NameSpaceNode");
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SAML_POSTFIX, Constants.SAML_NS_URI);
+      nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+      Element identificationValueElement = (Element) XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Value", nameSpaceNode);
+      if (identificationValueElement != null) {
+        identificationValueElement.setTextContent(identificationValue);
+      }
+      Element identificationTypeElement = (Element) XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Type", nameSpaceNode);
+      if (identificationTypeElement != null) {
+        identificationTypeElement.setTextContent(identificationType);
+      }
+    } catch (Exception e) {
+      throw new SZRGWClientException("validator.63", null);
+    }
 	  this.representative = representativeElem;
   }
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java
index 006b2b9f2..cc0cc4862 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java
@@ -10,6 +10,8 @@ public interface SZRGWConstants {
   //PersonData
   public static final String PD_PREFIX = "pr:";
   public static final String PD_POSTFIX = ":pr";
+  public static final String SAML_PREFIX = "saml:";
+  public static final String SAML_POSTFIX = ":saml";
   public static final String PERSON = "Person";
   public static final String PHYSICALPERSON = "PhysicalPerson";
   public static final String CORPORATEBODY = "CorporateBody";
-- 
cgit v1.2.3


From 3ada8956004e645e8d5ba52bf8f214ca84e11bfb Mon Sep 17 00:00:00 2001
From: pdanner <pdanner@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Tue, 8 Jul 2008 15:22:24 +0000
Subject: New manadate validator now is more prepared for wbPK representations

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1085 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../moa-id/transforms/TransformsInfoAuthBlockText.xml   |   6 +++---
 .../TransformsInfoAuthBlockText_deprecated.xml          |   6 +++---
 .../moa-spss/profiles/MOAIDTransformAuthBlockText.xml   |   6 +++---
 .../profiles/MOAIDTransformAuthBlockText_deprecated.xml |   6 +++---
 id/server/idserverlib/pom.xml                           |   2 +-
 .../id/mandate-validate/1.0/mandate-validate-1.0.jar    | Bin 24293 -> 0 bytes
 .../mandate-validate/1.0/mandate-validate-1.0.jar.md5   |   1 -
 .../mandate-validate/1.0/mandate-validate-1.0.jar.sha1  |   1 -
 .../id/mandate-validate/1.0/mandate-validate-1.0.pom    |   7 -------
 .../mandate-validate/1.0/mandate-validate-1.0.pom.md5   |   1 -
 .../mandate-validate/1.0/mandate-validate-1.0.pom.sha1  |   1 -
 .../id/mandate-validate/1.1/mandate-validate-1.1.jar    | Bin 0 -> 24292 bytes
 .../mandate-validate/1.1/mandate-validate-1.1.jar.md5   |   1 +
 .../mandate-validate/1.1/mandate-validate-1.1.jar.sha1  |   1 +
 .../id/mandate-validate/1.1/mandate-validate-1.1.pom    |   7 +++++++
 .../mandate-validate/1.1/mandate-validate-1.1.pom.md5   |   1 +
 .../mandate-validate/1.1/mandate-validate-1.1.pom.sha1  |   1 +
 .../MOA_Test_CA.20070823-20131022.Serno01.cer           | Bin 0 -> 958 bytes
 .../MOA_Test_CA.20070823-20131022.Serno01.cer           | Bin 0 -> 958 bytes
 .../EGIZ_Test_CA_-_Root.20070829-20180101.SerNo00.cer   | Bin 0 -> 1170 bytes
 20 files changed, 24 insertions(+), 24 deletions(-)
 delete mode 100644 repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar
 delete mode 100644 repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.md5
 delete mode 100644 repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.sha1
 delete mode 100644 repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom
 delete mode 100644 repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.md5
 delete mode 100644 repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.sha1
 create mode 100644 repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.jar
 create mode 100644 repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.jar.md5
 create mode 100644 repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.jar.sha1
 create mode 100644 repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.pom
 create mode 100644 repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.pom.md5
 create mode 100644 repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.pom.sha1
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/MOA_Test_CA.20070823-20131022.Serno01.cer
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/MOA_Test_CA.20070823-20131022.Serno01.cer
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/test/EGIZ_Test_CA_-_Root.20070829-20180101.SerNo00.cer

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
index bbf2f4608..0951bd415 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
@@ -54,10 +54,10 @@
 									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">, 
 										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
 									</xsl:if>, in deren Auftrag zu handeln.
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-										<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
-									</xsl:if>
 								</h4>
+								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+									<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
+								</xsl:if>
 								<p/>
 							</xsl:if>
 							<xsl:choose>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
index a41bf93c6..2f087aaf6 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
@@ -50,10 +50,10 @@
 									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">, 
 										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
 									</xsl:if>, in deren Auftrag zu handeln.
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-										<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
-									</xsl:if>
 								</h4>
+								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+									<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
+								</xsl:if>
 								<p/>
 							</xsl:if>
 							<xsl:choose>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
index 7feeb563f..43ee1f704 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
@@ -55,10 +55,10 @@
 									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">, 
 										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
 									</xsl:if>, in deren Auftrag zu handeln.
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-										<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
-									</xsl:if>
 								</h4>
+								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+									<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
+								</xsl:if>
 								<p/>
 							</xsl:if>
 							<xsl:choose>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml
index 802c4d11c..885aa766a 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml
@@ -51,10 +51,10 @@
 									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">, 
 										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
 									</xsl:if>, in deren Auftrag zu handeln.
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-										<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
-									</xsl:if>
 								</h4>
+								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+									<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
+								</xsl:if>
 								<p/>
 							</xsl:if>
 							<xsl:choose>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 64f69c214..c8fc02844 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -124,7 +124,7 @@
 		<dependency>
 			<groupId>at.gv.egovernment.moa.id</groupId>
 			<artifactId>mandate-validate</artifactId>
-			<version>1.0</version>
+			<version>1.1</version>
 		</dependency>
 	</dependencies>
 
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar
deleted file mode 100644
index 21d86c338..000000000
Binary files a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar and /dev/null differ
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.md5 b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.md5
deleted file mode 100644
index c32158b3b..000000000
--- a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.md5
+++ /dev/null
@@ -1 +0,0 @@
-2d3655dea63771be43ece3eaa16b82ad
\ No newline at end of file
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.sha1 b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.sha1
deleted file mode 100644
index f2dcb61bf..000000000
--- a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-2685c61f99bda72813f1d8961fca7454a51d5b3a
\ No newline at end of file
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom
deleted file mode 100644
index 4e3a79da1..000000000
--- a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom
+++ /dev/null
@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><project>
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>at.gv.egovernment.moa.id</groupId>
-  <artifactId>mandate-validate</artifactId>
-  <version>1.0</version>
-  <description>Mandate Infobox Validator for MOA-ID</description>
-</project>
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.md5 b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.md5
deleted file mode 100644
index 489105d20..000000000
--- a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.md5
+++ /dev/null
@@ -1 +0,0 @@
-aede47770bdc200272ab25dc592ba9a2
\ No newline at end of file
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.sha1 b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.sha1
deleted file mode 100644
index 9a8d887f5..000000000
--- a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.sha1
+++ /dev/null
@@ -1 +0,0 @@
-6ab04e68a562187282f0ec40209a07353f12c325
\ No newline at end of file
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.jar b/repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.jar
new file mode 100644
index 000000000..e82986124
Binary files /dev/null and b/repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.jar differ
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.jar.md5 b/repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.jar.md5
new file mode 100644
index 000000000..555bf9b75
--- /dev/null
+++ b/repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.jar.md5
@@ -0,0 +1 @@
+5fe35cf763701c4fab80d0f151c6f55b
\ No newline at end of file
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.jar.sha1 b/repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.jar.sha1
new file mode 100644
index 000000000..7f077274a
--- /dev/null
+++ b/repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.jar.sha1
@@ -0,0 +1 @@
+2c52349bf0255de412507628e764ee0433b210a3
\ No newline at end of file
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.pom b/repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.pom
new file mode 100644
index 000000000..abfdf6187
--- /dev/null
+++ b/repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.pom
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?><project>
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>at.gv.egovernment.moa.id</groupId>
+  <artifactId>mandate-validate</artifactId>
+  <version>1.1</version>
+  <description>Mandate Infobox Validator for MOA-ID</description>
+</project>
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.pom.md5 b/repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.pom.md5
new file mode 100644
index 000000000..e5e428512
--- /dev/null
+++ b/repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.pom.md5
@@ -0,0 +1 @@
+91ea39c3ac0f82bf63dd13a7999b5190
\ No newline at end of file
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.pom.sha1 b/repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.pom.sha1
new file mode 100644
index 000000000..f02972492
--- /dev/null
+++ b/repository/at/gv/egovernment/moa/id/mandate-validate/1.1/mandate-validate-1.1.pom.sha1
@@ -0,0 +1 @@
+b43ee1a3b9ce95598841aecdf4d52d95f87530d5
\ No newline at end of file
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/MOA_Test_CA.20070823-20131022.Serno01.cer b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/MOA_Test_CA.20070823-20131022.Serno01.cer
new file mode 100644
index 000000000..05a8b86f9
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/MOA_Test_CA.20070823-20131022.Serno01.cer differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/MOA_Test_CA.20070823-20131022.Serno01.cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/MOA_Test_CA.20070823-20131022.Serno01.cer
new file mode 100644
index 000000000..05a8b86f9
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/MOA_Test_CA.20070823-20131022.Serno01.cer differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/test/EGIZ_Test_CA_-_Root.20070829-20180101.SerNo00.cer b/spss/handbook/conf/moa-spss/trustProfiles/test/EGIZ_Test_CA_-_Root.20070829-20180101.SerNo00.cer
new file mode 100644
index 000000000..ed5ba194c
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/test/EGIZ_Test_CA_-_Root.20070829-20180101.SerNo00.cer differ
-- 
cgit v1.2.3


From 527f2ec316c6d67498ed6dfe37a95218a2ab6f54 Mon Sep 17 00:00:00 2001
From: spuchmann <spuchmann@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Mon, 15 Sep 2008 07:33:53 +0000
Subject: raised version to 1.4.4 moved licenses to root folder fixed Bug 332
 and 333 slVersion changed from 1.1 to 1.2 (MOA-ID-Configuration-1.4.4.xsd)

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1091 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 IAIK-LICENSE.txt                                   | 108 ++++
 LICENSE-2.0.txt                                    | 202 +++++++
 NOTICE.txt                                         |  16 +
 common/pom.xml                                     |   4 +-
 .../java/at/gv/egovernment/moa/util/Constants.java |   2 +-
 .../schemas/MOA-ID-Configuration-1.4.4.xsd         | 612 +++++++++++++++++++++
 id/assembly-auth.xml                               |   7 +-
 id/assembly-proxy.xml                              |  18 +-
 id/history.txt                                     |   8 +
 id/pom.xml                                         |   4 +-
 id/readme_1.4.4.txt                                | 233 ++++++++
 id/server/auth/pom.xml                             |   4 +-
 .../moa-id/transforms/TransformsInfoAuthBlock.xml  |   2 +-
 .../transforms/TransformsInfoAuthBlockText.xml     |   2 +-
 .../TransformsInfoAuthBlockText_deprecated.xml     |   2 +-
 .../TransformsInfoAuthBlock_deprecated.xml         |   2 +-
 .../moa-spss/profiles/MOAIDTransformAuthBlock.xml  |   4 +-
 .../profiles/MOAIDTransformAuthBlockText.xml       |   4 +-
 .../MOAIDTransformAuthBlockText_deprecated.xml     |   4 +-
 .../MOAIDTransformAuthBlock_deprecated.xml         |   4 +-
 id/server/doc/MOA-ID-Configuration-1.4.4.xsd       | 612 +++++++++++++++++++++
 id/server/doc/moa_id/id-admin_2.htm                |  18 +-
 id/server/idserverlib/pom.xml                      |   4 +-
 .../builder/CreateXMLSignatureRequestBuilder.java  |   2 +-
 id/server/pom.xml                                  |   4 +-
 id/server/proxy/pom.xml                            |   4 +-
 licenses/APACHE-LICENSE-2.0.txt                    | 202 -------
 licenses/IAIK-LICENSE.txt                          | 108 ----
 licenses/NOTICE.txt                                |  16 -
 pom.xml                                            |  14 +-
 spss/assembly-lib.xml                              |   9 +-
 spss/assembly.xml                                  |   9 +-
 spss/handbook/handbook/config/config.html          |   2 +-
 spss/handbook/handbook/faq/faq.html                |   2 +-
 spss/handbook/handbook/index.html                  |   2 +-
 spss/handbook/handbook/install/install.html        |   8 +-
 spss/handbook/handbook/intro/intro.html            |   4 +-
 spss/handbook/handbook/usage/usage.html            |   2 +-
 spss/pom.xml                                       |   2 +-
 spss/server/history.txt                            |   8 +
 spss/server/serverlib/pom.xml                      |   2 +-
 .../serverlib/resources/licenses/Apache-2.0.txt    | 202 -------
 .../serverlib/resources/licenses/IAIK-License.txt  |  13 -
 spss/server/serverlib/resources/licenses/Jaxen.txt |  40 --
 .../resources/licenses/PostgreSQL-JDBC.txt         |  26 -
 spss/server/serverws/pom.xml                       |   2 +-
 46 files changed, 1891 insertions(+), 668 deletions(-)
 create mode 100644 IAIK-LICENSE.txt
 create mode 100644 LICENSE-2.0.txt
 create mode 100644 NOTICE.txt
 create mode 100644 common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.4.xsd
 create mode 100644 id/readme_1.4.4.txt
 create mode 100644 id/server/doc/MOA-ID-Configuration-1.4.4.xsd
 delete mode 100644 licenses/APACHE-LICENSE-2.0.txt
 delete mode 100644 licenses/IAIK-LICENSE.txt
 delete mode 100644 licenses/NOTICE.txt
 delete mode 100644 spss/server/serverlib/resources/licenses/Apache-2.0.txt
 delete mode 100644 spss/server/serverlib/resources/licenses/IAIK-License.txt
 delete mode 100644 spss/server/serverlib/resources/licenses/Jaxen.txt
 delete mode 100644 spss/server/serverlib/resources/licenses/PostgreSQL-JDBC.txt

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/IAIK-LICENSE.txt b/IAIK-LICENSE.txt
new file mode 100644
index 000000000..4fa412cf8
--- /dev/null
+++ b/IAIK-LICENSE.txt
@@ -0,0 +1,108 @@
+Stiftung SIC License Agreement for "IAIK MOA"
+
+Valid from December 1st, 2005
+
+The Stiftung SIC
+Stiftung Secure Information and Communication Technologies
+Inffeldgasse16a, A-8010 Graz, Austria, hereafter referred to as "Stiftung SIC", 
+offers to grant licences for the SOFTWARE defined below according to the following conditions:
+
+1. DEFINITIONS
+For the purpose of this Licence Agreement, the following definitions are valid:
+
+a. The term "SOFTWARE" refers to the "IAIK MOA" bundle in any 
+form (object code or other) including documentation. The 
+SOFTWARE is the sole property of Stiftung SIC and protected by 
+Austrian, International Copyright Law, e.g. the Revised Berne 
+Convention, and the US Copyright Act.
+
+b. "IAIK MOA" is distributed in documentation, manuals, and user 
+guides, tools - including any revisions, patches and updates 
+downloaded by the customer.
+
+c."IAIK MOA Runtime Modules" means the runtime object code 
+modules provided with, or derived from the SOFTWARE.
+
+d. "MOA modules" mean the modules for online applications made 
+available by the Austrian Federal Chancellery and they consist of 
+MOA-Signature Creation (MOA-SS), MOA-Signature Verification 
+(MOA-SP) and MOA-Identification (MOA-ID).
+
+2. GRANTING of LICENCES
+
+The licensee is granted as specified below:
+
+o IAIK MOA Runtime License
+Stiftung SIC grants the Licensee a non-exclusive, non-transferable runtime licence to use the 
+"IAIK MOA" modules in the context of unmodified MOA modules. Any attempt to use any parts or 
+the whole IAIK Crypto Toolkits which come bundled together with the MOA modules for any 
+purpose other than accessing these MOA modules by applications, including, but not limited to, 
+the development of applications, the creation of a toolkit, or inclusion in a different toolkit, is not 
+permitted without additional licenses. These licences are not transferable to contractors or any 
+other persons, organisations or companies outside the licensee's organisation without making 
+such persons, organisations or companies explicitly aware of the restrictions of these licenses 
+and such persons, organisations or companies explicitly agree to observe these restrictions.
+
+3. LIMITATIONS for all LICENCES:
+LICENSEES must not attempt to reverse engineer, decompile, disassemble, reverse, translate or in 
+any other manner decode the computer programmes in the IAIK libraries in order to derive the 
+source code there from. 
+
+4. WARRANTY:
+Stiftung SIC guarantees that the SOFTWARE is free of any computer virus or other malicious 
+hidden routines that would intentionally cause damage to or corrupt data, storage media or 
+equipment. For proving the integrity of the SOFTWARE, Stiftung SIC may calculate a SHA-1 hash 
+value over the distribution file and publish it on its web site. It is the duty of the licensee to verify this 
+hash value. If the hash value cannot be verified, Stiftung SIC declines any warranties on that 
+software, and the licensee should immediately (or within 30 days of delivery at the latest), contact 
+Stiftung SIC for verification and reshipment.
+The SOFTWARE is provided "as is" and except for the declaration and warranty stated in this 
+section, Stiftung SIC makes no representations, conditions or warranties, either express or implied, 
+relative to the SOFTWARE or services provided hereunder, including all implied conditions or 
+warranties of merchantability and fitness for a particular purpose and all conditions with respect to 
+intellectual property infringement. Stiftung SIC may, but shall not be obliged to, fix errors in any 
+SOFTWARE.
+
+5. PROPRIETARY INFORMATION and CONFIDENTIALITY:
+The LICENSEE acknowledges that the SOFTWARE remains the property of, and is confidential to, 
+Stiftung SIC and incorporates trade secrets of Stiftung SIC, and that Stiftung SIC shall have the 
+exclusive right to any copyrights or patents in respect of the SOFTWARE. The LICENSEE agrees to 
+maintain the confidentiality of the SOFTWARE.
+The LICENSEE further agrees that (with the exception of paragraph 2 above), he shall not make 
+any disclosure of the SOFTWARE (including copies thereof or methods or concepts utilised therein) 
+to any person or entity, other than employees of the LICENSEE, to whom such disclosure is 
+necessary in order to use the SOFTWARE as provided herein. The LICENSEE shall appropriately 
+notify each employee to whom any such disclosure is made. Such disclosure must be made in 
+confidence and shall be kept in confidence by the employee in question.
+The LICENSEE agrees to use diligent and determined efforts to secure and protect the 
+SOFTWARE and copies thereof in a manner consistent with their proprietary character and the 
+maintenance of Licensor's rights therein, and without limitation thereof, to take appropriate action, 
+by instruction or agreement with its employees who are permitted access to the SOFTWARE or 
+copies thereof, or otherwise, to satisfy its obligations as hereby stated.
+
+6. TERMINATION:
+Stiftung SIC may terminate this Agreement without prior notice, if the licensee 1. neglects or fails to 
+perform or observe, or correct a breach of its obligations to Stiftung SIC; 2. goes out of business, 
+files a bankruptcy petition or has such a petition filed involuntarily against it or becomes insolvent; 3. 
+develops, sells, licenses or distributes or attempts to develop, sell, license or distribute any software 
+based on the SOFTWARE which is outside the scope of the limited rights granted herein, to any 
+third party. In the event of such a termination, the Licensee shall immediately destroy all copies and 
+ensure that all backup copies are destroyed as well.
+
+Stiftung SIC may at any time stop granting free licenses of the SOFTWARE in combination with the 
+MOA modules without prior notice. In this case, all licenses granted until that time remain valid, i.e. 
+allow the licensee to continue using the SOFTWARE in combination with the unmodified MOA 
+modules.
+
+7. LIABILITY:
+To the maximum extent allowed by applicable law Stiftung SIC shall not be liable for any damages 
+whatsoever (including, without limitation, damages for loss of business profits, business interruption, 
+loss of business information, or other pecuniary loss) arising out of the use of or inability to use the 
+SOFTWARE, even if Stiftung SIC has been advised of the possibility of such damages.
+
+8. WAIVER:
+Invalidity, on legal grounds, of any term of this Agreement does not render the Agreement as a whole 
+invalid.
+
+9. GOVERNING LAW, ARBITRATION:
+This Agreement is governed by Austrian law.
diff --git a/LICENSE-2.0.txt b/LICENSE-2.0.txt
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/LICENSE-2.0.txt
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/NOTICE.txt b/NOTICE.txt
new file mode 100644
index 000000000..1296eeb2c
--- /dev/null
+++ b/NOTICE.txt
@@ -0,0 +1,16 @@
+MOA-ID/SP/SS
+Copyright 2008 Federal Chancellery Austria
+
+This product includes software originally developed at the
+Austrian Federal Computing Centre (BRZ - Bundesrechenzentrum,
+www.brz.gv.at) and the Federal Chancellery Austria (Stabsstelle
+IKT-Strategie des Bundes, Bundeskanzleramt, 
+www.digitales.oesterreich.gv.at).
+
+This product includes software developed by third parties
+and provided under an open source license (www.opensource.org).
+
+This product includes software "IAIK MOA" provided by
+Stiftung Secure Information and Communication Technologies SIC 
+(www.sic.st). This software has been licensed under the terms
+and conditions given in "IAIK-LICENSE".
\ No newline at end of file
diff --git a/common/pom.xml b/common/pom.xml
index 39a0c8910..a454acd1f 100644
--- a/common/pom.xml
+++ b/common/pom.xml
@@ -2,12 +2,12 @@
   <parent>
     <groupId>MOA</groupId>
     <artifactId>MOA</artifactId>
-    <version>1.4.3-1</version>
+    <version>1.4.4</version>
   </parent>
   <modelVersion>4.0.0</modelVersion>
   <groupId>MOA</groupId>
   <artifactId>moa-common</artifactId>
-  <version>1.4.3-1</version>
+  <version>1.4.4</version>
   <packaging>jar</packaging>
   <name>MOA common library</name>
 
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
index a436c4b23..3851f7fdf 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -96,7 +96,7 @@ public interface Constants {
 
   /** Local location of the MOA ID configuration XML schema definition. */
   public static final String MOA_ID_CONFIG_SCHEMA_LOCATION =
-    SCHEMA_ROOT + "MOA-ID-Configuration-1.4.3.xsd";
+    SCHEMA_ROOT + "MOA-ID-Configuration-1.4.4.xsd";
 
   /** URI of the Security Layer 1.0 namespace. */
   public static final String SL10_NS_URI =
diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.4.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.4.xsd
new file mode 100644
index 000000000..619b9f2df
--- /dev/null
+++ b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.4.xsd
@@ -0,0 +1,612 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
+	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
+	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
+	<xsd:element name="Configuration">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="LoginType" type="LoginType" default="stateful"/>
+				<xsd:element name="Binding" minOccurs="0">
+					<xsd:simpleType>
+						<xsd:restriction base="xsd:string">
+							<xsd:enumeration value="full"/>
+							<xsd:enumeration value="userName"/>
+							<xsd:enumeration value="none"/>
+						</xsd:restriction>
+					</xsd:simpleType>
+				</xsd:element>
+				<xsd:choice>
+					<xsd:element ref="ParamAuth"/>
+					<xsd:element ref="BasicAuth"/>
+					<xsd:element ref="HeaderAuth"/>
+				</xsd:choice>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:simpleType name="LoginType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="stateless"/>
+			<xsd:enumeration value="stateful"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:element name="ParamAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="Parameter" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Parameter">
+		<xsd:complexType>
+			<xsd:attribute name="Name" type="xsd:token" use="required"/>
+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="BasicAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="UserID" type="MOAAuthDataType"/>
+				<xsd:element name="Password" type="MOAAuthDataType"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="HeaderAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="Header" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Header">
+		<xsd:complexType>
+			<xsd:attribute name="Name" type="xsd:token" use="required"/>
+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:simpleType name="MOAAuthDataType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="MOAGivenName"/>
+			<xsd:enumeration value="MOAFamilyName"/>
+			<xsd:enumeration value="MOADateOfBirth"/>
+			<xsd:enumeration value="MOABPK"/>
+			<xsd:enumeration value="MOAWBPK"/>
+			<xsd:enumeration value="MOAPublicAuthority"/>
+			<xsd:enumeration value="MOABKZ"/>
+			<xsd:enumeration value="MOAQualifiedCertificate"/>
+			<xsd:enumeration value="MOAStammzahl"/>
+			<xsd:enumeration value="MOAIdentificationValueType"/>
+			<xsd:enumeration value="MOAIPAddress"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="MOAKeyBoxSelector">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="SecureSignatureKeypair"/>
+			<xsd:enumeration value="CertifiedKeypair"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
+	<xsd:element name="MOA-IDConfiguration">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+				<xsd:element name="ProxyComponent" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>enthält Konfigurationsparameter der Proxy-Komponente</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:sequence>
+							<xsd:element name="AuthComponent">
+								<xsd:annotation>
+									<xsd:documentation>enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente</xsd:documentation>
+								</xsd:annotation>
+								<xsd:complexType>
+									<xsd:sequence>
+										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+											<xsd:annotation>
+												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
+											</xsd:annotation>
+										</xsd:element>
+									</xsd:sequence>
+								</xsd:complexType>
+							</xsd:element>
+						</xsd:sequence>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="OnlineApplication" maxOccurs="unbounded">
+					<xsd:annotation>
+						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:complexContent>
+							<xsd:extension base="OnlineApplicationType">
+								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
+								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
+								<xsd:attribute name="type" use="optional" default="publicService">
+									<xsd:simpleType>
+										<xsd:restriction base="xsd:NMTOKEN">
+											<xsd:enumeration value="businessService"/>
+											<xsd:enumeration value="publicService"/>
+										</xsd:restriction>
+									</xsd:simpleType>
+								</xsd:attribute>
+								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
+							</xsd:extension>
+						</xsd:complexContent>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="ChainingModes" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:sequence minOccurs="0" maxOccurs="unbounded">
+							<xsd:element name="TrustAnchor">
+								<xsd:annotation>
+									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden</xsd:documentation>
+								</xsd:annotation>
+								<xsd:complexType>
+									<xsd:complexContent>
+										<xsd:extension base="dsig:X509IssuerSerialType">
+											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>
+										</xsd:extension>
+									</xsd:complexContent>
+								</xsd:complexType>
+							</xsd:element>
+						</xsd:sequence>
+						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
+					<xsd:complexType>
+						<xsd:attribute name="name" use="required">
+							<xsd:simpleType>
+								<xsd:restriction base="xsd:string">
+									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
+									<xsd:enumeration value="AuthenticationSession.TimeOut"/>
+									<xsd:enumeration value="AuthenticationData.TimeOut"/>
+									<xsd:enumeration value="TrustManager.RevocationChecking"/>
+									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
+									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
+									<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>
+									<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>
+									<xsd:enumeration value="AuthenticationServer.SourceID"/>
+								</xsd:restriction>
+							</xsd:simpleType>
+						</xsd:attribute>
+						<xsd:attribute name="value" type="xsd:string" use="required"/>
+					</xsd:complexType>
+				</xsd:element>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="AuthComponentType">
+		<xsd:sequence>
+			<xsd:element name="BKUSelection" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
+					</xsd:sequence>
+					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+			<xsd:element name="SecurityLayer">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter für die Kommunikation mit dem Security-Layer</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="MOA-SP">
+				<xsd:annotation>
+					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+						<xsd:element name="VerifyIdentityLink">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die Überprüfung der Personenbindung</xsd:documentation>
+							</xsd:annotation>
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="TrustProfileID"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="VerifyAuthBlock">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die Überprüfung des AUTH-Blocks</xsd:documentation>
+							</xsd:annotation>
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="TrustProfileID"/>
+									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="IdentityLinkSigners" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Informationen über akzeptierte Signers des IdentityLinks</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
+							<xsd:annotation>
+								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="TransformsInfoType">
+		<xsd:annotation>
+			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert</xsd:documentation>
+		</xsd:annotation>
+		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="TemplatesType">
+		<xsd:sequence>
+			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
+			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>
+			<xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="TemplateType">
+		<xsd:annotation>
+			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
+		</xsd:annotation>
+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="VerifyInfoboxesType">
+		<xsd:annotation>
+			<xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="DefaultTrustProfile" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="TrustProfileID"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="Infobox" type="InfoboxType" minOccurs="0" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="InfoboxType">
+		<xsd:annotation>
+			<xsd:documentation>Parameter zur Überprüfung einzelner Infoboxen</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>TrustProfil, das für die Überprüfung der Infobox verwendet werden soll</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
+			<xsd:element name="ApplicationSpecificParameters" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ParepSpecificParameters" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="EnableInfoboxValidator" minOccurs="0">
+							<xsd:annotation>
+								<xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant.</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+						<xsd:element name="PartyRepresentation" type="PartyRepresentationType">
+							<xsd:annotation>
+								<xsd:documentation>Eigentlicher Konfigurationsteil für berufliche Parteienvertretung</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+		<xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
+		<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+		<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+	</xsd:complexType>
+	<xsd:complexType name="SchemaLocationType">
+		<xsd:annotation>
+			<xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="Schema" maxOccurs="unbounded">
+				<xsd:complexType>
+					<xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
+					<xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ProxyComponentType"/>
+	<xsd:complexType name="OnlineApplicationType">
+		<xsd:sequence>
+			<xsd:element name="AuthComponent" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<!--xsd:element name="IdentificationNumber" minOccurs="0">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="pr:AbstractSimpleIdentification"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element-->
+						<xsd:element name="IdentificationNumber" minOccurs="0">
+							<xsd:complexType>
+								<xsd:choice>
+									<xsd:element ref="pr:Firmenbuchnummer"/>
+									<xsd:element ref="pr:ZMRzahl"/>
+									<xsd:element ref="pr:Vereinsnummer"/>
+									<xsd:element ref="pr:ERJPZahl"/>
+									<xsd:element name="AnyNumber">
+										<xsd:complexType>
+											<xsd:simpleContent>
+												<xsd:extension base="xsd:string">
+													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+												</xsd:extension>
+											</xsd:simpleContent>
+										</xsd:complexType>
+									</xsd:element>
+								</xsd:choice>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
+						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
+					</xsd:sequence>
+					<xsd:attribute name="slVersion" use="optional" default="1.2">
+						<xsd:simpleType>
+							<xsd:restriction base="xsd:string">
+								<xsd:enumeration value="1.1"/>
+								<xsd:enumeration value="1.2"/>
+							</xsd:restriction>
+						</xsd:simpleType>
+					</xsd:attribute>
+					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
+					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ProxyComponent" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
+					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
+					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
+					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
+					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
+				</xsd:complexType>
+			</xsd:element>
+			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ConnectionParameterServerAuthType">
+		<xsd:sequence>
+			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="ConnectionParameterClientAuthType">
+		<xsd:complexContent>
+			<xsd:extension base="ConnectionParameterServerAuthType">
+				<xsd:sequence>
+					<xsd:element name="ClientKeyStore" minOccurs="0">
+						<xsd:annotation>
+							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält</xsd:documentation>
+						</xsd:annotation>
+						<xsd:complexType>
+							<xsd:simpleContent>
+								<xsd:extension base="xsd:anyURI">
+									<xsd:attribute name="password" type="xsd:string" use="optional"/>
+								</xsd:extension>
+							</xsd:simpleContent>
+						</xsd:complexType>
+					</xsd:element>
+				</xsd:sequence>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:element name="TrustProfileID" type="xsd:string"/>
+	<xsd:simpleType name="ChainingModeType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="chaining"/>
+			<xsd:enumeration value="pkix"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="BKUSelectionType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="HTMLComplete"/>
+			<xsd:enumeration value="HTMLSelect"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:element name="CompatibilityMode" default="false">
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:element name="EnableInfoboxValidator" default="true">
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:element name="AlwaysShowForm" default="false">
+		<xsd:annotation>
+			<xsd:documentation>Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
+		</xsd:annotation>
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:complexType name="InputProcessorType">
+		<xsd:simpleContent>
+			<xsd:extension base="xsd:string">
+				<xsd:attribute name="template" type="xsd:anyURI" use="optional">
+					<xsd:annotation>
+						<xsd:documentation>Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll</xsd:documentation>
+					</xsd:annotation>
+				</xsd:attribute>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:complexType name="PartyRepresentationType">
+		<xsd:sequence>
+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="AlwaysShowForm" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="PartyRepresentativeType">
+		<xsd:sequence>
+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="AlwaysShowForm" minOccurs="0"/>
+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Optionale Verbindungsparameter zu speziellem (SZR-)Gateway</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="oid" use="required">
+			<xsd:annotation>
+				<xsd:documentation>OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>
+			</xsd:annotation>
+			<!--xsd:simpleType>
+				<xsd:restriction/>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="1.2.40.0.10.3.1"/>
+					<xsd:enumeration value="1.2.40.0.10.3.2"/>
+					<xsd:enumeration value="1.2.40.0.10.3.3"/>
+					<xsd:enumeration value="1.2.40.0.10.3.10"/>
+					<xsd:enumeration value="1.2.40.0.10.3.10.IdentifiedVoiceChannel"/>
+				</xsd:restriction>
+			</xsd:simpleType-->
+		</xsd:attribute>
+		<xsd:attribute name="representPhysicalParty" use="optional" default="false">
+			<xsd:annotation>
+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist</xsd:documentation>
+			</xsd:annotation>
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:boolean"/>
+			</xsd:simpleType>
+		</xsd:attribute>
+		<xsd:attribute name="representCorporateParty" use="optional" default="false">
+			<xsd:annotation>
+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)</xsd:documentation>
+			</xsd:annotation>
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:boolean"/>
+			</xsd:simpleType>
+		</xsd:attribute>
+		<xsd:attribute name="representationText" use="optional">
+			<xsd:annotation>
+				<xsd:documentation>Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird</xsd:documentation>
+			</xsd:annotation>
+			<!--xsd:simpleType>
+				<xsd:restriction/>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"/>
+					<xsd:enumeration value="Organwalter"/>
+					<xsd:enumeration value="Parteienvertreter(in) über einen identifizierten Sprachkanal"/>
+				</xsd:restriction>
+			</xsd:simpleType-->
+		</xsd:attribute>
+	</xsd:complexType>
+</xsd:schema>
diff --git a/id/assembly-auth.xml b/id/assembly-auth.xml
index 98c02cc1a..165bedf72 100644
--- a/id/assembly-auth.xml
+++ b/id/assembly-auth.xml
@@ -45,8 +45,13 @@
 			</includes>
 		</fileSet>
 		<fileSet>
-			<directory>${basedir}/licenses</directory>
+			<directory>${basedir}</directory>
 			<outputDirectory>/</outputDirectory>
+			<includes>
+				<include>LICENSE-2.0.txt</include>
+				<include>NOTICE.txt</include>
+				<include>IAIK-LICENSE.txt</include>
+			</includes>
 		</fileSet>
 	</fileSets>
 
diff --git a/id/assembly-proxy.xml b/id/assembly-proxy.xml
index deed772eb..0f7af5491 100644
--- a/id/assembly-proxy.xml
+++ b/id/assembly-proxy.xml
@@ -31,8 +31,13 @@
 			</includes>
 		</fileSet>
 		<fileSet>
-			<directory>${basedir}/licenses</directory>
+			<directory>${basedir}</directory>
 			<outputDirectory>/</outputDirectory>
+			<includes>
+				<include>LICENSE-2.0.txt</include>
+				<include>NOTICE.txt</include>
+				<include>IAIK-LICENSE.txt</include>
+			</includes>
 		</fileSet>
 	</fileSets>
 
@@ -70,6 +75,17 @@
 				<unpack>false</unpack>
 			</binaries>
 		</moduleSet>
+		<moduleSet>
+			<includes>
+				<include>MOA:moa-id-oa</include>
+			</includes>
+			<binaries>
+				<includeDependencies>true</includeDependencies>
+				<outputDirectory>/</outputDirectory>
+				<outputFileNameMapping>oa.${extension}</outputFileNameMapping>
+				<unpack>false</unpack>
+			</binaries>
+		</moduleSet>
 		<moduleSet>
 			<includes>
 				<include>MOA.id.server:moa-id-lib</include>
diff --git a/id/history.txt b/id/history.txt
index 95ea0c78d..1aede7deb 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -23,6 +23,14 @@ Fixes:
   adaptiertes Anfrageformat. MOA-ID wurde im Zuge dessen auf dieses Anfrage-
   format umgestellt (Version SZR-GW-0.0.2.xsd).
 
+- Fixed Bug #333 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=333&group_id=6&atid=105)
+
+- Fixed Bug #332 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=332&group_id=6&atid=105)
+
+- IAIK Libraries aktualisiert:
+	iaik-moa:           Version 1.24
+	iaik-ixsil:			Version 1.2.2.4
+  
 =====
 Version MOA-ID 1.4.3-1 (Bugfix Release): Änderungen seit Version MOA-ID 1.4.3:
 
diff --git a/id/pom.xml b/id/pom.xml
index 0015a9e79..d7763f96f 100644
--- a/id/pom.xml
+++ b/id/pom.xml
@@ -3,14 +3,14 @@
     <parent>
         <groupId>MOA</groupId>
         <artifactId>MOA</artifactId>
-        <version>1.4.3-1</version>
+        <version>1.4.4</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>MOA</groupId>
     <artifactId>id</artifactId>
     <packaging>pom</packaging>
-    <version>1.4.3-1</version>
+    <version>1.4.4</version>
     <name>MOA ID</name>
 
     <modules>
diff --git a/id/readme_1.4.4.txt b/id/readme_1.4.4.txt
new file mode 100644
index 000000000..4ac757250
--- /dev/null
+++ b/id/readme_1.4.4.txt
@@ -0,0 +1,233 @@
+===============================================================================
+MOA ID Version 1.4.4 - Wichtige Informationen zur Installation
+===============================================================================
+
+-------------------------------------------------------------------------------
+A. Neuerungen/Änderungen
+-------------------------------------------------------------------------------
+
+Mit MOA ID Version 1.4.4 wurden folgende Neuerungen eingeführt, die jetzt 
+erstmals in der Veröffentlichung enthalten sind (siehe auch history.txt im 
+gleichen Verzeichnis):
+
+- Bei der beruflichen Parteienvertretung wurde das Stammzahlenregister in den 
+  Beispielkonfigurationen vorkonfiguriert.
+  
+- MOA-ID erlaubt ab sofort Load-Balancing. Dies wird durch die Konfigurations-
+  möglichkeit der Source-ID für das SAML-Artifact gewährleistet. Das Border-
+  Gateway kann dann anhand dieser Kennung an den zuständigen Server zur Abholung
+  der SAML-Assertion weiterleiten. Über den Konfigurationsparameter
+  <GenericConfiguration name="AuthenticationServer.SourceID" value="Cluster-A"/>
+  kann die authURL bei der Kodierung des SAML-Artifakts durch eine fix 
+  definierte URI (z.B. "Cluster-A") ersetzt werden.
+	
+-------------------------------------------------------------------------------
+B. Durchführung eines Updates
+-------------------------------------------------------------------------------
+
+Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch
+eine Aktualisierung bestehender Installationen möglich.
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 1.4.1 oder 1.4.2 (incl. beta 1)
+...............................................................................
+
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.4.zip) in
+   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
+   bezeichnet.   
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
+   auch das komplette Verzeichnis moa-id-auth.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+   CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die vier Dateien aus dem Verzeichnis  
+   MOA_ID_AUTH_INST/conf/moa-id/transforms in das Verzeichnis transforms Ihres
+   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
+   davon ausgegangen).
+
+6. Kopieren Sie die vier Dateien aus dem Verzeichnis 
+   MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
+   Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_SPSS/conf/moa-spss, wobei 
+   CATALINA_HOME_SPSS für das Basisverzeichnis der Tomcat-Installation 
+   für MOA SPSS steht; wenn Sie MOA SPSS nicht als eigenes Webservice 
+   betreiben, sondern es von MOA ID über die API-Schnittstelle angesprochen
+   wird, lautet dieses Stammverzeichnis für gewöhnlich
+   CATALINA_HOME_ID/conf/moa-spss.
+
+7. Sichern Sie ihre MOA-ID Konfigurationsdatei. Kopieren Sie die 
+   Beispielkonfigurationsdateien aus dem Verzeichnis
+   MOA_ID_AUTH_INST/conf/moa-id/SampleMOA*.xml nach 
+   CATALINA_HOME_ID/conf/moa-id. 
+   Verwenden Sie in Ihrer Installation bereits die Vollmachtenprüfung, so 
+   verschieben Sie bitte in der MOA-ID Installationsdatei das Element 
+   <CompatibilityMode> innerhalb des Konfigurationsteiles für die berufliche 
+   Parteienvertreung (ParepSpecificParameters) unter das Element 
+   ApplicationSpecificParameters.
+
+8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+   Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
+
+...............................................................................
+B.2 Durchführung eines Updates von Version 1.3.1, 1.3.2 oder 1.3.3
+...............................................................................
+
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+   
+2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.4.zip) in
+   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
+   bezeichnet.
+
+3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+   JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach.
+
+4. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\ext in das 
+   Verzeichnis JAVA_HOME\jre\lib\ext.
+
+5. Erstellen Sie eine Sicherungskopie aller Dateien im Verzeichnis 
+   CATALINA_HOME\common\endorsed und löschen Sie die dort eventuell vorhandene 
+   Dateien xmlParserAPIs.jar
+
+6. Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\endorsed
+   in das Verzeichnis CATALINA_HOME\common\endorsed. Überschreiben Sie dabei
+   etwaige gleichnamige Dateien.
+
+7. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
+   auch das komplette Verzeichnis moa-id-auth.
+
+8. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+   CATALINA_HOME_ID/webapps.
+
+9. Kopieren Sie die vier Dateien aus dem Verzeichnis  
+   MOA_ID_AUTH_INST/conf/moa-id/transforms in das Verzeichnis transforms Ihres
+   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
+   davon ausgegangen).
+
+10.Kopieren Sie die vier Dateien aus dem Verzeichnis 
+   MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
+   Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_SPSS/conf/moa-spss, wobei 
+   CATALINA_HOME_SPSS für das Basisverzeichnis der Tomcat-Installation 
+   für MOA SPSS steht; wenn Sie MOA SPSS nicht als eigenes Webservice 
+   betreiben, sondern es von MOA ID über dmie API-Schnittstelle angesprochen
+   wird, lautet dieses Stammverzeichnis für gewöhnlich
+   CATALINA_HOME_ID/conf/moa-spss; in weiterer Folge wird von letzterer 
+   Variante ausgegangen).   
+
+11.Update des Cert-Stores.
+   Kopieren Sie den Inhalt des Verzeichnisses
+   MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+   CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie 
+   vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann 
+   bejahen sie das.
+
+12.Sollen zusätzliche Templates für ältere Bürgerkartenumgebungen aktiviert
+   werden, öffnen Sie die XML-Konfiguration von MOA ID (für gewöhnlich finden 
+   Sie diese XML-Datei direkt im Stammverzeichnis für die MOA ID Konfiguration, 
+   z.B. CATALINA_HOME_ID/conf/moa-id/SampleMOAIDConfiguration.xml); führen Sie 
+   folgende Modifikationen an der XML-Konfiguration durch:
+   
+   a. Ändern Sie die applikationsübergreifende Konfiguration der AuthBlock
+      Transformationen. Sie finden diese Konfiguration im XML-Element
+      /MOA-IDConfiguration/AuthComponent/SecurityLayer. Fügen Sie zusätzlich zum
+      bisherigen Inhalt dieses Elements (für gewöhnlich ein Element
+      TransformsInfo, dessen Attribut filname den Wert
+      transforms/TransformsInfoAuthBlockText.xml aufweist) ein Element 
+      TransformsInfo an, dessen Attribut filename auf die Datei für ältere BKU 
+      zeigt. Sie können auch auf die vordefinierten Elemente aus den 
+      Musterkonfigurationen dieser Distribution (
+      MOA_ID_AUTH_INST/conf/moa-id/SampleMOAIDConfiguration.xml) zurückgreifen.
+
+   b. Fügen Sie Profilbezeichner für die Transformationsprofile in der
+      Konfiguration für MOA SP an. Sie finden diesen Bezeichner im XML-
+      Element /MOA-IDConfiguration/AuthComponent/MOA-SP/VerifyAuthBlock.
+      Hängen Sie ein Element VerifyTransformsInfoProfileID an, das für die Über-
+      prüfung der Transformation älterer BKU vorgesehen ist.
+      Siehe auch Inhalt des Elements VerifyAuthBlock aus der Musterkonfiguration 
+      dieser Distribution (
+      MOA_ID_AUTH_INST/conf/moa-id/SampleMOAIDConfiguration.xml).
+
+   c. Ändern Sie gegebenenfalls die applikationsspezifische Konfiguration
+      der Authblock-Tranformationen. Führen Sie dazu die folgende Tätigkeit
+      für jedes XML-Element /MOA-IDConfiguration/OnlineApplicaton/AuthComponent
+      durch: Fügen Sie zusätzlich zu einem bestehenden Element TransformsInfo 
+      ein Elemnet TransformsInfo an, das die Transformation für ältere BKU 
+      enthält - gleich wie dies bereits in Schritt a. durchgeführt wurde (wenn 
+      Sie dieses Element nicht vorfinden, oder es auskommentiert ist, muss 
+      Schritt c. nicht durchgeführt werden).
+
+   Öffnen Sie die XML-Konfiguration von MOA SPSS (für gewöhnlich finden Sie 
+   XML-Datei direkt im Stammverzeichnisses für die MOA SPSS Konfiguration, z.B.
+   CATALINA_HOME_ID/conf/moa-spss/SampleMOASPSSConfiguration.xml); führen Sie 
+   folgende Modifikationen an der XML-Konfiguration durch:
+
+   a. Ändern Sie die konfigurierten Profile für die zulässigen Transformationen
+      über die signierten Daten. Sie finden diese Profile am Ende der XML-Konfi-
+      guration von MOA SPSS (Elemente des Namens 
+      cfg:VerifyTransformsInfoProfile). Fügen Sie zusätzlich zu den vorkommenden 
+      Elementen dieses Namens (für gewöhnlich zwei Elemente) zwei weitere 
+      Elemente dieses Namens hinzu, die die Profile für die älteren Bürger-
+      kartenumgebungen aufnehmen - diese sind durch den Namensteil "_deprecated" 
+      gekennzeichnet (siehe auch Musterkonfigurationen dieser Distribution 
+      MOA_ID_AUTH_INST/conf/moa-spss/SampleMOASPSSConfiguration.xml).
+
+13.Update der Trust-Profile. Achten sie bei Case-sensitiven Betriebssystemen auf 
+   die Profilbezeichnungen. Aus trustprofiles wurde trustProfiles.  
+   Wenn Sie Ihre alten Trust-Profile durch die neuen ersetzen wollen, dann gehen  
+   Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile beibehalten 
+   wollen, dann gehen Sie vor, wie in Punkt b).
+
+   a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+    1)  Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+    2)  Kopieren Sie das Verzeichnis 
+        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis 
+        CATALINA_HOME\conf\moa-spss.
+
+   b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie folgt
+      vor, um die Profile auf den aktuellen Stand zu bringen:
+
+    1)  Benennen Sie ein eventuell vorhandenes Verzeichnis trustprofiles in
+        trustProfiles um (vergessen Sie nicht, diese Änderung in Ihrer MOA-SP/SS
+        Konfigurationsdatei ebenfalls zu berücksichtigen und benennen Sie dort 
+        alle gleichartigen Vorkommen von trustprofiles in trustProfiles um)
+
+    2)  Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den 
+        entsprechenden Profilen im Verzeichnis 
+        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren 
+        Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt der 
+        einzelnen Profile aus der Distribution (
+        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden 
+        Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) 
+        kopieren und dabei die vorhandenen gleichnamigen Zertifikate 
+        überschreiben), also z.B: Kopieren des Inhalts von 
+        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach 
+        CATALINA_HOME\conf\moa-spss\trustProfiles\
+        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+14.Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+   Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
+
+...............................................................................
+B.3 Durchführung eines Updates von einer älteren Version
+...............................................................................
+
+Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen
+Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter 
+Zuhilfenahme Ihrer bisherigen Konfiguration an.
+
diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml
index 6060956ee..d2aa59f2e 100644
--- a/id/server/auth/pom.xml
+++ b/id/server/auth/pom.xml
@@ -2,14 +2,14 @@
 	<parent>
 		<groupId>MOA.id</groupId>
 		<artifactId>moa-id</artifactId>
-		<version>1.4.3</version>
+		<version>1.4.4</version>
 	</parent>
 	
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>MOA.id.server</groupId>
 	<artifactId>moa-id-auth</artifactId>
 	<packaging>war</packaging>
-	<version>1.4.3</version>
+	<version>1.4.4</version>
 	<name>MOA ID-Auth WebService</name>
 	
 	<properties>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
index 103e6aaf7..d828ca6b2 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
@@ -1,5 +1,5 @@
 <sl10:TransformsInfo>
-	<dsig:Transforms>
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
 		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
 		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
 			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
index 0951bd415..4b61025ae 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
@@ -1,5 +1,5 @@
 <sl10:TransformsInfo>
-	<dsig:Transforms>
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
 		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
 		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
 			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
index 2f087aaf6..0da6c3f8e 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
@@ -1,5 +1,5 @@
 <sl10:TransformsInfo>
-	<dsig:Transforms>
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
 		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
 		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
 			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml
index 479a12745..802bc6470 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml
@@ -1,5 +1,5 @@
 <sl10:TransformsInfo>
-	<dsig:Transforms>
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
 		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
 		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
 			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
index 2f4914e2d..c6a000331 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-	<dsig:Transforms>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
 		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
 		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
 			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
index 43ee1f704..9fe95dcc9 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-	<dsig:Transforms>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
 		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
 		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
 			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml
index 885aa766a..89f108020 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-	<dsig:Transforms>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
 		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
 		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
 			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml
index e1106942d..8924e0f57 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-	<dsig:Transforms>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
 		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
 		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
 			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
diff --git a/id/server/doc/MOA-ID-Configuration-1.4.4.xsd b/id/server/doc/MOA-ID-Configuration-1.4.4.xsd
new file mode 100644
index 000000000..619b9f2df
--- /dev/null
+++ b/id/server/doc/MOA-ID-Configuration-1.4.4.xsd
@@ -0,0 +1,612 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
+	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
+	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
+	<xsd:element name="Configuration">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="LoginType" type="LoginType" default="stateful"/>
+				<xsd:element name="Binding" minOccurs="0">
+					<xsd:simpleType>
+						<xsd:restriction base="xsd:string">
+							<xsd:enumeration value="full"/>
+							<xsd:enumeration value="userName"/>
+							<xsd:enumeration value="none"/>
+						</xsd:restriction>
+					</xsd:simpleType>
+				</xsd:element>
+				<xsd:choice>
+					<xsd:element ref="ParamAuth"/>
+					<xsd:element ref="BasicAuth"/>
+					<xsd:element ref="HeaderAuth"/>
+				</xsd:choice>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:simpleType name="LoginType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="stateless"/>
+			<xsd:enumeration value="stateful"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:element name="ParamAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="Parameter" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Parameter">
+		<xsd:complexType>
+			<xsd:attribute name="Name" type="xsd:token" use="required"/>
+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="BasicAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="UserID" type="MOAAuthDataType"/>
+				<xsd:element name="Password" type="MOAAuthDataType"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="HeaderAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="Header" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Header">
+		<xsd:complexType>
+			<xsd:attribute name="Name" type="xsd:token" use="required"/>
+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:simpleType name="MOAAuthDataType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="MOAGivenName"/>
+			<xsd:enumeration value="MOAFamilyName"/>
+			<xsd:enumeration value="MOADateOfBirth"/>
+			<xsd:enumeration value="MOABPK"/>
+			<xsd:enumeration value="MOAWBPK"/>
+			<xsd:enumeration value="MOAPublicAuthority"/>
+			<xsd:enumeration value="MOABKZ"/>
+			<xsd:enumeration value="MOAQualifiedCertificate"/>
+			<xsd:enumeration value="MOAStammzahl"/>
+			<xsd:enumeration value="MOAIdentificationValueType"/>
+			<xsd:enumeration value="MOAIPAddress"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="MOAKeyBoxSelector">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="SecureSignatureKeypair"/>
+			<xsd:enumeration value="CertifiedKeypair"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
+	<xsd:element name="MOA-IDConfiguration">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+				<xsd:element name="ProxyComponent" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>enthält Konfigurationsparameter der Proxy-Komponente</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:sequence>
+							<xsd:element name="AuthComponent">
+								<xsd:annotation>
+									<xsd:documentation>enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente</xsd:documentation>
+								</xsd:annotation>
+								<xsd:complexType>
+									<xsd:sequence>
+										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+											<xsd:annotation>
+												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
+											</xsd:annotation>
+										</xsd:element>
+									</xsd:sequence>
+								</xsd:complexType>
+							</xsd:element>
+						</xsd:sequence>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="OnlineApplication" maxOccurs="unbounded">
+					<xsd:annotation>
+						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:complexContent>
+							<xsd:extension base="OnlineApplicationType">
+								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
+								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
+								<xsd:attribute name="type" use="optional" default="publicService">
+									<xsd:simpleType>
+										<xsd:restriction base="xsd:NMTOKEN">
+											<xsd:enumeration value="businessService"/>
+											<xsd:enumeration value="publicService"/>
+										</xsd:restriction>
+									</xsd:simpleType>
+								</xsd:attribute>
+								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
+							</xsd:extension>
+						</xsd:complexContent>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="ChainingModes" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:sequence minOccurs="0" maxOccurs="unbounded">
+							<xsd:element name="TrustAnchor">
+								<xsd:annotation>
+									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden</xsd:documentation>
+								</xsd:annotation>
+								<xsd:complexType>
+									<xsd:complexContent>
+										<xsd:extension base="dsig:X509IssuerSerialType">
+											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>
+										</xsd:extension>
+									</xsd:complexContent>
+								</xsd:complexType>
+							</xsd:element>
+						</xsd:sequence>
+						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
+					<xsd:complexType>
+						<xsd:attribute name="name" use="required">
+							<xsd:simpleType>
+								<xsd:restriction base="xsd:string">
+									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
+									<xsd:enumeration value="AuthenticationSession.TimeOut"/>
+									<xsd:enumeration value="AuthenticationData.TimeOut"/>
+									<xsd:enumeration value="TrustManager.RevocationChecking"/>
+									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
+									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
+									<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>
+									<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>
+									<xsd:enumeration value="AuthenticationServer.SourceID"/>
+								</xsd:restriction>
+							</xsd:simpleType>
+						</xsd:attribute>
+						<xsd:attribute name="value" type="xsd:string" use="required"/>
+					</xsd:complexType>
+				</xsd:element>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="AuthComponentType">
+		<xsd:sequence>
+			<xsd:element name="BKUSelection" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
+					</xsd:sequence>
+					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+			<xsd:element name="SecurityLayer">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter für die Kommunikation mit dem Security-Layer</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="MOA-SP">
+				<xsd:annotation>
+					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+						<xsd:element name="VerifyIdentityLink">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die Überprüfung der Personenbindung</xsd:documentation>
+							</xsd:annotation>
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="TrustProfileID"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="VerifyAuthBlock">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die Überprüfung des AUTH-Blocks</xsd:documentation>
+							</xsd:annotation>
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="TrustProfileID"/>
+									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="IdentityLinkSigners" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Informationen über akzeptierte Signers des IdentityLinks</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
+							<xsd:annotation>
+								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="TransformsInfoType">
+		<xsd:annotation>
+			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert</xsd:documentation>
+		</xsd:annotation>
+		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="TemplatesType">
+		<xsd:sequence>
+			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
+			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>
+			<xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="TemplateType">
+		<xsd:annotation>
+			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
+		</xsd:annotation>
+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="VerifyInfoboxesType">
+		<xsd:annotation>
+			<xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="DefaultTrustProfile" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="TrustProfileID"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="Infobox" type="InfoboxType" minOccurs="0" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="InfoboxType">
+		<xsd:annotation>
+			<xsd:documentation>Parameter zur Überprüfung einzelner Infoboxen</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>TrustProfil, das für die Überprüfung der Infobox verwendet werden soll</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
+			<xsd:element name="ApplicationSpecificParameters" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ParepSpecificParameters" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="EnableInfoboxValidator" minOccurs="0">
+							<xsd:annotation>
+								<xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant.</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+						<xsd:element name="PartyRepresentation" type="PartyRepresentationType">
+							<xsd:annotation>
+								<xsd:documentation>Eigentlicher Konfigurationsteil für berufliche Parteienvertretung</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+		<xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
+		<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+		<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+	</xsd:complexType>
+	<xsd:complexType name="SchemaLocationType">
+		<xsd:annotation>
+			<xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="Schema" maxOccurs="unbounded">
+				<xsd:complexType>
+					<xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
+					<xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ProxyComponentType"/>
+	<xsd:complexType name="OnlineApplicationType">
+		<xsd:sequence>
+			<xsd:element name="AuthComponent" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<!--xsd:element name="IdentificationNumber" minOccurs="0">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="pr:AbstractSimpleIdentification"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element-->
+						<xsd:element name="IdentificationNumber" minOccurs="0">
+							<xsd:complexType>
+								<xsd:choice>
+									<xsd:element ref="pr:Firmenbuchnummer"/>
+									<xsd:element ref="pr:ZMRzahl"/>
+									<xsd:element ref="pr:Vereinsnummer"/>
+									<xsd:element ref="pr:ERJPZahl"/>
+									<xsd:element name="AnyNumber">
+										<xsd:complexType>
+											<xsd:simpleContent>
+												<xsd:extension base="xsd:string">
+													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+												</xsd:extension>
+											</xsd:simpleContent>
+										</xsd:complexType>
+									</xsd:element>
+								</xsd:choice>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
+						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
+					</xsd:sequence>
+					<xsd:attribute name="slVersion" use="optional" default="1.2">
+						<xsd:simpleType>
+							<xsd:restriction base="xsd:string">
+								<xsd:enumeration value="1.1"/>
+								<xsd:enumeration value="1.2"/>
+							</xsd:restriction>
+						</xsd:simpleType>
+					</xsd:attribute>
+					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
+					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ProxyComponent" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
+					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
+					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
+					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
+					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
+				</xsd:complexType>
+			</xsd:element>
+			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ConnectionParameterServerAuthType">
+		<xsd:sequence>
+			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="ConnectionParameterClientAuthType">
+		<xsd:complexContent>
+			<xsd:extension base="ConnectionParameterServerAuthType">
+				<xsd:sequence>
+					<xsd:element name="ClientKeyStore" minOccurs="0">
+						<xsd:annotation>
+							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält</xsd:documentation>
+						</xsd:annotation>
+						<xsd:complexType>
+							<xsd:simpleContent>
+								<xsd:extension base="xsd:anyURI">
+									<xsd:attribute name="password" type="xsd:string" use="optional"/>
+								</xsd:extension>
+							</xsd:simpleContent>
+						</xsd:complexType>
+					</xsd:element>
+				</xsd:sequence>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:element name="TrustProfileID" type="xsd:string"/>
+	<xsd:simpleType name="ChainingModeType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="chaining"/>
+			<xsd:enumeration value="pkix"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="BKUSelectionType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="HTMLComplete"/>
+			<xsd:enumeration value="HTMLSelect"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:element name="CompatibilityMode" default="false">
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:element name="EnableInfoboxValidator" default="true">
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:element name="AlwaysShowForm" default="false">
+		<xsd:annotation>
+			<xsd:documentation>Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
+		</xsd:annotation>
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:complexType name="InputProcessorType">
+		<xsd:simpleContent>
+			<xsd:extension base="xsd:string">
+				<xsd:attribute name="template" type="xsd:anyURI" use="optional">
+					<xsd:annotation>
+						<xsd:documentation>Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll</xsd:documentation>
+					</xsd:annotation>
+				</xsd:attribute>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:complexType name="PartyRepresentationType">
+		<xsd:sequence>
+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="AlwaysShowForm" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="PartyRepresentativeType">
+		<xsd:sequence>
+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="AlwaysShowForm" minOccurs="0"/>
+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Optionale Verbindungsparameter zu speziellem (SZR-)Gateway</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="oid" use="required">
+			<xsd:annotation>
+				<xsd:documentation>OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>
+			</xsd:annotation>
+			<!--xsd:simpleType>
+				<xsd:restriction/>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="1.2.40.0.10.3.1"/>
+					<xsd:enumeration value="1.2.40.0.10.3.2"/>
+					<xsd:enumeration value="1.2.40.0.10.3.3"/>
+					<xsd:enumeration value="1.2.40.0.10.3.10"/>
+					<xsd:enumeration value="1.2.40.0.10.3.10.IdentifiedVoiceChannel"/>
+				</xsd:restriction>
+			</xsd:simpleType-->
+		</xsd:attribute>
+		<xsd:attribute name="representPhysicalParty" use="optional" default="false">
+			<xsd:annotation>
+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist</xsd:documentation>
+			</xsd:annotation>
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:boolean"/>
+			</xsd:simpleType>
+		</xsd:attribute>
+		<xsd:attribute name="representCorporateParty" use="optional" default="false">
+			<xsd:annotation>
+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)</xsd:documentation>
+			</xsd:annotation>
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:boolean"/>
+			</xsd:simpleType>
+		</xsd:attribute>
+		<xsd:attribute name="representationText" use="optional">
+			<xsd:annotation>
+				<xsd:documentation>Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird</xsd:documentation>
+			</xsd:annotation>
+			<!--xsd:simpleType>
+				<xsd:restriction/>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"/>
+					<xsd:enumeration value="Organwalter"/>
+					<xsd:enumeration value="Parteienvertreter(in) über einen identifizierten Sprachkanal"/>
+				</xsd:restriction>
+			</xsd:simpleType-->
+		</xsd:attribute>
+	</xsd:complexType>
+</xsd:schema>
diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm
index 93976976b..00b2d8907 100644
--- a/id/server/doc/moa_id/id-admin_2.htm
+++ b/id/server/doc/moa_id/id-admin_2.htm
@@ -117,7 +117,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
           <p id="subtitel">Konfiguration von MOA ID v.1.4</p>
           <p id="block"> Die Konfiguration von MOA ID wird mittels einer XML-basierten
             Konfigurationsdatei, die dem Schema
-            <a href="../MOA-ID-Configuration-1.4.xsd" target="_new">MOA-ID-Configuration-1.4.xsd</a>
+            <a href="../MOA-ID-Configuration-1.4.4.xsd" target="_new">MOA-ID-Configuration-1.4.4.xsd</a>
             entspricht, durchgef&uuml;hrt.
           <p /> Der Ort der Konfigurationsdatei wird im Abschnitt <a href="id-admin_1.htm#deployment">Deployment
             der Web-Applikation in Tomcat</a> beschrieben.
@@ -213,7 +213,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                 der Konfigurationsdatei f&uuml;r eine Online-Applikation individuell definierte (lokale)
                 Templates (siehe <a href="#OnlineApplication/AuthComponent/Templates" target="_new">
                 OnlineApplication/AuthComponent/Templates</a>).
-                Das heißt, sind in der Konfigurationsddatei f&uuml;r eine Online-Applikation lokale
+                Das hei&szlig;t, sind in der Konfigurationsddatei f&uuml;r eine Online-Applikation lokale
                 Templates definiert (Element <tt>OnlineApplication/AuthComponent/Templates</tt>), so werden
                 die als global spezifizierten Templates (<tt>AuthComponent/Templates</tt>) f&uuml;r diese
                 OnlineApplikation ignoriert, jedoch f&uuml;r alle anderen Online-Applikationen
@@ -350,7 +350,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                   <p id="block"> <b>AuthComponent/VerifyInfoboxes</b>
                     <br />
                     Ab Version 1.4 bietet MOA-ID die M&ouml;glichkeit einer erweiterten Infobox-Validierung,
-                    das heißt, es k&ouml;nnen neben der Personenbindung auch weitere ausgelesene Infoboxen
+                    das hei&szlig;t, es k&ouml;nnen neben der Personenbindung auch weitere ausgelesene Infoboxen
                     validiert werden. Die f&uuml;r die Validierung der Infoboxen notwendigen Parameter
                     k&ouml;nnen &uuml;ber die Konfigurationsdatei durch das <tt>VerifyInfoboxes</tt>
                     Element sowohl <a href="#VerifyInfoboxesAuth">global</a> als auch
@@ -361,7 +361,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                     Applikation als <tt>Pr&uuml;fapplikation</tt> bezeichnet.
                     <br />
                     Das <tt>Verifyinfoboxes</tt> Element ist optional und kann fehlen,
-                    wenn keine Infoboxen außer der der Personenbindung validiert werden m&uuml;ssen.
+                    wenn keine Infoboxen au&szlig;er der der Personenbindung validiert werden m&uuml;ssen.
                     <br />
                     Das <tt>VerifyInfoboxes</tt>-Element hat folgende Kind-Elemente:
                     <ul>
@@ -427,7 +427,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                             das angibt ob die <i>Online-Applikation</i> die Personenbindung erhalten
                             soll.
                             <br />
-                            <b>Anmerkung 2</b>: Der Pr&uuml;fapplikation werden defaultm&auml;ßig der Vorname,
+                            <b>Anmerkung 2</b>: Der Pr&uuml;fapplikation werden defaultm&auml;&szlig;ig der Vorname,
                             der Familienname, das Geburtsdatum, der Typ der Stammzahl, die Stammzahl
                             (konfigurierbar) und die &ouml;ffentlichen Schl&uuml;ssel aus der Personenbindung
                             &uuml;bergeben. Das Attribut <tt>provideIdentityLink</tt> sollte deshalb
@@ -682,7 +682,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                               </ul>
 
                               Die Stammzahl ist jeweils ohne Pr&auml;fix anzugeben, also wird zum Beispiel
-                              die Firmenbuchnummer <tt>FN468924i</tt> folgendermaßen definiert:
+                              die Firmenbuchnummer <tt>FN468924i</tt> folgenderma&szlig;en definiert:
                               <br /> <br />
                               <tt>&lt;pr:Firmenbuchnummer&gt;468924i&lt;/pr:Firmenbuchnummer&gt;</tt>
 				   			  <br /><br />
@@ -707,7 +707,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                               wie oben gelten.
                               <br></br>
                               Die Firmenbuchnummer aus obigem Beispiel k&ouml;nnte man nun beispielsweise mit Hilfe das Elements
-                              <tt>AnyNumber</tt> auch folgendermaßen definieren:
+                              <tt>AnyNumber</tt> auch folgenderma&szlig;en definieren:
                               <br></br>
                               <tt>&lt;AnyNumber Identifier="FN"&gt;468924i&lt;/AnyNumber&gt;</tt>
 				   			  <br></br>
@@ -741,7 +741,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                             Online-Applikationen unterschiedliche Transformationen zu spezifizieren.
                             Alle &uuml;ber dieses Element definierten Transformationen haben
                             Vorrang gegen&uuml;ber die durch <tt>AuthComponent/SecurityLayer/TransformsInfo</tt>
-                            angegebenen Transformationen. Das heißt, ist f&uuml;r eine
+                            angegebenen Transformationen. Das hei&szlig;t, ist f&uuml;r eine
                             Online-Applikation das Kindelement <tt>AuthComponent/TransformsInfo</tt>
                             vorhanden, so wird f&uuml;r diese Applikation die durch dieses Element
                             spezifizierte Transformation verwendet (das Element kann nat&uuml;rlich
@@ -896,7 +896,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                             <tt>https://OA3/</tt> eingetragen.
                             Online-Applikation <tt>OA1</tt> konfiguriert Pr&uuml;fapplikationen f&uuml;r
                             die drei Infoboxen <tt>InfoboxB</tt>, <tt>InfoboxC</tt> und
-                            <tt>InfoboxD</tt>. Das heißt, MOA-ID kann f&uuml;r die Online-Applikation
+                            <tt>InfoboxD</tt>. Das hei&szlig;t, MOA-ID kann f&uuml;r die Online-Applikation
                             <tt>OA1</tt> insgesamt vier Infoboxen &uuml;berpr&uuml;fen: die
                             Paramter f&uuml;r die Infobox <tt>InfoboxA</tt> werden
                             von der entsprechenden global konfigurierten Pr&uuml;applikation
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index c8fc02844..ee3c5fc7f 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -2,14 +2,14 @@
 	<parent>
 		<groupId>MOA.id</groupId>
 		<artifactId>moa-id</artifactId>
-		<version>1.4.3</version>
+		<version>1.4.4</version>
 	</parent>
 
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>MOA.id.server</groupId>
 	<artifactId>moa-id-lib</artifactId>
 	<packaging>jar</packaging>
-	<version>1.4.3</version>
+	<version>1.4.4</version>
 	<name>MOA ID API</name>
 
 	<properties>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index 290dc429a..fe73ce16b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -46,7 +46,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
     "  <{3}:SignatureEnvironment>" + nl +
     "   <{4}:XMLContent>{0}</{4}:XMLContent>" + nl +
     "  </{3}:SignatureEnvironment>" + nl +
-    "  <{3}:SignatureLocation Index=''2''>/saml:Assertion</{3}:SignatureLocation>" + nl +
+    "  <{3}:SignatureLocation xmlns:saml=''" + SAML_NS_URI + "'' Index=''2''>/saml:Assertion</{3}:SignatureLocation>" + nl +
     " </{3}:SignatureInfo>" + nl +
     "</{3}:CreateXMLSignatureRequest>";
   
diff --git a/id/server/pom.xml b/id/server/pom.xml
index 18bfd230c..809aff640 100644
--- a/id/server/pom.xml
+++ b/id/server/pom.xml
@@ -4,14 +4,14 @@
     <parent>
         <groupId>MOA</groupId>
         <artifactId>id</artifactId>
-        <version>1.4.3-1</version>
+        <version>1.4.4</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>MOA.id</groupId>
     <artifactId>moa-id</artifactId>
     <packaging>pom</packaging>
-    <version>1.4.3</version>
+    <version>1.4.4</version>
     <name>MOA ID Server</name>
 
     <modules>
diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml
index 906024d5b..2255d6c01 100644
--- a/id/server/proxy/pom.xml
+++ b/id/server/proxy/pom.xml
@@ -2,7 +2,7 @@
 	<parent>
 		<groupId>MOA.id</groupId>
 		<artifactId>moa-id</artifactId>
-		<version>1.4.3</version>
+		<version>1.4.4</version>
 	</parent>
 	
 	<properties>
@@ -13,7 +13,7 @@
 	<groupId>MOA.id.server</groupId>
 	<artifactId>moa-id-proxy</artifactId>
 	<packaging>war</packaging>
-	<version>1.4.3</version>
+	<version>1.4.4</version>
 	<name>MOA ID-Proxy WebService</name>
 	
 	<build>
diff --git a/licenses/APACHE-LICENSE-2.0.txt b/licenses/APACHE-LICENSE-2.0.txt
deleted file mode 100644
index d64569567..000000000
--- a/licenses/APACHE-LICENSE-2.0.txt
+++ /dev/null
@@ -1,202 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/licenses/IAIK-LICENSE.txt b/licenses/IAIK-LICENSE.txt
deleted file mode 100644
index 4fa412cf8..000000000
--- a/licenses/IAIK-LICENSE.txt
+++ /dev/null
@@ -1,108 +0,0 @@
-Stiftung SIC License Agreement for "IAIK MOA"
-
-Valid from December 1st, 2005
-
-The Stiftung SIC
-Stiftung Secure Information and Communication Technologies
-Inffeldgasse16a, A-8010 Graz, Austria, hereafter referred to as "Stiftung SIC", 
-offers to grant licences for the SOFTWARE defined below according to the following conditions:
-
-1. DEFINITIONS
-For the purpose of this Licence Agreement, the following definitions are valid:
-
-a. The term "SOFTWARE" refers to the "IAIK MOA" bundle in any 
-form (object code or other) including documentation. The 
-SOFTWARE is the sole property of Stiftung SIC and protected by 
-Austrian, International Copyright Law, e.g. the Revised Berne 
-Convention, and the US Copyright Act.
-
-b. "IAIK MOA" is distributed in documentation, manuals, and user 
-guides, tools - including any revisions, patches and updates 
-downloaded by the customer.
-
-c."IAIK MOA Runtime Modules" means the runtime object code 
-modules provided with, or derived from the SOFTWARE.
-
-d. "MOA modules" mean the modules for online applications made 
-available by the Austrian Federal Chancellery and they consist of 
-MOA-Signature Creation (MOA-SS), MOA-Signature Verification 
-(MOA-SP) and MOA-Identification (MOA-ID).
-
-2. GRANTING of LICENCES
-
-The licensee is granted as specified below:
-
-o IAIK MOA Runtime License
-Stiftung SIC grants the Licensee a non-exclusive, non-transferable runtime licence to use the 
-"IAIK MOA" modules in the context of unmodified MOA modules. Any attempt to use any parts or 
-the whole IAIK Crypto Toolkits which come bundled together with the MOA modules for any 
-purpose other than accessing these MOA modules by applications, including, but not limited to, 
-the development of applications, the creation of a toolkit, or inclusion in a different toolkit, is not 
-permitted without additional licenses. These licences are not transferable to contractors or any 
-other persons, organisations or companies outside the licensee's organisation without making 
-such persons, organisations or companies explicitly aware of the restrictions of these licenses 
-and such persons, organisations or companies explicitly agree to observe these restrictions.
-
-3. LIMITATIONS for all LICENCES:
-LICENSEES must not attempt to reverse engineer, decompile, disassemble, reverse, translate or in 
-any other manner decode the computer programmes in the IAIK libraries in order to derive the 
-source code there from. 
-
-4. WARRANTY:
-Stiftung SIC guarantees that the SOFTWARE is free of any computer virus or other malicious 
-hidden routines that would intentionally cause damage to or corrupt data, storage media or 
-equipment. For proving the integrity of the SOFTWARE, Stiftung SIC may calculate a SHA-1 hash 
-value over the distribution file and publish it on its web site. It is the duty of the licensee to verify this 
-hash value. If the hash value cannot be verified, Stiftung SIC declines any warranties on that 
-software, and the licensee should immediately (or within 30 days of delivery at the latest), contact 
-Stiftung SIC for verification and reshipment.
-The SOFTWARE is provided "as is" and except for the declaration and warranty stated in this 
-section, Stiftung SIC makes no representations, conditions or warranties, either express or implied, 
-relative to the SOFTWARE or services provided hereunder, including all implied conditions or 
-warranties of merchantability and fitness for a particular purpose and all conditions with respect to 
-intellectual property infringement. Stiftung SIC may, but shall not be obliged to, fix errors in any 
-SOFTWARE.
-
-5. PROPRIETARY INFORMATION and CONFIDENTIALITY:
-The LICENSEE acknowledges that the SOFTWARE remains the property of, and is confidential to, 
-Stiftung SIC and incorporates trade secrets of Stiftung SIC, and that Stiftung SIC shall have the 
-exclusive right to any copyrights or patents in respect of the SOFTWARE. The LICENSEE agrees to 
-maintain the confidentiality of the SOFTWARE.
-The LICENSEE further agrees that (with the exception of paragraph 2 above), he shall not make 
-any disclosure of the SOFTWARE (including copies thereof or methods or concepts utilised therein) 
-to any person or entity, other than employees of the LICENSEE, to whom such disclosure is 
-necessary in order to use the SOFTWARE as provided herein. The LICENSEE shall appropriately 
-notify each employee to whom any such disclosure is made. Such disclosure must be made in 
-confidence and shall be kept in confidence by the employee in question.
-The LICENSEE agrees to use diligent and determined efforts to secure and protect the 
-SOFTWARE and copies thereof in a manner consistent with their proprietary character and the 
-maintenance of Licensor's rights therein, and without limitation thereof, to take appropriate action, 
-by instruction or agreement with its employees who are permitted access to the SOFTWARE or 
-copies thereof, or otherwise, to satisfy its obligations as hereby stated.
-
-6. TERMINATION:
-Stiftung SIC may terminate this Agreement without prior notice, if the licensee 1. neglects or fails to 
-perform or observe, or correct a breach of its obligations to Stiftung SIC; 2. goes out of business, 
-files a bankruptcy petition or has such a petition filed involuntarily against it or becomes insolvent; 3. 
-develops, sells, licenses or distributes or attempts to develop, sell, license or distribute any software 
-based on the SOFTWARE which is outside the scope of the limited rights granted herein, to any 
-third party. In the event of such a termination, the Licensee shall immediately destroy all copies and 
-ensure that all backup copies are destroyed as well.
-
-Stiftung SIC may at any time stop granting free licenses of the SOFTWARE in combination with the 
-MOA modules without prior notice. In this case, all licenses granted until that time remain valid, i.e. 
-allow the licensee to continue using the SOFTWARE in combination with the unmodified MOA 
-modules.
-
-7. LIABILITY:
-To the maximum extent allowed by applicable law Stiftung SIC shall not be liable for any damages 
-whatsoever (including, without limitation, damages for loss of business profits, business interruption, 
-loss of business information, or other pecuniary loss) arising out of the use of or inability to use the 
-SOFTWARE, even if Stiftung SIC has been advised of the possibility of such damages.
-
-8. WAIVER:
-Invalidity, on legal grounds, of any term of this Agreement does not render the Agreement as a whole 
-invalid.
-
-9. GOVERNING LAW, ARBITRATION:
-This Agreement is governed by Austrian law.
diff --git a/licenses/NOTICE.txt b/licenses/NOTICE.txt
deleted file mode 100644
index 1296eeb2c..000000000
--- a/licenses/NOTICE.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-MOA-ID/SP/SS
-Copyright 2008 Federal Chancellery Austria
-
-This product includes software originally developed at the
-Austrian Federal Computing Centre (BRZ - Bundesrechenzentrum,
-www.brz.gv.at) and the Federal Chancellery Austria (Stabsstelle
-IKT-Strategie des Bundes, Bundeskanzleramt, 
-www.digitales.oesterreich.gv.at).
-
-This product includes software developed by third parties
-and provided under an open source license (www.opensource.org).
-
-This product includes software "IAIK MOA" provided by
-Stiftung Secure Information and Communication Technologies SIC 
-(www.sic.st). This software has been licensed under the terms
-and conditions given in "IAIK-LICENSE".
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 2e2d51c24..015eff21b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
     <groupId>MOA</groupId>
     <artifactId>MOA</artifactId>
     <packaging>pom</packaging>
-    <version>1.4.3-1</version>
+    <version>1.4.4</version>
     <name>MOA</name>
 
     <properties>
@@ -180,25 +180,25 @@
             <dependency>
                 <groupId>MOA</groupId>
                 <artifactId>moa-common</artifactId>
-                <version>1.4.3-1</version>
+                <version>1.4.4</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
                 <groupId>MOA.id.server</groupId>
                 <artifactId>moa-id-lib</artifactId>
-                <version>1.4.3</version>
+                <version>1.4.4</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
                 <groupId>MOA.spss.server</groupId>
                 <artifactId>moa-spss-lib</artifactId>
-                <version>1.4.3</version>
+                <version>1.4.4</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
                 <groupId>MOA</groupId>
                 <artifactId>moa-common</artifactId>
-                <version>1.4.3-1</version>
+                <version>1.4.4</version>
                 <type>test-jar</type>
                 <scope>test</scope>
             </dependency>
@@ -249,7 +249,7 @@
             <dependency>
                 <groupId>iaik.prod</groupId>
                 <artifactId>iaik_moa</artifactId>
-                <version>1.23</version>
+                <version>1.24</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
@@ -267,7 +267,7 @@
             <dependency>
                 <groupId>iaik.prod</groupId>
                 <artifactId>iaik_ixsil</artifactId>
-                <version>1.2.2.3</version>
+                <version>1.2.2.4</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
diff --git a/spss/assembly-lib.xml b/spss/assembly-lib.xml
index d955523d4..5fb27b0f2 100644
--- a/spss/assembly-lib.xml
+++ b/spss/assembly-lib.xml
@@ -140,8 +140,13 @@
 			<outputDirectory>/doc/clients</outputDirectory>
 		</fileSet>
 		<fileSet>
-			<directory>${basedir}/spss/server/serverlib/resources/licenses</directory>
-			<outputDirectory>/licenses</outputDirectory>
+			<directory>${basedir}</directory>
+			<outputDirectory>/</outputDirectory>
+			<includes>
+				<include>LICENSE-2.0.txt</include>
+				<include>NOTICE.txt</include>
+				<include>IAIK-LICENSE.txt</include>
+			</includes>
 		</fileSet>
 		<fileSet>
 			<directory>${basedir}/spss/server/tools/src/main/scripts</directory>
diff --git a/spss/assembly.xml b/spss/assembly.xml
index 62f59e26f..9c959ad06 100644
--- a/spss/assembly.xml
+++ b/spss/assembly.xml
@@ -118,8 +118,13 @@
 			<outputDirectory>/doc/clients</outputDirectory>
 		</fileSet>
 		<fileSet>
-			<directory>${basedir}/spss/server/serverlib/resources/licenses</directory>
-			<outputDirectory>/licenses</outputDirectory>
+			<directory>${basedir}</directory>
+			<outputDirectory>/</outputDirectory>
+			<includes>
+				<include>LICENSE-2.0.txt</include>
+				<include>NOTICE.txt</include>
+				<include>IAIK-LICENSE.txt</include>
+			</includes>
 		</fileSet>
 		<fileSet>
 			<directory>${basedir}/spss/server/serverws/data/deploy/tomcat</directory>
diff --git a/spss/handbook/handbook/config/config.html b/spss/handbook/handbook/config/config.html
index 1d5442865..a8d1eb0a9 100644
--- a/spss/handbook/handbook/config/config.html
+++ b/spss/handbook/handbook/config/config.html
@@ -15,7 +15,7 @@
     </tr>
   </table>
   <hr/> 
-  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.3</a></p> 
+  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.4</a></p> 
   <p class="subtitle">Konfiguration</p> 
   <hr/>
   <h1>Inhalt</h1>
diff --git a/spss/handbook/handbook/faq/faq.html b/spss/handbook/handbook/faq/faq.html
index 36484a2d0..ef389ce03 100644
--- a/spss/handbook/handbook/faq/faq.html
+++ b/spss/handbook/handbook/faq/faq.html
@@ -15,7 +15,7 @@
     </tr>
   </table>
   <hr/> 
-  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.3</a></p>
+  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.4</a></p>
   <p class="subtitle">FAQ</p> 
   <hr/>
   <h1>Inhalt</h1>
diff --git a/spss/handbook/handbook/index.html b/spss/handbook/handbook/index.html
index 11db2c816..37b4c9db9 100644
--- a/spss/handbook/handbook/index.html
+++ b/spss/handbook/handbook/index.html
@@ -16,7 +16,7 @@
   </table>
   <hr/> 
   <p class="title">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP) </p> 
-  <p class="subtitle">&Uuml;bersicht zur Dokumentation der Version 1.4.3 </p> 
+  <p class="subtitle">&Uuml;bersicht zur Dokumentation der Version 1.4.4 </p> 
   <hr/>
   <dl>
     <dt><a href="./intro/intro.html">Einf&uuml;hrung</a></dt>
diff --git a/spss/handbook/handbook/install/install.html b/spss/handbook/handbook/install/install.html
index 60589f733..d7f1e7a0b 100644
--- a/spss/handbook/handbook/install/install.html
+++ b/spss/handbook/handbook/install/install.html
@@ -15,7 +15,7 @@
     </tr>
   </table>
   <hr/> 
-  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.3</a></p> 
+  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.4</a></p> 
   <p class="subtitle">Installation</p> 
   <hr/>
   <h1>Inhalt</h1>
@@ -127,7 +127,7 @@
   <dt>Installation von Apache Tomcat 4.1</dt>
   <dd> Installieren Sie <a href="#referenziertesoftware">Apache Tomcat 4.1.18</a> oder h&ouml;her in ein Verzeichnis, das keine Leerzeichen im Pfadnamen enth&auml;lt. Wir empfehlen die Installation von <a href="#referenziertesoftware">Apache Tomcat 4.1.31</a>. Verwenden Sie bitte die zu Ihrem J2SE SDK passende Distribution von Tomcat. Das Wurzelverzeichnis der Tomcat-Installation wird im weiteren Verlauf als <code>$CATALINA_HOME</code> bezeichnet.</dd>
   <dt>Entpacken der MOA SP/SS Webservice Distribution</dt>
-  <dd> Entpacken Sie die Datei <code>moa-spss-1.4.3.zip</code> in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als <code>$MOA_SPSS_INST</code> bezeichnet. </dd>
+  <dd> Entpacken Sie die Datei <code>moa-spss-1.4.4.zip</code> in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als <code>$MOA_SPSS_INST</code> bezeichnet. </dd>
   <dt>Installation der  Krypographiebibliotheken von SIC/IAIK</dt>
   <dd>
     <p>Die Installation der  Kryptographiebibliotheken von <a href="http://jce.iaik.tugraz.at/" target="_blank">SIC/IAIK</a>:</p>
@@ -380,7 +380,7 @@ INFO | 01 21:25:26,540 | Thread-3 | TID=1049225059594-100 NID=&lt;null&gt;
     <dt>Installation von J2SE SDK</dt>
     <dd>Installieren Sie<a href="#referenziertesoftware"> J2SE 1.4.x SDK</a> oder <a href="#referenziertesoftware">J2SE 5.0 SDK</a> in ein beliebiges Verzeichnis. Wir empfehlen die Installation von <a href="#referenziertesoftware">J2SE 5.0 SDK</a>. Das Wurzelverzeichnis der J2SE SDK Installation wird im weiteren Verlauf als <code>$JAVA_HOME</code> bezeichnet. </dd>
     <dt>Entpacken der MOA SP/SS Klassenbibliotheks-Distribution</dt>
-    <dd> Entpacken Sie die Datei <code>moa-spss-1.4.3-lib.zip</code> in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als <code>$MOA_SPSS_INST</code> bezeichnet. </dd>
+    <dd> Entpacken Sie die Datei <code>moa-spss-1.4.4-lib.zip</code> in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als <code>$MOA_SPSS_INST</code> bezeichnet. </dd>
     <dt>Installation der Krypographiebibliotheken von SIC/IAIK</dt>
     <dd>
       <p>Die Installation der  Kryptographiebibliotheken von <a href="http://jce.iaik.tugraz.at/" target="_blank">SIC/IAIK</a>:</p>
@@ -399,7 +399,7 @@ INFO | 01 21:25:26,540 | Thread-3 | TID=1049225059594-100 NID=&lt;null&gt;
 
 </tr><tr>
 <td>MOA SP/SS</td>
-<td>1.4.3&nbsp; </td>
+<td>1.4.4&nbsp; </td>
 <td><code>moa-spss.jar</code>, <code>moa-common.jar</code></td>
 </tr><tr>
 <td>MOA IAIK</td>
diff --git a/spss/handbook/handbook/intro/intro.html b/spss/handbook/handbook/intro/intro.html
index bc887e958..8a9fb1bd1 100644
--- a/spss/handbook/handbook/intro/intro.html
+++ b/spss/handbook/handbook/intro/intro.html
@@ -15,7 +15,7 @@
     </tr>
   </table>
   <hr/> 
-  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.3</a></p> 
+  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.4</a></p> 
   <p class="subtitle">Einf&uuml;hrung</p> 
   <hr/>
   <h1>Inhalt</h1>
@@ -31,7 +31,7 @@
 <hr/>
   <h1><a name="allgemeines"></a>1 Allgemeines</h1>
   <p> Die Module Serversignatur (SS) und Signaturpr&uuml;fung (SP) k&ouml;nnen von Anwendungen verwendet werden, um elektronische Signaturen zu erstellen bzw. vorliegende elektronische Signaturen zu &uuml;berpr&uuml;fen.</p>
-  <p>    Die Funktionalit&auml;t und der Aufbau der Schnittstelle zu den beiden Modulen ist in der <a href="../spec/MOA-SPSS-1.2.pdf" target="_blank" class="term">Spezifikation MOA SP/SS (V1.2)</a> detailliert beschrieben. Da diese Spezifikation auf der <a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20020831/core/Core.html" target="_blank" class="term"> Schnittstellenspezifikation des Security-Layers (V 1.1)</a> aufbaut, ist deren Kenntnis zum Verstehen der Schnittstellen zu SS und SP erforderlich. </p>
+  <p>    Die Funktionalit&auml;t und der Aufbau der Schnittstelle zu den beiden Modulen ist in der <a href="../spec/MOA-SPSS-1.3.pdf" target="_blank" class="term">Spezifikation MOA SP/SS (V1.3)</a> detailliert beschrieben. Da diese Spezifikation auf der <a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20020831/core/Core.html" target="_blank" class="term"> Schnittstellenspezifikation des Security-Layers (V 1.1)</a> aufbaut, ist deren Kenntnis zum Verstehen der Schnittstellen zu SS und SP erforderlich. </p>
   <h1><a name="ss"></a>2 Modul Serversignatur (SS) </h1>
   <p> Das Modul Serversignatur (SS) dient zum Erstellen von XML-Signaturen in Anlehnung an die <a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20020831/core/Core.html"> </a><a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20020831/core/Core.html" target="_blank" class="term">Schnittstellenspezifikation des Security-Layers (V 1.1)</a>. Eine Signatur kann entweder rein in Software erstellt werden, oder aber unter Zuhilfenahme eines Hardware Security Modules (HSM), das den privaten Schl&uuml;ssel gesch&uuml;tzt enth&auml;lt und die Signatur berechnet.</p>
   <p>    Der Zugriff auf einzelne Signaturschl&uuml;ssel in MOA SS kann basierend auf dem f&uuml;r TLS-Client-Authentisierung verwendeten Zertifikat eingeschr&auml;nkt werden. </p>
diff --git a/spss/handbook/handbook/usage/usage.html b/spss/handbook/handbook/usage/usage.html
index 95d3e49a0..deecfe7ff 100644
--- a/spss/handbook/handbook/usage/usage.html
+++ b/spss/handbook/handbook/usage/usage.html
@@ -15,7 +15,7 @@
     </tr>
   </table>
   <hr/>
-  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.3</a></p>
+  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.4</a></p>
   <p class="subtitle">Anwendung</p>
   <hr/>
   <h1>Inhalt</h1>
diff --git a/spss/pom.xml b/spss/pom.xml
index 4ce7b7280..a102fd8a1 100644
--- a/spss/pom.xml
+++ b/spss/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <groupId>MOA</groupId>
         <artifactId>MOA</artifactId>
-        <version>1.4.3-1</version>
+        <version>1.4.4</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/spss/server/history.txt b/spss/server/history.txt
index c7183ac67..941713559 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -1,3 +1,11 @@
+##############
+1.4.4
+##############
+
+- IAIK Libraries aktualisiert:
+	iaik-moa:           Version 1.24
+	iaik-ixsil:			Version 1.2.2.4
+
 ##############
 1.4.3-1
 ##############
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml
index 5b224eef6..972822a73 100644
--- a/spss/server/serverlib/pom.xml
+++ b/spss/server/serverlib/pom.xml
@@ -9,7 +9,7 @@
 	<groupId>MOA.spss.server</groupId>
 	<artifactId>moa-spss-lib</artifactId>
 	<packaging>jar</packaging>
-	<version>1.4.3</version>
+	<version>1.4.4</version>
 	<name>MOA SP/SS API</name>
 
 	<properties>
diff --git a/spss/server/serverlib/resources/licenses/Apache-2.0.txt b/spss/server/serverlib/resources/licenses/Apache-2.0.txt
deleted file mode 100644
index 57bc88a15..000000000
--- a/spss/server/serverlib/resources/licenses/Apache-2.0.txt
+++ /dev/null
@@ -1,202 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-
diff --git a/spss/server/serverlib/resources/licenses/IAIK-License.txt b/spss/server/serverlib/resources/licenses/IAIK-License.txt
deleted file mode 100644
index c0db63b22..000000000
--- a/spss/server/serverlib/resources/licenses/IAIK-License.txt
+++ /dev/null
@@ -1,13 +0,0 @@
-IAIK MOA Runtime Lizenz
-
-Stiftung SIC gewährt dem Lizenznehmer eine nicht-exklusive, nicht-übertragbare 
-Runtime Lizenz für die "IAIK MOA" Module im Kontext von MOA SP/SS und MOA ID. 
-Alle Versuche, Teile oder die kompletten  IAIK Crypto Toolkits, die zusammen 
-mit dem MOA Produktbündel ausgeliefert werden, für andere Zwecke als jenem 
-für Applikationen im MOA Kontext zu verwenden, sind nicht erlaubt. Auch weitere 
-Versuche, die sich auf die Entwicklung von Anwendungen , oder aber darüber hinaus
-auf die Schaffung eines eigenen Toolkits, oder die Aufnahme in ein weiters
-weiteres Toolkit beziehen, sind nicht erlaubt.
-Die hier beschriebene Runtime Lizenz ist nicht übertragbar auf weitere 
-Vertragspartner des Kunden, Personen, Organisationen oder Unternehmen 
-außerhalb der Organisation des Lizenznehmers.
diff --git a/spss/server/serverlib/resources/licenses/Jaxen.txt b/spss/server/serverlib/resources/licenses/Jaxen.txt
deleted file mode 100644
index bef65a520..000000000
--- a/spss/server/serverlib/resources/licenses/Jaxen.txt
+++ /dev/null
@@ -1,40 +0,0 @@
-Copyright 2003 (C) The Werken Company. All Rights Reserved.
- 
- Redistribution and use of this software and associated documentation
- ("Software"), with or without modification, are permitted provided
- that the following conditions are met:
-
- 1. Redistributions of source code must retain copyright
-    statements and notices.  Redistributions must also contain a
-    copy of this document.
- 
- 2. Redistributions in binary form must reproduce the
-    above copyright notice, this list of conditions and the
-    following disclaimer in the documentation and/or other
-    materials provided with the distribution.
- 
- 3. The name "jaxen" must not be used to endorse or promote
-    products derived from this Software without prior written
-    permission of The Werken Company.  For written permission,
-    please contact bob@werken.com.
- 
- 4. Products derived from this Software may not be called "jaxen"
-    nor may "jaxen" appear in their names without prior written
-    permission of The Werken Company. "jaxen" is a registered
-    trademark of The Werken Company.
- 
- 5. Due credit should be given to The Werken Company.
-    (http://jaxen.werken.com/).
- 
- THIS SOFTWARE IS PROVIDED BY THE WERKEN COMPANY AND CONTRIBUTORS
- ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT
- NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
- FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
- THE WERKEN COMPANY OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/spss/server/serverlib/resources/licenses/PostgreSQL-JDBC.txt b/spss/server/serverlib/resources/licenses/PostgreSQL-JDBC.txt
deleted file mode 100644
index 30d54d778..000000000
--- a/spss/server/serverlib/resources/licenses/PostgreSQL-JDBC.txt
+++ /dev/null
@@ -1,26 +0,0 @@
-Copyright (c) 1997-2005, PostgreSQL Global Development Group
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-1. Redistributions of source code must retain the above copyright notice,
-   this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright notice,
-   this list of conditions and the following disclaimer in the documentation
-   and/or other materials provided with the distribution.
-3. Neither the name of the PostgreSQL Global Development Group nor the names
-   of its contributors may be used to endorse or promote products derived
-   from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
-LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml
index b2736b56f..7dac91d35 100644
--- a/spss/server/serverws/pom.xml
+++ b/spss/server/serverws/pom.xml
@@ -10,7 +10,7 @@
     <groupId>MOA.spss.server</groupId>
     <artifactId>moa-spss-ws</artifactId>
     <packaging>war</packaging>
-    <version>1.4.3</version>
+    <version>1.4.4</version>
     <name>MOA SP/SS WebService</name>
 
     <properties>
-- 
cgit v1.2.3


From 923e74be4b2cdff889233d724d83dc246b381209 Mon Sep 17 00:00:00 2001
From: mcentner <mcentner@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Fri, 19 Sep 2008 15:18:27 +0000
Subject: Updated MOA-ID example configuration and transformation paths.

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1094 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../conf/moa-id/SampleMOAIDConfiguration.xml       | 16 +++-
 id/server/data/deploy/conf/moa-id/log4j.properties | 10 +--
 .../transforms/TransformsInfoAuthBlockText.xml     | 89 ++++++++++++---------
 .../TransformsInfoAuthBlockTextPlain.xml           | 93 ++++++++++++++++++++++
 .../conf/moa-spss/SampleMOASPSSConfiguration.xml   |  4 +
 .../profiles/MOAIDTransformAuthBlockText.xml       | 93 +++++++++++++---------
 .../profiles/MOAIDTransformAuthBlockTextPlain.xml  | 91 +++++++++++++++++++++
 7 files changed, 313 insertions(+), 83 deletions(-)
 create mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTextPlain.xml
 create mode 100644 id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTextPlain.xml

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index d6bfe1ddd..e5d71973e 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -21,7 +21,18 @@
       <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
       <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
       <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>-->
+      <!-- TransformInfo in Plaintext, alternative Variante -->
+	  <!--
+	    NOTE:
+		This TransformsInfo produces plain text output. It does not use the
+		XSL transform output method 'text', as the way new line characters are
+		rendered by the XSL transform implementation is platform dependent.
+		Therefore, an output method of 'xml' is used to create a single
+		element node with the plain text as child element and a XPath filter
+		transform is used to remove all nodes, but text nodes.
+	  -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTextPlain.xml"/>
       <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
       <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
       <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
@@ -44,7 +55,8 @@
         <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
         <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
         <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+        <!-- VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> -->
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTextPlain</VerifyTransformsInfoProfileID>
         <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
         <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
         <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
diff --git a/id/server/data/deploy/conf/moa-id/log4j.properties b/id/server/data/deploy/conf/moa-id/log4j.properties
index 0f31f4891..38550801e 100644
--- a/id/server/data/deploy/conf/moa-id/log4j.properties
+++ b/id/server/data/deploy/conf/moa-id/log4j.properties
@@ -2,11 +2,11 @@
 org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory
 
 # define log4j root loggers
-log4j.rootLogger=info, stdout, R
-log4j.logger.moa=info
-log4j.logger.moa.spss.server=info
-log4j.logger.iaik.server=info
-log4j.logger.moa.id.auth=info
+log4j.rootLogger=debug, stdout, R
+log4j.logger.moa=debug
+log4j.logger.moa.spss.server=debug
+log4j.logger.iaik.server=debug
+log4j.logger.moa.id.auth=debug
 log4j.logger.moa.id.proxy=info
 
 # configure the stdout appender
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
index 4b61025ae..eaaf5c1e2 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
@@ -1,40 +1,52 @@
 <sl10:TransformsInfo>
 	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
 		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
-			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+				<xsl:output method="xml" xml:space="default"/>
 				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
 					<html>
 						<head>
 							<title>Signatur der Anmeldedaten</title>
-							<style type="text/css" media="screen">
-							.boldstyle { font-weight: bold; }
-							.italicstyle { font-style: italic; }
-							.annotationstyle { font-size: small; }
-							</style>
+							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; }</style>
 						</head>
 						<body>
 							<h1>Signatur der Anmeldedaten</h1>
 							<p/>
-							<h4>Mit meiner elektronischen Signatur beantrage ich, 
-								<span class="boldstyle"><xsl:value-of select="//@Issuer"/></span>, geboren am 
-								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
-								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
-								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, 
+							<h4>
+								<xsl:text>Mit meiner elektronischen Signatur beantrage ich, </xsl:text>
+								<span class="boldstyle">
+									<xsl:value-of select="//@Issuer"/>
+								</span>
+								<xsl:text>, geboren am </xsl:text> 
+								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+								<xsl:text>.</xsl:text>
+								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+								<xsl:text>.</xsl:text>
+								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+								<xsl:text>, </xsl:text> 
 								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-									in der Rolle als <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> 
-									(OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), 
+									<xsl:text>in der Rolle als </xsl:text>
+									<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
+									<xsl:text> (OID***= </xsl:text>
+									<xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
+									<xsl:text>), </xsl:text> 
 								</xsl:if>
-								den Zugang zur gesicherten Anwendung.
+								<xsl:text>den Zugang zur gesicherten Anwendung.</xsl:text>
 							</h4>
 							<p/>
-							<h4>Datum und Uhrzeit:
-								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
-								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.
-								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, 
-								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>:
-								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
-								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+							<h4>
+								<xsl:text>Datum und Uhrzeit: </xsl:text>
+								<xsl:value-of select="substring(//@IssueInstant,9,2)" />
+								<xsl:text>.</xsl:text>
+								<xsl:value-of select="substring(//@IssueInstant,6,2)" />
+								<xsl:text>.</xsl:text>
+								<xsl:value-of select="substring(//@IssueInstant,1,4)" />
+								<xsl:text>, </xsl:text>
+								<xsl:value-of select="substring(//@IssueInstant,12,2)" />
+								<xsl:text>:</xsl:text>
+								<xsl:value-of select="substring(//@IssueInstant,15,2)" />
+								<xsl:text>:</xsl:text>
+								<xsl:value-of select="substring(//@IssueInstant,18,2)" />
 							</h4>
 							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
 								<h4>HPI(**): <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></h4>
@@ -44,16 +56,24 @@
 							</xsl:if>
 							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
 								<hr/>
-								<h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-									von <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">, geboren am 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>.
+								<h4>
+									<xsl:text>Ich bin weiters ermächtigt als </xsl:text> 
+									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+									<xsl:text> von </xsl:text>
+									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+										<xsl:text>, geboren am </xsl:text> 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+										<xsl:text>.</xsl:text>
 										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
 									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">, 
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+										<xsl:text>, </xsl:text>
 										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>, in deren Auftrag zu handeln.
+									</xsl:if>
+									<xsl:text>, in deren Auftrag zu handeln.</xsl:text>
 								</h4>
 								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
 									<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
@@ -66,18 +86,13 @@
 								<xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when>
 							</xsl:choose>
 							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den 
-								jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum 
-								Wirtschaftsunternehmen.</div>
+								<div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum		Wirtschaftsunternehmen.</div>
 							</xsl:if>
 							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-								<div class="annotationstyle">(**) HPI: Der <span class="italicstyle">eHealth Professional Identifier</span> wird aus den jeweiligen 
-								Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der 
-								Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div>
+								<div class="annotationstyle">(**) HPI: Der <span class="italicstyle">eHealth Professional Identifier</span> wird aus den jeweiligen	Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div>
 							</xsl:if>
 							<xsl:if test="//saml:Attribute[@AttributeName='OID']">
-								<div class="annotationstyle">(***) OID: <span class="italicstyle">Object Identifier</span> sind standardisierte Objekt-Bezeichner und 
-								beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div>
+								<div class="annotationstyle">(***) OID: <span class="italicstyle">Object Identifier</span> sind standardisierte Objekt-Bezeichner und		beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div>
 							</xsl:if>
 						</body>
 					</html>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTextPlain.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTextPlain.xml
new file mode 100644
index 000000000..1745b0dbf
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTextPlain.xml
@@ -0,0 +1,93 @@
+<sl10:TransformsInfo>
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+			    <xsl:output method="xml" xml:space="default"/>
+			    <xsl:template match="/" xmlns="">
+			    	<text>
+				        <xsl:text>Mit meiner elektronischen Signatur beantrage ich, </xsl:text>
+				        <xsl:value-of select="//@Issuer"/>
+				        <xsl:text>, geboren am </xsl:text>
+				        <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+				        <xsl:text>.</xsl:text>
+				        <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+				        <xsl:text>.</xsl:text>
+				        <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+				        <xsl:text>, </xsl:text>
+				        <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+				            <xsl:text>in der Rolle als </xsl:text>
+				            <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> 
+				            <xsl:text>(OID***= </xsl:text>
+				            <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>)
+				            <xsl:text>, </xsl:text>
+				        </xsl:if>
+				        <xsl:text>den Zugang zur gesicherten Anwendung.</xsl:text>
+						<xsl:text>&#xa;&#xa;Datum und Uhrzeit: </xsl:text>
+				        <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+				        <xsl:text>.</xsl:text>
+				        <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+				        <xsl:text>.</xsl:text>
+				        <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+				        <xsl:text>, </xsl:text>
+				        <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+				        <xsl:text>:</xsl:text>
+				        <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+				        <xsl:text>:</xsl:text>
+				        <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+				        
+				        <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+				            <xsl:text>&#xa;&#xa;HPI(**): </xsl:text>
+				            <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
+				        </xsl:if>
+				        
+				        <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+				            <xsl:text>&#xa;&#xa;wbPK(*): </xsl:text>
+				            <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+				        </xsl:if>
+				        
+				        <xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+				            <xsl:text>&#xa;&#xa;Ich bin weiters ermächtigt als </xsl:text>
+				            <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+				            <xsl:text>von </xsl:text>
+				            <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+				            <xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+				                <xsl:text>, geboren am </xsl:text>
+				                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+				                <xsl:text>.</xsl:text>
+				                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+				                <xsl:text>.</xsl:text>
+				                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+				            </xsl:if>
+				            <xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+				                <xsl:text>,</xsl:text>
+				                <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+				            </xsl:if>
+				            <xsl:text>, in deren Auftrag zu handeln.</xsl:text>
+				
+				            <xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+				                <xsl:text>&#xa;&#xa;wbPK(*) des Vollmachtgebers: </xsl:text>
+				                <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+				            </xsl:if>
+				        </xsl:if>
+				
+				        <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+				            <xsl:text>&#xa;&#xa;(*) wbPK: Das wirtschaftsbereichsspezifische Personenkennzeichen wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</xsl:text>
+				        </xsl:if>
+				        <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+				            <xsl:text>&#xa;&#xa;(**) HPI: Der eHealth Professional Identifier wird aus den jeweiligen Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</xsl:text>
+				        </xsl:if>
+				        <xsl:if test="//saml:Attribute[@AttributeName='OID']">
+				            <xsl:text>&#xa;&#xa;(***) OID: Object Identifier sind standardisierte Objekt-Bezeichner und beschreiben eindeutig die Rollen des GDA-Token Inhabers.</xsl:text>
+				        </xsl:if>
+			        </text>
+			    </xsl:template>
+			</xsl:stylesheet>
+		</dsig:Transform>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+			<dsig:XPath>not(text())</dsig:XPath>
+		</dsig:Transform>
+	</dsig:Transforms>
+	<sl10:FinalDataMetaInfo>
+		<sl10:MimeType>text/plain</sl10:MimeType>
+	</sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
index eee390044..62337d0fb 100644
--- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
@@ -75,5 +75,9 @@
 			<cfg:Id>MOAIDTransformAuthBlockText_deprecated</cfg:Id>
 			<cfg:Location>profiles/MOAIDTransformAuthBlockText_deprecated.xml</cfg:Location>
 		</cfg:VerifyTransformsInfoProfile>
+		<cfg:VerifyTransformsInfoProfile>
+			<cfg:Id>MOAIDTransformAuthBlockTextPlain</cfg:Id>
+			<cfg:Location>profiles/MOAIDTransformAuthBlockTextPlain.xml</cfg:Location>
+		</cfg:VerifyTransformsInfoProfile>
 	</cfg:SignatureVerification>
 </cfg:MOAConfiguration>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
index 9fe95dcc9..934520369 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
@@ -1,41 +1,53 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
+<moa:VerifyTransformsInfoProfile xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#">
 	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
 		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
-			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+				<xsl:output method="xml" xml:space="default"/>
 				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
 					<html>
 						<head>
 							<title>Signatur der Anmeldedaten</title>
-							<style type="text/css" media="screen">
-							.boldstyle { font-weight: bold; }
-							.italicstyle { font-style: italic; }
-							.annotationstyle { font-size: small; }
-							</style>
+							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; }</style>
 						</head>
 						<body>
 							<h1>Signatur der Anmeldedaten</h1>
 							<p/>
-							<h4>Mit meiner elektronischen Signatur beantrage ich, 
-								<span class="boldstyle"><xsl:value-of select="//@Issuer"/></span>, geboren am 
-								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
-								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
-								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, 
+							<h4>
+								<xsl:text>Mit meiner elektronischen Signatur beantrage ich, </xsl:text>
+								<span class="boldstyle">
+									<xsl:value-of select="//@Issuer"/>
+								</span>
+								<xsl:text>, geboren am </xsl:text> 
+								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+								<xsl:text>.</xsl:text>
+								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+								<xsl:text>.</xsl:text>
+								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+								<xsl:text>, </xsl:text> 
 								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-									in der Rolle als <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> 
-									(OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), 
+									<xsl:text>in der Rolle als </xsl:text>
+									<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
+									<xsl:text> (OID***= </xsl:text>
+									<xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
+									<xsl:text>), </xsl:text> 
 								</xsl:if>
-								den Zugang zur gesicherten Anwendung.
+								<xsl:text>den Zugang zur gesicherten Anwendung.</xsl:text>
 							</h4>
 							<p/>
-							<h4>Datum und Uhrzeit:
-								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
-								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.
-								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, 
-								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>:
-								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
-								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+							<h4>
+								<xsl:text>Datum und Uhrzeit: </xsl:text>
+								<xsl:value-of select="substring(//@IssueInstant,9,2)" />
+								<xsl:text>.</xsl:text>
+								<xsl:value-of select="substring(//@IssueInstant,6,2)" />
+								<xsl:text>.</xsl:text>
+								<xsl:value-of select="substring(//@IssueInstant,1,4)" />
+								<xsl:text>, </xsl:text>
+								<xsl:value-of select="substring(//@IssueInstant,12,2)" />
+								<xsl:text>:</xsl:text>
+								<xsl:value-of select="substring(//@IssueInstant,15,2)" />
+								<xsl:text>:</xsl:text>
+								<xsl:value-of select="substring(//@IssueInstant,18,2)" />
 							</h4>
 							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
 								<h4>HPI(**): <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></h4>
@@ -45,16 +57,24 @@
 							</xsl:if>
 							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
 								<hr/>
-								<h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-									von <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">, geboren am 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>.
+								<h4>
+									<xsl:text>Ich bin weiters ermächtigt als </xsl:text> 
+									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+									<xsl:text> von </xsl:text>
+									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+										<xsl:text>, geboren am </xsl:text> 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+										<xsl:text>.</xsl:text>
 										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
 									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">, 
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+										<xsl:text>, </xsl:text>
 										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>, in deren Auftrag zu handeln.
+									</xsl:if>
+									<xsl:text>, in deren Auftrag zu handeln.</xsl:text>
 								</h4>
 								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
 									<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
@@ -67,18 +87,13 @@
 								<xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when>
 							</xsl:choose>
 							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den 
-								jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum 
-								Wirtschaftsunternehmen.</div>
+								<div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum		Wirtschaftsunternehmen.</div>
 							</xsl:if>
 							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-								<div class="annotationstyle">(**) HPI: Der <span class="italicstyle">eHealth Professional Identifier</span> wird aus den jeweiligen 
-								Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der 
-								Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div>
+								<div class="annotationstyle">(**) HPI: Der <span class="italicstyle">eHealth Professional Identifier</span> wird aus den jeweiligen	Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div>
 							</xsl:if>
 							<xsl:if test="//saml:Attribute[@AttributeName='OID']">
-								<div class="annotationstyle">(***) OID: <span class="italicstyle">Object Identifier</span> sind standardisierte Objekt-Bezeichner und 
-								beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div>
+								<div class="annotationstyle">(***) OID: <span class="italicstyle">Object Identifier</span> sind standardisierte Objekt-Bezeichner und		beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div>
 							</xsl:if>
 						</body>
 					</html>
@@ -87,4 +102,4 @@
 		</dsig:Transform>
 		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
 	</dsig:Transforms>
-</VerifyTransformsInfoProfile>
+</moa:VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTextPlain.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTextPlain.xml
new file mode 100644
index 000000000..0b431c573
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTextPlain.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<moa:VerifyTransformsInfoProfile xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#">
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+			    <xsl:output method="xml" xml:space="default"/>
+			    <xsl:template match="/" xmlns="">
+			    	<text>
+				        <xsl:text>Mit meiner elektronischen Signatur beantrage ich, </xsl:text>
+				        <xsl:value-of select="//@Issuer"/>
+				        <xsl:text>, geboren am </xsl:text>
+				        <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+				        <xsl:text>.</xsl:text>
+				        <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+				        <xsl:text>.</xsl:text>
+				        <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+				        <xsl:text>, </xsl:text>
+				        <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+				            <xsl:text>in der Rolle als </xsl:text>
+				            <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> 
+				            <xsl:text>(OID***= </xsl:text>
+				            <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>)
+				            <xsl:text>, </xsl:text>
+				        </xsl:if>
+				        <xsl:text>den Zugang zur gesicherten Anwendung.</xsl:text>
+						<xsl:text>&#xa;&#xa;Datum und Uhrzeit: </xsl:text>
+				        <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+				        <xsl:text>.</xsl:text>
+				        <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+				        <xsl:text>.</xsl:text>
+				        <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+				        <xsl:text>, </xsl:text>
+				        <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+				        <xsl:text>:</xsl:text>
+				        <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+				        <xsl:text>:</xsl:text>
+				        <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+				        
+				        <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+				            <xsl:text>&#xa;&#xa;HPI(**): </xsl:text>
+				            <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
+				        </xsl:if>
+				        
+				        <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+				            <xsl:text>&#xa;&#xa;wbPK(*): </xsl:text>
+				            <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+				        </xsl:if>
+				        
+				        <xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+				            <xsl:text>&#xa;&#xa;Ich bin weiters ermächtigt als </xsl:text>
+				            <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+				            <xsl:text>von </xsl:text>
+				            <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+				            <xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+				                <xsl:text>, geboren am </xsl:text>
+				                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+				                <xsl:text>.</xsl:text>
+				                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+				                <xsl:text>.</xsl:text>
+				                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+				            </xsl:if>
+				            <xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+				                <xsl:text>,</xsl:text>
+				                <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+				            </xsl:if>
+				            <xsl:text>, in deren Auftrag zu handeln.</xsl:text>
+				
+				            <xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+				                <xsl:text>&#xa;&#xa;wbPK(*) des Vollmachtgebers: </xsl:text>
+				                <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+				            </xsl:if>
+				        </xsl:if>
+				
+				        <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+				            <xsl:text>&#xa;&#xa;(*) wbPK: Das wirtschaftsbereichsspezifische Personenkennzeichen wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</xsl:text>
+				        </xsl:if>
+				        <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+				            <xsl:text>&#xa;&#xa;(**) HPI: Der eHealth Professional Identifier wird aus den jeweiligen Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</xsl:text>
+				        </xsl:if>
+				        <xsl:if test="//saml:Attribute[@AttributeName='OID']">
+				            <xsl:text>&#xa;&#xa;(***) OID: Object Identifier sind standardisierte Objekt-Bezeichner und beschreiben eindeutig die Rollen des GDA-Token Inhabers.</xsl:text>
+				        </xsl:if>
+			        </text>
+			    </xsl:template>
+			</xsl:stylesheet>
+		</dsig:Transform>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+			<dsig:XPath>not(text())</dsig:XPath>
+		</dsig:Transform>
+	</dsig:Transforms>
+</moa:VerifyTransformsInfoProfile>
-- 
cgit v1.2.3


From e4d6edc4620935a911aea8941df6b66f875064ea Mon Sep 17 00:00:00 2001
From: spuchmann <spuchmann@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Mon, 22 Sep 2008 14:44:11 +0000
Subject: Reverted schema to 1.4.3 Updated MOAID Configuration slVersion=1.2

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1095 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../java/at/gv/egovernment/moa/util/Constants.java |   2 +-
 .../schemas/MOA-ID-Configuration-1.4.4.xsd         | 612 ---------------------
 .../conf/moa-id/SampleMOAIDConfiguration.xml       |   2 +-
 .../conf/moa-id/SampleMOAIDConfigurationProxy.xml  |   2 +-
 .../SampleMOAIDConfiguration_withTestBKs.xml       |   2 +-
 .../SampleMOAIDConfiguration_withTestBKsProxy.xml  |   2 +-
 id/server/doc/MOA-ID-Configuration-1.4.4.xsd       | 612 ---------------------
 id/server/doc/moa_id/id-admin_2.htm                |   5 +-
 spss/handbook/handbook/config/config.html          |   2 +-
 spss/handbook/handbook/install/install.html        |   2 +-
 spss/handbook/handbook/usage/usage.html            |  16 +-
 11 files changed, 18 insertions(+), 1241 deletions(-)
 delete mode 100644 common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.4.xsd
 delete mode 100644 id/server/doc/MOA-ID-Configuration-1.4.4.xsd

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
index 3851f7fdf..a436c4b23 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -96,7 +96,7 @@ public interface Constants {
 
   /** Local location of the MOA ID configuration XML schema definition. */
   public static final String MOA_ID_CONFIG_SCHEMA_LOCATION =
-    SCHEMA_ROOT + "MOA-ID-Configuration-1.4.4.xsd";
+    SCHEMA_ROOT + "MOA-ID-Configuration-1.4.3.xsd";
 
   /** URI of the Security Layer 1.0 namespace. */
   public static final String SL10_NS_URI =
diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.4.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.4.xsd
deleted file mode 100644
index 619b9f2df..000000000
--- a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.4.xsd
+++ /dev/null
@@ -1,612 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
-	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
-	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
-	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
-	<xsd:element name="Configuration">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="LoginType" type="LoginType" default="stateful"/>
-				<xsd:element name="Binding" minOccurs="0">
-					<xsd:simpleType>
-						<xsd:restriction base="xsd:string">
-							<xsd:enumeration value="full"/>
-							<xsd:enumeration value="userName"/>
-							<xsd:enumeration value="none"/>
-						</xsd:restriction>
-					</xsd:simpleType>
-				</xsd:element>
-				<xsd:choice>
-					<xsd:element ref="ParamAuth"/>
-					<xsd:element ref="BasicAuth"/>
-					<xsd:element ref="HeaderAuth"/>
-				</xsd:choice>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:simpleType name="LoginType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="stateless"/>
-			<xsd:enumeration value="stateful"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:element name="ParamAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element ref="Parameter" maxOccurs="unbounded"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="Parameter">
-		<xsd:complexType>
-			<xsd:attribute name="Name" type="xsd:token" use="required"/>
-			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="BasicAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="UserID" type="MOAAuthDataType"/>
-				<xsd:element name="Password" type="MOAAuthDataType"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="HeaderAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element ref="Header" maxOccurs="unbounded"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="Header">
-		<xsd:complexType>
-			<xsd:attribute name="Name" type="xsd:token" use="required"/>
-			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:simpleType name="MOAAuthDataType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="MOAGivenName"/>
-			<xsd:enumeration value="MOAFamilyName"/>
-			<xsd:enumeration value="MOADateOfBirth"/>
-			<xsd:enumeration value="MOABPK"/>
-			<xsd:enumeration value="MOAWBPK"/>
-			<xsd:enumeration value="MOAPublicAuthority"/>
-			<xsd:enumeration value="MOABKZ"/>
-			<xsd:enumeration value="MOAQualifiedCertificate"/>
-			<xsd:enumeration value="MOAStammzahl"/>
-			<xsd:enumeration value="MOAIdentificationValueType"/>
-			<xsd:enumeration value="MOAIPAddress"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:simpleType name="MOAKeyBoxSelector">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="SecureSignatureKeypair"/>
-			<xsd:enumeration value="CertifiedKeypair"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
-	<xsd:element name="MOA-IDConfiguration">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
-					</xsd:annotation>
-				</xsd:element>
-				<xsd:element name="ProxyComponent" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>enthält Konfigurationsparameter der Proxy-Komponente</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:sequence>
-							<xsd:element name="AuthComponent">
-								<xsd:annotation>
-									<xsd:documentation>enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente</xsd:documentation>
-								</xsd:annotation>
-								<xsd:complexType>
-									<xsd:sequence>
-										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-											<xsd:annotation>
-												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
-											</xsd:annotation>
-										</xsd:element>
-									</xsd:sequence>
-								</xsd:complexType>
-							</xsd:element>
-						</xsd:sequence>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="OnlineApplication" maxOccurs="unbounded">
-					<xsd:annotation>
-						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:complexContent>
-							<xsd:extension base="OnlineApplicationType">
-								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
-								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
-								<xsd:attribute name="type" use="optional" default="publicService">
-									<xsd:simpleType>
-										<xsd:restriction base="xsd:NMTOKEN">
-											<xsd:enumeration value="businessService"/>
-											<xsd:enumeration value="publicService"/>
-										</xsd:restriction>
-									</xsd:simpleType>
-								</xsd:attribute>
-								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
-							</xsd:extension>
-						</xsd:complexContent>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="ChainingModes" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:sequence minOccurs="0" maxOccurs="unbounded">
-							<xsd:element name="TrustAnchor">
-								<xsd:annotation>
-									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden</xsd:documentation>
-								</xsd:annotation>
-								<xsd:complexType>
-									<xsd:complexContent>
-										<xsd:extension base="dsig:X509IssuerSerialType">
-											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>
-										</xsd:extension>
-									</xsd:complexContent>
-								</xsd:complexType>
-							</xsd:element>
-						</xsd:sequence>
-						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
-					</xsd:annotation>
-				</xsd:element>
-				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
-					<xsd:complexType>
-						<xsd:attribute name="name" use="required">
-							<xsd:simpleType>
-								<xsd:restriction base="xsd:string">
-									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
-									<xsd:enumeration value="AuthenticationSession.TimeOut"/>
-									<xsd:enumeration value="AuthenticationData.TimeOut"/>
-									<xsd:enumeration value="TrustManager.RevocationChecking"/>
-									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
-									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
-									<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>
-									<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>
-									<xsd:enumeration value="AuthenticationServer.SourceID"/>
-								</xsd:restriction>
-							</xsd:simpleType>
-						</xsd:attribute>
-						<xsd:attribute name="value" type="xsd:string" use="required"/>
-					</xsd:complexType>
-				</xsd:element>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:complexType name="AuthComponentType">
-		<xsd:sequence>
-			<xsd:element name="BKUSelection" minOccurs="0">
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
-					</xsd:sequence>
-					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
-			<xsd:element name="SecurityLayer">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter für die Kommunikation mit dem Security-Layer</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="MOA-SP">
-				<xsd:annotation>
-					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-						<xsd:element name="VerifyIdentityLink">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die Überprüfung der Personenbindung</xsd:documentation>
-							</xsd:annotation>
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="TrustProfileID"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element>
-						<xsd:element name="VerifyAuthBlock">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die Überprüfung des AUTH-Blocks</xsd:documentation>
-							</xsd:annotation>
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="TrustProfileID"/>
-									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="IdentityLinkSigners" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Informationen über akzeptierte Signers des IdentityLinks</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
-							<xsd:annotation>
-								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="TransformsInfoType">
-		<xsd:annotation>
-			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert</xsd:documentation>
-		</xsd:annotation>
-		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="TemplatesType">
-		<xsd:sequence>
-			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
-			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>
-			<xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="TemplateType">
-		<xsd:annotation>
-			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
-		</xsd:annotation>
-		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="VerifyInfoboxesType">
-		<xsd:annotation>
-			<xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
-		</xsd:annotation>
-		<xsd:sequence>
-			<xsd:element name="DefaultTrustProfile" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element ref="TrustProfileID"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="Infobox" type="InfoboxType" minOccurs="0" maxOccurs="unbounded">
-				<xsd:annotation>
-					<xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="InfoboxType">
-		<xsd:annotation>
-			<xsd:documentation>Parameter zur Überprüfung einzelner Infoboxen</xsd:documentation>
-		</xsd:annotation>
-		<xsd:sequence>
-			<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>TrustProfil, das für die Überprüfung der Infobox verwendet werden soll</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
-			<xsd:element name="ApplicationSpecificParameters" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="ParepSpecificParameters" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element ref="EnableInfoboxValidator" minOccurs="0">
-							<xsd:annotation>
-								<xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant.</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-						<xsd:element name="PartyRepresentation" type="PartyRepresentationType">
-							<xsd:annotation>
-								<xsd:documentation>Eigentlicher Konfigurationsteil für berufliche Parteienvertretung</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
-		<xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
-		<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
-		<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
-	</xsd:complexType>
-	<xsd:complexType name="SchemaLocationType">
-		<xsd:annotation>
-			<xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
-		</xsd:annotation>
-		<xsd:sequence>
-			<xsd:element name="Schema" maxOccurs="unbounded">
-				<xsd:complexType>
-					<xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
-					<xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="ProxyComponentType"/>
-	<xsd:complexType name="OnlineApplicationType">
-		<xsd:sequence>
-			<xsd:element name="AuthComponent" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<!--xsd:element name="IdentificationNumber" minOccurs="0">
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="pr:AbstractSimpleIdentification"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element-->
-						<xsd:element name="IdentificationNumber" minOccurs="0">
-							<xsd:complexType>
-								<xsd:choice>
-									<xsd:element ref="pr:Firmenbuchnummer"/>
-									<xsd:element ref="pr:ZMRzahl"/>
-									<xsd:element ref="pr:Vereinsnummer"/>
-									<xsd:element ref="pr:ERJPZahl"/>
-									<xsd:element name="AnyNumber">
-										<xsd:complexType>
-											<xsd:simpleContent>
-												<xsd:extension base="xsd:string">
-													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
-												</xsd:extension>
-											</xsd:simpleContent>
-										</xsd:complexType>
-									</xsd:element>
-								</xsd:choice>
-							</xsd:complexType>
-						</xsd:element>
-						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
-						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
-						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
-					</xsd:sequence>
-					<xsd:attribute name="slVersion" use="optional" default="1.2">
-						<xsd:simpleType>
-							<xsd:restriction base="xsd:string">
-								<xsd:enumeration value="1.1"/>
-								<xsd:enumeration value="1.2"/>
-							</xsd:restriction>
-						</xsd:simpleType>
-					</xsd:attribute>
-					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
-					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="ProxyComponent" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
-					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
-					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
-					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
-					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
-				</xsd:complexType>
-			</xsd:element>
-			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="ConnectionParameterServerAuthType">
-		<xsd:sequence>
-			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="ConnectionParameterClientAuthType">
-		<xsd:complexContent>
-			<xsd:extension base="ConnectionParameterServerAuthType">
-				<xsd:sequence>
-					<xsd:element name="ClientKeyStore" minOccurs="0">
-						<xsd:annotation>
-							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält</xsd:documentation>
-						</xsd:annotation>
-						<xsd:complexType>
-							<xsd:simpleContent>
-								<xsd:extension base="xsd:anyURI">
-									<xsd:attribute name="password" type="xsd:string" use="optional"/>
-								</xsd:extension>
-							</xsd:simpleContent>
-						</xsd:complexType>
-					</xsd:element>
-				</xsd:sequence>
-			</xsd:extension>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:element name="TrustProfileID" type="xsd:string"/>
-	<xsd:simpleType name="ChainingModeType">
-		<xsd:restriction base="xsd:string">
-			<xsd:enumeration value="chaining"/>
-			<xsd:enumeration value="pkix"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:simpleType name="BKUSelectionType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="HTMLComplete"/>
-			<xsd:enumeration value="HTMLSelect"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:element name="CompatibilityMode" default="false">
-		<xsd:simpleType>
-			<xsd:restriction base="xsd:boolean"/>
-		</xsd:simpleType>
-	</xsd:element>
-	<xsd:element name="EnableInfoboxValidator" default="true">
-		<xsd:simpleType>
-			<xsd:restriction base="xsd:boolean"/>
-		</xsd:simpleType>
-	</xsd:element>
-	<xsd:element name="AlwaysShowForm" default="false">
-		<xsd:annotation>
-			<xsd:documentation>Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
-		</xsd:annotation>
-		<xsd:simpleType>
-			<xsd:restriction base="xsd:boolean"/>
-		</xsd:simpleType>
-	</xsd:element>
-	<xsd:complexType name="InputProcessorType">
-		<xsd:simpleContent>
-			<xsd:extension base="xsd:string">
-				<xsd:attribute name="template" type="xsd:anyURI" use="optional">
-					<xsd:annotation>
-						<xsd:documentation>Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll</xsd:documentation>
-					</xsd:annotation>
-				</xsd:attribute>
-			</xsd:extension>
-		</xsd:simpleContent>
-	</xsd:complexType>
-	<xsd:complexType name="PartyRepresentationType">
-		<xsd:sequence>
-			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element ref="AlwaysShowForm" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">
-				<xsd:annotation>
-					<xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="PartyRepresentativeType">
-		<xsd:sequence>
-			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element ref="AlwaysShowForm" minOccurs="0"/>
-			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Optionale Verbindungsparameter zu speziellem (SZR-)Gateway</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="oid" use="required">
-			<xsd:annotation>
-				<xsd:documentation>OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>
-			</xsd:annotation>
-			<!--xsd:simpleType>
-				<xsd:restriction/>
-				<xsd:restriction base="xsd:string">
-					<xsd:enumeration value="1.2.40.0.10.3.1"/>
-					<xsd:enumeration value="1.2.40.0.10.3.2"/>
-					<xsd:enumeration value="1.2.40.0.10.3.3"/>
-					<xsd:enumeration value="1.2.40.0.10.3.10"/>
-					<xsd:enumeration value="1.2.40.0.10.3.10.IdentifiedVoiceChannel"/>
-				</xsd:restriction>
-			</xsd:simpleType-->
-		</xsd:attribute>
-		<xsd:attribute name="representPhysicalParty" use="optional" default="false">
-			<xsd:annotation>
-				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist</xsd:documentation>
-			</xsd:annotation>
-			<xsd:simpleType>
-				<xsd:restriction base="xsd:boolean"/>
-			</xsd:simpleType>
-		</xsd:attribute>
-		<xsd:attribute name="representCorporateParty" use="optional" default="false">
-			<xsd:annotation>
-				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)</xsd:documentation>
-			</xsd:annotation>
-			<xsd:simpleType>
-				<xsd:restriction base="xsd:boolean"/>
-			</xsd:simpleType>
-		</xsd:attribute>
-		<xsd:attribute name="representationText" use="optional">
-			<xsd:annotation>
-				<xsd:documentation>Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird</xsd:documentation>
-			</xsd:annotation>
-			<!--xsd:simpleType>
-				<xsd:restriction/>
-				<xsd:restriction base="xsd:string">
-					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"/>
-					<xsd:enumeration value="Organwalter"/>
-					<xsd:enumeration value="Parteienvertreter(in) über einen identifizierten Sprachkanal"/>
-				</xsd:restriction>
-			</xsd:simpleType-->
-		</xsd:attribute>
-	</xsd:complexType>
-</xsd:schema>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index e5d71973e..4de75a2af 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -125,7 +125,7 @@
   <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
   <OnlineApplication publicURLPrefix="https://localhost:8443/">
     <!-- fuer MOA-ID-AUTH -->
-    <AuthComponent>
+    <AuthComponent slVersion="1.2">
       <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
            &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
            nur f&uuml;r diese Online Applikation<-->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index fcf0e2ac5..3e51b28fd 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -124,7 +124,7 @@
   <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
   <OnlineApplication publicURLPrefix="https://localhost:8443/">
     <!-- fuer MOA-ID-AUTH -->
-    <AuthComponent>
+    <AuthComponent slVersion="1.2">
       <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
            &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
            nur f&uuml;r diese Online Applikation<-->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index bf71e21f9..013487953 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -122,7 +122,7 @@
   <!--  publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden  -->
   <OnlineApplication publicURLPrefix="https://localhost:8443/">
     <!-- fuer MOA-ID-AUTH -->
-    <AuthComponent>
+    <AuthComponent slVersion="1.2">
       <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
            &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
            nur f&uuml;r diese Online Applikation<-->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index b03285f43..33e812767 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -132,7 +132,7 @@
   <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
   <OnlineApplication publicURLPrefix="https://localhost:8443/">
     <!-- fuer MOA-ID-AUTH -->
-    <AuthComponent>
+    <AuthComponent slVersion="1.2">
       <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
            &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
            nur f&uuml;r diese Online Applikation<-->
diff --git a/id/server/doc/MOA-ID-Configuration-1.4.4.xsd b/id/server/doc/MOA-ID-Configuration-1.4.4.xsd
deleted file mode 100644
index 619b9f2df..000000000
--- a/id/server/doc/MOA-ID-Configuration-1.4.4.xsd
+++ /dev/null
@@ -1,612 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
-	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
-	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
-	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
-	<xsd:element name="Configuration">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="LoginType" type="LoginType" default="stateful"/>
-				<xsd:element name="Binding" minOccurs="0">
-					<xsd:simpleType>
-						<xsd:restriction base="xsd:string">
-							<xsd:enumeration value="full"/>
-							<xsd:enumeration value="userName"/>
-							<xsd:enumeration value="none"/>
-						</xsd:restriction>
-					</xsd:simpleType>
-				</xsd:element>
-				<xsd:choice>
-					<xsd:element ref="ParamAuth"/>
-					<xsd:element ref="BasicAuth"/>
-					<xsd:element ref="HeaderAuth"/>
-				</xsd:choice>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:simpleType name="LoginType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="stateless"/>
-			<xsd:enumeration value="stateful"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:element name="ParamAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element ref="Parameter" maxOccurs="unbounded"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="Parameter">
-		<xsd:complexType>
-			<xsd:attribute name="Name" type="xsd:token" use="required"/>
-			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="BasicAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="UserID" type="MOAAuthDataType"/>
-				<xsd:element name="Password" type="MOAAuthDataType"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="HeaderAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element ref="Header" maxOccurs="unbounded"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="Header">
-		<xsd:complexType>
-			<xsd:attribute name="Name" type="xsd:token" use="required"/>
-			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:simpleType name="MOAAuthDataType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="MOAGivenName"/>
-			<xsd:enumeration value="MOAFamilyName"/>
-			<xsd:enumeration value="MOADateOfBirth"/>
-			<xsd:enumeration value="MOABPK"/>
-			<xsd:enumeration value="MOAWBPK"/>
-			<xsd:enumeration value="MOAPublicAuthority"/>
-			<xsd:enumeration value="MOABKZ"/>
-			<xsd:enumeration value="MOAQualifiedCertificate"/>
-			<xsd:enumeration value="MOAStammzahl"/>
-			<xsd:enumeration value="MOAIdentificationValueType"/>
-			<xsd:enumeration value="MOAIPAddress"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:simpleType name="MOAKeyBoxSelector">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="SecureSignatureKeypair"/>
-			<xsd:enumeration value="CertifiedKeypair"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
-	<xsd:element name="MOA-IDConfiguration">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
-					</xsd:annotation>
-				</xsd:element>
-				<xsd:element name="ProxyComponent" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>enthält Konfigurationsparameter der Proxy-Komponente</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:sequence>
-							<xsd:element name="AuthComponent">
-								<xsd:annotation>
-									<xsd:documentation>enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente</xsd:documentation>
-								</xsd:annotation>
-								<xsd:complexType>
-									<xsd:sequence>
-										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-											<xsd:annotation>
-												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
-											</xsd:annotation>
-										</xsd:element>
-									</xsd:sequence>
-								</xsd:complexType>
-							</xsd:element>
-						</xsd:sequence>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="OnlineApplication" maxOccurs="unbounded">
-					<xsd:annotation>
-						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:complexContent>
-							<xsd:extension base="OnlineApplicationType">
-								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
-								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
-								<xsd:attribute name="type" use="optional" default="publicService">
-									<xsd:simpleType>
-										<xsd:restriction base="xsd:NMTOKEN">
-											<xsd:enumeration value="businessService"/>
-											<xsd:enumeration value="publicService"/>
-										</xsd:restriction>
-									</xsd:simpleType>
-								</xsd:attribute>
-								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
-							</xsd:extension>
-						</xsd:complexContent>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="ChainingModes" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:sequence minOccurs="0" maxOccurs="unbounded">
-							<xsd:element name="TrustAnchor">
-								<xsd:annotation>
-									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden</xsd:documentation>
-								</xsd:annotation>
-								<xsd:complexType>
-									<xsd:complexContent>
-										<xsd:extension base="dsig:X509IssuerSerialType">
-											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>
-										</xsd:extension>
-									</xsd:complexContent>
-								</xsd:complexType>
-							</xsd:element>
-						</xsd:sequence>
-						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
-					</xsd:annotation>
-				</xsd:element>
-				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
-					<xsd:complexType>
-						<xsd:attribute name="name" use="required">
-							<xsd:simpleType>
-								<xsd:restriction base="xsd:string">
-									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
-									<xsd:enumeration value="AuthenticationSession.TimeOut"/>
-									<xsd:enumeration value="AuthenticationData.TimeOut"/>
-									<xsd:enumeration value="TrustManager.RevocationChecking"/>
-									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
-									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
-									<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>
-									<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>
-									<xsd:enumeration value="AuthenticationServer.SourceID"/>
-								</xsd:restriction>
-							</xsd:simpleType>
-						</xsd:attribute>
-						<xsd:attribute name="value" type="xsd:string" use="required"/>
-					</xsd:complexType>
-				</xsd:element>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:complexType name="AuthComponentType">
-		<xsd:sequence>
-			<xsd:element name="BKUSelection" minOccurs="0">
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
-					</xsd:sequence>
-					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
-			<xsd:element name="SecurityLayer">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter für die Kommunikation mit dem Security-Layer</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="MOA-SP">
-				<xsd:annotation>
-					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-						<xsd:element name="VerifyIdentityLink">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die Überprüfung der Personenbindung</xsd:documentation>
-							</xsd:annotation>
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="TrustProfileID"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element>
-						<xsd:element name="VerifyAuthBlock">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die Überprüfung des AUTH-Blocks</xsd:documentation>
-							</xsd:annotation>
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="TrustProfileID"/>
-									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="IdentityLinkSigners" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Informationen über akzeptierte Signers des IdentityLinks</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
-							<xsd:annotation>
-								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="TransformsInfoType">
-		<xsd:annotation>
-			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert</xsd:documentation>
-		</xsd:annotation>
-		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="TemplatesType">
-		<xsd:sequence>
-			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
-			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>
-			<xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="TemplateType">
-		<xsd:annotation>
-			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
-		</xsd:annotation>
-		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="VerifyInfoboxesType">
-		<xsd:annotation>
-			<xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
-		</xsd:annotation>
-		<xsd:sequence>
-			<xsd:element name="DefaultTrustProfile" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element ref="TrustProfileID"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="Infobox" type="InfoboxType" minOccurs="0" maxOccurs="unbounded">
-				<xsd:annotation>
-					<xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="InfoboxType">
-		<xsd:annotation>
-			<xsd:documentation>Parameter zur Überprüfung einzelner Infoboxen</xsd:documentation>
-		</xsd:annotation>
-		<xsd:sequence>
-			<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>TrustProfil, das für die Überprüfung der Infobox verwendet werden soll</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
-			<xsd:element name="ApplicationSpecificParameters" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="ParepSpecificParameters" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element ref="EnableInfoboxValidator" minOccurs="0">
-							<xsd:annotation>
-								<xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant.</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-						<xsd:element name="PartyRepresentation" type="PartyRepresentationType">
-							<xsd:annotation>
-								<xsd:documentation>Eigentlicher Konfigurationsteil für berufliche Parteienvertretung</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
-		<xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
-		<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
-		<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
-	</xsd:complexType>
-	<xsd:complexType name="SchemaLocationType">
-		<xsd:annotation>
-			<xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
-		</xsd:annotation>
-		<xsd:sequence>
-			<xsd:element name="Schema" maxOccurs="unbounded">
-				<xsd:complexType>
-					<xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
-					<xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="ProxyComponentType"/>
-	<xsd:complexType name="OnlineApplicationType">
-		<xsd:sequence>
-			<xsd:element name="AuthComponent" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<!--xsd:element name="IdentificationNumber" minOccurs="0">
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="pr:AbstractSimpleIdentification"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element-->
-						<xsd:element name="IdentificationNumber" minOccurs="0">
-							<xsd:complexType>
-								<xsd:choice>
-									<xsd:element ref="pr:Firmenbuchnummer"/>
-									<xsd:element ref="pr:ZMRzahl"/>
-									<xsd:element ref="pr:Vereinsnummer"/>
-									<xsd:element ref="pr:ERJPZahl"/>
-									<xsd:element name="AnyNumber">
-										<xsd:complexType>
-											<xsd:simpleContent>
-												<xsd:extension base="xsd:string">
-													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
-												</xsd:extension>
-											</xsd:simpleContent>
-										</xsd:complexType>
-									</xsd:element>
-								</xsd:choice>
-							</xsd:complexType>
-						</xsd:element>
-						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
-						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
-						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
-					</xsd:sequence>
-					<xsd:attribute name="slVersion" use="optional" default="1.2">
-						<xsd:simpleType>
-							<xsd:restriction base="xsd:string">
-								<xsd:enumeration value="1.1"/>
-								<xsd:enumeration value="1.2"/>
-							</xsd:restriction>
-						</xsd:simpleType>
-					</xsd:attribute>
-					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
-					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="ProxyComponent" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
-					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
-					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
-					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
-					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
-				</xsd:complexType>
-			</xsd:element>
-			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="ConnectionParameterServerAuthType">
-		<xsd:sequence>
-			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="ConnectionParameterClientAuthType">
-		<xsd:complexContent>
-			<xsd:extension base="ConnectionParameterServerAuthType">
-				<xsd:sequence>
-					<xsd:element name="ClientKeyStore" minOccurs="0">
-						<xsd:annotation>
-							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält</xsd:documentation>
-						</xsd:annotation>
-						<xsd:complexType>
-							<xsd:simpleContent>
-								<xsd:extension base="xsd:anyURI">
-									<xsd:attribute name="password" type="xsd:string" use="optional"/>
-								</xsd:extension>
-							</xsd:simpleContent>
-						</xsd:complexType>
-					</xsd:element>
-				</xsd:sequence>
-			</xsd:extension>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:element name="TrustProfileID" type="xsd:string"/>
-	<xsd:simpleType name="ChainingModeType">
-		<xsd:restriction base="xsd:string">
-			<xsd:enumeration value="chaining"/>
-			<xsd:enumeration value="pkix"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:simpleType name="BKUSelectionType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="HTMLComplete"/>
-			<xsd:enumeration value="HTMLSelect"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:element name="CompatibilityMode" default="false">
-		<xsd:simpleType>
-			<xsd:restriction base="xsd:boolean"/>
-		</xsd:simpleType>
-	</xsd:element>
-	<xsd:element name="EnableInfoboxValidator" default="true">
-		<xsd:simpleType>
-			<xsd:restriction base="xsd:boolean"/>
-		</xsd:simpleType>
-	</xsd:element>
-	<xsd:element name="AlwaysShowForm" default="false">
-		<xsd:annotation>
-			<xsd:documentation>Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
-		</xsd:annotation>
-		<xsd:simpleType>
-			<xsd:restriction base="xsd:boolean"/>
-		</xsd:simpleType>
-	</xsd:element>
-	<xsd:complexType name="InputProcessorType">
-		<xsd:simpleContent>
-			<xsd:extension base="xsd:string">
-				<xsd:attribute name="template" type="xsd:anyURI" use="optional">
-					<xsd:annotation>
-						<xsd:documentation>Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll</xsd:documentation>
-					</xsd:annotation>
-				</xsd:attribute>
-			</xsd:extension>
-		</xsd:simpleContent>
-	</xsd:complexType>
-	<xsd:complexType name="PartyRepresentationType">
-		<xsd:sequence>
-			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element ref="AlwaysShowForm" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">
-				<xsd:annotation>
-					<xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="PartyRepresentativeType">
-		<xsd:sequence>
-			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element ref="AlwaysShowForm" minOccurs="0"/>
-			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Optionale Verbindungsparameter zu speziellem (SZR-)Gateway</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="oid" use="required">
-			<xsd:annotation>
-				<xsd:documentation>OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>
-			</xsd:annotation>
-			<!--xsd:simpleType>
-				<xsd:restriction/>
-				<xsd:restriction base="xsd:string">
-					<xsd:enumeration value="1.2.40.0.10.3.1"/>
-					<xsd:enumeration value="1.2.40.0.10.3.2"/>
-					<xsd:enumeration value="1.2.40.0.10.3.3"/>
-					<xsd:enumeration value="1.2.40.0.10.3.10"/>
-					<xsd:enumeration value="1.2.40.0.10.3.10.IdentifiedVoiceChannel"/>
-				</xsd:restriction>
-			</xsd:simpleType-->
-		</xsd:attribute>
-		<xsd:attribute name="representPhysicalParty" use="optional" default="false">
-			<xsd:annotation>
-				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist</xsd:documentation>
-			</xsd:annotation>
-			<xsd:simpleType>
-				<xsd:restriction base="xsd:boolean"/>
-			</xsd:simpleType>
-		</xsd:attribute>
-		<xsd:attribute name="representCorporateParty" use="optional" default="false">
-			<xsd:annotation>
-				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)</xsd:documentation>
-			</xsd:annotation>
-			<xsd:simpleType>
-				<xsd:restriction base="xsd:boolean"/>
-			</xsd:simpleType>
-		</xsd:attribute>
-		<xsd:attribute name="representationText" use="optional">
-			<xsd:annotation>
-				<xsd:documentation>Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird</xsd:documentation>
-			</xsd:annotation>
-			<!--xsd:simpleType>
-				<xsd:restriction/>
-				<xsd:restriction base="xsd:string">
-					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"/>
-					<xsd:enumeration value="Organwalter"/>
-					<xsd:enumeration value="Parteienvertreter(in) über einen identifizierten Sprachkanal"/>
-				</xsd:restriction>
-			</xsd:simpleType-->
-		</xsd:attribute>
-	</xsd:complexType>
-</xsd:schema>
diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm
index 00b2d8907..80078c464 100644
--- a/id/server/doc/moa_id/id-admin_2.htm
+++ b/id/server/doc/moa_id/id-admin_2.htm
@@ -117,7 +117,8 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
           <p id="subtitel">Konfiguration von MOA ID v.1.4</p>
           <p id="block"> Die Konfiguration von MOA ID wird mittels einer XML-basierten
             Konfigurationsdatei, die dem Schema
-            <a href="../MOA-ID-Configuration-1.4.4.xsd" target="_new">MOA-ID-Configuration-1.4.4.xsd</a>
+            <a href="../MOA-ID-Configuration-1.4.3.xsd" target="_new">MOA-ID-Configuration-1.4.4.xsd</a>
+            <a href="../MOA-ID-Configuration-1.4.3.xsd" target="_new">MOA-ID-Configuration-1.4.4.xsd</a>
             entspricht, durchgef&uuml;hrt.
           <p /> Der Ort der Konfigurationsdatei wird im Abschnitt <a href="id-admin_1.htm#deployment">Deployment
             der Web-Applikation in Tomcat</a> beschrieben.
@@ -651,7 +652,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                               und der Stammzahl des Wirtschaftsunternehmens berechnet.
                               Laut <a href="http://reference.e-government.gv.at/E-Government-Gesetz.394.0.html" target="_new">E-Governmentgesetz</a>
                               darf die <i>Errechnung eines wbPK aus der Stammzahl nicht beim Auftraggeber eines
-                              privaten Bereichs durchgef&uuml;hrt werden</i> (vgl. E-GovGesetz §12(1).4), und muss deshalb
+                              privaten Bereichs durchgef&uuml;hrt werden</i> (vgl. E-GovGesetz &sect;12(1).4), und muss deshalb
                               an die B&uuml;rgerkartenumgebung ausgelagert werden.
                               Das <tt>OnlineApplication/AuthComponent/IdentificationNumber</tt> Element
                               wird nun verwendet, um die Stammzahl des Wirtschaftsunternehmens zu spezifizieren,
diff --git a/spss/handbook/handbook/config/config.html b/spss/handbook/handbook/config/config.html
index a8d1eb0a9..1d590ccfc 100644
--- a/spss/handbook/handbook/config/config.html
+++ b/spss/handbook/handbook/config/config.html
@@ -432,7 +432,7 @@ IssuerDN (RFC2253) :
         <p>
         <pre>http://www.w3.org/TR/2001/REC-xml-c14n-20010315 <br>http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments <br>http://www.w3.org/2001/10/xml-exc-c14n# <br>http://www.w3.org/2001/10/xml-exc-c14n#WithComments  </pre>
         <p></p>        <p>Wird das Element nicht angegeben, wird folgender Wert als Default-Wert verwendet:</p>
-      <pre>http://www.w3.org/TR/2001/REC-xml-c14n-20010315  </pre>	  <p>Für die genaue Bedeutung der Werte siehe die <a href="http://www.w3.org/TR/xmldsig-core/" target="_blank">Spezifikation für XML-Signaturen</a>.</p></td>
+      <pre>http://www.w3.org/TR/2001/REC-xml-c14n-20010315  </pre>	  <p>F&uuml;r die genaue Bedeutung der Werte siehe die <a href="http://www.w3.org/TR/xmldsig-core/" target="_blank">Spezifikation f&uuml;r XML-Signaturen</a>.</p></td>
     </tr>
   </table>
   <table class="fixedWidth"  border="1" cellpadding="2">
diff --git a/spss/handbook/handbook/install/install.html b/spss/handbook/handbook/install/install.html
index d7f1e7a0b..4df97ef4b 100644
--- a/spss/handbook/handbook/install/install.html
+++ b/spss/handbook/handbook/install/install.html
@@ -171,7 +171,7 @@
 <ul>
   <li>Die Datei <code>$MOA_SPSS_INST/moa-spss.war</code> enth&auml;lt das einsatzfertige MOA SP/SS Webarchiv und muss ins Verzeichnis  <code>$CATALINA_HOME/webapps</code> kopiert werden. Dort wird sie beim ersten Start von Tomcat automatisch ins Verzeichnis <code>$CATALINA_HOME/webapps/moa-spss</code> entpackt. </li>
   <li>Die zentrale Konfigurationsdatei f&uuml;r MOA SP/SS  und die zugeh&ouml;rigen Profil-Verzeichnisse m&uuml;ssen in ein beliebiges Verzeichnis im Dateisystem kopiert werden (z.B. <code>$CATALINA_HOME/conf/moa-spss</code>). Eine funktionsf&auml;hige Konfiguration, die als Ausgangspunkt f&uuml;r die Konfiguration des MOA SP/SS Webservices dienen kann, finden Sie <a href="../../conf/moa-spss/spss.config.xml">hier</a>. </li>
-  <li>Wird Tomcat unter J2SE 1.4.x SDK oder höher betrieben, müssen die Dateien <code>xalan.jar</code>, <code>xercesImpl.jar, serializer.jar </code> und <code>xml-apis.jar</code> aus dem Verzeichnis <code>$MOA_SPSS_INST/endorsed</code> in das Tomcat-Verzeichnis <code>$CATALINA_HOME/common/endorsed</code> kopiert werden. Sind gleichnamige Dateien dort bereits vorhanden, m&uuml;ssen sie &uuml;berschrieben werden. Die ggf. in diesem Verzeichnis vorhandene Datei <code>xmlParserAPIs.jar</code> muss gel&ouml;scht werden.</li>
+  <li>Wird Tomcat unter J2SE 1.4.x SDK oder h&ouml;her betrieben, m&uuml;ssen die Dateien <code>xalan.jar</code>, <code>xercesImpl.jar, serializer.jar </code> und <code>xml-apis.jar</code> aus dem Verzeichnis <code>$MOA_SPSS_INST/endorsed</code> in das Tomcat-Verzeichnis <code>$CATALINA_HOME/common/endorsed</code> kopiert werden. Sind gleichnamige Dateien dort bereits vorhanden, m&uuml;ssen sie &uuml;berschrieben werden. Die ggf. in diesem Verzeichnis vorhandene Datei <code>xmlParserAPIs.jar</code> muss gel&ouml;scht werden.</li>
   <li>Folgende <span class="term">System Properties</span> k&ouml;nnen gesetzt werden (wird beim Starten von Tomcat der <span class="term">Java Virtual Machine</span> in der Umgebungsvariablen <code>CATALINA_OPTS</code> in der Form <code>-D&lt;name&gt;=&lt;wert&gt;</code> &uuml;bergeben):
       <ul>
         <li id="klein"><code>moa.spss.server.configuration</code>: Pfad und Name der zentralen Konfigurationsdatei f&uuml;r MOA SP/SS. Eine beispielhafte Konfigurationsdatei finden Sie <a href="../../conf/moa-spss/spss.config.xml">hier</a>. Wird ein relativer Pfad angegeben, wird dieser relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert. Ist diese <span class="term">System Property</span> nicht gesetzt, wird automatisch eine im Webarchiv unter <code>WEB-INF/conf</code> enthaltene Default-Konfiguration herangezogen.</li>
diff --git a/spss/handbook/handbook/usage/usage.html b/spss/handbook/handbook/usage/usage.html
index deecfe7ff..bec96d0a9 100644
--- a/spss/handbook/handbook/usage/usage.html
+++ b/spss/handbook/handbook/usage/usage.html
@@ -300,7 +300,7 @@ Ich habe weiters ein eigenens ID-Attribut bekommen.&lt;/doc:Paragraph&gt;
 </pre>
 <p>Das Element <code>CreateSignatureInfo</code> ist grunds&auml;tzlich optional, und muss nur angegeben werden, wenn die zu erstellende Signatur von MOA SS in ein bestehendes XML-Dokument integriert werden soll (was in diesem Beispiel ja der Fall ist).</p>
 <p><code>CreateSignatureEnvironment</code> enth&auml;lt das XML-Dokument, in das die zu erstellende Signatur integriert werden soll. In diesem Beispiel wird dieses Dokument mit Hilfe von <code>LocRefContent</code> referenziert, d. h. MOA SS wird versuchen, die darin enthaltene URL aufzul&ouml;sen, um das XML-Dokument zu erhalten. Alternativ k&ouml;nnte auch <code>Base64Content</code> (explizite Angabe des XML-Dokuments in base64 kodierter Form) oder <code>XMLContent</code> (direkte Angabe des XML-Dokuments im Request) verwendet werden.</p>
-<p><a name="webservice_xmlrequests_erstellungxml_daten_hinweisCreateSignatureLocation"></a><code>CreateSignatureLocation</code> enth&auml;lt die Angabe jener Stelle, an der die Signatur in das XML-Dokument eingesetzt werden soll. Der Inhalt dieses Elements bezeichnet mittels <span class="term">XPath</span>-Ausdruck das <span class="term">Parent</span>-Element der Signatur, der Wert des Attributs <code>CreateSignatureLocation/@Index</code> enth&auml;lt den Offset innerhalb dieses <span class="term">Parent</span>-Elements. Betrachten Sie zur Verdeutlichung das XML-Dokument <a href="../../clients/common/referencedData/XMLDocument.xml" target="_blank"><code>XMLDocument.xml</code></a>, in das die Signatur integriert werden soll: Die Signatur soll unmittelbar nach dem zweiten <code>doc:Paragraph</code> Element in das XML-Dokument eingef&uuml;gt werden. Der Inhalt von <code>CreateSignatureLocation</code> (<code>/doc:XMLDocument</code>) selektiert das zuk&uuml;nftige <span class="term">Parent</span>-Element der Signatur, also <code>doc:XMLDocument</code>. Das Attribut <code>Index</code> enth&auml;lt deshalb den Wert <code>4</code> (und nicht etwa <code>2</code> oder <code>3</code>), da erstens bei <code>0</code> zu z&auml;hlen begonnen wird, und zweitens auch die Text-Knoten, die lediglich Whitespace enthalten, f&uuml;r diesen Offset z&auml;hlen (um diese Textknoten erkennen zu k&ouml;nnen, m&uuml;ssen Sie das XML-Dokument in einem Text-Editor &ouml;ffnen). Beachten Sie weiters, dass  das im <span class="term">XPath</span>-Ausdruck verwendete Namespace-Prefix <code>doc</code> im Kontext des Elements <code>CreateSignatureLocation</code> bekannt sein muss. Deshalb enth&auml;lt dieses Element auch die entsprechende Namespace-Deklaration (<code>xmlns:doc=&quot;urn:document&quot;</code>).</p>
+<p><a name="webservice_xmlrequests_erstellungxml_daten_hinweisCreateSignatureLocation"></a><code>CreateSignatureLocation</code> enth&auml;lt die Angabe jener Stelle, an der die Signatur in das XML-Dokument eingesetzt werden soll. Der Inhalt dieses Elements bezeichnet mittels <span class="term">XPath</span>-Ausdruck das <span class="term">Parent</span>-Element der Signatur, der Wert des Attributs <code>CreateSignatureLocation/@Index</code> enth&auml;lt den Offset innerhalb dieses <span class="term">Parent</span>-Elements. Betrachten Sie zur Verdeutlichung das XML-Dokument <a href="../../clients/referencedData/src/main/webapp/XMLDocument.xml" target="_blank"><code>XMLDocument.xml</code></a>, in das die Signatur integriert werden soll: Die Signatur soll unmittelbar nach dem zweiten <code>doc:Paragraph</code> Element in das XML-Dokument eingef&uuml;gt werden. Der Inhalt von <code>CreateSignatureLocation</code> (<code>/doc:XMLDocument</code>) selektiert das zuk&uuml;nftige <span class="term">Parent</span>-Element der Signatur, also <code>doc:XMLDocument</code>. Das Attribut <code>Index</code> enth&auml;lt deshalb den Wert <code>4</code> (und nicht etwa <code>2</code> oder <code>3</code>), da erstens bei <code>0</code> zu z&auml;hlen begonnen wird, und zweitens auch die Text-Knoten, die lediglich Whitespace enthalten, f&uuml;r diesen Offset z&auml;hlen (um diese Textknoten erkennen zu k&ouml;nnen, m&uuml;ssen Sie das XML-Dokument in einem Text-Editor &ouml;ffnen). Beachten Sie weiters, dass  das im <span class="term">XPath</span>-Ausdruck verwendete Namespace-Prefix <code>doc</code> im Kontext des Elements <code>CreateSignatureLocation</code> bekannt sein muss. Deshalb enth&auml;lt dieses Element auch die entsprechende Namespace-Deklaration (<code>xmlns:doc=&quot;urn:document&quot;</code>).</p>
 <h5>Response</h5>
 <p><code><a href="../../clients/webservice/resources/requests/CreateXMLSignatureRequest.Refs.resp.xml" target="_blank">CreateXMLSignatureRequest.Refs.resp.xml</a></code> ist eine typische Response des SS Webservices auf den obigen Request. Sein Aufbau wird nachfolgend analysiert. Bitte beachten Sie, dass  die  dargestellte Response zur bessernen Lesbarkeit einger&uuml;ckt und gek&uuml;rzt wurde.</p>
 <pre>
@@ -440,7 +440,7 @@ Ich habe weiters ein eigenens ID-Attribut bekommen.&lt;/doc:Paragraph&gt;
       &lt;/CreateTransformsInfoProfile&gt;
     &lt;/DataObjectInfo&gt;
 </pre>
-<p>F&uuml;r das erste zu signierende Datenobjekt werden die Referenz-Eingangsdaten  mittels <code>DataObject/@Reference</code> referenziert, d. h. MOA SS l&ouml;st die darin enthaltene URL auf, um zu den Daten zu gelangen. Es handelt sich dabei um einen <a href="../../clients/common/referencedData/Text.b64" target="_blank">base64 kodierten Text</a>.</p>
+<p>F&uuml;r das erste zu signierende Datenobjekt werden die Referenz-Eingangsdaten  mittels <code>DataObject/@Reference</code> referenziert, d. h. MOA SS l&ouml;st die darin enthaltene URL auf, um zu den Daten zu gelangen. Es handelt sich dabei um einen <a href="../../clients/referencedData/src/main/webapp/Text.b64" target="_blank">base64 kodierten Text</a>.</p>
 <p>Unterschrieben werden soll nun aber nicht dieser base64 kodierte Text, sondern der entsprechend dekodierte Text. Dies l&auml;sst sich elegant durch die Angabe einer <span class="term"><a href="http://www.w3.org/TR/xmldsig-core/#sec-Base-64" target="_blank">Base64 Decoding</a></span><a href="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#sec-Base-64" target="_blank"> Transformation</a> bewerkstelligen. Dazu wird als erstes Kindelement von <code>CreateTransformsInfo</code> ein <code>dsig:Transforms</code> Element im Request angegeben. Dieses <code>dsig:Transforms</code> Element nimmt ein oderer mehrere <code>dsig:Transform</code> Elemente auf, wobei jedes <code>dsig:Transform</code> Element f&uuml;r eine Transformation steht. In unserem Fall wird nur eine einzige Transformation ben&ouml;tigt; die Angabe, um welche Transformation es sich handelt, wird durch das Attribut <code>dsig:Transform/@Algorithm</code> angegeben. F&uuml;r die <span class="term">Base64 Decoding</span> Transformation muss der Wert auf <code>http://www.w3.org/2000/09/xmldsig#base64</code> gesetzt werden. Sie ist eine parameterlose Transformation, d. h. <code>dsig:Transform</code> hat keine Kindelemente.</p>
 <p>Der Mime-Type der zu signierenden Daten wird als <code>text/plain</code> angegeben, da ja tats&auml;chlich nach der durchgef&uuml;hrten Transformation dekodierter Text vorliegt, &uuml;ber den dann der Hashwert berechnet wird. </p>
 <pre>
@@ -566,7 +566,7 @@ Ich habe weiters ein eigenens ID-Attribut bekommen.&lt;/doc:Paragraph&gt;
           &lt;/FinalDataMetaInfo&gt;
 </pre>
 <p>Das Beispiel enth&auml;lt als erste Transformation eine <span class="term">XSLT-Transformation</span>. Der als Kindelement von <code>dsig:Transform</code> angegebene Stylesheet verweist dabei mittels <code>xsl:include</code> auf einen weiteren Stylesheet. Dieser weitere Stylesheet kann jedoch von MOA nicht direkt aufgel&ouml;st werden, da er als relative Referenz angegeben wird. Deshalb ist es notwendig, diesen weiteren Stylesheet als Erg&auml;nzungsobjekt zu den signierenden Daten anzugeben:</p>
-<pre>
+<
         &lt;/CreateTransformsInfo&gt;
         &lt;Supplement&gt;
           &lt;Content Reference=&quot;XMLDocument.Para.xsl&quot;&gt;
@@ -585,7 +585,7 @@ Ich habe weiters ein eigenens ID-Attribut bekommen.&lt;/doc:Paragraph&gt;
         &lt;CreateSignatureLocation
           Index=&quot;4&quot; xmlns:doc=&quot;urn:document&quot;&gt;/doc:XMLDocument&lt;/CreateSignatureLocation&gt;
 </pre>
-<p>Eingef&uuml;gt werden soll die zu erzeugende Signatur in ein <a href="../../clients/common/referencedData/XMLDocument.withSchemaHint.xml" target="_blank">bestehendes Dokument</a>, das MOA SS durch Aufl&ouml;sen der in <code>CreateSignatureEnvironment/@Reference</code> angegebenen URL erh&auml;lt. Eingef&uuml;gt werden soll die Signatur als f&uuml;nfter Kindknoten des Wurzelelements <code>doc:XMLDocument</code>. Beachten Sie wiederum die <a href="#webservice_xmlrequests_erstellungxml_daten_hinweisCreateSignatureLocation">Hinweise</a> zur Z&auml;hlweise f&uuml;r das Attribut <code>Index</code> bzw. zur Deklaration der im XPath-Ausdruck verwendeten Namespace-Deklarationen (hier <code>doc</code>). </p>
+<p>Eingef&uuml;gt werden soll die zu erzeugende Signatur in ein <a href="../../clients/referencedData/src/main/webapp/XMLDocument.withSchemaHint.xml" target="_blank">bestehendes Dokument</a>, das MOA SS durch Aufl&ouml;sen der in <code>CreateSignatureEnvironment/@Reference</code> angegebenen URL erh&auml;lt. Eingef&uuml;gt werden soll die Signatur als f&uuml;nfter Kindknoten des Wurzelelements <code>doc:XMLDocument</code>. Beachten Sie wiederum die <a href="#webservice_xmlrequests_erstellungxml_daten_hinweisCreateSignatureLocation">Hinweise</a> zur Z&auml;hlweise f&uuml;r das Attribut <code>Index</code> bzw. zur Deklaration der im XPath-Ausdruck verwendeten Namespace-Deklarationen (hier <code>doc</code>). </p>
 <pre>
         &lt;Supplement&gt;
           &lt;Content Reference=&quot;urn:XMLDocument.xsd&quot;&gt;
@@ -625,7 +625,7 @@ Ich habe weiters ein eigenens ID-Attribut bekommen.&lt;/doc:Paragraph&gt;
 CN=Gregor Karlinger,C=AT&lt;/dsig:X509SubjectName&gt;
       &lt;dsig:X509IssuerSerial&gt;
         &lt;dsig:X509IssuerName&gt;CN=TrustSignTest-Sig-01,OU=TrustSignTest-Sig-01,
-O=A-Trust Ges. für Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT&lt;/dsig:X509IssuerName&gt;
+O=A-Trust Ges. f&uuml;r Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT&lt;/dsig:X509IssuerName&gt;
         &lt;dsig:X509SerialNumber&gt;2892&lt;/dsig:X509SerialNumber&gt;
       &lt;/dsig:X509IssuerSerial&gt;
       &lt;dsig:X509Certificate&gt;...&lt;/dsig:X509Certificate&gt;
@@ -761,7 +761,7 @@ O=A-Trust Ges. f
       xmlns:dsig=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;/doc:XMLDocument/dsig:Signature&lt;/VerifySignatureLocation&gt;
   &lt;/VerifySignatureInfo&gt;
 </pre>
-<p>Das Element <code>VerifySignatureEnvironment</code> enth&auml;lt in diesem Fall mit dem Attribut <code>Reference</code> eine Referenz auf das XML-Dokument (<code><a href="../../clients/common/referencedData/XMLDocument.signed.xml" target="_blank">XMLDocument.signed.xml</a></code>), das die zu pr&uuml;fende Signatur beinhaltet. Als Textinhalt von <code>VerifySignatureLocation</code> ist ein XPath-Ausdruck angegeben, der die zu pr&uuml;fende Signatur innerhalb des XML-Dokuments ausw&auml;hlt. Bitte beachten Sie, dass im Kontext des Elements <code>VerifySignatureLocation</code> alle im XPath-Ausdruck verwendeten Namespace-Pr&auml;fixe bekannt sein m&uuml;ssen (hier die Pr&auml;fixe <code>doc</code> und <code>dsig</code>). </p>
+<p>Das Element <code>VerifySignatureEnvironment</code> enth&auml;lt in diesem Fall mit dem Attribut <code>Reference</code> eine Referenz auf das XML-Dokument (<code><a href="../../clients/referencedData/src/main/webapp/XMLDocument.signed.xml" target="_blank">XMLDocument.signed.xml</a></code>), das die zu pr&uuml;fende Signatur beinhaltet. Als Textinhalt von <code>VerifySignatureLocation</code> ist ein XPath-Ausdruck angegeben, der die zu pr&uuml;fende Signatur innerhalb des XML-Dokuments ausw&auml;hlt. Bitte beachten Sie, dass im Kontext des Elements <code>VerifySignatureLocation</code> alle im XPath-Ausdruck verwendeten Namespace-Pr&auml;fixe bekannt sein m&uuml;ssen (hier die Pr&auml;fixe <code>doc</code> und <code>dsig</code>). </p>
 <pre>
   &lt;ReturnHashInputData/&gt;
   &lt;TrustProfileID&gt;Test-Signaturdienste&lt;/TrustProfileID&gt;
@@ -1188,9 +1188,9 @@ Ich habe weiters ein eigenens ID-Attribut bekommen.&lt;/doc:Paragraph&gt;
 <h2><a name="klassenbibliothek_beispiele" id="klassenbibliothek_beispiele"></a>3.3 Beispiele </h2>
 <p>Dieses Handbuch enth&auml;lt zwei Beispiele f&uuml;r die Verwendung der API von MOA SP/SS:
 <ol>
-  <li><code><a href="../../clients/api/src/at/gv/egovernment/moa/spss/handbook/clients/api/CreateXMLSignature.java">CreateXMLSignature.java</a></code>: Erstellung einer einfachen XML-Signatur; dieses Beispiel entspricht dem MOA-XML-Request aus <a href="#webservice_xmlrequests_erstellungxml_simple">Abschnitt 2.1.1.1</a>. <br>
+  <li><code><a href="../../clients/api/src/main/java/at/gv/egovernment/moa/spss/handbook/clients/api/CreateXMLSignature.java">CreateXMLSignature.java</a></code>: Erstellung einer einfachen XML-Signatur; dieses Beispiel entspricht dem MOA-XML-Request aus <a href="#webservice_xmlrequests_erstellungxml_simple">Abschnitt 2.1.1.1</a>. <br>
     Die Konfiguration der API erfolgt &uuml;ber Kommandozeilenparameter (Lage der Konfigurationsdatei f&uuml;r MOA SP/SS, Lage der Konfigurationsdatei f&uuml;r das Logging mit Log4j). Detaillierte Informationen dazu finden Sie in der Quellcodedokumentation des Beispiels. </li>
-  <li><code><a href="../../clients/api/src/at/gv/egovernment/moa/spss/handbook/clients/api/VerifyXMLSignature.java">VerifyXMLSignature.java</a></code>: Pr&uuml;fung einer einfachen XML-Signatur; dieses Beispiel entspricht dem MOA-XML-Request aus <a href="#webservice_xmlrequests_pruefungxml_einfach">Abschnitt 2.1.3.1</a>. <br>
+  <li><code><a href="../../clients/api/src/main/java/at/gv/egovernment/moa/spss/handbook/clients/api/VerifyXMLSignature.java">VerifyXMLSignature.java</a></code>: Pr&uuml;fung einer einfachen XML-Signatur; dieses Beispiel entspricht dem MOA-XML-Request aus <a href="#webservice_xmlrequests_pruefungxml_einfach">Abschnitt 2.1.3.1</a>. <br>
     Die Konfiguration der API erfolgt &uuml;ber Kommandozeilenparameter (Lage der Konfigurationsdatei f&uuml;r MOA SP/SS, Lage der Konfigurationsdatei f&uuml;r das Logging mit Log4j). Detaillierte Informationen dazu finden Sie in der Quellcodedokumentation des Beispiels. <br>
     Die Auswahl der zu pr&uuml;fenden Signatur erfolgt ebenfalls per Kommandozeilenparameter. Detaillierte Informationen dazu finden Sie ebenfalls in der Quellcodedokumentation des Beispiels. </li>
 </ol>
-- 
cgit v1.2.3


From 68af85701b6f797b0d662b89b95e043ee949defd Mon Sep 17 00:00:00 2001
From: mcentner <mcentner@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Fri, 2 Jul 2010 07:14:41 +0000
Subject: Merged branch 1.4.7_MOASP_TSL back into trunk.

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1165 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 common/.classpath                                  |  24 +-
 common/.settings/org.eclipse.wst.common.component  |  15 +-
 common/pom.xml                                     |   4 +-
 .../java/at/gv/egovernment/moa/util/Constants.java |   6 +-
 .../at/gv/egovernment/moa/util/StringUtils.java    |  14 +
 .../schemas/MOA-ID-Configuration-1.4.7.xsd         | 625 +++++++++++++++++++++
 .../resources/resources/schemas/MOA-SPSS-1.4.7.xsd | 486 ++++++++++++++++
 .../resources/schemas/MOA-SPSS-config-1.4.7.xsd    | 270 +++++++++
 id/history.txt                                     |   7 +
 id/pom.xml                                         |   4 +-
 id/readme_1.4.7.txt                                | 304 ++++++++++
 .../.settings/org.eclipse.wst.common.component     |  36 +-
 id/server/auth/pom.xml                             |   4 +-
 id/server/auth/src/main/webapp/WEB-INF/web.xml     |  22 +
 .../conf/moa-id/SampleMOAIDConfiguration.xml       |   8 +-
 .../conf/moa-id/SampleMOAIDConfigurationProxy.xml  |  12 +-
 .../SampleMOAIDConfiguration_withTestBKs.xml       |  12 +-
 .../SampleMOAIDConfiguration_withTestBKsProxy.xml  |  12 +-
 .../conf/moa-id/SampleMOAWIDConfiguration.xml      |  12 +-
 .../conf/moa-id/SampleMOAWIDConfigurationProxy.xml |  12 +-
 .../SampleMOAWIDConfiguration_withTestBKs.xml      |  12 +-
 .../SampleMOAWIDConfiguration_withTestBKsProxy.xml |  12 +-
 .../transforms/TransformsInfoAuthBlockTable_DE.xml | 161 ++++++
 .../transforms/TransformsInfoAuthBlockTable_EN.xml | 161 ++++++
 .../conf/moa-spss/SampleMOASPSSConfiguration.xml   |   8 +
 .../profiles/MOAIDTransformAuthBlockTable_DE.xml   | 159 ++++++
 .../profiles/MOAIDTransformAuthBlockTable_EN.xml   | 159 ++++++
 id/server/data/deploy/demo/demoseite.zip           | Bin 0 -> 225100 bytes
 id/server/doc/MOA-ID-Configuration-1.2.xsd         | 350 ------------
 id/server/doc/MOA-ID-Configuration-1.3.xsd         | 424 --------------
 id/server/doc/MOA-ID-Configuration-1.4.2.xsd       | 616 --------------------
 id/server/doc/MOA-ID-Configuration-1.4.3.xsd       | 612 --------------------
 id/server/doc/MOA-ID-Configuration-1.4.7.xsd       | 624 ++++++++++++++++++++
 id/server/doc/MOA-ID-Configuration-1.4.xsd         | 505 -----------------
 id/server/doc/moa_id/id-admin.htm                  |  15 +-
 id/server/doc/moa_id/id-admin_1.htm                |   8 +-
 id/server/doc/moa_id/id-admin_2.htm                |  42 +-
 id/server/doc/moa_id/links.htm                     |  42 +-
 id/server/doc/moa_id/moa.htm                       |   2 +-
 id/server/idserverlib/.classpath                   |  22 +-
 .../.settings/org.eclipse.wst.common.component     |  15 +-
 id/server/idserverlib/pom.xml                      |   8 +-
 .../moa/id/auth/AuthenticationServer.java          | 417 +++++++++++++-
 .../moa/id/auth/MOAIDAuthConstants.java            |   4 +
 .../moa/id/auth/WrongParametersException.java      |   8 +-
 .../AuthenticationBlockAssertionBuilder.java       |  81 ++-
 .../CreateXMLSignatureRequestBuilderForeign.java   | 126 +++++
 .../InfoboxReadRequestBuilderCertificate.java      |  94 ++++
 .../builder/VerifyXMLSignatureRequestBuilder.java  |  62 ++
 .../moa/id/auth/data/AuthenticationSession.java    |  16 +-
 .../id/auth/data/CreateXMLSignatureResponse.java   |  32 +-
 .../parser/CreateXMLSignatureResponseParser.java   |  26 +
 .../id/auth/parser/InfoboxReadResponseParser.java  |  51 ++
 .../moa/id/auth/servlet/AuthServlet.java           |   1 +
 .../moa/id/auth/servlet/GetForeignIDServlet.java   | 287 ++++++++++
 .../auth/servlet/ProcessValidatorInputServlet.java |   9 +-
 .../moa/id/auth/servlet/SelectBKUServlet.java      |  12 +
 .../auth/servlet/StartAuthenticationServlet.java   |  25 +-
 .../servlet/VerifyAuthenticationBlockServlet.java  |  13 +-
 .../id/auth/servlet/VerifyCertificateServlet.java  | 286 ++++++++++
 .../id/auth/servlet/VerifyIdentityLinkServlet.java |  57 +-
 .../CreateXMLSignatureResponseValidator.java       | 116 ++--
 .../client/szrgw/CreateIdentityLinkResponse.java   |  27 +
 .../validator/parep/client/szrgw/SZRGWClient.java  | 133 ++++-
 .../moa/id/config/ConfigurationBuilder.java        |  50 +-
 .../moa/id/config/ConnectionParameter.java         |   9 +
 .../gv/egovernment/moa/id/config/OAParameter.java  |  24 +
 .../moa/id/config/TargetToSectorNameMapper.java    |  67 +++
 .../moa/id/config/TargetsAndSectorNames.java       | 194 +++++++
 .../id/config/auth/AuthConfigurationProvider.java  |  19 +
 .../moa/id/config/auth/OAAuthParameter.java        |  86 +--
 .../moa/id/proxy/DefaultConnectionBuilder.java     |   3 +-
 .../id/proxy/DefaultLoginParameterResolver.java    |   5 +-
 .../moa/id/proxy/ElakConnectionBuilder.java        |   4 +-
 .../moa/id/proxy/EnhancedConnectionBuilder.java    |   7 +-
 .../moa/id/proxy/servlet/ProxyServlet.java         |   6 +-
 .../moa/id/util/ParamValidatorUtils.java           | 158 ++++++
 .../at/gv/egovernment/moa/id/util/SSLUtils.java    |   8 +-
 .../gv/egovernment/moa/id/util/ServletUtils.java   |  29 +
 .../resources/properties/id_messages_de.properties |   1 +
 id/server/pom.xml                                  |   4 +-
 .../.settings/org.eclipse.wst.common.component     |  34 +-
 id/server/proxy/pom.xml                            |   4 +-
 .../.settings/org.eclipse.wst.common.component     |  16 +-
 id/templates/pom.xml                               |   2 +-
 pom.xml                                            |  13 +-
 .../iaik/prod/iaik_moa/1.27/iaik_moa-1.27.jar      | Bin 0 -> 711034 bytes
 .../iaik/prod/iaik_moa/maven-metadata-local.xml    |  12 +
 .../.settings/org.eclipse.wst.common.component     |  16 +-
 .../clients/webservice/conf/http.properties        |   2 +-
 .../handbook/config/MOA-SPSS-config-1.4.5.xsd      | 268 ---------
 .../handbook/config/MOA-SPSS-config-1.4.7.xsd      | 270 +++++++++
 spss/handbook/handbook/config/config.html          |  10 +-
 spss/handbook/handbook/faq/faq.html                |   2 +-
 spss/handbook/handbook/index.html                  |   2 +-
 spss/handbook/handbook/install/install.html        |   4 +-
 spss/handbook/handbook/intro/intro.html            |   2 +-
 spss/handbook/handbook/spec/MOA-SPSS-1.3.wsdl      |   2 +-
 spss/handbook/handbook/usage/usage.html            |   6 +-
 spss/pom.xml                                       |   2 +-
 spss/server/history.txt                            |  13 +
 spss/server/readme.update.txt                      |  13 +-
 spss/server/serverlib/.classpath                   |  22 +-
 .../.settings/org.eclipse.wst.common.component     |  15 +-
 spss/server/serverlib/pom.xml                      |   2 +-
 .../gv/egovernment/moa/spss/api/SPSSFactory.java   |  24 +-
 .../VerifyCMSSignatureResponseElement.java         |   7 +
 .../moa/spss/api/common/CheckTSLResult.java        |  40 ++
 .../moa/spss/api/impl/CheckTSLResultImpl.java      |  66 +++
 .../moa/spss/api/impl/SPSSFactoryImpl.java         |  18 +-
 .../VerifyCMSSignatureResponseElementImpl.java     |  17 +-
 .../api/impl/VerifyXMLSignatureResponseImpl.java   |  17 +-
 .../moa/spss/api/xmlbind/ResponseBuilderUtils.java |  35 ++
 .../xmlbind/VerifyCMSSignatureResponseBuilder.java |   9 +
 .../xmlbind/VerifyXMLSignatureResponseBuilder.java |   7 +
 .../api/xmlverify/VerifyXMLSignatureResponse.java  |  10 +
 .../server/config/ConfigurationPartsBuilder.java   |  36 +-
 .../moa/spss/server/config/TrustProfile.java       |  16 +-
 .../invoke/CMSSignatureVerificationInvoker.java    |  11 +-
 .../invoke/VerifyCMSSignatureResponseBuilder.java  |  66 ++-
 .../invoke/VerifyXMLSignatureResponseBuilder.java  |  17 +-
 .../invoke/XMLSignatureVerificationInvoker.java    |  44 +-
 .../properties/spss_messages_de.properties         |   4 +-
 .../.settings/org.eclipse.wst.common.component     |  28 +-
 .../serverws/resources/wsdl/MOA-SPSS-1.3.wsdl      |   2 +-
 125 files changed, 6362 insertions(+), 3247 deletions(-)
 create mode 100644 common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.7.xsd
 create mode 100644 common/src/main/resources/resources/schemas/MOA-SPSS-1.4.7.xsd
 create mode 100644 common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.7.xsd
 create mode 100644 id/readme_1.4.7.txt
 create mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
 create mode 100644 id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
 create mode 100644 id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
 create mode 100644 id/server/data/deploy/demo/demoseite.zip
 delete mode 100644 id/server/doc/MOA-ID-Configuration-1.2.xsd
 delete mode 100644 id/server/doc/MOA-ID-Configuration-1.3.xsd
 delete mode 100644 id/server/doc/MOA-ID-Configuration-1.4.2.xsd
 delete mode 100644 id/server/doc/MOA-ID-Configuration-1.4.3.xsd
 create mode 100644 id/server/doc/MOA-ID-Configuration-1.4.7.xsd
 delete mode 100644 id/server/doc/MOA-ID-Configuration-1.4.xsd
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
 create mode 100644 repository/iaik/prod/iaik_moa/1.27/iaik_moa-1.27.jar
 create mode 100644 repository/iaik/prod/iaik_moa/maven-metadata-local.xml
 delete mode 100644 spss/handbook/handbook/config/MOA-SPSS-config-1.4.5.xsd
 create mode 100644 spss/handbook/handbook/config/MOA-SPSS-config-1.4.7.xsd
 create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java
 create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/common/.classpath b/common/.classpath
index acbdc4f5b..2ea0c3c6d 100644
--- a/common/.classpath
+++ b/common/.classpath
@@ -1,10 +1,14 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
-	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
-	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
-	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
-	<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/>
-	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
-	<classpathentry kind="output" path="target/classes"/>
-</classpath>
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
+	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
+	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
+	<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/>
+	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.nondependency" value=""/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/common/.settings/org.eclipse.wst.common.component b/common/.settings/org.eclipse.wst.common.component
index 41f61a290..6351b73de 100644
--- a/common/.settings/org.eclipse.wst.common.component
+++ b/common/.settings/org.eclipse.wst.common.component
@@ -1,8 +1,7 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-    <wb-module deploy-name="moa-common">
-        <wb-resource deploy-path="/" source-path="/src/main/java"/>
-        <wb-resource deploy-path="/" source-path="/src/test/java"/>
-        <wb-resource deploy-path="/" source-path="/src/main/resources"/>
-    </wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+    <wb-module deploy-name="moa-common">
+        <wb-resource deploy-path="/" source-path="/src/main/java"/>
+        <wb-resource deploy-path="/" source-path="/src/main/resources"/>
+    </wb-module>
+</project-modules>
diff --git a/common/pom.xml b/common/pom.xml
index d95c642e8..93a4cb259 100644
--- a/common/pom.xml
+++ b/common/pom.xml
@@ -2,12 +2,12 @@
   <parent>
     <groupId>MOA</groupId>
     <artifactId>MOA</artifactId>
-    <version>1.4.6</version>
+    <version>1.4.7</version>
   </parent>
   <modelVersion>4.0.0</modelVersion>
   <groupId>MOA</groupId>
   <artifactId>moa-common</artifactId>
-  <version>1.4.6</version>
+  <version>1.4.7</version>
   <packaging>jar</packaging>
   <name>MOA common library</name>
 
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
index 993026c57..6a42720c0 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -74,7 +74,7 @@ public interface Constants {
 
   /** Local location of the MOA XML schema definition. */
   public static final String MOA_SCHEMA_LOCATION =
-    SCHEMA_ROOT + "MOA-SPSS-1.3.xsd";
+    SCHEMA_ROOT + "MOA-SPSS-1.4.7.xsd";
 
   /** URI of the MOA configuration XML namespace. */
   public static final String MOA_CONFIG_NS_URI =
@@ -92,11 +92,11 @@ public interface Constants {
 
   /** Local location of the MOA configuration XML schema definition. */
   public static final String MOA_CONFIG_SCHEMA_LOCATION =
-    SCHEMA_ROOT + "MOA-SPSS-config-1.4.5.xsd";
+    SCHEMA_ROOT + "MOA-SPSS-config-1.4.7.xsd";
 
   /** Local location of the MOA ID configuration XML schema definition. */
   public static final String MOA_ID_CONFIG_SCHEMA_LOCATION =
-    SCHEMA_ROOT + "MOA-ID-Configuration-1.4.3.xsd";
+    SCHEMA_ROOT + "MOA-ID-Configuration-1.4.7.xsd";
 
   /** URI of the Security Layer 1.0 namespace. */
   public static final String SL10_NS_URI =
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/StringUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/StringUtils.java
index 84f7e8f04..dbc2b5011 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/StringUtils.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/StringUtils.java
@@ -152,4 +152,18 @@ public class StringUtils {
     }
   }
   
+  /**
+   * Checks if String is empty
+   * @param s String to be checked if empty
+   * @return True if String is empty, false otherwise
+   */
+  public static boolean isEmpty(String s) {
+     if (s == null || s.length() == 0)
+        return true;
+     else
+        return false;
+     
+  }
+  
+  
 }
diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.7.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.7.xsd
new file mode 100644
index 000000000..dffca2167
--- /dev/null
+++ b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.7.xsd
@@ -0,0 +1,625 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSpy v2010 (http://www.altova.com) by ks (ks) -->
+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
+	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
+	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
+	<xsd:element name="Configuration">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="LoginType" type="LoginType" default="stateful"/>
+				<xsd:element name="Binding" minOccurs="0">
+					<xsd:simpleType>
+						<xsd:restriction base="xsd:string">
+							<xsd:enumeration value="full"/>
+							<xsd:enumeration value="userName"/>
+							<xsd:enumeration value="none"/>
+						</xsd:restriction>
+					</xsd:simpleType>
+				</xsd:element>
+				<xsd:choice>
+					<xsd:element ref="ParamAuth"/>
+					<xsd:element ref="BasicAuth"/>
+					<xsd:element ref="HeaderAuth"/>
+				</xsd:choice>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:simpleType name="LoginType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="stateless"/>
+			<xsd:enumeration value="stateful"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:element name="ParamAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="Parameter" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Parameter">
+		<xsd:complexType>
+			<xsd:attribute name="Name" type="xsd:token" use="required"/>
+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="BasicAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="UserID" type="MOAAuthDataType"/>
+				<xsd:element name="Password" type="MOAAuthDataType"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="HeaderAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="Header" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Header">
+		<xsd:complexType>
+			<xsd:attribute name="Name" type="xsd:token" use="required"/>
+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:simpleType name="MOAAuthDataType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="MOAGivenName"/>
+			<xsd:enumeration value="MOAFamilyName"/>
+			<xsd:enumeration value="MOADateOfBirth"/>
+			<xsd:enumeration value="MOABPK"/>
+			<xsd:enumeration value="MOAWBPK"/>
+			<xsd:enumeration value="MOAPublicAuthority"/>
+			<xsd:enumeration value="MOABKZ"/>
+			<xsd:enumeration value="MOAQualifiedCertificate"/>
+			<xsd:enumeration value="MOAStammzahl"/>
+			<xsd:enumeration value="MOAIdentificationValueType"/>
+			<xsd:enumeration value="MOAIPAddress"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="MOAKeyBoxSelector">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="SecureSignatureKeypair"/>
+			<xsd:enumeration value="CertifiedKeypair"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
+	<xsd:element name="MOA-IDConfiguration">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+				<xsd:element name="ProxyComponent" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>enthält Konfigurationsparameter der Proxy-Komponente</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:sequence>
+							<xsd:element name="AuthComponent">
+								<xsd:annotation>
+									<xsd:documentation>enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente</xsd:documentation>
+								</xsd:annotation>
+								<xsd:complexType>
+									<xsd:sequence>
+										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+											<xsd:annotation>
+												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
+											</xsd:annotation>
+										</xsd:element>
+									</xsd:sequence>
+								</xsd:complexType>
+							</xsd:element>
+						</xsd:sequence>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="OnlineApplication" maxOccurs="unbounded">
+					<xsd:annotation>
+						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:complexContent>
+							<xsd:extension base="OnlineApplicationType">
+								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
+								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
+								<xsd:attribute name="type" use="optional" default="publicService">
+									<xsd:simpleType>
+										<xsd:restriction base="xsd:NMTOKEN">
+											<xsd:enumeration value="businessService"/>
+											<xsd:enumeration value="publicService"/>
+										</xsd:restriction>
+									</xsd:simpleType>
+								</xsd:attribute>
+								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
+								<xsd:attribute name="friendlyName" type="xsd:string" use="optional"/>
+							</xsd:extension>
+						</xsd:complexContent>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="ChainingModes" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>spezifiziert den Algorithmus (&quot;pkix&quot; oder &quot;chaining&quot;) für die Zertifikatspfadvalidierung</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:sequence minOccurs="0" maxOccurs="unbounded">
+							<xsd:element name="TrustAnchor">
+								<xsd:annotation>
+									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden</xsd:documentation>
+								</xsd:annotation>
+								<xsd:complexType>
+									<xsd:complexContent>
+										<xsd:extension base="dsig:X509IssuerSerialType">
+											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>
+										</xsd:extension>
+									</xsd:complexContent>
+								</xsd:complexType>
+							</xsd:element>
+						</xsd:sequence>
+						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
+					<xsd:complexType>
+						<xsd:attribute name="name" use="required">
+							<xsd:simpleType>
+								<xsd:restriction base="xsd:string">
+									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
+									<xsd:enumeration value="AuthenticationSession.TimeOut"/>
+									<xsd:enumeration value="AuthenticationData.TimeOut"/>
+									<xsd:enumeration value="TrustManager.RevocationChecking"/>
+									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
+									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
+									<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>
+									<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>
+									<xsd:enumeration value="AuthenticationServer.SourceID"/>
+								</xsd:restriction>
+							</xsd:simpleType>
+						</xsd:attribute>
+						<xsd:attribute name="value" type="xsd:string" use="required"/>
+					</xsd:complexType>
+				</xsd:element>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="AuthComponentType">
+		<xsd:sequence>
+			<xsd:element name="BKUSelection" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
+					</xsd:sequence>
+					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+			<xsd:element name="SecurityLayer">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter für die Kommunikation mit dem Security-Layer</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="MOA-SP">
+				<xsd:annotation>
+					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema &quot;https&quot; verwendet müssen die Kind-Elemente angegeben werden; wird das Schema &quot;http&quot; verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+						<xsd:element name="VerifyIdentityLink">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die Überprüfung der Personenbindung</xsd:documentation>
+							</xsd:annotation>
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="TrustProfileID"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="VerifyAuthBlock">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die Überprüfung des AUTH-Blocks</xsd:documentation>
+							</xsd:annotation>
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="TrustProfileID"/>
+									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="IdentityLinkSigners" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Informationen über akzeptierte Signers des IdentityLinks</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
+							<xsd:annotation>
+								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="ForeignIdentities" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+							<xsd:annotation>
+								<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="TransformsInfoType">
+		<xsd:annotation>
+			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert</xsd:documentation>
+		</xsd:annotation>
+		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="TemplatesType">
+		<xsd:sequence>
+			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
+			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>
+			<xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="TemplateType">
+		<xsd:annotation>
+			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
+		</xsd:annotation>
+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="VerifyInfoboxesType">
+		<xsd:annotation>
+			<xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="DefaultTrustProfile" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="TrustProfileID"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="Infobox" type="InfoboxType" minOccurs="0" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="InfoboxType">
+		<xsd:annotation>
+			<xsd:documentation>Parameter zur Überprüfung einzelner Infoboxen</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: &quot;Stellvertretungen&quot; für &quot;Mandates&quot;; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>TrustProfil, das für die Überprüfung der Infobox verwendet werden soll</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
+			<xsd:element name="ApplicationSpecificParameters" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ParepSpecificParameters" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="EnableInfoboxValidator" minOccurs="0">
+							<xsd:annotation>
+								<xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox &quot;mandates&quot; abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox &quot;mandates&quot; relevant.</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+						<xsd:element name="PartyRepresentation" type="PartyRepresentationType">
+							<xsd:annotation>
+								<xsd:documentation>Eigentlicher Konfigurationsteil für berufliche Parteienvertretung</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+		<xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
+		<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+		<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+	</xsd:complexType>
+	<xsd:complexType name="SchemaLocationType">
+		<xsd:annotation>
+			<xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="Schema" maxOccurs="unbounded">
+				<xsd:complexType>
+					<xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
+					<xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ProxyComponentType"/>
+	<xsd:complexType name="OnlineApplicationType">
+		<xsd:sequence>
+			<xsd:element name="AuthComponent" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<!--xsd:element name="IdentificationNumber" minOccurs="0">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="pr:AbstractSimpleIdentification"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element-->
+						<xsd:element name="IdentificationNumber" minOccurs="0">
+							<xsd:complexType>
+								<xsd:choice>
+									<xsd:element ref="pr:Firmenbuchnummer"/>
+									<xsd:element ref="pr:ZMRzahl"/>
+									<xsd:element ref="pr:Vereinsnummer"/>
+									<xsd:element ref="pr:ERJPZahl"/>
+									<xsd:element name="AnyNumber">
+										<xsd:complexType>
+											<xsd:simpleContent>
+												<xsd:extension base="xsd:string">
+													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+												</xsd:extension>
+											</xsd:simpleContent>
+										</xsd:complexType>
+									</xsd:element>
+								</xsd:choice>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
+						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
+					</xsd:sequence>
+					<xsd:attribute name="slVersion" use="optional" default="1.1">
+						<xsd:simpleType>
+							<xsd:restriction base="xsd:string">
+								<xsd:enumeration value="1.1"/>
+								<xsd:enumeration value="1.2"/>
+							</xsd:restriction>
+						</xsd:simpleType>
+					</xsd:attribute>
+					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
+					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ProxyComponent" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
+					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
+					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
+					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
+					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
+				</xsd:complexType>
+			</xsd:element>
+			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ConnectionParameterServerAuthType">
+		<xsd:sequence>
+			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="ConnectionParameterClientAuthType">
+		<xsd:complexContent>
+			<xsd:extension base="ConnectionParameterServerAuthType">
+				<xsd:sequence>
+					<xsd:element name="ClientKeyStore" minOccurs="0">
+						<xsd:annotation>
+							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält</xsd:documentation>
+						</xsd:annotation>
+						<xsd:complexType>
+							<xsd:simpleContent>
+								<xsd:extension base="xsd:anyURI">
+									<xsd:attribute name="password" type="xsd:string" use="optional"/>
+								</xsd:extension>
+							</xsd:simpleContent>
+						</xsd:complexType>
+					</xsd:element>
+				</xsd:sequence>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:element name="TrustProfileID" type="xsd:string"/>
+	<xsd:simpleType name="ChainingModeType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="chaining"/>
+			<xsd:enumeration value="pkix"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="BKUSelectionType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="HTMLComplete"/>
+			<xsd:enumeration value="HTMLSelect"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:element name="CompatibilityMode" default="false">
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:element name="EnableInfoboxValidator" default="true">
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:element name="AlwaysShowForm" default="false">
+		<xsd:annotation>
+			<xsd:documentation>Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
+		</xsd:annotation>
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:complexType name="InputProcessorType">
+		<xsd:simpleContent>
+			<xsd:extension base="xsd:string">
+				<xsd:attribute name="template" type="xsd:anyURI" use="optional">
+					<xsd:annotation>
+						<xsd:documentation>Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll</xsd:documentation>
+					</xsd:annotation>
+				</xsd:attribute>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:complexType name="PartyRepresentationType">
+		<xsd:sequence>
+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="AlwaysShowForm" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID=&quot;*&quot; akzeptiert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="PartyRepresentativeType">
+		<xsd:sequence>
+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="AlwaysShowForm" minOccurs="0"/>
+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Optionale Verbindungsparameter zu speziellem (SZR-)Gateway</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="oid" use="required">
+			<xsd:annotation>
+				<xsd:documentation>OID der Parteienvertretung lt. &quot;Object Identifier der öffentlichen Verwaltung&quot; - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID &quot;*&quot; muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>
+			</xsd:annotation>
+			<!--xsd:simpleType>
+				<xsd:restriction/>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="1.2.40.0.10.3.1"/>
+					<xsd:enumeration value="1.2.40.0.10.3.2"/>
+					<xsd:enumeration value="1.2.40.0.10.3.3"/>
+					<xsd:enumeration value="1.2.40.0.10.3.10"/>
+					<xsd:enumeration value="1.2.40.0.10.3.10.IdentifiedVoiceChannel"/>
+				</xsd:restriction>
+			</xsd:simpleType-->
+		</xsd:attribute>
+		<xsd:attribute name="representPhysicalParty" use="optional" default="false">
+			<xsd:annotation>
+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist</xsd:documentation>
+			</xsd:annotation>
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:boolean"/>
+			</xsd:simpleType>
+		</xsd:attribute>
+		<xsd:attribute name="representCorporateParty" use="optional" default="false">
+			<xsd:annotation>
+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)</xsd:documentation>
+			</xsd:annotation>
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:boolean"/>
+			</xsd:simpleType>
+		</xsd:attribute>
+		<xsd:attribute name="representationText" use="optional">
+			<xsd:annotation>
+				<xsd:documentation>Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird</xsd:documentation>
+			</xsd:annotation>
+			<!--xsd:simpleType>
+				<xsd:restriction/>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"/>
+					<xsd:enumeration value="Organwalter"/>
+					<xsd:enumeration value="Parteienvertreter(in) über einen identifizierten Sprachkanal"/>
+				</xsd:restriction>
+			</xsd:simpleType-->
+		</xsd:attribute>
+	</xsd:complexType>
+</xsd:schema>
diff --git a/common/src/main/resources/resources/schemas/MOA-SPSS-1.4.7.xsd b/common/src/main/resources/resources/schemas/MOA-SPSS-1.4.7.xsd
new file mode 100644
index 000000000..e3b06b416
--- /dev/null
+++ b/common/src/main/resources/resources/schemas/MOA-SPSS-1.4.7.xsd
@@ -0,0 +1,486 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v2004 rel. 4 U (http://www.xmlspy.com) by Klaus Stranacher (ORiON) -->
+<!--
+  MOA SP/SS 1.3 Schema
+-->
+<xsd:schema targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+	<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+	<!--########## Create XML Signature ###-->
+	<!--### Create XML Signature Request ###-->
+	<xsd:element name="CreateXMLSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreateXMLSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreateXMLSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="DataObjectInfo" maxOccurs="unbounded">
+							<xsd:complexType>
+								<xsd:complexContent>
+									<xsd:extension base="DataObjectInfoType">
+										<xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>
+									</xsd:extension>
+								</xsd:complexContent>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="CreateSignatureInfo" minOccurs="0">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>
+									<xsd:choice>
+										<xsd:annotation>
+											<xsd:documentation>Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil</xsd:documentation>
+										</xsd:annotation>
+										<xsd:element ref="CreateSignatureEnvironmentProfile"/>
+										<xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>
+									</xsd:choice>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create XML Signature Response ###-->
+	<xsd:complexType name="CreateXMLSignatureResponseType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="SignatureEnvironment">
+				<xsd:annotation>
+					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:any namespace="##any" processContents="lax"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element ref="ErrorResponse"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>
+	<!--########## Verify CMS Signature ###-->
+	<!--### Verifiy CMS Signature Request ###-->
+	<xsd:element name="VerifyCMSSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="VerifyCMSSignatureRequestType">
+					<xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
+				</xsd:extension>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="VerifyCMSSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="CMSSignature" type="xsd:base64Binary"/>
+			<xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify CMS Signature Response ###-->
+	<xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>
+	<xsd:complexType name="VerifyCMSSignatureResponseType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SignatureCheck" type="CheckResultType"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+			<xsd:element name="TSLCheck" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+						<xsd:element name="Info" type="xsd:string" minOccurs="0"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Verify XML Signature ###-->
+	<!--### Verify XML Signature Request ###-->
+	<xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>
+	<xsd:complexType name="VerifyXMLSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="VerifySignatureInfo">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>
+						<xsd:element name="VerifySignatureLocation" type="xsd:token"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:choice minOccurs="0" maxOccurs="unbounded">
+				<xsd:element ref="SupplementProfile"/>
+				<xsd:element name="SupplementProfileID" type="xsd:string"/>
+			</xsd:choice>
+			<xsd:element name="SignatureManifestCheckParams" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">
+							<xsd:annotation>
+								<xsd:documentation>Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ReturnHashInputData" minOccurs="0"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify XML Signature Response ###-->
+	<xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>
+	<xsd:complexType name="VerifyXMLSignatureResponseType">
+		<xsd:sequence>
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
+			<xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
+			<xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+			<xsd:element name="TSLCheck" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+						<xsd:element name="Info" type="xsd:string" minOccurs="0"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:simpleType name="ProfileIdentifierType">
+		<xsd:restriction base="xsd:token"/>
+	</xsd:simpleType>
+	<xsd:complexType name="InputDataType">
+		<xsd:complexContent>
+			<xsd:extension base="ContentExLocRefBaseType">
+				<xsd:attribute name="PartOf" use="optional" default="SignedInfo">
+					<xsd:simpleType>
+						<xsd:restriction base="xsd:token">
+							<xsd:enumeration value="SignedInfo"/>
+							<xsd:enumeration value="XMLDSIGManifest"/>
+						</xsd:restriction>
+					</xsd:simpleType>
+				</xsd:attribute>
+				<xsd:attribute name="ReferringSigReference" type="xsd:nonNegativeInteger" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="MetaInfoType">
+		<xsd:sequence>
+			<xsd:element name="MimeType" type="MimeTypeType"/>
+			<xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>
+			<xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="FinalDataMetaInfoType">
+		<xsd:complexContent>
+			<xsd:extension base="MetaInfoType">
+				<xsd:sequence>
+					<xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>
+				</xsd:sequence>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="DataObjectInfoType">
+		<xsd:sequence>
+			<xsd:element name="DataObject">
+				<xsd:complexType>
+					<xsd:complexContent>
+						<xsd:extension base="ContentOptionalRefType"/>
+					</xsd:complexContent>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:choice>
+				<xsd:annotation>
+					<xsd:documentation>Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil</xsd:documentation>
+				</xsd:annotation>
+				<xsd:element ref="CreateTransformsInfoProfile"/>
+				<xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>
+			</xsd:choice>
+		</xsd:sequence>
+		<xsd:attribute name="Structure" use="required">
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="detached"/>
+					<xsd:enumeration value="enveloping"/>
+				</xsd:restriction>
+			</xsd:simpleType>
+		</xsd:attribute>
+	</xsd:complexType>
+	<xsd:complexType name="TransformsInfoType">
+		<xsd:sequence>
+			<xsd:element ref="dsig:Transforms" minOccurs="0"/>
+			<xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="XMLDataObjectAssociationType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+			<xsd:element name="Content" type="ContentRequiredRefType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectOptionalMetaType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+			<xsd:element name="Content" type="CMSContentBaseType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSContentBaseType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="CheckResultType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+			<xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ReferencesCheckResultType">
+		<xsd:complexContent>
+			<xsd:restriction base="CheckResultType">
+				<xsd:sequence>
+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+					<xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">
+		<xsd:complexContent mixed="true">
+			<xsd:restriction base="AnyChildrenType">
+				<xsd:sequence>
+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ManifestRefsCheckResultType">
+		<xsd:complexContent>
+			<xsd:restriction base="CheckResultType">
+				<xsd:sequence>
+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+					<xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">
+		<xsd:complexContent mixed="true">
+			<xsd:restriction base="AnyChildrenType">
+				<xsd:sequence>
+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<!--########## Error Response ###-->
+	<xsd:element name="ErrorResponse" type="ErrorResponseType">
+		<xsd:annotation>
+			<xsd:documentation>Resultat, falls die Signaturerstellung gescheitert ist</xsd:documentation>
+		</xsd:annotation>
+	</xsd:element>
+	<xsd:complexType name="ErrorResponseType">
+		<xsd:sequence>
+			<xsd:element name="ErrorCode" type="xsd:integer"/>
+			<xsd:element name="Info" type="xsd:string"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Auxiliary Types ###-->
+	<xsd:simpleType name="KeyIdentifierType">
+		<xsd:restriction base="xsd:string"/>
+	</xsd:simpleType>
+	<xsd:simpleType name="KeyStorageType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="Software"/>
+			<xsd:enumeration value="Hardware"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="MimeTypeType">
+		<xsd:restriction base="xsd:token"/>
+	</xsd:simpleType>
+	<xsd:complexType name="AnyChildrenType" mixed="true">
+		<xsd:sequence>
+			<xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="XMLContentType" mixed="true">
+		<xsd:complexContent mixed="true">
+			<xsd:extension base="AnyChildrenType">
+				<xsd:attribute ref="xml:space" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentBaseType">
+		<xsd:choice minOccurs="0">
+			<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+			<xsd:element name="XMLContent" type="XMLContentType"/>
+			<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:complexType name="ContentExLocRefBaseType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentBaseType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="XMLContent" type="XMLContentType"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentOptionalRefType">
+		<xsd:complexContent>
+			<xsd:extension base="ContentBaseType">
+				<xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentRequiredRefType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="XMLContent" type="XMLContentType"/>
+					<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+				</xsd:choice>
+				<xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="VerifyTransformsDataType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element ref="VerifyTransformsInfoProfile"/>
+			<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">
+				<xsd:annotation>
+					<xsd:documentation>Profilbezeichner für einen Transformationsweg</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="QualifiedCertificate"/>
+	<xsd:element name="PublicAuthority" type="PublicAuthorityType"/>
+	<xsd:complexType name="PublicAuthorityType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:string" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:simpleType name="SignatoriesType">
+		<xsd:union memberTypes="AllSignatoriesType">
+			<xsd:simpleType>
+				<xsd:list itemType="xsd:positiveInteger"/>
+			</xsd:simpleType>
+		</xsd:union>
+	</xsd:simpleType>
+	<xsd:simpleType name="AllSignatoriesType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="all"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:complexType name="CreateSignatureLocationType">
+		<xsd:simpleContent>
+			<xsd:extension base="xsd:token">
+				<xsd:attribute name="Index" type="xsd:integer" use="required"/>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:complexType name="TransformParameterType">
+		<xsd:choice minOccurs="0">
+			<xsd:annotation>
+				<xsd:documentation>Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="Base64Content" type="xsd:base64Binary">
+				<xsd:annotation>
+					<xsd:documentation>Der Transformationsparameter explizit angegeben.</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="Hash">
+				<xsd:annotation>
+					<xsd:documentation>Der Hashwert des Transformationsparameters.</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="dsig:DigestMethod"/>
+						<xsd:element ref="dsig:DigestValue"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:choice>
+		<xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:element name="CreateSignatureEnvironmentProfile">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>
+				<xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="VerifyTransformsInfoProfile">
+		<xsd:annotation>
+			<xsd:documentation>Explizite Angabe des Transformationswegs</xsd:documentation>
+		</xsd:annotation>
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="dsig:Transforms" minOccurs="0"/>
+				<xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">
+					<xsd:annotation>
+						<xsd:documentation>Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>
+	<xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>
+	<xsd:element name="CreateTransformsInfoProfile">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>
+				<xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+</xsd:schema>
diff --git a/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.7.xsd b/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.7.xsd
new file mode 100644
index 000000000..a61eed289
--- /dev/null
+++ b/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.7.xsd
@@ -0,0 +1,270 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v2004 rel. 4 U (http://www.xmlspy.com) by Klaus Stranacher (ORiON) -->
+<!--
+  MOA SP/SS 1.4.5 Configuration Schema
+-->
+<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified" xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+	<xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+	<xs:element name="MOAConfiguration">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="Common" minOccurs="0">
+					<xs:complexType>
+						<xs:sequence>
+							<xs:element name="HardwareCryptoModule" minOccurs="0" maxOccurs="unbounded">
+								<xs:complexType>
+									<xs:sequence>
+										<xs:element name="Name" type="xs:string"/>
+										<xs:element name="SlotId" type="xs:string" minOccurs="0"/>
+										<xs:element name="UserPIN" type="xs:string"/>
+									</xs:sequence>
+								</xs:complexType>
+							</xs:element>
+						</xs:sequence>
+					</xs:complexType>
+				</xs:element>
+				<xs:element name="SignatureCreation" minOccurs="0">
+					<xs:complexType>
+						<xs:sequence>
+							<xs:element name="KeyModules">
+								<xs:complexType>
+									<xs:choice maxOccurs="unbounded">
+										<xs:element name="HardwareKeyModule">
+											<xs:complexType>
+												<xs:sequence>
+													<xs:element name="Id" type="xs:token"/>
+													<xs:element name="Name" type="xs:string"/>
+													<xs:element name="SlotId" type="xs:string" minOccurs="0"/>
+													<xs:element name="UserPIN" type="xs:string"/>
+												</xs:sequence>
+											</xs:complexType>
+										</xs:element>
+										<xs:element name="SoftwareKeyModule">
+											<xs:complexType>
+												<xs:sequence>
+													<xs:element name="Id" type="xs:token"/>
+													<xs:element name="FileName" type="xs:string"/>
+													<xs:element name="Password" type="xs:string" minOccurs="0"/>
+												</xs:sequence>
+											</xs:complexType>
+										</xs:element>
+									</xs:choice>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="KeyGroup" maxOccurs="unbounded">
+								<xs:complexType>
+									<xs:sequence>
+										<xs:element name="Id" type="xs:token"/>
+										<xs:sequence maxOccurs="unbounded">
+											<xs:element name="Key">
+												<xs:complexType>
+													<xs:sequence>
+														<xs:element name="KeyModuleId" type="xs:token"/>
+														<xs:element name="KeyCertIssuerSerial" type="dsig:X509IssuerSerialType"/>
+													</xs:sequence>
+												</xs:complexType>
+											</xs:element>
+										</xs:sequence>
+									</xs:sequence>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="KeyGroupMapping" maxOccurs="unbounded">
+								<xs:complexType>
+									<xs:sequence>
+										<xs:element name="CustomerId" type="dsig:X509IssuerSerialType" minOccurs="0"/>
+										<xs:element name="KeyGroupId" type="xs:token" maxOccurs="unbounded"/>
+									</xs:sequence>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="XMLDSig">
+								<xs:complexType>
+									<xs:sequence>
+										<xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" minOccurs="0"/>
+										<xs:element name="DigestMethodAlgorithm" type="xs:anyURI" minOccurs="0"/>
+									</xs:sequence>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+							<xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+						</xs:sequence>
+					</xs:complexType>
+				</xs:element>
+				<xs:element name="SignatureVerification" minOccurs="0">
+					<xs:complexType>
+						<xs:sequence>
+							<xs:element name="CertificateValidation">
+								<xs:complexType>
+									<xs:sequence>
+										<xs:element name="PathConstruction">
+											<xs:complexType>
+												<xs:sequence>
+													<xs:element name="AutoAddCertificates" type="xs:boolean"/>
+													<xs:element name="UseAuthorityInformationAccess" type="xs:boolean"/>
+													<xs:element name="CertificateStore">
+														<xs:complexType>
+															<xs:choice>
+																<xs:element name="DirectoryStore">
+																	<xs:complexType>
+																		<xs:sequence>
+																			<xs:element name="Location" type="xs:token"/>
+																		</xs:sequence>
+																	</xs:complexType>
+																</xs:element>
+															</xs:choice>
+														</xs:complexType>
+													</xs:element>
+												</xs:sequence>
+											</xs:complexType>
+										</xs:element>
+										<xs:element name="PathValidation">
+											<xs:complexType>
+												<xs:sequence>
+													<xs:element name="ChainingMode">
+														<xs:complexType>
+															<xs:sequence>
+																<xs:element name="DefaultMode" type="config:ChainingModeType"/>
+																<xs:element name="TrustAnchor" minOccurs="0" maxOccurs="unbounded">
+																	<xs:complexType>
+																		<xs:sequence>
+																			<xs:element name="Identification" type="dsig:X509IssuerSerialType"/>
+																			<xs:element name="Mode" type="config:ChainingModeType"/>
+																		</xs:sequence>
+																	</xs:complexType>
+																</xs:element>
+															</xs:sequence>
+														</xs:complexType>
+													</xs:element>
+													<xs:element name="TrustProfile" maxOccurs="unbounded">
+														<xs:complexType>
+															<xs:sequence>
+																<xs:element name="Id" type="xs:token"/>
+																<xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>
+																<xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>
+																<xs:element name="TSLLocation" type="xs:anyURI" minOccurs="0"/>
+															</xs:sequence>
+														</xs:complexType>
+													</xs:element>
+												</xs:sequence>
+											</xs:complexType>
+										</xs:element>
+										<xs:element name="RevocationChecking">
+											<xs:complexType>
+												<xs:sequence>
+													<xs:element name="EnableChecking" type="xs:boolean"/>
+													<xs:element name="MaxRevocationAge" type="xs:integer"/>
+													<xs:element name="ServiceOrder" minOccurs="0">
+														<xs:complexType>
+															<xs:sequence maxOccurs="2">
+																<xs:element name="Service">
+																	<xs:simpleType>
+																		<xs:restriction base="xs:token">
+																			<xs:enumeration value="OCSP"/>
+																			<xs:enumeration value="CRL"/>
+																		</xs:restriction>
+																	</xs:simpleType>
+																</xs:element>
+															</xs:sequence>
+														</xs:complexType>
+													</xs:element>
+													<xs:element name="Archiving">
+														<xs:complexType>
+															<xs:sequence>
+																<xs:element name="EnableArchiving" type="xs:boolean"/>
+																<xs:element name="ArchiveDuration" type="xs:nonNegativeInteger" minOccurs="0"/>
+																<xs:element name="Archive" minOccurs="0">
+																	<xs:complexType>
+																		<xs:choice>
+																			<xs:element name="DatabaseArchive">
+																				<xs:complexType>
+																					<xs:sequence>
+																						<xs:element name="JDBCURL" type="xs:anyURI"/>
+																						<xs:element name="JDBCDriverClassName" type="xs:token"/>
+																					</xs:sequence>
+																				</xs:complexType>
+																			</xs:element>
+																		</xs:choice>
+																	</xs:complexType>
+																</xs:element>
+															</xs:sequence>
+														</xs:complexType>
+													</xs:element>
+													<xs:element name="DistributionPoint" minOccurs="0" maxOccurs="unbounded">
+														<xs:complexType>
+															<xs:sequence>
+																<xs:element name="CAIssuerDN" type="xs:token"/>
+																<xs:choice maxOccurs="unbounded">
+																	<xs:element name="CRLDP">
+																		<xs:complexType>
+																			<xs:sequence>
+																				<xs:element name="Location" type="xs:anyURI"/>
+																				<xs:element name="ReasonCode" minOccurs="0" maxOccurs="unbounded">
+																					<xs:simpleType>
+																						<xs:restriction base="xs:token">
+																							<xs:enumeration value="unused"/>
+																							<xs:enumeration value="keyCompromise"/>
+																							<xs:enumeration value="cACompromise"/>
+																							<xs:enumeration value="affiliationChanged"/>
+																							<xs:enumeration value="superseded"/>
+																							<xs:enumeration value="cessationOfOperation"/>
+																							<xs:enumeration value="certificateHold"/>
+																							<xs:enumeration value="privilegeWithdrawn"/>
+																							<xs:enumeration value="aACompromise"/>
+																						</xs:restriction>
+																					</xs:simpleType>
+																				</xs:element>
+																			</xs:sequence>
+																		</xs:complexType>
+																	</xs:element>
+																	<xs:element name="OCSPDP">
+																		<xs:complexType>
+																			<xs:sequence>
+																				<xs:element name="Location" type="xs:anyURI"/>
+																			</xs:sequence>
+																		</xs:complexType>
+																	</xs:element>
+																</xs:choice>
+															</xs:sequence>
+														</xs:complexType>
+													</xs:element>
+													<xs:element name="CrlRetentionIntervals" minOccurs="0">
+														<xs:complexType>
+															<xs:sequence maxOccurs="unbounded">
+																<xs:element name="CA">
+																	<xs:complexType>
+																		<xs:sequence>
+																			<xs:element name="X509IssuerName" type="xs:string"/>
+																			<xs:element name="Interval" type="xs:integer"/>
+																		</xs:sequence>
+																	</xs:complexType>
+																</xs:element>
+															</xs:sequence>
+														</xs:complexType>
+													</xs:element>
+												</xs:sequence>
+											</xs:complexType>
+										</xs:element>
+									</xs:sequence>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="VerifyTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+							<xs:element name="SupplementProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+							<xs:element name="PermitFileURIs" type="xs:boolean" default="false" minOccurs="0"/>
+						</xs:sequence>
+					</xs:complexType>
+				</xs:element>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:simpleType name="ChainingModeType">
+		<xs:restriction base="xs:string">
+			<xs:enumeration value="chaining"/>
+			<xs:enumeration value="pkix"/>
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:complexType name="ProfileType">
+		<xs:sequence>
+			<xs:element name="Id" type="xs:token"/>
+			<xs:element name="Location" type="xs:anyURI"/>
+		</xs:sequence>
+	</xs:complexType>
+</xs:schema>
diff --git a/id/history.txt b/id/history.txt
index fda9d59c4..00faecd7d 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -2,6 +2,13 @@ Dieses Dokument zeigt die Ver
 von MOA-ID auf.
 
 History MOA-ID:
+=====
+Version MOA-ID 1.4.7: Änderungen seit Version MOA-ID 1.4.6:
+
+- Fixed Bug #485 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
+- IAIK Libraries aktualisiert:
+	iaik-moa:           Version 1.27
+
 =====
 Version MOA-ID 1.4.6: Änderungen seit Version MOA-ID 1.4.5:
 
diff --git a/id/pom.xml b/id/pom.xml
index 04ce2712b..acb29f9e6 100644
--- a/id/pom.xml
+++ b/id/pom.xml
@@ -3,14 +3,14 @@
     <parent>
         <groupId>MOA</groupId>
         <artifactId>MOA</artifactId>
-        <version>1.4.6</version>
+        <version>1.4.7</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>MOA</groupId>
     <artifactId>id</artifactId>
     <packaging>pom</packaging>
-    <version>1.4.6</version>
+    <version>1.4.7</version>
     <name>MOA ID</name>
 
     <modules>
diff --git a/id/readme_1.4.7.txt b/id/readme_1.4.7.txt
new file mode 100644
index 000000000..5ce6ad552
--- /dev/null
+++ b/id/readme_1.4.7.txt
@@ -0,0 +1,304 @@
+===============================================================================
+MOA ID Version 1.4.7 - Wichtige Informationen zur Installation
+===============================================================================
+
+-------------------------------------------------------------------------------
+A. Neuerungen/Änderungen
+-------------------------------------------------------------------------------
+
+Mit MOA ID Version 1.4.7 wurden folgende Neuerungen eingeführt, die jetzt 
+erstmals in der Veröffentlichung enthalten sind (siehe auch history.txt im 
+gleichen Verzeichnis):
+
+- Fixed Bug #485 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
+- IAIK Libraries aktualisiert:
+	iaik-moa:           Version 1.27
+
+-------------------------------------------------------------------------------
+B. Durchführung eines Updates
+-------------------------------------------------------------------------------
+
+Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch
+eine Aktualisierung bestehender Installationen möglich.
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 1.4.5 oder 1.4.6
+...............................................................................
+
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.7.zip) in
+   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
+   bezeichnet.
+   Für MOA ID Proxy:
+   Entpacken Sie die Distribution von MOA ID Proxy (moa-id-proxy-1.4.7.zip) in
+   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_PROXY_INST 
+   bezeichnet.    
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
+   auch das komplette Verzeichnis moa-id-auth.
+   Für MOA ID Proxy:
+   Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Proxy
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-proxy.war als 
+   auch das komplette Verzeichnis moa-id-proxy.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+   CATALINA_HOME_ID/webapps.
+   Für MOA ID Proxy:
+   Kopieren Sie die Datei MOA_ID_PROXY_INST/moa-id-proxy.war nach
+   CATALINA_HOME_ID/webapps.
+   
+5. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+   Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 1.4.3 oder 1.4.4 
+...............................................................................
+
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.5.zip) in
+   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
+   bezeichnet.   
+   Für MOA ID Proxy:
+   Entpacken Sie die Distribution von MOA ID Proxy (moa-id-proxy-1.4.5.zip) in
+   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_PROXY_INST 
+   bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
+   auch das komplette Verzeichnis moa-id-auth.
+   Für MOA ID Proxy:
+   Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Proxy
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-proxy.war als 
+   auch das komplette Verzeichnis moa-id-proxy.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+   CATALINA_HOME_ID/webapps.
+   Für MOA ID Proxy:
+   Kopieren Sie die Datei MOA_ID_PROXY_INST/moa-id-proxy.war nach
+   CATALINA_HOME_ID/webapps.
+      
+5. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+   JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach.
+
+6. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\ext in das 
+   Verzeichnis JAVA_HOME\jre\lib\ext.
+
+7. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+   Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
+    
+...............................................................................
+B.2 Durchführung eines Updates von Version 1.4.1 oder 1.4.2 (incl. beta 1)
+...............................................................................
+
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.5.zip) in
+   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
+   bezeichnet.   
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
+   auch das komplette Verzeichnis moa-id-auth.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+   CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die vier Dateien aus dem Verzeichnis  
+   MOA_ID_AUTH_INST/conf/moa-id/transforms in das Verzeichnis transforms Ihres
+   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
+   davon ausgegangen).
+
+6. Kopieren Sie die vier Dateien aus dem Verzeichnis 
+   MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
+   Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_SPSS/conf/moa-spss, wobei 
+   CATALINA_HOME_SPSS für das Basisverzeichnis der Tomcat-Installation 
+   für MOA SPSS steht; wenn Sie MOA SPSS nicht als eigenes Webservice 
+   betreiben, sondern es von MOA ID über die API-Schnittstelle angesprochen
+   wird, lautet dieses Stammverzeichnis für gewöhnlich
+   CATALINA_HOME_ID/conf/moa-spss.
+
+7. Sichern Sie ihre MOA-ID Konfigurationsdatei. Kopieren Sie die 
+   Beispielkonfigurationsdateien aus dem Verzeichnis
+   MOA_ID_AUTH_INST/conf/moa-id/SampleMOA*.xml nach 
+   CATALINA_HOME_ID/conf/moa-id. 
+   Verwenden Sie in Ihrer Installation bereits die Vollmachtenprüfung, so 
+   verschieben Sie bitte in der MOA-ID Installationsdatei das Element 
+   <CompatibilityMode> innerhalb des Konfigurationsteiles für die berufliche 
+   Parteienvertreung (ParepSpecificParameters) unter das Element 
+   ApplicationSpecificParameters.
+
+8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+   Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
+
+...............................................................................
+B.3 Durchführung eines Updates von Version 1.3.1, 1.3.2 oder 1.3.3
+...............................................................................
+
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+   
+2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.5.zip) in
+   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
+   bezeichnet.
+
+3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+   JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach.
+
+4. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\ext in das 
+   Verzeichnis JAVA_HOME\jre\lib\ext.
+
+5. Erstellen Sie eine Sicherungskopie aller Dateien im Verzeichnis 
+   CATALINA_HOME\common\endorsed und löschen Sie die dort eventuell vorhandene 
+   Dateien xmlParserAPIs.jar
+
+6. Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\endorsed
+   in das Verzeichnis CATALINA_HOME\common\endorsed. Überschreiben Sie dabei
+   etwaige gleichnamige Dateien.
+
+7. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
+   auch das komplette Verzeichnis moa-id-auth.
+
+8. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+   CATALINA_HOME_ID/webapps.
+
+9. Kopieren Sie die vier Dateien aus dem Verzeichnis  
+   MOA_ID_AUTH_INST/conf/moa-id/transforms in das Verzeichnis transforms Ihres
+   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
+   davon ausgegangen).
+
+10.Kopieren Sie die vier Dateien aus dem Verzeichnis 
+   MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
+   Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_SPSS/conf/moa-spss, wobei 
+   CATALINA_HOME_SPSS für das Basisverzeichnis der Tomcat-Installation 
+   für MOA SPSS steht; wenn Sie MOA SPSS nicht als eigenes Webservice 
+   betreiben, sondern es von MOA ID über dmie API-Schnittstelle angesprochen
+   wird, lautet dieses Stammverzeichnis für gewöhnlich
+   CATALINA_HOME_ID/conf/moa-spss; in weiterer Folge wird von letzterer 
+   Variante ausgegangen).   
+
+11.Update des Cert-Stores.
+   Kopieren Sie den Inhalt des Verzeichnisses
+   MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+   CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie 
+   vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann 
+   bejahen sie das.
+
+12.Sollen zusätzliche Templates für ältere Bürgerkartenumgebungen aktiviert
+   werden, öffnen Sie die XML-Konfiguration von MOA ID (für gewöhnlich finden 
+   Sie diese XML-Datei direkt im Stammverzeichnis für die MOA ID Konfiguration, 
+   z.B. CATALINA_HOME_ID/conf/moa-id/SampleMOAIDConfiguration.xml); führen Sie 
+   folgende Modifikationen an der XML-Konfiguration durch:
+   
+   a. Ändern Sie die applikationsübergreifende Konfiguration der AuthBlock
+      Transformationen. Sie finden diese Konfiguration im XML-Element
+      /MOA-IDConfiguration/AuthComponent/SecurityLayer. Fügen Sie zusätzlich zum
+      bisherigen Inhalt dieses Elements (für gewöhnlich ein Element
+      TransformsInfo, dessen Attribut filname den Wert
+      transforms/TransformsInfoAuthBlockText.xml aufweist) ein Element 
+      TransformsInfo an, dessen Attribut filename auf die Datei für ältere BKU 
+      zeigt. Sie können auch auf die vordefinierten Elemente aus den 
+      Musterkonfigurationen dieser Distribution (
+      MOA_ID_AUTH_INST/conf/moa-id/SampleMOAIDConfiguration.xml) zurückgreifen.
+
+   b. Fügen Sie Profilbezeichner für die Transformationsprofile in der
+      Konfiguration für MOA SP an. Sie finden diesen Bezeichner im XML-
+      Element /MOA-IDConfiguration/AuthComponent/MOA-SP/VerifyAuthBlock.
+      Hängen Sie ein Element VerifyTransformsInfoProfileID an, das für die Über-
+      prüfung der Transformation älterer BKU vorgesehen ist.
+      Siehe auch Inhalt des Elements VerifyAuthBlock aus der Musterkonfiguration 
+      dieser Distribution (
+      MOA_ID_AUTH_INST/conf/moa-id/SampleMOAIDConfiguration.xml).
+
+   c. Ändern Sie gegebenenfalls die applikationsspezifische Konfiguration
+      der Authblock-Tranformationen. Führen Sie dazu die folgende Tätigkeit
+      für jedes XML-Element /MOA-IDConfiguration/OnlineApplicaton/AuthComponent
+      durch: Fügen Sie zusätzlich zu einem bestehenden Element TransformsInfo 
+      ein Elemnet TransformsInfo an, das die Transformation für ältere BKU 
+      enthält - gleich wie dies bereits in Schritt a. durchgeführt wurde (wenn 
+      Sie dieses Element nicht vorfinden, oder es auskommentiert ist, muss 
+      Schritt c. nicht durchgeführt werden).
+
+   Öffnen Sie die XML-Konfiguration von MOA SPSS (für gewöhnlich finden Sie 
+   XML-Datei direkt im Stammverzeichnisses für die MOA SPSS Konfiguration, z.B.
+   CATALINA_HOME_ID/conf/moa-spss/SampleMOASPSSConfiguration.xml); führen Sie 
+   folgende Modifikationen an der XML-Konfiguration durch:
+
+   a. Ändern Sie die konfigurierten Profile für die zulässigen Transformationen
+      über die signierten Daten. Sie finden diese Profile am Ende der XML-Konfi-
+      guration von MOA SPSS (Elemente des Namens 
+      cfg:VerifyTransformsInfoProfile). Fügen Sie zusätzlich zu den vorkommenden 
+      Elementen dieses Namens (für gewöhnlich zwei Elemente) zwei weitere 
+      Elemente dieses Namens hinzu, die die Profile für die älteren Bürger-
+      kartenumgebungen aufnehmen - diese sind durch den Namensteil "_deprecated" 
+      gekennzeichnet (siehe auch Musterkonfigurationen dieser Distribution 
+      MOA_ID_AUTH_INST/conf/moa-spss/SampleMOASPSSConfiguration.xml).
+
+13.Update der Trust-Profile. Achten sie bei Case-sensitiven Betriebssystemen auf 
+   die Profilbezeichnungen. Aus trustprofiles wurde trustProfiles.  
+   Wenn Sie Ihre alten Trust-Profile durch die neuen ersetzen wollen, dann gehen  
+   Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile beibehalten 
+   wollen, dann gehen Sie vor, wie in Punkt b).
+
+   a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+    1)  Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+    2)  Kopieren Sie das Verzeichnis 
+        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis 
+        CATALINA_HOME\conf\moa-spss.
+
+   b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie folgt
+      vor, um die Profile auf den aktuellen Stand zu bringen:
+
+    1)  Benennen Sie ein eventuell vorhandenes Verzeichnis trustprofiles in
+        trustProfiles um (vergessen Sie nicht, diese Änderung in Ihrer MOA-SP/SS
+        Konfigurationsdatei ebenfalls zu berücksichtigen und benennen Sie dort 
+        alle gleichartigen Vorkommen von trustprofiles in trustProfiles um)
+
+    2)  Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den 
+        entsprechenden Profilen im Verzeichnis 
+        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren 
+        Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt der 
+        einzelnen Profile aus der Distribution (
+        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden 
+        Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) 
+        kopieren und dabei die vorhandenen gleichnamigen Zertifikate 
+        überschreiben), also z.B: Kopieren des Inhalts von 
+        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach 
+        CATALINA_HOME\conf\moa-spss\trustProfiles\
+        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+14.Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+   Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
+
+...............................................................................
+B.4 Durchführung eines Updates von einer älteren Version
+...............................................................................
+
+Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen
+Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter 
+Zuhilfenahme Ihrer bisherigen Konfiguration an.
+
diff --git a/id/server/auth/.settings/org.eclipse.wst.common.component b/id/server/auth/.settings/org.eclipse.wst.common.component
index b116cf610..6e8785869 100644
--- a/id/server/auth/.settings/org.eclipse.wst.common.component
+++ b/id/server/auth/.settings/org.eclipse.wst.common.component
@@ -1,18 +1,18 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-<wb-module deploy-name="moa-id-auth">
-<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
-        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
-        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
-            <dependency-type>uses</dependency-type>
-        </dependent-module>
-        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
-            <dependency-type>uses</dependency-type>
-        </dependent-module>
-        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
-            <dependency-type>uses</dependency-type>
-        </dependent-module>
-<property name="java-output-path" value="target/classes"/>
-        <property name="context-root" value="moa-id-auth"/>
-</wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+<wb-module deploy-name="moa-id-auth">
+<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
+        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
+            <dependency-type>uses</dependency-type>
+        </dependent-module>
+        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
+            <dependency-type>uses</dependency-type>
+        </dependent-module>
+        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
+            <dependency-type>uses</dependency-type>
+        </dependent-module>
+<property name="java-output-path" value="target/classes"/>
+        <property name="context-root" value="moa-id-auth"/>
+</wb-module>
+</project-modules>
diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml
index e24b3273b..ed9e68aa7 100644
--- a/id/server/auth/pom.xml
+++ b/id/server/auth/pom.xml
@@ -2,14 +2,14 @@
 	<parent>
 		<groupId>MOA.id</groupId>
 		<artifactId>moa-id</artifactId>
-		<version>1.4.6</version>
+		<version>1.4.7</version>
 	</parent>
 	
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>MOA.id.server</groupId>
 	<artifactId>moa-id-auth</artifactId>
 	<packaging>war</packaging>
-	<version>1.4.6</version>
+	<version>1.4.7</version>
 	<name>MOA ID-Auth WebService</name>
 	
 	<properties>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index 5c729ef19..e1261b819 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -22,6 +22,18 @@
 		<description>Verify identity link coming from security layer</description>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet</servlet-class>
 	</servlet>
+	<servlet>
+		<servlet-name>VerifyCertificate</servlet-name>
+		<display-name>VerifyCertificate</display-name>
+		<description>Verify the certificate coming from security layer</description>
+		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet</servlet-class>
+	</servlet>
+	<servlet>
+		<servlet-name>GetForeignID</servlet-name>
+		<display-name>GetForeignID</display-name>
+		<description>Gets the foreign eID from security layer</description>
+		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet</servlet-class>
+	</servlet>
     <servlet>
         <servlet-name>ProcessInput</servlet-name>
         <display-name>ProcessInput</display-name>
@@ -76,6 +88,16 @@
 		<servlet-name>VerifyIdentityLink</servlet-name>
 		<url-pattern>/VerifyIdentityLink</url-pattern>
 	</servlet-mapping>
+		<servlet-mapping>
+		<servlet-name>VerifyCertificate</servlet-name>
+		<url-pattern>/VerifyCertificate</url-pattern>
+	</servlet-mapping>
+	
+	<servlet-mapping>
+		<servlet-name>GetForeignID</servlet-name>
+		<url-pattern>/GetForeignID</url-pattern>
+	</servlet-mapping>
+	
 	<servlet-mapping>
 		<servlet-name>ProcessInput</servlet-name>
 		<url-pattern>/ProcessInput</url-pattern>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index 4de75a2af..f8f6f2677 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -18,6 +18,9 @@
     </Templates>
     <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
     <SecurityLayer>
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
       <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
       <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
       <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
@@ -61,6 +64,9 @@
         <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
         <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
         <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+        <!-- Für TransformsInfoProfile in Tabellenform -->
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
       </VerifyAuthBlock>
     </MOA-SP>
     
@@ -123,7 +129,7 @@
 
   <!-- Eintragung fuer jede Online-Applikation -->
   <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
-  <OnlineApplication publicURLPrefix="https://localhost:8443/">
+  <OnlineApplication publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
     <!-- fuer MOA-ID-AUTH -->
     <AuthComponent slVersion="1.2">
       <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index 3e51b28fd..b6a0ed6a2 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -18,10 +18,13 @@
     </Templates>
     <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
     <SecurityLayer>
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>      
       <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
       <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
       <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
       <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
       <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
@@ -49,6 +52,9 @@
         <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
         <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
         <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+        <!-- Für TransformsInfoProfile in Tabellenform -->
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
       </VerifyAuthBlock>
     </MOA-SP>
     
@@ -122,7 +128,7 @@
   
   <!-- Eintragung fuer jede Online-Applikation -->
   <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
-  <OnlineApplication publicURLPrefix="https://localhost:8443/">
+  <OnlineApplication publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
     <!-- fuer MOA-ID-AUTH -->
     <AuthComponent slVersion="1.2">
       <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 013487953..f25557ea2 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -20,10 +20,13 @@
     </Templates>
     <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
     <SecurityLayer>
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>      
       <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
       <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
       <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
       <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
       <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
@@ -52,6 +55,9 @@
         <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
         <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
         <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+        <!-- Für TransformsInfoProfile in Tabellenform -->
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
       </VerifyAuthBlock>
     </MOA-SP>
 
@@ -120,7 +126,7 @@
 
   <!-- Eintragung fuer jede Online-Applikation -->
   <!--  publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden  -->
-  <OnlineApplication publicURLPrefix="https://localhost:8443/">
+  <OnlineApplication publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
     <!-- fuer MOA-ID-AUTH -->
     <AuthComponent slVersion="1.2">
       <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index 33e812767..81a3d02ca 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -19,10 +19,13 @@
     </Templates>
     <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
     <SecurityLayer>
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>      
       <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
       <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
       <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
       <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
       <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
@@ -51,6 +54,9 @@
         <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
         <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
         <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+        <!-- Für TransformsInfoProfile in Tabellenform -->
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
       </VerifyAuthBlock>
     </MOA-SP>
 
@@ -130,7 +136,7 @@
 
   <!-- Eintragung fuer jede Online-Applikation -->
   <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
-  <OnlineApplication publicURLPrefix="https://localhost:8443/">
+  <OnlineApplication publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
     <!-- fuer MOA-ID-AUTH -->
     <AuthComponent slVersion="1.2">
       <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index 3d2ccec9f..d6755f14f 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -18,10 +18,13 @@
     </Templates>
     <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
     <SecurityLayer>
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>      
       <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
       <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
       <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
       <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
       <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
@@ -49,6 +52,9 @@
         <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
         <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
         <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+        <!-- Für TransformsInfoProfile in Tabellenform -->
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
       </VerifyAuthBlock>
     </MOA-SP>
     
@@ -109,7 +115,7 @@
   
   <!-- Eintragung fuer jede Online-Applikation -->
   <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
-  <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
+  <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
     <!-- fuer MOA-ID-AUTH WID Modus -->
     <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
       <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index 69f2e17e1..163de5cdb 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -18,10 +18,13 @@
     </Templates>
     <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
     <SecurityLayer>
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>      
       <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
       <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
       <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
       <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
       <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
@@ -49,6 +52,9 @@
         <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
         <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
         <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+        <!-- Für TransformsInfoProfile in Tabellenform -->
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
       </VerifyAuthBlock>
     </MOA-SP>
     
@@ -120,7 +126,7 @@
   
   <!-- Eintragung fuer jede Online-Applikation -->
   <!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
-  <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
+  <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
     <!-- fuer MOA-ID-AUTH WID Modus -->
     <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
       <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index 116485d33..965222fd0 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -19,10 +19,13 @@
     </Templates>
     <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
     <SecurityLayer>
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>      
       <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
       <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
       <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
       <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
       <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
@@ -51,6 +54,9 @@
         <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
         <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
         <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+        <!-- Für TransformsInfoProfile in Tabellenform -->
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
       </VerifyAuthBlock>
     </MOA-SP>
 
@@ -117,7 +123,7 @@
   
   <!-- Eintragung fuer jede Online-Applikation -->
   <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
-  <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
+  <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
     <!-- fuer MOA-ID-AUTH WID Modus -->
     <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
       <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 5a158951d..545cc892b 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -19,10 +19,13 @@
     </Templates>
     <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
     <SecurityLayer>
+      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>      
       <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
       <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
       <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
       <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
       <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
@@ -51,6 +54,9 @@
         <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
         <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
         <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+        <!-- Für TransformsInfoProfile in Tabellenform -->
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
       </VerifyAuthBlock>
     </MOA-SP>
 
@@ -128,7 +134,7 @@
 
   <!-- Eintragung fuer jede Online-Applikation -->
   <!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
-  <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
+  <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
     <!-- fuer MOA-ID-AUTH WID Modus -->
     <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
       <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
new file mode 100644
index 000000000..240126693
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
@@ -0,0 +1,161 @@
+<sl10:TransformsInfo>
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+				<xsl:output method="xml" xml:space="default"/>
+				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+					<html>
+						<head>
+							<title>Signatur der Anmeldedaten</title>
+							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
+							.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: x-small; } 
+							.h4style{ font-family: Verdana; }
+              table.parameters { font-size: x-small; }                                                                        
+              </style>
+						</head>
+						<body>																					
+							<h4 class="h4style">Anmeldedaten:</h4>																					
+							
+							<p class="titlestyle">Daten zur Person</p>																					
+							<table class="parameters">                		    						
+								<xsl:if test="normalize-space(//@Issuer)">
+			      						<tr>
+			      							<td class="italicstyle">Name:</td>
+			      							<td>
+			      								<xsl:value-of select="//@Issuer"/>
+			      							</td>
+			      						</tr>
+		      						</xsl:if>
+			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+			      						<tr>
+			      							<td class="italicstyle">Geburtsdatum:</td>
+			      							<td>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+			      							</td>
+			      						</tr>
+			      					</xsl:if>
+			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">Rolle:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
+			      						</tr>
+			      					</xsl:if>
+							</table>
+							
+							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+								<hr/>								
+									<xsl:text>Ich bin weiters ermächtigt als </xsl:text> 
+									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+									<xsl:text> von </xsl:text>
+									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+										<xsl:text>, geboren am </xsl:text> 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+										<xsl:text>, </xsl:text>
+										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+									</xsl:if>
+									<xsl:text>, in deren Auftrag zu handeln.</xsl:text>																
+								<p/>
+							</xsl:if>
+														                
+              <p class="titlestyle">Daten zur Anwendung</p>     																												
+							<table class="parameters">							  
+                <tr>
+		      							<td class="italicstyle">Name:</td>
+		      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
+								</tr>								
+		    						<tr>
+		      							<td class="italicstyle">Staat:</td>
+		      							<td>Österreich</td>
+		    						</tr>        																
+							</table>													
+														
+							<p class="titlestyle">Technische Parameter</p>     	
+							<table class="parameters">														 
+								<tr>
+		    							<td class="italicstyle">URL:</td>
+		    							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+			      						<tr>
+			      							<td class="italicstyle">Bereich:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
+			      						</tr>
+      								</xsl:if>
+      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+			      						<tr>
+			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
+			      						</tr>
+      								</xsl:if>    
+		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifikator:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							</td>			      															
+			      						</tr>
+		    						</xsl:if>  
+		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifikator des Vollmachtgebers:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+			      							</td>			      															
+			      						</tr>
+		    						</xsl:if>		    						
+                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">OID:</td>
+			      							<td>
+			      								<xsl:value-of
+			      									select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>			      								
+			      							</td>
+			      						</tr>
+			      					</xsl:if> 
+								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+			      						<tr>
+			      							<td class="italicstyle">HPI:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
+			      						</tr>
+								</xsl:if>     
+								<tr>
+		    							<td class="italicstyle">Datum:</td>
+		    							<td>
+		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+		    							</td>
+		    						</tr>
+		    						<tr>
+		    							<td class="italicstyle">Uhrzeit:</td>
+		    							<td>
+		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+		    							</td>
+    								</tr>
+							</table>																																			
+						</body>
+					</html>
+				</xsl:template>
+			</xsl:stylesheet>
+		</dsig:Transform>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+	</dsig:Transforms>
+	<sl10:FinalDataMetaInfo>
+		<sl10:MimeType>application/xhtml+xml</sl10:MimeType>
+	</sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
new file mode 100644
index 000000000..d30dbb42f
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
@@ -0,0 +1,161 @@
+<sl10:TransformsInfo>
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+				<xsl:output method="xml" xml:space="default"/>
+				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+					<html>
+						<head>
+							<title>Signatur der Anmeldedaten</title>
+							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
+							.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: x-small; } 
+							.h4style{ font-family: Verdana; }
+              table.parameters { font-size: x-small; }                                                                        
+              </style>
+						</head>
+						<body>																					
+							<h4 class="h4style">Authentication Data:</h4>																					
+							
+							<p class="titlestyle">Personal Data</p>																					
+							<table class="parameters">                		    						
+								<xsl:if test="normalize-space(//@Issuer)">
+			      						<tr>
+			      							<td class="italicstyle">Name:</td>
+			      							<td>
+			      								<xsl:value-of select="//@Issuer"/>
+			      							</td>
+			      						</tr>
+		      						</xsl:if>
+			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+			      						<tr>
+			      							<td class="italicstyle">Date of Birth:</td>
+			      							<td>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+			      							</td>
+			      						</tr>
+			      					</xsl:if>
+			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">Role:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
+			      						</tr>
+			      					</xsl:if>
+							</table>
+							
+							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+								<hr/>								
+									<xsl:text>I am also authorized as </xsl:text> 
+									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+									<xsl:text> of </xsl:text>
+									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+										<xsl:text>, born on </xsl:text> 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+										<xsl:text>, </xsl:text>
+										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+									</xsl:if>
+									<xsl:text>, to act on their behalf.</xsl:text>																
+								<p/>
+							</xsl:if>
+														                
+              <p class="titlestyle">Application Data</p>     																												
+							<table class="parameters">							  
+                <tr>
+		      							<td class="italicstyle">Name:</td>
+		      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
+								</tr>								
+		    						<tr>
+		      							<td class="italicstyle">Country:</td>
+		      							<td>Austria</td>
+		    						</tr>        																
+							</table>													
+														
+							<p class="titlestyle">Technical Parameters</p>     	
+							<table class="parameters">														 
+								<tr>
+		    							<td class="italicstyle">URL:</td>
+		    							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+			      						<tr>
+			      							<td class="italicstyle">Sector:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
+			      						</tr>
+      								</xsl:if>
+      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+			      						<tr>
+			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
+			      						</tr>
+      								</xsl:if>    
+		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifier:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							</td>			      															
+			      						</tr>
+		    						</xsl:if>  
+		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifier of the principal:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+			      							</td>			      															
+			      						</tr>
+		    						</xsl:if>		    						
+                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">OID:</td>
+			      							<td>
+			      								<xsl:value-of
+			      									select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>			      								
+			      							</td>
+			      						</tr>
+			      					</xsl:if> 
+								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+			      						<tr>
+			      							<td class="italicstyle">HPI:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
+			      						</tr>
+								</xsl:if>     
+								<tr>
+		    							<td class="italicstyle">Date:</td>
+		    							<td>
+		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+		    							</td>
+		    						</tr>
+		    						<tr>
+		    							<td class="italicstyle">Time:</td>
+		    							<td>
+		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+		    							</td>
+    								</tr>
+							</table>																																			
+						</body>
+					</html>
+				</xsl:template>
+			</xsl:stylesheet>
+		</dsig:Transform>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+	</dsig:Transforms>
+	<sl10:FinalDataMetaInfo>
+		<sl10:MimeType>application/xhtml+xml</sl10:MimeType>
+	</sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
index 62337d0fb..22525e2e4 100644
--- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
@@ -79,5 +79,13 @@
 			<cfg:Id>MOAIDTransformAuthBlockTextPlain</cfg:Id>
 			<cfg:Location>profiles/MOAIDTransformAuthBlockTextPlain.xml</cfg:Location>
 		</cfg:VerifyTransformsInfoProfile>
+		<cfg:VerifyTransformsInfoProfile>
+			<cfg:Id>MOAIDTransformAuthBlockTable_DE</cfg:Id>
+			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE.xml</cfg:Location>
+		</cfg:VerifyTransformsInfoProfile>
+		<cfg:VerifyTransformsInfoProfile>
+			<cfg:Id>MOAIDTransformAuthBlockTable_EN</cfg:Id>
+			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_EN.xml</cfg:Location>
+		</cfg:VerifyTransformsInfoProfile>
 	</cfg:SignatureVerification>
 </cfg:MOAConfiguration>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
new file mode 100644
index 000000000..5640412da
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
@@ -0,0 +1,159 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+				<xsl:output method="xml" xml:space="default"/>
+				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+					<html>
+						<head>
+							<title>Signatur der Anmeldedaten</title>
+							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
+							.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: x-small; } 
+							.h4style{ font-family: Verdana; }
+              table.parameters { font-size: x-small; }                                                                        
+              </style>
+						</head>
+						<body>																					
+							<h4 class="h4style">Anmeldedaten:</h4>																					
+							
+							<p class="titlestyle">Daten zur Person</p>																					
+							<table class="parameters">                		    						
+								<xsl:if test="normalize-space(//@Issuer)">
+			      						<tr>
+			      							<td class="italicstyle">Name:</td>
+			      							<td>
+			      								<xsl:value-of select="//@Issuer"/>
+			      							</td>
+			      						</tr>
+		      						</xsl:if>
+			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+			      						<tr>
+			      							<td class="italicstyle">Geburtsdatum:</td>
+			      							<td>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+			      							</td>
+			      						</tr>
+			      					</xsl:if>
+			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">Rolle:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
+			      						</tr>
+			      					</xsl:if>
+							</table>
+							
+							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+								<hr/>								
+									<xsl:text>Ich bin weiters ermächtigt als </xsl:text> 
+									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+									<xsl:text> von </xsl:text>
+									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+										<xsl:text>, geboren am </xsl:text> 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+										<xsl:text>, </xsl:text>
+										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+									</xsl:if>
+									<xsl:text>, in deren Auftrag zu handeln.</xsl:text>																
+								<p/>
+							</xsl:if>
+														                
+              <p class="titlestyle">Daten zur Anwendung</p>     																												
+							<table class="parameters">							  
+                <tr>
+		      							<td class="italicstyle">Name:</td>
+		      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
+								</tr>								
+		    						<tr>
+		      							<td class="italicstyle">Staat:</td>
+		      							<td>Österreich</td>
+		    						</tr>        																
+							</table>													
+														
+							<p class="titlestyle">Technische Parameter</p>     	
+							<table class="parameters">														 
+								<tr>
+		    							<td class="italicstyle">URL:</td>
+		    							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+			      						<tr>
+			      							<td class="italicstyle">Bereich:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
+			      						</tr>
+      								</xsl:if>
+      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+			      						<tr>
+			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
+			      						</tr>
+      								</xsl:if>    
+		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifikator:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							</td>			      															
+			      						</tr>
+		    						</xsl:if>  
+		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifikator des Vollmachtgebers:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+			      							</td>			      															
+			      						</tr>
+		    						</xsl:if>		    						
+                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">OID:</td>
+			      							<td>
+			      								<xsl:value-of
+			      									select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>			      								
+			      							</td>
+			      						</tr>
+			      					</xsl:if> 
+								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+			      						<tr>
+			      							<td class="italicstyle">HPI:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
+			      						</tr>
+								</xsl:if>     
+								<tr>
+		    							<td class="italicstyle">Datum:</td>
+		    							<td>
+		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+		    							</td>
+		    						</tr>
+		    						<tr>
+		    							<td class="italicstyle">Uhrzeit:</td>
+		    							<td>
+		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+		    							</td>
+    								</tr>
+							</table>																																			
+						</body>
+					</html>
+				</xsl:template>
+			</xsl:stylesheet>
+		</dsig:Transform>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+	</dsig:Transforms>
+</VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
new file mode 100644
index 000000000..b9c613e2d
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
@@ -0,0 +1,159 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+				<xsl:output method="xml" xml:space="default"/>
+				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+					<html>
+						<head>
+							<title>Signatur der Anmeldedaten</title>
+							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
+							.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: x-small; } 
+							.h4style{ font-family: Verdana; }
+              table.parameters { font-size: x-small; }                                                                        
+              </style>
+						</head>
+						<body>																					
+							<h4 class="h4style">Authentication Data:</h4>																					
+							
+							<p class="titlestyle">Personal Data</p>																					
+							<table class="parameters">                		    						
+								<xsl:if test="normalize-space(//@Issuer)">
+			      						<tr>
+			      							<td class="italicstyle">Name:</td>
+			      							<td>
+			      								<xsl:value-of select="//@Issuer"/>
+			      							</td>
+			      						</tr>
+		      						</xsl:if>
+			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+			      						<tr>
+			      							<td class="italicstyle">Date of Birth:</td>
+			      							<td>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+			      							</td>
+			      						</tr>
+			      					</xsl:if>
+			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">Role:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
+			      						</tr>
+			      					</xsl:if>
+							</table>
+							
+							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+								<hr/>								
+									<xsl:text>I am also authorized as </xsl:text> 
+									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+									<xsl:text> of </xsl:text>
+									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+										<xsl:text>, born on </xsl:text> 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+										<xsl:text>, </xsl:text>
+										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+									</xsl:if>
+									<xsl:text>, to act on their behalf.</xsl:text>																
+								<p/>
+							</xsl:if>
+														                
+              <p class="titlestyle">Application Data</p>     																												
+							<table class="parameters">							  
+                <tr>
+		      							<td class="italicstyle">Name:</td>
+		      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
+								</tr>								
+		    						<tr>
+		      							<td class="italicstyle">Country:</td>
+		      							<td>Austria</td>
+		    						</tr>        																
+							</table>													
+														
+							<p class="titlestyle">Technical Parameters</p>     	
+							<table class="parameters">														 
+								<tr>
+		    							<td class="italicstyle">URL:</td>
+		    							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+			      						<tr>
+			      							<td class="italicstyle">Sector:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
+			      						</tr>
+      								</xsl:if>
+      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+			      						<tr>
+			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
+			      						</tr>
+      								</xsl:if>    
+		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifier:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							</td>			      															
+			      						</tr>
+		    						</xsl:if>  
+		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifier of the principal:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+			      							</td>			      															
+			      						</tr>
+		    						</xsl:if>		    						
+                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">OID:</td>
+			      							<td>
+			      								<xsl:value-of
+			      									select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>			      								
+			      							</td>
+			      						</tr>
+			      					</xsl:if> 
+								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+			      						<tr>
+			      							<td class="italicstyle">HPI:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
+			      						</tr>
+								</xsl:if>     
+								<tr>
+		    							<td class="italicstyle">Date:</td>
+		    							<td>
+		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+		    							</td>
+		    						</tr>
+		    						<tr>
+		    							<td class="italicstyle">Time:</td>
+		    							<td>
+		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+		    							</td>
+    								</tr>
+							</table>																																			
+						</body>
+					</html>
+				</xsl:template>
+			</xsl:stylesheet>
+		</dsig:Transform>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+	</dsig:Transforms>
+</VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/demo/demoseite.zip b/id/server/data/deploy/demo/demoseite.zip
new file mode 100644
index 000000000..1bf3ce84a
Binary files /dev/null and b/id/server/data/deploy/demo/demoseite.zip differ
diff --git a/id/server/doc/MOA-ID-Configuration-1.2.xsd b/id/server/doc/MOA-ID-Configuration-1.2.xsd
deleted file mode 100644
index 4b018db64..000000000
--- a/id/server/doc/MOA-ID-Configuration-1.2.xsd
+++ /dev/null
@@ -1,350 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->
-<xsd:schema targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1">
-	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
-	<xsd:import namespace="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" schemaLocation="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20020831/core/Core.20020225.xsd"/>
-	<xsd:element name="Configuration">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="LoginType" type="LoginType" default="stateful"/>
-				<xsd:element name="Binding" minOccurs="0" maxOccurs="1">
-				<xsd:simpleType>
-					<xsd:restriction base="xsd:string">
-						<xsd:enumeration value="full"/>
-						<xsd:enumeration value="userName"/>
-						<xsd:enumeration value="none"/>
-					</xsd:restriction>
-				</xsd:simpleType>
-				</xsd:element>
-				<xsd:choice>
-					<xsd:element ref="ParamAuth"/>
-					<xsd:element ref="BasicAuth"/>
-					<xsd:element ref="HeaderAuth"/>
-				</xsd:choice>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:simpleType name="LoginType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="stateless"/>
-			<xsd:enumeration value="stateful"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:element name="ParamAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element ref="Parameter" maxOccurs="unbounded"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="Parameter">
-		<xsd:complexType>
-			<xsd:attribute name="Name" type="xsd:token" use="required"/>
-			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="BasicAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="UserID" type="MOAAuthDataType"/>
-				<xsd:element name="Password" type="MOAAuthDataType"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="HeaderAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element ref="Header" maxOccurs="unbounded"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="Header">
-		<xsd:complexType>
-			<xsd:attribute name="Name" type="xsd:token" use="required"/>
-			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:simpleType name="MOAAuthDataType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="MOAGivenName"/>
-			<xsd:enumeration value="MOAFamilyName"/>
-			<xsd:enumeration value="MOADateOfBirth"/>
-			<xsd:enumeration value="MOABPK"/>
-			<xsd:enumeration value="MOAPublicAuthority"/>
-			<xsd:enumeration value="MOABKZ"/>
-			<xsd:enumeration value="MOAQualifiedCertificate"/>
-			<xsd:enumeration value="MOAStammzahl"/>
-			<xsd:enumeration value="MOAIdentificationValueType"/>
-			<xsd:enumeration value="MOAIPAddress"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:simpleType name="MOAKeyBoxSelector">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="SecureSignatureKeypair"/>
-			<xsd:enumeration value="CertifiedKeypair"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
-	<xsd:element name="MOA-IDConfiguration">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>enthält Parameter der 
-							Authentisierungs-Komponente</xsd:documentation>
-					</xsd:annotation>
-				</xsd:element>
-				<xsd:element name="ProxyComponent" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>enthält Konfigurationsparameter der 
-							Proxy-Komponente</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:sequence>
-							<xsd:element name="AuthComponent">
-								<xsd:annotation>
-									<xsd:documentation>enthält Parameter für die Kommunikation zw. 
-										Proxykomponente und Authenttisierungskomponente</xsd:documentation>
-								</xsd:annotation>
-								<xsd:complexType>
-									<xsd:sequence>
-										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-											<xsd:annotation>
-												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der 
-													Proxy-Komponente zur Auth-Komponente (vgl. 
-													AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
-											</xsd:annotation>
-										</xsd:element>
-									</xsd:sequence>
-								</xsd:complexType>
-							</xsd:element>
-						</xsd:sequence>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="OnlineApplication" maxOccurs="unbounded">
-					<xsd:annotation>
-						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:complexContent>
-							<xsd:extension base="OnlineApplicationType">
-								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
-								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
-							</xsd:extension>
-						</xsd:complexContent>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="ChainingModes" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die 
-							Zertifikatspfadvalidierung</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:sequence minOccurs="0" maxOccurs="unbounded">
-							<xsd:element name="TrustAnchor">
-								<xsd:annotation>
-									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann 
-										für jeden TrustAnchor gesetzt werden</xsd:documentation>
-								</xsd:annotation>
-								<xsd:complexType>
-									<xsd:complexContent>
-										<xsd:extension base="dsig:X509IssuerSerialType">
-											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>
-										</xsd:extension>
-									</xsd:complexContent>
-								</xsd:complexType>
-							</xsd:element>
-						</xsd:sequence>
-						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA 
-							(Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
-					</xsd:annotation>
-				</xsd:element>
-				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
-					<xsd:complexType>
-						<xsd:attribute name="name" type="xsd:string" use="required"/>
-						<xsd:attribute name="value" type="xsd:string" use="required"/>
-					</xsd:complexType>
-				</xsd:element>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:complexType name="AuthComponentType">
-		<xsd:sequence>
-			<xsd:element name="BKUSelection" minOccurs="0">
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
-					</xsd:sequence>
-					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="SecurityLayer">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter für die Kommunikation mit dem 
-						Security-Layer</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="TransformsInfo" maxOccurs="unbounded">
-							<xsd:annotation>
-								<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem 
-									Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo 
-									werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks 
-									inkludiert</xsd:documentation>
-							</xsd:annotation>
-							<xsd:complexType>
-								<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
-							</xsd:complexType>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="MOA-SP">
-				<xsd:annotation>
-					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA 
-						SP Modul</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der 
-									AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; 
-									wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; 
-									wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben 
-									werden; wird das Element nicht verwendet dann wird MOA-SP über das API 
-									aufgerufen</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-						<xsd:element name="VerifyIdentityLink">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die Überprüfung der 
-									Personenbindung</xsd:documentation>
-							</xsd:annotation>
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="TrustProfileID"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element>
-						<xsd:element name="VerifyAuthBlock">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die Überprüfung des 
-									AUTH-Blocks</xsd:documentation>
-							</xsd:annotation>
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="TrustProfileID"/>
-									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" maxOccurs="unbounded"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="IdentityLinkSigners">
-				<xsd:annotation>
-					<xsd:documentation>enthält Informationen über akzeptierte Signers des 
-						IdentityLinks</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
-							<xsd:annotation>
-								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per 
-									X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="ProxyComponentType"/>
-	<xsd:complexType name="OnlineApplicationType">
-		<xsd:sequence>
-			<xsd:element name="AuthComponent" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter über die OA, die die 
-						Authentisierungs-Komponente betreffen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="ProxyComponent" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente 
-						betreffen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente 
-									betreffen</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
-					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
-					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
-					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
-					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="ConnectionParameterServerAuthType">
-		<xsd:sequence>
-			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der 
-						TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="ConnectionParameterClientAuthType">
-		<xsd:complexContent>
-			<xsd:extension base="ConnectionParameterServerAuthType">
-				<xsd:sequence>
-					<xsd:element name="ClientKeyStore" minOccurs="0">
-						<xsd:annotation>
-							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für 
-								die TLS-Client-Authentisierung verwendetwird, enthält</xsd:documentation>
-						</xsd:annotation>
-						<xsd:complexType>
-							<xsd:simpleContent>
-								<xsd:extension base="xsd:anyURI">
-									<xsd:attribute name="password" type="xsd:string" use="optional"/>
-								</xsd:extension>
-							</xsd:simpleContent>
-						</xsd:complexType>
-					</xsd:element>
-				</xsd:sequence>
-			</xsd:extension>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:element name="TrustProfileID" type="xsd:string"/>
-	<xsd:simpleType name="ChainingModeType">
-		<xsd:restriction base="xsd:string">
-			<xsd:enumeration value="chaining"/>
-			<xsd:enumeration value="pkix"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:simpleType name="BKUSelectionType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="HTMLComplete"/>
-			<xsd:enumeration value="HTMLSelect"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-</xsd:schema>
diff --git a/id/server/doc/MOA-ID-Configuration-1.3.xsd b/id/server/doc/MOA-ID-Configuration-1.3.xsd
deleted file mode 100644
index 66c6e1832..000000000
--- a/id/server/doc/MOA-ID-Configuration-1.3.xsd
+++ /dev/null
@@ -1,424 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->
-<xsd:schema targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1">
-	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
-	<xsd:import namespace="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" schemaLocation="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20020831/core/Core.20020225.xsd"/>
-	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
-	<xsd:element name="Configuration">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="LoginType" type="LoginType" default="stateful"/>
-				<xsd:element name="Binding" minOccurs="0">
-					<xsd:simpleType>
-						<xsd:restriction base="xsd:string">
-							<xsd:enumeration value="full"/>
-							<xsd:enumeration value="userName"/>
-							<xsd:enumeration value="none"/>
-						</xsd:restriction>
-					</xsd:simpleType>
-				</xsd:element>
-				<xsd:choice>
-					<xsd:element ref="ParamAuth"/>
-					<xsd:element ref="BasicAuth"/>
-					<xsd:element ref="HeaderAuth"/>
-				</xsd:choice>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:simpleType name="LoginType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="stateless"/>
-			<xsd:enumeration value="stateful"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:element name="ParamAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element ref="Parameter" maxOccurs="unbounded"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="Parameter">
-		<xsd:complexType>
-			<xsd:attribute name="Name" type="xsd:token" use="required"/>
-			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="BasicAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="UserID" type="MOAAuthDataType"/>
-				<xsd:element name="Password" type="MOAAuthDataType"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="HeaderAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element ref="Header" maxOccurs="unbounded"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="Header">
-		<xsd:complexType>
-			<xsd:attribute name="Name" type="xsd:token" use="required"/>
-			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:simpleType name="MOAAuthDataType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="MOAGivenName"/>
-			<xsd:enumeration value="MOAFamilyName"/>
-			<xsd:enumeration value="MOADateOfBirth"/>
-			<xsd:enumeration value="MOABPK"/>
-			<xsd:enumeration value="MOAWBPK"/>
-			<xsd:enumeration value="MOAPublicAuthority"/>
-			<xsd:enumeration value="MOABKZ"/>
-			<xsd:enumeration value="MOAQualifiedCertificate"/>
-			<xsd:enumeration value="MOAStammzahl"/>
-			<xsd:enumeration value="MOAIdentificationValueType"/>
-			<xsd:enumeration value="MOAIPAddress"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:simpleType name="MOAKeyBoxSelector">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="SecureSignatureKeypair"/>
-			<xsd:enumeration value="CertifiedKeypair"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
-	<xsd:element name="MOA-IDConfiguration">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>enthält Parameter der 
-							Authentisierungs-Komponente</xsd:documentation>
-					</xsd:annotation>
-				</xsd:element>
-				<xsd:element name="ProxyComponent" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>enthält Konfigurationsparameter der 
-							Proxy-Komponente</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:sequence>
-							<xsd:element name="AuthComponent">
-								<xsd:annotation>
-									<xsd:documentation>enthält Parameter für die Kommunikation zw. 
-										Proxykomponente und Authenttisierungskomponente</xsd:documentation>
-								</xsd:annotation>
-								<xsd:complexType>
-									<xsd:sequence>
-										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-											<xsd:annotation>
-												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der 
-													Proxy-Komponente zur Auth-Komponente (vgl. 
-													AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
-											</xsd:annotation>
-										</xsd:element>
-									</xsd:sequence>
-								</xsd:complexType>
-							</xsd:element>
-						</xsd:sequence>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="OnlineApplication" maxOccurs="unbounded">
-					<xsd:annotation>
-						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:complexContent>
-							<xsd:extension base="OnlineApplicationType">
-								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
-								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
-								<xsd:attribute name="type" use="optional" default="publicService">
-									<xsd:simpleType>
-										<xsd:restriction base="xsd:NMTOKEN">
-											<xsd:enumeration value="businessService"/>
-											<xsd:enumeration value="publicService"/>
-										</xsd:restriction>
-									</xsd:simpleType>
-								</xsd:attribute>
-							</xsd:extension>
-						</xsd:complexContent>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="ChainingModes" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die 
-							Zertifikatspfadvalidierung</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:sequence minOccurs="0" maxOccurs="unbounded">
-							<xsd:element name="TrustAnchor">
-								<xsd:annotation>
-									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann 
-										für jeden TrustAnchor gesetzt werden</xsd:documentation>
-								</xsd:annotation>
-								<xsd:complexType>
-									<xsd:complexContent>
-										<xsd:extension base="dsig:X509IssuerSerialType">
-											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>
-										</xsd:extension>
-									</xsd:complexContent>
-								</xsd:complexType>
-							</xsd:element>
-						</xsd:sequence>
-						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA 
-							(Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
-					</xsd:annotation>
-				</xsd:element>
-				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
-					<xsd:complexType>
-						<xsd:attribute name="name" use="required">
-							<xsd:simpleType>
-								<xsd:restriction base="xsd:string">
-									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
-									<xsd:enumeration value="AuthenticationSession.TimeOut"/>
-									<xsd:enumeration value="AuthenticationData.TimeOut"/>
-									<xsd:enumeration value="TrustManager.RevocationChecking"/>
-									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
-									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
-								</xsd:restriction>
-							</xsd:simpleType>
-						</xsd:attribute>
-						<xsd:attribute name="value" type="xsd:string" use="required"/>
-					</xsd:complexType>
-				</xsd:element>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:complexType name="AuthComponentType">
-		<xsd:sequence>
-			<xsd:element name="BKUSelection" minOccurs="0">
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
-					</xsd:sequence>
-					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="Templates" type="TemplatesType" minOccurs="0" maxOccurs="1" />
-			<xsd:element name="SecurityLayer">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter für die Kommunikation mit dem 
-						Security-Layer</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="MOA-SP">
-				<xsd:annotation>
-					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA 
-						SP Modul</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der 
-									AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; 
-									wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; 
-									wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben 
-									werden; wird das Element nicht verwendet dann wird MOA-SP über das API 
-									aufgerufen</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-						<xsd:element name="VerifyIdentityLink">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die Überprüfung der 
-									Personenbindung</xsd:documentation>
-							</xsd:annotation>
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="TrustProfileID"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element>
-						<xsd:element name="VerifyAuthBlock">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die Überprüfung des 
-									AUTH-Blocks</xsd:documentation>
-							</xsd:annotation>
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="TrustProfileID"/>
-									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="IdentityLinkSigners">
-				<xsd:annotation>
-					<xsd:documentation>enthält Informationen über akzeptierte Signers des 
-						IdentityLinks</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
-							<xsd:annotation>
-								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per 
-									X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="TransformsInfoType">
-		<xsd:annotation>
-			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem 
-				Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo 
-				werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks 
-				inkludiert</xsd:documentation>
-		</xsd:annotation>
-		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="TemplatesType">
-		<xsd:sequence>
-			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0" maxOccurs="1"/>
-			<xsd:element name="Template" type="TemplateType" minOccurs="0" maxOccurs="1"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="TemplateType">
-		<xsd:annotation>
-			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
-		</xsd:annotation>
-		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="ProxyComponentType"/>
-	<xsd:complexType name="OnlineApplicationType">
-		<xsd:sequence>
-			<xsd:element name="AuthComponent" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter über die OA, die die 
-						Authentisierungs-Komponente betreffen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<!--xsd:element name="IdentificationNumber" minOccurs="0">
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="pr:AbstractSimpleIdentification"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element-->						
-						<xsd:element name="IdentificationNumber" minOccurs="0">
-							<xsd:complexType>
-								<xsd:choice>
-									<xsd:element ref="pr:Firmenbuchnummer"/>
-									<xsd:element ref="pr:ZMRzahl"/>
-									<xsd:element ref="pr:Vereinsnummer"/>
-									<xsd:element ref="pr:ERJPZahl"/>
-									<xsd:element name="AnyNumber">
-										<xsd:complexType>
-											<xsd:simpleContent>
-												<xsd:extension base="xsd:string">
-													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
-												</xsd:extension>
-											</xsd:simpleContent>
-										</xsd:complexType>
-									</xsd:element>
-								</xsd:choice>
-							</xsd:complexType>
-						</xsd:element>
-						<xsd:element name="Templates" type="TemplatesType" minOccurs="0" maxOccurs="1" />
-						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
-					</xsd:sequence>
-					<xsd:attribute name="slVersion" use="optional" default="1.1">
-						<xsd:simpleType>
-							<xsd:restriction base="xsd:string">
-								<xsd:enumeration value="1.1"/>
-								<xsd:enumeration value="1.2"/>
-							</xsd:restriction>
-						</xsd:simpleType>
-					</xsd:attribute>
-					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
-					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="ProxyComponent" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente 
-						betreffen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente 
-									betreffen</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
-					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
-					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
-					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
-					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
-				</xsd:complexType>
-			</xsd:element>
-			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="ConnectionParameterServerAuthType">
-		<xsd:sequence>
-			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der 
-						TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="ConnectionParameterClientAuthType">
-		<xsd:complexContent>
-			<xsd:extension base="ConnectionParameterServerAuthType">
-				<xsd:sequence>
-					<xsd:element name="ClientKeyStore" minOccurs="0">
-						<xsd:annotation>
-							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für 
-								die TLS-Client-Authentisierung verwendetwird, enthält</xsd:documentation>
-						</xsd:annotation>
-						<xsd:complexType>
-							<xsd:simpleContent>
-								<xsd:extension base="xsd:anyURI">
-									<xsd:attribute name="password" type="xsd:string" use="optional"/>
-								</xsd:extension>
-							</xsd:simpleContent>
-						</xsd:complexType>
-					</xsd:element>
-				</xsd:sequence>
-			</xsd:extension>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:element name="TrustProfileID" type="xsd:string"/>
-	<xsd:simpleType name="ChainingModeType">
-		<xsd:restriction base="xsd:string">
-			<xsd:enumeration value="chaining"/>
-			<xsd:enumeration value="pkix"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:simpleType name="BKUSelectionType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="HTMLComplete"/>
-			<xsd:enumeration value="HTMLSelect"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-</xsd:schema>
diff --git a/id/server/doc/MOA-ID-Configuration-1.4.2.xsd b/id/server/doc/MOA-ID-Configuration-1.4.2.xsd
deleted file mode 100644
index 360789834..000000000
--- a/id/server/doc/MOA-ID-Configuration-1.4.2.xsd
+++ /dev/null
@@ -1,616 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.2">
-	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
-	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
-	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
-	<xsd:element name="Configuration">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="LoginType" type="LoginType" default="stateful"/>
-				<xsd:element name="Binding" minOccurs="0">
-					<xsd:simpleType>
-						<xsd:restriction base="xsd:string">
-							<xsd:enumeration value="full"/>
-							<xsd:enumeration value="userName"/>
-							<xsd:enumeration value="none"/>
-						</xsd:restriction>
-					</xsd:simpleType>
-				</xsd:element>
-				<xsd:choice>
-					<xsd:element ref="ParamAuth"/>
-					<xsd:element ref="BasicAuth"/>
-					<xsd:element ref="HeaderAuth"/>
-				</xsd:choice>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:simpleType name="LoginType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="stateless"/>
-			<xsd:enumeration value="stateful"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:element name="ParamAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element ref="Parameter" maxOccurs="unbounded"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="Parameter">
-		<xsd:complexType>
-			<xsd:attribute name="Name" type="xsd:token" use="required"/>
-			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="BasicAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="UserID" type="MOAAuthDataType"/>
-				<xsd:element name="Password" type="MOAAuthDataType"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="HeaderAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element ref="Header" maxOccurs="unbounded"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="Header">
-		<xsd:complexType>
-			<xsd:attribute name="Name" type="xsd:token" use="required"/>
-			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:simpleType name="MOAAuthDataType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="MOAGivenName"/>
-			<xsd:enumeration value="MOAFamilyName"/>
-			<xsd:enumeration value="MOADateOfBirth"/>
-			<xsd:enumeration value="MOABPK"/>
-			<xsd:enumeration value="MOAWBPK"/>
-			<xsd:enumeration value="MOAPublicAuthority"/>
-			<xsd:enumeration value="MOABKZ"/>
-			<xsd:enumeration value="MOAQualifiedCertificate"/>
-			<xsd:enumeration value="MOAStammzahl"/>
-			<xsd:enumeration value="MOAIdentificationValueType"/>
-			<xsd:enumeration value="MOAIPAddress"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:simpleType name="MOAKeyBoxSelector">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="SecureSignatureKeypair"/>
-			<xsd:enumeration value="CertifiedKeypair"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
-	<xsd:element name="MOA-IDConfiguration">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
-					</xsd:annotation>
-				</xsd:element>
-				<xsd:element name="ProxyComponent" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>enthält Konfigurationsparameter der Proxy-Komponente</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:sequence>
-							<xsd:element name="AuthComponent">
-								<xsd:annotation>
-									<xsd:documentation>enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente</xsd:documentation>
-								</xsd:annotation>
-								<xsd:complexType>
-									<xsd:sequence>
-										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-											<xsd:annotation>
-												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
-											</xsd:annotation>
-										</xsd:element>
-									</xsd:sequence>
-								</xsd:complexType>
-							</xsd:element>
-						</xsd:sequence>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="OnlineApplication" maxOccurs="unbounded">
-					<xsd:annotation>
-						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:complexContent>
-							<xsd:extension base="OnlineApplicationType">
-								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
-								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
-								<xsd:attribute name="type" use="optional" default="publicService">
-									<xsd:simpleType>
-										<xsd:restriction base="xsd:NMTOKEN">
-											<xsd:enumeration value="businessService"/>
-											<xsd:enumeration value="publicService"/>
-										</xsd:restriction>
-									</xsd:simpleType>
-								</xsd:attribute>
-								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
-							</xsd:extension>
-						</xsd:complexContent>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="ChainingModes" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:sequence minOccurs="0" maxOccurs="unbounded">
-							<xsd:element name="TrustAnchor">
-								<xsd:annotation>
-									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden</xsd:documentation>
-								</xsd:annotation>
-								<xsd:complexType>
-									<xsd:complexContent>
-										<xsd:extension base="dsig:X509IssuerSerialType">
-											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>
-										</xsd:extension>
-									</xsd:complexContent>
-								</xsd:complexType>
-							</xsd:element>
-						</xsd:sequence>
-						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
-					</xsd:annotation>
-				</xsd:element>
-				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
-					<xsd:complexType>
-						<xsd:attribute name="name" use="required">
-							<xsd:simpleType>
-								<xsd:restriction base="xsd:string">
-									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
-									<xsd:enumeration value="AuthenticationSession.TimeOut"/>
-									<xsd:enumeration value="AuthenticationData.TimeOut"/>
-									<xsd:enumeration value="TrustManager.RevocationChecking"/>
-									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
-									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
-									<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>
-									<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>
-								</xsd:restriction>
-							</xsd:simpleType>
-						</xsd:attribute>
-						<xsd:attribute name="value" type="xsd:string" use="required"/>
-					</xsd:complexType>
-				</xsd:element>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:complexType name="AuthComponentType">
-		<xsd:sequence>
-			<xsd:element name="BKUSelection" minOccurs="0">
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
-					</xsd:sequence>
-					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
-			<xsd:element name="SecurityLayer">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter für die Kommunikation mit dem Security-Layer</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="MOA-SP">
-				<xsd:annotation>
-					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-						<xsd:element name="VerifyIdentityLink">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die Überprüfung der Personenbindung</xsd:documentation>
-							</xsd:annotation>
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="TrustProfileID"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element>
-						<xsd:element name="VerifyAuthBlock">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die Überprüfung des AUTH-Blocks</xsd:documentation>
-							</xsd:annotation>
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="TrustProfileID"/>
-									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="IdentityLinkSigners" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Informationen über akzeptierte Signers des IdentityLinks</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
-							<xsd:annotation>
-								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="TransformsInfoType">
-		<xsd:annotation>
-			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert</xsd:documentation>
-		</xsd:annotation>
-		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="TemplatesType">
-		<xsd:sequence>
-			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
-			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>
-			<xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="TemplateType">
-		<xsd:annotation>
-			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
-		</xsd:annotation>
-		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="VerifyInfoboxesType">
-		<xsd:annotation>
-			<xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
-		</xsd:annotation>
-		<xsd:sequence>
-			<xsd:element name="DefaultTrustProfile" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element ref="TrustProfileID"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="Infobox" type="InfoboxType" minOccurs="0" maxOccurs="unbounded">
-				<xsd:annotation>
-					<xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="InfoboxType">
-		<xsd:annotation>
-			<xsd:documentation>Parameter zur Überprüfung einzelner Infoboxen</xsd:documentation>
-		</xsd:annotation>
-		<xsd:sequence>
-			<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>TrustProfil, das für die Überprüfung der Infobox verwendet werden soll</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
-			<xsd:element name="ApplicationSpecificParameters" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="ParepSpecificParameters" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element ref="CompatibilityMode" minOccurs="0">
-							<xsd:annotation>
-								<xsd:documentation>Legt fest ob Machtgeber und Machtnehmer in den Anmeldedaten ausgetauscht werden sollen. Lediglich die übermittelte Vollmacht gibt dann Aufschluss darüber, dass eine Vertretung vorliegt. Ziel dieses Schalters ist, dass bisherige Applikationen mit Vollmachten und beruflicher Parteienvertretung nachgerüstet werden können, ohne der Erfordernis Änderungen durchführen zu müssen.</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-						<xsd:element ref="EnableInfoboxValidator" minOccurs="0">
-							<xsd:annotation>
-								<xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant.</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-						<xsd:element name="PartyRepresentation" type="PartyRepresentationType">
-							<xsd:annotation>
-								<xsd:documentation>Eigentlicher Konfigurationsteil für berufliche Parteienvertretung</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
-		<xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
-		<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
-		<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
-	</xsd:complexType>
-	<xsd:complexType name="SchemaLocationType">
-		<xsd:annotation>
-			<xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
-		</xsd:annotation>
-		<xsd:sequence>
-			<xsd:element name="Schema" maxOccurs="unbounded">
-				<xsd:complexType>
-					<xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
-					<xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="ProxyComponentType"/>
-	<xsd:complexType name="OnlineApplicationType">
-		<xsd:sequence>
-			<xsd:element name="AuthComponent" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<!--xsd:element name="IdentificationNumber" minOccurs="0">
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="pr:AbstractSimpleIdentification"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element-->
-						<xsd:element name="IdentificationNumber" minOccurs="0">
-							<xsd:complexType>
-								<xsd:choice>
-									<xsd:element ref="pr:Firmenbuchnummer"/>
-									<xsd:element ref="pr:ZMRzahl"/>
-									<xsd:element ref="pr:Vereinsnummer"/>
-									<xsd:element ref="pr:ERJPZahl"/>
-									<xsd:element name="AnyNumber">
-										<xsd:complexType>
-											<xsd:simpleContent>
-												<xsd:extension base="xsd:string">
-													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
-												</xsd:extension>
-											</xsd:simpleContent>
-										</xsd:complexType>
-									</xsd:element>
-								</xsd:choice>
-							</xsd:complexType>
-						</xsd:element>
-						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
-						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
-						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
-					</xsd:sequence>
-					<xsd:attribute name="slVersion" use="optional" default="1.1">
-						<xsd:simpleType>
-							<xsd:restriction base="xsd:string">
-								<xsd:enumeration value="1.1"/>
-								<xsd:enumeration value="1.2"/>
-							</xsd:restriction>
-						</xsd:simpleType>
-					</xsd:attribute>
-					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
-					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="ProxyComponent" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
-					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
-					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
-					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
-					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
-				</xsd:complexType>
-			</xsd:element>
-			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="ConnectionParameterServerAuthType">
-		<xsd:sequence>
-			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="ConnectionParameterClientAuthType">
-		<xsd:complexContent>
-			<xsd:extension base="ConnectionParameterServerAuthType">
-				<xsd:sequence>
-					<xsd:element name="ClientKeyStore" minOccurs="0">
-						<xsd:annotation>
-							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält</xsd:documentation>
-						</xsd:annotation>
-						<xsd:complexType>
-							<xsd:simpleContent>
-								<xsd:extension base="xsd:anyURI">
-									<xsd:attribute name="password" type="xsd:string" use="optional"/>
-								</xsd:extension>
-							</xsd:simpleContent>
-						</xsd:complexType>
-					</xsd:element>
-				</xsd:sequence>
-			</xsd:extension>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:element name="TrustProfileID" type="xsd:string"/>
-	<xsd:simpleType name="ChainingModeType">
-		<xsd:restriction base="xsd:string">
-			<xsd:enumeration value="chaining"/>
-			<xsd:enumeration value="pkix"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:simpleType name="BKUSelectionType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="HTMLComplete"/>
-			<xsd:enumeration value="HTMLSelect"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:element name="CompatibilityMode" default="false">
-		<xsd:simpleType>
-			<xsd:restriction base="xsd:boolean"/>
-		</xsd:simpleType>
-	</xsd:element>
-	<xsd:element name="EnableInfoboxValidator" default="true">
-		<xsd:simpleType>
-			<xsd:restriction base="xsd:boolean"/>
-		</xsd:simpleType>
-	</xsd:element>
-	<xsd:element name="AlwaysShowForm" default="false">
-		<xsd:annotation>
-			<xsd:documentation>Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
-		</xsd:annotation>
-		<xsd:simpleType>
-			<xsd:restriction base="xsd:boolean"/>
-		</xsd:simpleType>
-	</xsd:element>
-	<xsd:complexType name="InputProcessorType">
-		<xsd:simpleContent>
-			<xsd:extension base="xsd:string">
-				<xsd:attribute name="template" type="xsd:anyURI" use="optional">
-					<xsd:annotation>
-						<xsd:documentation>Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll</xsd:documentation>
-					</xsd:annotation>
-				</xsd:attribute>
-			</xsd:extension>
-		</xsd:simpleContent>
-	</xsd:complexType>
-	<xsd:complexType name="PartyRepresentationType">
-		<xsd:sequence>
-			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element ref="AlwaysShowForm" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">
-				<xsd:annotation>
-					<xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="PartyRepresentativeType">
-		<xsd:sequence>
-			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element ref="AlwaysShowForm" minOccurs="0"/>
-			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Optionale Verbindungsparameter zu speziellem (SZR-)Gateway</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="oid" use="required">
-			<xsd:annotation>
-				<xsd:documentation>OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>
-			</xsd:annotation>
-			<!--xsd:simpleType>
-				<xsd:restriction/>
-				<xsd:restriction base="xsd:string">
-					<xsd:enumeration value="1.2.40.0.10.3.1"/>
-					<xsd:enumeration value="1.2.40.0.10.3.2"/>
-					<xsd:enumeration value="1.2.40.0.10.3.3"/>
-					<xsd:enumeration value="1.2.40.0.10.3.10"/>
-					<xsd:enumeration value="1.2.40.0.10.3.10.IdentifiedVoiceChannel"/>
-				</xsd:restriction>
-			</xsd:simpleType-->
-		</xsd:attribute>
-		<xsd:attribute name="representPhysicalParty" use="optional" default="false">
-			<xsd:annotation>
-				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist</xsd:documentation>
-			</xsd:annotation>
-			<xsd:simpleType>
-				<xsd:restriction base="xsd:boolean"/>
-			</xsd:simpleType>
-		</xsd:attribute>
-		<xsd:attribute name="representCorporateParty" use="optional" default="false">
-			<xsd:annotation>
-				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)</xsd:documentation>
-			</xsd:annotation>
-			<xsd:simpleType>
-				<xsd:restriction base="xsd:boolean"/>
-			</xsd:simpleType>
-		</xsd:attribute>
-		<xsd:attribute name="representationText" use="optional">
-			<xsd:annotation>
-				<xsd:documentation>Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird</xsd:documentation>
-			</xsd:annotation>
-			<!--xsd:simpleType>
-				<xsd:restriction/>
-				<xsd:restriction base="xsd:string">
-					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"/>
-					<xsd:enumeration value="Organwalter"/>
-					<xsd:enumeration value="Parteienvertreter(in) über einen identifizierten Sprachkanal"/>
-				</xsd:restriction>
-			</xsd:simpleType-->
-		</xsd:attribute>
-	</xsd:complexType>
-</xsd:schema>
diff --git a/id/server/doc/MOA-ID-Configuration-1.4.3.xsd b/id/server/doc/MOA-ID-Configuration-1.4.3.xsd
deleted file mode 100644
index 570bebd37..000000000
--- a/id/server/doc/MOA-ID-Configuration-1.4.3.xsd
+++ /dev/null
@@ -1,612 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
-	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
-	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
-	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
-	<xsd:element name="Configuration">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="LoginType" type="LoginType" default="stateful"/>
-				<xsd:element name="Binding" minOccurs="0">
-					<xsd:simpleType>
-						<xsd:restriction base="xsd:string">
-							<xsd:enumeration value="full"/>
-							<xsd:enumeration value="userName"/>
-							<xsd:enumeration value="none"/>
-						</xsd:restriction>
-					</xsd:simpleType>
-				</xsd:element>
-				<xsd:choice>
-					<xsd:element ref="ParamAuth"/>
-					<xsd:element ref="BasicAuth"/>
-					<xsd:element ref="HeaderAuth"/>
-				</xsd:choice>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:simpleType name="LoginType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="stateless"/>
-			<xsd:enumeration value="stateful"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:element name="ParamAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element ref="Parameter" maxOccurs="unbounded"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="Parameter">
-		<xsd:complexType>
-			<xsd:attribute name="Name" type="xsd:token" use="required"/>
-			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="BasicAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="UserID" type="MOAAuthDataType"/>
-				<xsd:element name="Password" type="MOAAuthDataType"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="HeaderAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element ref="Header" maxOccurs="unbounded"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="Header">
-		<xsd:complexType>
-			<xsd:attribute name="Name" type="xsd:token" use="required"/>
-			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:simpleType name="MOAAuthDataType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="MOAGivenName"/>
-			<xsd:enumeration value="MOAFamilyName"/>
-			<xsd:enumeration value="MOADateOfBirth"/>
-			<xsd:enumeration value="MOABPK"/>
-			<xsd:enumeration value="MOAWBPK"/>
-			<xsd:enumeration value="MOAPublicAuthority"/>
-			<xsd:enumeration value="MOABKZ"/>
-			<xsd:enumeration value="MOAQualifiedCertificate"/>
-			<xsd:enumeration value="MOAStammzahl"/>
-			<xsd:enumeration value="MOAIdentificationValueType"/>
-			<xsd:enumeration value="MOAIPAddress"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:simpleType name="MOAKeyBoxSelector">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="SecureSignatureKeypair"/>
-			<xsd:enumeration value="CertifiedKeypair"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
-	<xsd:element name="MOA-IDConfiguration">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
-					</xsd:annotation>
-				</xsd:element>
-				<xsd:element name="ProxyComponent" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>enthält Konfigurationsparameter der Proxy-Komponente</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:sequence>
-							<xsd:element name="AuthComponent">
-								<xsd:annotation>
-									<xsd:documentation>enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente</xsd:documentation>
-								</xsd:annotation>
-								<xsd:complexType>
-									<xsd:sequence>
-										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-											<xsd:annotation>
-												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
-											</xsd:annotation>
-										</xsd:element>
-									</xsd:sequence>
-								</xsd:complexType>
-							</xsd:element>
-						</xsd:sequence>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="OnlineApplication" maxOccurs="unbounded">
-					<xsd:annotation>
-						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:complexContent>
-							<xsd:extension base="OnlineApplicationType">
-								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
-								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
-								<xsd:attribute name="type" use="optional" default="publicService">
-									<xsd:simpleType>
-										<xsd:restriction base="xsd:NMTOKEN">
-											<xsd:enumeration value="businessService"/>
-											<xsd:enumeration value="publicService"/>
-										</xsd:restriction>
-									</xsd:simpleType>
-								</xsd:attribute>
-								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
-							</xsd:extension>
-						</xsd:complexContent>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="ChainingModes" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die Zertifikatspfadvalidierung</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:sequence minOccurs="0" maxOccurs="unbounded">
-							<xsd:element name="TrustAnchor">
-								<xsd:annotation>
-									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden</xsd:documentation>
-								</xsd:annotation>
-								<xsd:complexType>
-									<xsd:complexContent>
-										<xsd:extension base="dsig:X509IssuerSerialType">
-											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>
-										</xsd:extension>
-									</xsd:complexContent>
-								</xsd:complexType>
-							</xsd:element>
-						</xsd:sequence>
-						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
-					</xsd:annotation>
-				</xsd:element>
-				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
-					<xsd:complexType>
-						<xsd:attribute name="name" use="required">
-							<xsd:simpleType>
-								<xsd:restriction base="xsd:string">
-									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
-									<xsd:enumeration value="AuthenticationSession.TimeOut"/>
-									<xsd:enumeration value="AuthenticationData.TimeOut"/>
-									<xsd:enumeration value="TrustManager.RevocationChecking"/>
-									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
-									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
-									<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>
-									<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>
-									<xsd:enumeration value="AuthenticationServer.SourceID"/>
-								</xsd:restriction>
-							</xsd:simpleType>
-						</xsd:attribute>
-						<xsd:attribute name="value" type="xsd:string" use="required"/>
-					</xsd:complexType>
-				</xsd:element>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:complexType name="AuthComponentType">
-		<xsd:sequence>
-			<xsd:element name="BKUSelection" minOccurs="0">
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
-					</xsd:sequence>
-					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
-			<xsd:element name="SecurityLayer">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter für die Kommunikation mit dem Security-Layer</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="MOA-SP">
-				<xsd:annotation>
-					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-						<xsd:element name="VerifyIdentityLink">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die Überprüfung der Personenbindung</xsd:documentation>
-							</xsd:annotation>
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="TrustProfileID"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element>
-						<xsd:element name="VerifyAuthBlock">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die Überprüfung des AUTH-Blocks</xsd:documentation>
-							</xsd:annotation>
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="TrustProfileID"/>
-									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="IdentityLinkSigners" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Informationen über akzeptierte Signers des IdentityLinks</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
-							<xsd:annotation>
-								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="TransformsInfoType">
-		<xsd:annotation>
-			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert</xsd:documentation>
-		</xsd:annotation>
-		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="TemplatesType">
-		<xsd:sequence>
-			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
-			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>
-			<xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="TemplateType">
-		<xsd:annotation>
-			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
-		</xsd:annotation>
-		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="VerifyInfoboxesType">
-		<xsd:annotation>
-			<xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
-		</xsd:annotation>
-		<xsd:sequence>
-			<xsd:element name="DefaultTrustProfile" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element ref="TrustProfileID"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="Infobox" type="InfoboxType" minOccurs="0" maxOccurs="unbounded">
-				<xsd:annotation>
-					<xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="InfoboxType">
-		<xsd:annotation>
-			<xsd:documentation>Parameter zur Überprüfung einzelner Infoboxen</xsd:documentation>
-		</xsd:annotation>
-		<xsd:sequence>
-			<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>TrustProfil, das für die Überprüfung der Infobox verwendet werden soll</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
-			<xsd:element name="ApplicationSpecificParameters" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="ParepSpecificParameters" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element ref="EnableInfoboxValidator" minOccurs="0">
-							<xsd:annotation>
-								<xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox "mandates" abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox "mandates" relevant.</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-						<xsd:element name="PartyRepresentation" type="PartyRepresentationType">
-							<xsd:annotation>
-								<xsd:documentation>Eigentlicher Konfigurationsteil für berufliche Parteienvertretung</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
-		<xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
-		<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
-		<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
-	</xsd:complexType>
-	<xsd:complexType name="SchemaLocationType">
-		<xsd:annotation>
-			<xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
-		</xsd:annotation>
-		<xsd:sequence>
-			<xsd:element name="Schema" maxOccurs="unbounded">
-				<xsd:complexType>
-					<xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
-					<xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="ProxyComponentType"/>
-	<xsd:complexType name="OnlineApplicationType">
-		<xsd:sequence>
-			<xsd:element name="AuthComponent" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<!--xsd:element name="IdentificationNumber" minOccurs="0">
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="pr:AbstractSimpleIdentification"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element-->
-						<xsd:element name="IdentificationNumber" minOccurs="0">
-							<xsd:complexType>
-								<xsd:choice>
-									<xsd:element ref="pr:Firmenbuchnummer"/>
-									<xsd:element ref="pr:ZMRzahl"/>
-									<xsd:element ref="pr:Vereinsnummer"/>
-									<xsd:element ref="pr:ERJPZahl"/>
-									<xsd:element name="AnyNumber">
-										<xsd:complexType>
-											<xsd:simpleContent>
-												<xsd:extension base="xsd:string">
-													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
-												</xsd:extension>
-											</xsd:simpleContent>
-										</xsd:complexType>
-									</xsd:element>
-								</xsd:choice>
-							</xsd:complexType>
-						</xsd:element>
-						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
-						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
-						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
-					</xsd:sequence>
-					<xsd:attribute name="slVersion" use="optional" default="1.1">
-						<xsd:simpleType>
-							<xsd:restriction base="xsd:string">
-								<xsd:enumeration value="1.1"/>
-								<xsd:enumeration value="1.2"/>
-							</xsd:restriction>
-						</xsd:simpleType>
-					</xsd:attribute>
-					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
-					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="ProxyComponent" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
-					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
-					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
-					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
-					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
-				</xsd:complexType>
-			</xsd:element>
-			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="ConnectionParameterServerAuthType">
-		<xsd:sequence>
-			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="ConnectionParameterClientAuthType">
-		<xsd:complexContent>
-			<xsd:extension base="ConnectionParameterServerAuthType">
-				<xsd:sequence>
-					<xsd:element name="ClientKeyStore" minOccurs="0">
-						<xsd:annotation>
-							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält</xsd:documentation>
-						</xsd:annotation>
-						<xsd:complexType>
-							<xsd:simpleContent>
-								<xsd:extension base="xsd:anyURI">
-									<xsd:attribute name="password" type="xsd:string" use="optional"/>
-								</xsd:extension>
-							</xsd:simpleContent>
-						</xsd:complexType>
-					</xsd:element>
-				</xsd:sequence>
-			</xsd:extension>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:element name="TrustProfileID" type="xsd:string"/>
-	<xsd:simpleType name="ChainingModeType">
-		<xsd:restriction base="xsd:string">
-			<xsd:enumeration value="chaining"/>
-			<xsd:enumeration value="pkix"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:simpleType name="BKUSelectionType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="HTMLComplete"/>
-			<xsd:enumeration value="HTMLSelect"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:element name="CompatibilityMode" default="false">
-		<xsd:simpleType>
-			<xsd:restriction base="xsd:boolean"/>
-		</xsd:simpleType>
-	</xsd:element>
-	<xsd:element name="EnableInfoboxValidator" default="true">
-		<xsd:simpleType>
-			<xsd:restriction base="xsd:boolean"/>
-		</xsd:simpleType>
-	</xsd:element>
-	<xsd:element name="AlwaysShowForm" default="false">
-		<xsd:annotation>
-			<xsd:documentation>Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
-		</xsd:annotation>
-		<xsd:simpleType>
-			<xsd:restriction base="xsd:boolean"/>
-		</xsd:simpleType>
-	</xsd:element>
-	<xsd:complexType name="InputProcessorType">
-		<xsd:simpleContent>
-			<xsd:extension base="xsd:string">
-				<xsd:attribute name="template" type="xsd:anyURI" use="optional">
-					<xsd:annotation>
-						<xsd:documentation>Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll</xsd:documentation>
-					</xsd:annotation>
-				</xsd:attribute>
-			</xsd:extension>
-		</xsd:simpleContent>
-	</xsd:complexType>
-	<xsd:complexType name="PartyRepresentationType">
-		<xsd:sequence>
-			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element ref="AlwaysShowForm" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">
-				<xsd:annotation>
-					<xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID="*" akzeptiert</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="PartyRepresentativeType">
-		<xsd:sequence>
-			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element ref="AlwaysShowForm" minOccurs="0"/>
-			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Optionale Verbindungsparameter zu speziellem (SZR-)Gateway</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="oid" use="required">
-			<xsd:annotation>
-				<xsd:documentation>OID der Parteienvertretung lt. "Object Identifier der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID "*" muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>
-			</xsd:annotation>
-			<!--xsd:simpleType>
-				<xsd:restriction/>
-				<xsd:restriction base="xsd:string">
-					<xsd:enumeration value="1.2.40.0.10.3.1"/>
-					<xsd:enumeration value="1.2.40.0.10.3.2"/>
-					<xsd:enumeration value="1.2.40.0.10.3.3"/>
-					<xsd:enumeration value="1.2.40.0.10.3.10"/>
-					<xsd:enumeration value="1.2.40.0.10.3.10.IdentifiedVoiceChannel"/>
-				</xsd:restriction>
-			</xsd:simpleType-->
-		</xsd:attribute>
-		<xsd:attribute name="representPhysicalParty" use="optional" default="false">
-			<xsd:annotation>
-				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist</xsd:documentation>
-			</xsd:annotation>
-			<xsd:simpleType>
-				<xsd:restriction base="xsd:boolean"/>
-			</xsd:simpleType>
-		</xsd:attribute>
-		<xsd:attribute name="representCorporateParty" use="optional" default="false">
-			<xsd:annotation>
-				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)</xsd:documentation>
-			</xsd:annotation>
-			<xsd:simpleType>
-				<xsd:restriction base="xsd:boolean"/>
-			</xsd:simpleType>
-		</xsd:attribute>
-		<xsd:attribute name="representationText" use="optional">
-			<xsd:annotation>
-				<xsd:documentation>Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird</xsd:documentation>
-			</xsd:annotation>
-			<!--xsd:simpleType>
-				<xsd:restriction/>
-				<xsd:restriction base="xsd:string">
-					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"/>
-					<xsd:enumeration value="Organwalter"/>
-					<xsd:enumeration value="Parteienvertreter(in) über einen identifizierten Sprachkanal"/>
-				</xsd:restriction>
-			</xsd:simpleType-->
-		</xsd:attribute>
-	</xsd:complexType>
-</xsd:schema>
diff --git a/id/server/doc/MOA-ID-Configuration-1.4.7.xsd b/id/server/doc/MOA-ID-Configuration-1.4.7.xsd
new file mode 100644
index 000000000..28e0b947d
--- /dev/null
+++ b/id/server/doc/MOA-ID-Configuration-1.4.7.xsd
@@ -0,0 +1,624 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSpy v2010 (http://www.altova.com) by ks (ks) -->
+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
+	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
+	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
+	<xsd:element name="Configuration">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="LoginType" type="LoginType" default="stateful"/>
+				<xsd:element name="Binding" minOccurs="0">
+					<xsd:simpleType>
+						<xsd:restriction base="xsd:string">
+							<xsd:enumeration value="full"/>
+							<xsd:enumeration value="userName"/>
+							<xsd:enumeration value="none"/>
+						</xsd:restriction>
+					</xsd:simpleType>
+				</xsd:element>
+				<xsd:choice>
+					<xsd:element ref="ParamAuth"/>
+					<xsd:element ref="BasicAuth"/>
+					<xsd:element ref="HeaderAuth"/>
+				</xsd:choice>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:simpleType name="LoginType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="stateless"/>
+			<xsd:enumeration value="stateful"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:element name="ParamAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="Parameter" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Parameter">
+		<xsd:complexType>
+			<xsd:attribute name="Name" type="xsd:token" use="required"/>
+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="BasicAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="UserID" type="MOAAuthDataType"/>
+				<xsd:element name="Password" type="MOAAuthDataType"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="HeaderAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="Header" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Header">
+		<xsd:complexType>
+			<xsd:attribute name="Name" type="xsd:token" use="required"/>
+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:simpleType name="MOAAuthDataType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="MOAGivenName"/>
+			<xsd:enumeration value="MOAFamilyName"/>
+			<xsd:enumeration value="MOADateOfBirth"/>
+			<xsd:enumeration value="MOABPK"/>
+			<xsd:enumeration value="MOAWBPK"/>
+			<xsd:enumeration value="MOAPublicAuthority"/>
+			<xsd:enumeration value="MOABKZ"/>
+			<xsd:enumeration value="MOAQualifiedCertificate"/>
+			<xsd:enumeration value="MOAStammzahl"/>
+			<xsd:enumeration value="MOAIdentificationValueType"/>
+			<xsd:enumeration value="MOAIPAddress"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="MOAKeyBoxSelector">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="SecureSignatureKeypair"/>
+			<xsd:enumeration value="CertifiedKeypair"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
+	<xsd:element name="MOA-IDConfiguration">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+				<xsd:element name="ProxyComponent" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>enthält Konfigurationsparameter der Proxy-Komponente</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:sequence>
+							<xsd:element name="AuthComponent">
+								<xsd:annotation>
+									<xsd:documentation>enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente</xsd:documentation>
+								</xsd:annotation>
+								<xsd:complexType>
+									<xsd:sequence>
+										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+											<xsd:annotation>
+												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
+											</xsd:annotation>
+										</xsd:element>
+									</xsd:sequence>
+								</xsd:complexType>
+							</xsd:element>
+						</xsd:sequence>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="OnlineApplication" maxOccurs="unbounded">
+					<xsd:annotation>
+						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:complexContent>
+							<xsd:extension base="OnlineApplicationType">
+								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
+								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
+								<xsd:attribute name="type" use="optional" default="publicService">
+									<xsd:simpleType>
+										<xsd:restriction base="xsd:NMTOKEN">
+											<xsd:enumeration value="businessService"/>
+											<xsd:enumeration value="publicService"/>
+										</xsd:restriction>
+									</xsd:simpleType>
+								</xsd:attribute>
+								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
+							</xsd:extension>
+						</xsd:complexContent>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="ChainingModes" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>spezifiziert den Algorithmus (&quot;pkix&quot; oder &quot;chaining&quot;) für die Zertifikatspfadvalidierung</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:sequence minOccurs="0" maxOccurs="unbounded">
+							<xsd:element name="TrustAnchor">
+								<xsd:annotation>
+									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden</xsd:documentation>
+								</xsd:annotation>
+								<xsd:complexType>
+									<xsd:complexContent>
+										<xsd:extension base="dsig:X509IssuerSerialType">
+											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>
+										</xsd:extension>
+									</xsd:complexContent>
+								</xsd:complexType>
+							</xsd:element>
+						</xsd:sequence>
+						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
+					<xsd:complexType>
+						<xsd:attribute name="name" use="required">
+							<xsd:simpleType>
+								<xsd:restriction base="xsd:string">
+									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
+									<xsd:enumeration value="AuthenticationSession.TimeOut"/>
+									<xsd:enumeration value="AuthenticationData.TimeOut"/>
+									<xsd:enumeration value="TrustManager.RevocationChecking"/>
+									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
+									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
+									<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>
+									<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>
+									<xsd:enumeration value="AuthenticationServer.SourceID"/>
+								</xsd:restriction>
+							</xsd:simpleType>
+						</xsd:attribute>
+						<xsd:attribute name="value" type="xsd:string" use="required"/>
+					</xsd:complexType>
+				</xsd:element>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="AuthComponentType">
+		<xsd:sequence>
+			<xsd:element name="BKUSelection" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
+					</xsd:sequence>
+					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+			<xsd:element name="SecurityLayer">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter für die Kommunikation mit dem Security-Layer</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="MOA-SP">
+				<xsd:annotation>
+					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema &quot;https&quot; verwendet müssen die Kind-Elemente angegeben werden; wird das Schema &quot;http&quot; verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+						<xsd:element name="VerifyIdentityLink">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die Überprüfung der Personenbindung</xsd:documentation>
+							</xsd:annotation>
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="TrustProfileID"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="VerifyAuthBlock">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die Überprüfung des AUTH-Blocks</xsd:documentation>
+							</xsd:annotation>
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="TrustProfileID"/>
+									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="IdentityLinkSigners" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Informationen über akzeptierte Signers des IdentityLinks</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
+							<xsd:annotation>
+								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="ForeignIdentities" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+							<xsd:annotation>
+								<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="TransformsInfoType">
+		<xsd:annotation>
+			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert</xsd:documentation>
+		</xsd:annotation>
+		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="TemplatesType">
+		<xsd:sequence>
+			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
+			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>
+			<xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="TemplateType">
+		<xsd:annotation>
+			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
+		</xsd:annotation>
+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="VerifyInfoboxesType">
+		<xsd:annotation>
+			<xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="DefaultTrustProfile" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="TrustProfileID"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="Infobox" type="InfoboxType" minOccurs="0" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="InfoboxType">
+		<xsd:annotation>
+			<xsd:documentation>Parameter zur Überprüfung einzelner Infoboxen</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: &quot;Stellvertretungen&quot; für &quot;Mandates&quot;; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>TrustProfil, das für die Überprüfung der Infobox verwendet werden soll</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
+			<xsd:element name="ApplicationSpecificParameters" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ParepSpecificParameters" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="EnableInfoboxValidator" minOccurs="0">
+							<xsd:annotation>
+								<xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox &quot;mandates&quot; abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox &quot;mandates&quot; relevant.</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+						<xsd:element name="PartyRepresentation" type="PartyRepresentationType">
+							<xsd:annotation>
+								<xsd:documentation>Eigentlicher Konfigurationsteil für berufliche Parteienvertretung</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+		<xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
+		<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+		<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+	</xsd:complexType>
+	<xsd:complexType name="SchemaLocationType">
+		<xsd:annotation>
+			<xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="Schema" maxOccurs="unbounded">
+				<xsd:complexType>
+					<xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
+					<xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ProxyComponentType"/>
+	<xsd:complexType name="OnlineApplicationType">
+		<xsd:sequence>
+			<xsd:element name="AuthComponent" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<!--xsd:element name="IdentificationNumber" minOccurs="0">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="pr:AbstractSimpleIdentification"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element-->
+						<xsd:element name="IdentificationNumber" minOccurs="0">
+							<xsd:complexType>
+								<xsd:choice>
+									<xsd:element ref="pr:Firmenbuchnummer"/>
+									<xsd:element ref="pr:ZMRzahl"/>
+									<xsd:element ref="pr:Vereinsnummer"/>
+									<xsd:element ref="pr:ERJPZahl"/>
+									<xsd:element name="AnyNumber">
+										<xsd:complexType>
+											<xsd:simpleContent>
+												<xsd:extension base="xsd:string">
+													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+												</xsd:extension>
+											</xsd:simpleContent>
+										</xsd:complexType>
+									</xsd:element>
+								</xsd:choice>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
+						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
+					</xsd:sequence>
+					<xsd:attribute name="slVersion" use="optional" default="1.1">
+						<xsd:simpleType>
+							<xsd:restriction base="xsd:string">
+								<xsd:enumeration value="1.1"/>
+								<xsd:enumeration value="1.2"/>
+							</xsd:restriction>
+						</xsd:simpleType>
+					</xsd:attribute>
+					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
+					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ProxyComponent" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
+					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
+					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
+					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
+					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
+				</xsd:complexType>
+			</xsd:element>
+			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ConnectionParameterServerAuthType">
+		<xsd:sequence>
+			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="ConnectionParameterClientAuthType">
+		<xsd:complexContent>
+			<xsd:extension base="ConnectionParameterServerAuthType">
+				<xsd:sequence>
+					<xsd:element name="ClientKeyStore" minOccurs="0">
+						<xsd:annotation>
+							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält</xsd:documentation>
+						</xsd:annotation>
+						<xsd:complexType>
+							<xsd:simpleContent>
+								<xsd:extension base="xsd:anyURI">
+									<xsd:attribute name="password" type="xsd:string" use="optional"/>
+								</xsd:extension>
+							</xsd:simpleContent>
+						</xsd:complexType>
+					</xsd:element>
+				</xsd:sequence>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:element name="TrustProfileID" type="xsd:string"/>
+	<xsd:simpleType name="ChainingModeType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="chaining"/>
+			<xsd:enumeration value="pkix"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="BKUSelectionType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="HTMLComplete"/>
+			<xsd:enumeration value="HTMLSelect"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:element name="CompatibilityMode" default="false">
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:element name="EnableInfoboxValidator" default="true">
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:element name="AlwaysShowForm" default="false">
+		<xsd:annotation>
+			<xsd:documentation>Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
+		</xsd:annotation>
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:complexType name="InputProcessorType">
+		<xsd:simpleContent>
+			<xsd:extension base="xsd:string">
+				<xsd:attribute name="template" type="xsd:anyURI" use="optional">
+					<xsd:annotation>
+						<xsd:documentation>Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll</xsd:documentation>
+					</xsd:annotation>
+				</xsd:attribute>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:complexType name="PartyRepresentationType">
+		<xsd:sequence>
+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="AlwaysShowForm" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID=&quot;*&quot; akzeptiert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="PartyRepresentativeType">
+		<xsd:sequence>
+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="AlwaysShowForm" minOccurs="0"/>
+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Optionale Verbindungsparameter zu speziellem (SZR-)Gateway</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="oid" use="required">
+			<xsd:annotation>
+				<xsd:documentation>OID der Parteienvertretung lt. &quot;Object Identifier der öffentlichen Verwaltung&quot; - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID &quot;*&quot; muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>
+			</xsd:annotation>
+			<!--xsd:simpleType>
+				<xsd:restriction/>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="1.2.40.0.10.3.1"/>
+					<xsd:enumeration value="1.2.40.0.10.3.2"/>
+					<xsd:enumeration value="1.2.40.0.10.3.3"/>
+					<xsd:enumeration value="1.2.40.0.10.3.10"/>
+					<xsd:enumeration value="1.2.40.0.10.3.10.IdentifiedVoiceChannel"/>
+				</xsd:restriction>
+			</xsd:simpleType-->
+		</xsd:attribute>
+		<xsd:attribute name="representPhysicalParty" use="optional" default="false">
+			<xsd:annotation>
+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist</xsd:documentation>
+			</xsd:annotation>
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:boolean"/>
+			</xsd:simpleType>
+		</xsd:attribute>
+		<xsd:attribute name="representCorporateParty" use="optional" default="false">
+			<xsd:annotation>
+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)</xsd:documentation>
+			</xsd:annotation>
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:boolean"/>
+			</xsd:simpleType>
+		</xsd:attribute>
+		<xsd:attribute name="representationText" use="optional">
+			<xsd:annotation>
+				<xsd:documentation>Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird</xsd:documentation>
+			</xsd:annotation>
+			<!--xsd:simpleType>
+				<xsd:restriction/>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"/>
+					<xsd:enumeration value="Organwalter"/>
+					<xsd:enumeration value="Parteienvertreter(in) über einen identifizierten Sprachkanal"/>
+				</xsd:restriction>
+			</xsd:simpleType-->
+		</xsd:attribute>
+	</xsd:complexType>
+</xsd:schema>
diff --git a/id/server/doc/MOA-ID-Configuration-1.4.xsd b/id/server/doc/MOA-ID-Configuration-1.4.xsd
deleted file mode 100644
index 66a9c0ed4..000000000
--- a/id/server/doc/MOA-ID-Configuration-1.4.xsd
+++ /dev/null
@@ -1,505 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->
-<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1">
-	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
-	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
-	<xsd:element name="Configuration">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="LoginType" type="LoginType" default="stateful"/>
-				<xsd:element name="Binding" minOccurs="0">
-					<xsd:simpleType>
-						<xsd:restriction base="xsd:string">
-							<xsd:enumeration value="full"/>
-							<xsd:enumeration value="userName"/>
-							<xsd:enumeration value="none"/>
-						</xsd:restriction>
-					</xsd:simpleType>
-				</xsd:element>
-				<xsd:choice>
-					<xsd:element ref="ParamAuth"/>
-					<xsd:element ref="BasicAuth"/>
-					<xsd:element ref="HeaderAuth"/>
-				</xsd:choice>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:simpleType name="LoginType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="stateless"/>
-			<xsd:enumeration value="stateful"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:element name="ParamAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element ref="Parameter" maxOccurs="unbounded"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="Parameter">
-		<xsd:complexType>
-			<xsd:attribute name="Name" type="xsd:token" use="required"/>
-			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="BasicAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="UserID" type="MOAAuthDataType"/>
-				<xsd:element name="Password" type="MOAAuthDataType"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="HeaderAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element ref="Header" maxOccurs="unbounded"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="Header">
-		<xsd:complexType>
-			<xsd:attribute name="Name" type="xsd:token" use="required"/>
-			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:simpleType name="MOAAuthDataType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="MOAGivenName"/>
-			<xsd:enumeration value="MOAFamilyName"/>
-			<xsd:enumeration value="MOADateOfBirth"/>
-			<xsd:enumeration value="MOABPK"/>
-			<xsd:enumeration value="MOAWBPK"/>
-			<xsd:enumeration value="MOAPublicAuthority"/>
-			<xsd:enumeration value="MOABKZ"/>
-			<xsd:enumeration value="MOAQualifiedCertificate"/>
-			<xsd:enumeration value="MOAStammzahl"/>
-			<xsd:enumeration value="MOAIdentificationValueType"/>
-			<xsd:enumeration value="MOAIPAddress"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:simpleType name="MOAKeyBoxSelector">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="SecureSignatureKeypair"/>
-			<xsd:enumeration value="CertifiedKeypair"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
-	<xsd:element name="MOA-IDConfiguration">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>enthält Parameter der 
-							Authentisierungs-Komponente</xsd:documentation>
-					</xsd:annotation>
-				</xsd:element>
-				<xsd:element name="ProxyComponent" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>enthält Konfigurationsparameter der 
-							Proxy-Komponente</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:sequence>
-							<xsd:element name="AuthComponent">
-								<xsd:annotation>
-									<xsd:documentation>enthält Parameter für die Kommunikation zw. 
-										Proxykomponente und Authenttisierungskomponente</xsd:documentation>
-								</xsd:annotation>
-								<xsd:complexType>
-									<xsd:sequence>
-										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-											<xsd:annotation>
-												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der 
-													Proxy-Komponente zur Auth-Komponente (vgl. 
-													AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
-											</xsd:annotation>
-										</xsd:element>
-									</xsd:sequence>
-								</xsd:complexType>
-							</xsd:element>
-						</xsd:sequence>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="OnlineApplication" maxOccurs="unbounded">
-					<xsd:annotation>
-						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:complexContent>
-							<xsd:extension base="OnlineApplicationType">
-								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
-								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
-								<xsd:attribute name="type" use="optional" default="publicService">
-									<xsd:simpleType>
-										<xsd:restriction base="xsd:NMTOKEN">
-											<xsd:enumeration value="businessService"/>
-											<xsd:enumeration value="publicService"/>
-										</xsd:restriction>
-									</xsd:simpleType>
-								</xsd:attribute>
-								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
-							</xsd:extension>
-						</xsd:complexContent>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="ChainingModes" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die 
-							Zertifikatspfadvalidierung</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:sequence minOccurs="0" maxOccurs="unbounded">
-							<xsd:element name="TrustAnchor">
-								<xsd:annotation>
-									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann 
-										für jeden TrustAnchor gesetzt werden</xsd:documentation>
-								</xsd:annotation>
-								<xsd:complexType>
-									<xsd:complexContent>
-										<xsd:extension base="dsig:X509IssuerSerialType">
-											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>
-										</xsd:extension>
-									</xsd:complexContent>
-								</xsd:complexType>
-							</xsd:element>
-						</xsd:sequence>
-						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA 
-							(Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
-					</xsd:annotation>
-				</xsd:element>
-				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
-					<xsd:complexType>
-						<xsd:attribute name="name" use="required">
-							<xsd:simpleType>
-								<xsd:restriction base="xsd:string">
-									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
-									<xsd:enumeration value="AuthenticationSession.TimeOut"/>
-									<xsd:enumeration value="AuthenticationData.TimeOut"/>
-									<xsd:enumeration value="TrustManager.RevocationChecking"/>
-									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
-									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
-								</xsd:restriction>
-							</xsd:simpleType>
-						</xsd:attribute>
-						<xsd:attribute name="value" type="xsd:string" use="required"/>
-					</xsd:complexType>
-				</xsd:element>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:complexType name="AuthComponentType">
-		<xsd:sequence>
-			<xsd:element name="BKUSelection" minOccurs="0">
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
-					</xsd:sequence>
-					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
-			<xsd:element name="SecurityLayer">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter für die Kommunikation mit dem 
-						Security-Layer</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="MOA-SP">
-				<xsd:annotation>
-					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA 
-						SP Modul</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der 
-									AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; 
-									wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden; 
-									wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben 
-									werden; wird das Element nicht verwendet dann wird MOA-SP über das API 
-									aufgerufen</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-						<xsd:element name="VerifyIdentityLink">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die Überprüfung der 
-									Personenbindung</xsd:documentation>
-							</xsd:annotation>
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="TrustProfileID"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element>
-						<xsd:element name="VerifyAuthBlock">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die Überprüfung des 
-									AUTH-Blocks</xsd:documentation>
-							</xsd:annotation>
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="TrustProfileID"/>
-									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="IdentityLinkSigners" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Informationen über akzeptierte Signers des 
-						IdentityLinks</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
-							<xsd:annotation>
-								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per 
-									X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="TransformsInfoType">
-		<xsd:annotation>
-			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem 
-				Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo 
-				werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks 
-				inkludiert</xsd:documentation>
-		</xsd:annotation>
-		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="TemplatesType">
-		<xsd:sequence>
-			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
-			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="TemplateType">
-		<xsd:annotation>
-			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
-		</xsd:annotation>
-		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="VerifyInfoboxesType">
-		<xsd:annotation>
-			<xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
-		</xsd:annotation>
-		<xsd:sequence>
-			<xsd:element name="DefaultTrustProfile" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element ref="TrustProfileID"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="Infobox" maxOccurs="unbounded">
-				<xsd:annotation>
-					<xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
-							<xsd:annotation>
-								<xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll;
-								z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird
-								das Identifier-Attribut verwendet</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-						<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
-							<xsd:annotation>
-								<xsd:documentation>TrustProfil, das für die Überprüfung der Infobox
-								verwendet werden soll</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-						<xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
-							<xsd:annotation>
-								<xsd:documentation>Validatorklasse, die für die Prüfung der Infobox
-								verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname
-								vom Default Package- und Klassennamen abweichen</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-						<xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
-						<xsd:element name="ApplicationSpecificParameters" minOccurs="0">
-							<xsd:annotation>
-								<xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation
-									 übergeben werden</xsd:documentation>
-							</xsd:annotation>
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element>
-					</xsd:sequence>
-					<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
-					<xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="SchemaLocationType">
-		<xsd:annotation>
-			<xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
-		</xsd:annotation>
-		<xsd:sequence>
-			<xsd:element name="Schema" maxOccurs="unbounded">
-				<xsd:complexType>
-					<xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
-					<xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="ProxyComponentType"/>
-	<xsd:complexType name="OnlineApplicationType">
-		<xsd:sequence>
-			<xsd:element name="AuthComponent" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter über die OA, die die 
-						Authentisierungs-Komponente betreffen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<!--xsd:element name="IdentificationNumber" minOccurs="0">
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="pr:AbstractSimpleIdentification"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element-->
-						<xsd:element name="IdentificationNumber" minOccurs="0">
-							<xsd:complexType>
-								<xsd:choice>
-									<xsd:element ref="pr:Firmenbuchnummer"/>
-									<xsd:element ref="pr:ZMRzahl"/>
-									<xsd:element ref="pr:Vereinsnummer"/>
-									<xsd:element ref="pr:ERJPZahl"/>
-									<xsd:element name="AnyNumber">
-										<xsd:complexType>
-											<xsd:simpleContent>
-												<xsd:extension base="xsd:string">
-													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
-												</xsd:extension>
-											</xsd:simpleContent>
-										</xsd:complexType>
-									</xsd:element>
-								</xsd:choice>
-							</xsd:complexType>
-						</xsd:element>
-						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
-						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
-						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
-					</xsd:sequence>
-					<xsd:attribute name="slVersion" use="optional" default="1.1">
-						<xsd:simpleType>
-							<xsd:restriction base="xsd:string">
-								<xsd:enumeration value="1.1"/>
-								<xsd:enumeration value="1.2"/>
-							</xsd:restriction>
-						</xsd:simpleType>
-					</xsd:attribute>
-					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
-					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="ProxyComponent" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente 
-						betreffen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente 
-									betreffen</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
-					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
-					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
-					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
-					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
-				</xsd:complexType>
-			</xsd:element>
-			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="ConnectionParameterServerAuthType">
-		<xsd:sequence>
-			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der 
-						TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="ConnectionParameterClientAuthType">
-		<xsd:complexContent>
-			<xsd:extension base="ConnectionParameterServerAuthType">
-				<xsd:sequence>
-					<xsd:element name="ClientKeyStore" minOccurs="0">
-						<xsd:annotation>
-							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für 
-								die TLS-Client-Authentisierung verwendetwird, enthält</xsd:documentation>
-						</xsd:annotation>
-						<xsd:complexType>
-							<xsd:simpleContent>
-								<xsd:extension base="xsd:anyURI">
-									<xsd:attribute name="password" type="xsd:string" use="optional"/>
-								</xsd:extension>
-							</xsd:simpleContent>
-						</xsd:complexType>
-					</xsd:element>
-				</xsd:sequence>
-			</xsd:extension>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:element name="TrustProfileID" type="xsd:string"/>
-	<xsd:simpleType name="ChainingModeType">
-		<xsd:restriction base="xsd:string">
-			<xsd:enumeration value="chaining"/>
-			<xsd:enumeration value="pkix"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:simpleType name="BKUSelectionType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="HTMLComplete"/>
-			<xsd:enumeration value="HTMLSelect"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-</xsd:schema>
diff --git a/id/server/doc/moa_id/id-admin.htm b/id/server/doc/moa_id/id-admin.htm
index 4c5a29b26..8238c7c2d 100644
--- a/id/server/doc/moa_id/id-admin.htm
+++ b/id/server/doc/moa_id/id-admin.htm
@@ -105,17 +105,18 @@ F&uuml;r den Betrieb von MOA-ID-AUTH sind unterschiedliche Szenarien m&ouml;glic
 </td>
 <td valign="top">
 <div id="subtitel">Basis-Installation von MOA-ID-AUTH</div>
-<p id="block">
+<div id="block">
 Die Basis-Installation stellt einerseits die minimalen Anforderungen f&uuml;r den Betrieb von MOA-ID-AUTH dar, andererseits dient sie als Ausgangspunkt f&uuml;r weitere (optionale) Konfigurations-M&ouml;glichkeiten.
 <br /><br />
 Folgende Software ist Voraussetzung f&uuml;r die Basis-Installation:
-</div>
+
 <ul>
-<li>JDK 1.4.0, JDK 1.4.2 oder JDK 1.5.0</li>
-<li>Tomcat 4.1.31 oder Tomcat 5.0.28</li>
+<li>JDK 1.4.0, JDK 1.4.2, JDK 1.5.0 oder JDK 1.6</li>
+<li>Tomcat 4.1.31, Tomcat 5.0.28, Tomcat 5.5 oder Tomcat 6</li>
 <li>MOA-ID-AUTH 1.4 </li>
 <li>MOA SP/SS 1.4 oder neuer (entweder als WebService oder direkt als interne Bibliothek)</li>
 </ul>
+</div>
 <div id="block">
 Um m&ouml;glichen Versionskonflikten aus dem Weg zu gehen sollten stets die neuesten Versionen von MOA-ID als auch von MOA-SP/SS verwendet werden. <br/>
 In diesem Betriebs-Szenario wird MOA-ID-AUTH in Tomcat deployt. Tomcat fungiert gleichzeitig als HTTP- und HTTPS-Endpunkt f&uuml;r MOA-ID-AUTH. Beide Protokolle werden direkt in Tomcat konfiguriert.
@@ -236,10 +237,10 @@ Die Versionsangaben beziehen sich auf die Versionen, mit denen die MOA ID Webapp
                         </tr>
                         <tr>
                           <td width="59%"><b>JDK (SDK)</b> </td>
-                          <td width="41%">min. <a href="http://java.sun.com/j2se/1.4.0/download.html">1.4.0</a> bzw. <a href="http://java.sun.com/j2se/1.4.2/download.html"><br>
+                          <td width="41%"><p>min. <a href="http://java.sun.com/j2se/1.4.0/download.html">1.4.0</a> bzw. <a href="http://java.sun.com/j2se/1.4.2/download.html"><br>
                           1.4.2</a><br/>
-						  <a href="http://java.sun.com/j2se/1.5.0/download.html">1.5.0</a>
-						  </td>
+						  <a href="http://java.sun.com/j2se/1.5.0/download.html">1.5.0</a></p>
+                          </td>
                         </tr>
                         <tr>
                           <td width="59%" height="21"><b>Tomcat</b></td>
diff --git a/id/server/doc/moa_id/id-admin_1.htm b/id/server/doc/moa_id/id-admin_1.htm
index 7b9ea9c1d..3e320d850 100644
--- a/id/server/doc/moa_id/id-admin_1.htm
+++ b/id/server/doc/moa_id/id-admin_1.htm
@@ -124,7 +124,7 @@ Unterschiede sind in der Installationsanweisung angef&uuml;hrt.
               f&uuml;r 1.5.0</a>.</p>
       </div>
 
-</div></td></tr></table>
+</td></tr></table>
 
 <div id="Tomcat" />
 <table width="650" border="0" cellpadding="10" cellspacing="0">
@@ -425,7 +425,7 @@ FATAL | 03 13:19:06,924 | main | Fehler
 </pre>
 In diesem Fall geben die WARN bzw. ERROR Log-Meldungen unmittelbar davor Aufschluss &uuml;ber den genaueren Grund.  <br />
 </div>
-</div></td></tr></table>
+</td></tr></table>
 
 
 <div id="Logging" />
@@ -519,7 +519,7 @@ Wenn nun versucht wird, eine Transaktion mit einer ung&uumlltigen SessionID fort
                       <p>
                         </div>
                       </p>
-                    </div>
+                    
 </td></tr></table>
 <br /><br />
 
@@ -530,7 +530,7 @@ Wenn nun versucht wird, eine Transaktion mit einer ung&uumlltigen SessionID fort
 <td width="170" valign="top"><br /></td>
 <td valign="top">
 <hr />
-<div style="font-size:8pt; color:#909090">&copy; 2004 </div>
+<div style="font-size:8pt; color:#909090">&copy; 2010</div>
 </td></tr></table>
 <br />
 
diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm
index e934dc6cc..76df09e54 100644
--- a/id/server/doc/moa_id/id-admin_2.htm
+++ b/id/server/doc/moa_id/id-admin_2.htm
@@ -115,14 +115,14 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
 
 </td>
 
-      <td valign="top">
+    <td valign="top">
         <div id="titel">Konfiguration von MOA ID v.1.4</div>
         <div id="moaid-konfiguration" />
           <p id="subtitel">Konfiguration von MOA ID v.1.4</p>
           <p id="block"> Die Konfiguration von MOA ID wird mittels einer XML-basierten
             Konfigurationsdatei, die dem Schema
-            <a href="../MOA-ID-Configuration-1.4.3.xsd" target="_new">MOA-ID-Configuration-1.4.3.xsd</a> entspricht, durchgef&uuml;hrt.
-          <p /> Der Ort der Konfigurationsdatei wird im Abschnitt <a href="id-admin_1.htm#deployment">Deployment
+            <a href="../MOA-ID-Configuration-1.4.7.xsd" target="_new">MOA-ID-Configuration-1.4.7.xsd</a> entspricht, durchgef&uuml;hrt.
+        <p /> Der Ort der Konfigurationsdatei wird im Abschnitt <a href="id-admin_1.htm#deployment">Deployment
             der Web-Applikation in Tomcat</a> beschrieben.
           <p /> Die folgenden Abschnitte erl&auml;utern das Format der Konfigurationsdatei.
             <a href="examples/conf/MOA-ID-Configuration.xml" target="_new">MOA-ID-Configuration.xml</a>
@@ -251,8 +251,8 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                 dieses Handbuches entnommen werden.
 
                   </p>
-    </div>
-                <div id="SecurityLayer" />
+    
+                    <div id="SecurityLayer" />
                   <p id="block"> <b>AuthComponent/SecurityLayer</b> <br />
                     Das Element <tt>SecurityLayer</tt> enth&auml;lt Parameter
                     zur Nutzung des Security-Layers. <br />
@@ -289,12 +289,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                       von MOA-SP gesetzt werden. Eine beispielhafte MOA-SP Konfigurationsdatei
                       ist in <tt>$MOA_ID_INST_AUTH/conf/moa-spss/SampleMOASPSSConfiguration.xml</tt>
                       enthalten. </p>
-                  </div>
-                </div>
-              </div>
-            </div>
-          </div>
-        </div>
+                          
         <div id="moaid-konfiguration" />
           <div id="ConnectionParameter" />
             <div id="AuthComponent" />
@@ -321,14 +316,8 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                         zur &uuml;berpr&uuml;fung der Signatur des Auth-Blocks
                         verwendet werden m&uuml;ssen. Diese TrustProfileID muss
                         beim verwendeten MOA-SP Modul konfiguriert sein.</p>
-                    </div>
-                  </div>
-                </div>
-              </div>
-            </div>
-          </div>
-        </div>
-        <div id="moaid-konfiguration" />
+                   
+      <div id="moaid-konfiguration" />
             <div id="AuthComponent" />
               <div id="IdentityLinkSigners" />
                 <p id="block"> <b>AuthComponent/IdentityLinkSigners</b>
@@ -533,13 +522,16 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                         </ul>
                       </li>
                     </ul>
-                    <br />
+                    <p><br />
                     Eine Beispielkonfiguration finden sie am Ende das Abschnitts
-                    <a href="#VerifyInfoboxesOA">OnlineApplication/AuthComponent/VerifyInfoboxes</a>.
-                    <br />
-                    <br />
+                      <a href="#VerifyInfoboxesOA">OnlineApplication/AuthComponent/VerifyInfoboxes</a>.
+                      <br />
                   </p>
-                </div>
+                    <p><b>AuthComponent/ForeignIdentities</b> <br />
+Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;ndischen Karten. Hierf&uuml;r ist ein Stammzahlenregister-Gateway n&ouml;tig, dass einen entsprechenden Zugang zum Stammzahlenregister bereitstellt. Es ist hierzu ein ensprechenden <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> zu definieren, der die Zugangsdaten zum Gateway bereith&auml;lt (siehe <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>).<br />
+                      </p>
+      </p>
+                
 
                       <div id="ProxyComponent" />
                         <p id="block"> <b>ProxyComponent</b> <br />
@@ -1457,7 +1449,7 @@ Im Falle einer fehlerhaften neuen Konfiguration wird die urspr&uuml;ngliche Konf
 <td width="170" valign="top"><br /></td>
 <td valign="top">
 <hr />
-<div style="font-size:8pt; color:#909090">&copy; 2004</div>
+<div style="font-size:8pt; color:#909090">&copy; 2010</div>
 </td></tr></table>
 <br />
 
diff --git a/id/server/doc/moa_id/links.htm b/id/server/doc/moa_id/links.htm
index 06aa7afcc..ef6c09083 100644
--- a/id/server/doc/moa_id/links.htm
+++ b/id/server/doc/moa_id/links.htm
@@ -66,8 +66,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
 <br />
 <!-- div id="slogan">
 MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Trust und dem Institut f&uuml;r angewandte Informations- und Kom-munikationstechnik (IAIK) der Universit&auml;t Graz
-</div -->
-</td>
+</div --></td>
 
 <td valign="top">
 <div id="titel">MOA Links </div>
@@ -76,28 +75,28 @@ MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Tr
 <p id="subtitel">Externe Komponenten</p>
 
 <div id="klein">Apache <br />
-<a href="http://httpd.apache.org/docs-2.0/">http://httpd.apache.org/docs-2.0</a></div>
+<a href="http://httpd.apache.org/">http://httpd.apache.org/</a></div>
 
 <div id="klein">Internet Information Server <br />
-<a href="http://www.microsoft.com/windows2000/en/server/iis/default.asp">http://www.microsoft.com/windows2000/en/server/iis/default.asp</a></div>
+<a href="http://www.iis.net/">http://www.iis.net/</a></div>
 
 <div id="klein">Tomcat <br />
-<a href="http://jakarta.apache.org/tomcat/tomcat-4.1-doc/">http://jakarta.apache.org/tomcat/tomcat-4.1-doc</a> </div>
+<a href="http://tomcat.apache.org/">http://tomcat.apache.org/</a></div>
 
 <div id="klein">Tomcat mod_SSL <br />
-<a href="http://httpd.apache.org/docs-2.0/ssl/">http://httpd.apache.org/docs-2.0/ssl</a></div>
+<a href="http://httpd.apache.org/docs/2.2/ssl/">http://httpd.apache.org/docs/2.2/ssl/</a></div>
 
 <div id="klein">Tomcat mod_jk <br />
-<a href="http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/">http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2</a></div>
+<a href="http://tomcat.apache.org/connectors-doc/">http://tomcat.apache.org/connectors-doc/</a></div>
 
 <div id="klein">Logging Toolkit <br />
-<a href="http://jakarta.apache.org/log4j/docs/index.html">http://jakarta.apache.org/log4j/docs/ </a></div>
+<a href="http://jakarta.apache.org/log4j/">http://jakarta.apache.org/log4j/</a></div>
 
 <div id="klein">IAIK JCE <br />
 <a href="http://jce.iaik.tugraz.at/products/index.php">http://jce.iaik.tugraz.at/products/index.php </a></div>
 
 <div id="klein">PostgreSQL <br />
-<a href="http://techdocs.postgresql.org/installguides.php">http://techdocs.postgresql.org </a></div>
+<a href="http://www.postgresql.org/">http://www.postgresql.org/</a></div>
 
 <div id="Spezifikationen" />
 <p id="subtitel">Spezifikationen</p>
@@ -108,20 +107,24 @@ MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Tr
 <div id="klein">E-Government <br />
 <a href="http://reference.e-government.gv.at/">http://reference.e-government.gv.at</a></div>
 
-<div id="klein">Security Layer Version 1.1<br />
-<a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20020831">http://www.buergerkarte.at/konzept/securitylayer/spezifikation/2002083</a></div>
+<div id="klein">B&uuml;rgerkarte<br />
+<a href="http://www.buergerkarte.at">http://www.buergerkarte.at</a></div>
 
-<div id="klein">Personenbindung Version 1.1<br />
-<a href="http://www.buergerkarte.at/konzept/personenbindung/spezifikation/20020506">http://www.buergerkarte.at/konzept/personenbindung/spezifikation/20020506</a></div>
+<div id="klein">Security Layer Version 1.2<br />
+<a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/">http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/</a></div>
+
+<div id="klein">Personenbindung Version 1.2.2<br />
+<a href="http://www.buergerkarte.at/konzept/personenbindung/spezifikation/aktuell/">http://www.buergerkarte.at/konzept/personenbindung/spezifikation/aktuell/</a></div>
 
 <div id="klein">Security Assertion Markup Language <br />
 <a href="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security">http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security</a></div>
 
-<div id="klein">Auswahl von B&uuml;rgerkartenumgebungen Version 1.0.0<br />
-<a href="../bku-auswahl.20030408.pdf">bku-auswahl.20030408.pdf</a></div>
-</p>
-
-</td></tr></table>
+</td></tr>
+<tr>
+  <td  valign="top">&nbsp;</td>
+  <td valign="top">&nbsp;</td>
+</tr>
+</table>
 
 
 
@@ -131,7 +134,8 @@ MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Tr
 <td width="170" valign="top"><br /></td>
 <td valign="top">
 <hr />
-<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
+<div style="font-size:8pt; color:#909090">&copy; 2010
+  <!-- Development Center, BRZ GmbH --></div>
 </td></tr></table>
 <br />
 
diff --git a/id/server/doc/moa_id/moa.htm b/id/server/doc/moa_id/moa.htm
index 05a2d3007..d899dd94c 100644
--- a/id/server/doc/moa_id/moa.htm
+++ b/id/server/doc/moa_id/moa.htm
@@ -238,7 +238,7 @@ an den Benutzer weitergeleitet und die Anfragen des Benutzers an die OA weiterge
 <td width="170" valign="top"><br /></td>
 <td valign="top">
 <hr />
-<div style="font-size:8pt; color:#909090">&copy; 2004</div>
+<div style="font-size:8pt; color:#909090">&copy; 2010</div>
 </td></tr></table>
 <br />
 
diff --git a/id/server/idserverlib/.classpath b/id/server/idserverlib/.classpath
index 1c79cc393..f0e483a4a 100644
--- a/id/server/idserverlib/.classpath
+++ b/id/server/idserverlib/.classpath
@@ -1,9 +1,13 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
-	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
-	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
-	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
-	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
-	<classpathentry kind="output" path="target/classes"/>
-</classpath>
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
+	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
+	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
+	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.nondependency" value=""/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/id/server/idserverlib/.settings/org.eclipse.wst.common.component b/id/server/idserverlib/.settings/org.eclipse.wst.common.component
index 554e24c0b..87b873d7b 100644
--- a/id/server/idserverlib/.settings/org.eclipse.wst.common.component
+++ b/id/server/idserverlib/.settings/org.eclipse.wst.common.component
@@ -1,8 +1,7 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-<wb-module deploy-name="moa-id-lib">
-<wb-resource deploy-path="/" source-path="/src/main/java"/>
-<wb-resource deploy-path="/" source-path="/src/test/java"/>
-<wb-resource deploy-path="/" source-path="/src/main/resources"/>
-</wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+<wb-module deploy-name="moa-id-lib">
+<wb-resource deploy-path="/" source-path="/src/main/java"/>
+<wb-resource deploy-path="/" source-path="/src/main/resources"/>
+</wb-module>
+</project-modules>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index c0f704522..45b46242e 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -2,14 +2,14 @@
 	<parent>
 		<groupId>MOA.id</groupId>
 		<artifactId>moa-id</artifactId>
-		<version>1.4.6</version>
+		<version>1.4.7</version>
 	</parent>
 
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>MOA.id.server</groupId>
 	<artifactId>moa-id-lib</artifactId>
 	<packaging>jar</packaging>
-	<version>1.4.6</version>
+	<version>1.4.7</version>
 	<name>MOA ID API</name>
 
 	<properties>
@@ -117,10 +117,10 @@
 			<groupId>regexp</groupId>
 			<artifactId>regexp</artifactId>
 		</dependency>
-		<dependency>
+		<!-- <dependency>
 			<groupId>commons-httpclient</groupId>
 			<artifactId>commons-httpclient</artifactId>
-		</dependency>
+		</dependency>-->
 		<dependency>
 			<groupId>at.gv.egovernment.moa.id</groupId>
 			<artifactId>mandate-validate</artifactId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 971fbcef2..fcaa4f053 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -19,7 +19,6 @@ import iaik.pki.PKIException;
 import iaik.x509.X509Certificate;
 
 import java.io.File;
-import java.io.FileOutputStream;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.util.Calendar;
@@ -34,7 +33,6 @@ import java.util.Vector;
 
 import javax.xml.transform.TransformerException;
 
-import org.apache.axis.AxisFault;
 import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.id.AuthenticationException;
@@ -90,7 +88,6 @@ import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.logging.LogMsg;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.spss.MOASystemException;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.BoolUtils;
 import at.gv.egovernment.moa.util.Constants;
@@ -176,9 +173,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr)))
       throw new AuthenticationException("auth.07", new Object[] { authURL + "*" });
     if (isEmpty(authURL))
-      throw new WrongParametersException("StartAuthentication", "AuthURL");
+      throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.5");
     if (isEmpty(oaURL))
-      throw new WrongParametersException("StartAuthentication", PARAM_OA);
+      throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.5");
 
     ConnectionParameter bkuConnParam =
       AuthConfigurationProvider.getInstance().getBKUConnectionParameter();
@@ -193,7 +190,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     
     if (!oaParam.getBusinessService()) {
       if (isEmpty(target))
-        throw new WrongParametersException("StartAuthentication", PARAM_TARGET);
+        throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.5");
     } else {
       if (!isEmpty(target)) {
         Logger.info("Ignoring target parameter thus application type is \"businessService\"");
@@ -220,7 +217,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       // bkuSelectionType==HTMLSelect
       String bkuSelectTag;
       try {
-	      bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam);
+         bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam);
       } catch (Throwable ex) {
         throw new AuthenticationException(
           "auth.11",
@@ -273,9 +270,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
    * <li>Creates an HTML form for querying the identity link from the 
    * security layer implementation.
    * <br>Form parameters include
-   * 	 <ul>
+   *   <ul>
    *   <li>the <code>&lt;InfoboxReadRequest&gt;</code></li>
-   * 	 <li>the data URL where the security layer implementation sends it response to</li>
+   *   <li>the data URL where the security layer implementation sends it response to</li>
    *   </ul>
    * </ul>
    * @param authURL URL of the servlet to be used as data URL
@@ -302,7 +299,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 
     if (isEmpty(sessionID)) {
       if (isEmpty(authURL))
-        throw new WrongParametersException("StartAuthentication", "AuthURL");
+        throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.5");
 
       //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
       String boolStr =
@@ -311,7 +308,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr)))
         throw new AuthenticationException("auth.07", new Object[] { authURL + "*" });
       if (isEmpty(oaURL))
-        throw new WrongParametersException("StartAuthentication", PARAM_OA);
+        throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.5");
     }
     AuthenticationSession session;
     OAAuthParameter oaParam;
@@ -327,7 +324,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
         throw new AuthenticationException("auth.00", new Object[] { oaURL });
       if (!oaParam.getBusinessService()) {
         if (isEmpty(target))
-          throw new WrongParametersException("StartAuthentication", PARAM_TARGET);
+          throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.5");
       } else {
         target = null;
       }
@@ -411,8 +408,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
    * <li>Verifies all additional infoboxes returned from the BKU</li>
    * <li>Creates an authentication block to be signed by the user</li>
    * <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code> 
-   *  	 containg the authentication block, meant to be returned to the 
-   * 		 security layer implementation</li>
+   *      containg the authentication block, meant to be returned to the 
+   *      security layer implementation</li>
    * </ul>
    * 
    * @param sessionID ID of associated authentication session data
@@ -441,6 +438,23 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       throw new AuthenticationException("auth.01", new Object[] { sessionID });
     session.setTimestampIdentityLink();
     AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+    // check if an identity link was found
+    // Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform (SL1.2))
+    CharSequence se = "ErrorCode>2911".substring(0);
+    boolean b = xmlInfoboxReadResponse.contains(se);
+    if (b) { // no identity link found
+       Logger.info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als ausländische eID.");
+      return null;
+    }
+    // spezifikationsgemäßer (SL1.2) Errorcode
+    se = "ErrorCode>4002";
+    b = xmlInfoboxReadResponse.contains(se);
+    if (b) { // Unbekannter Infoboxbezeichner
+       Logger.info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als ausländische eID.");
+      return null;
+    }
+        
     // parses the <InfoboxReadResponse>
     IdentityLink identityLink =
       new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink();
@@ -495,6 +509,18 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     if (authConf==null) authConf = AuthConfigurationProvider.getInstance();
     if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance().
       getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+    
+    //BZ.., calculate bPK for signing to be already present in AuthBlock
+    IdentityLink identityLink = session.getIdentityLink();
+    if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+        // only compute bPK if online application is a public service and we have the Stammzahl
+        String bpkBase64 = new BPKBuilder().buildBPK(
+            identityLink.getIdentificationValue(),
+            session.getTarget());
+        identityLink.setIdentificationValue(bpkBase64);
+      }
+    //..BZ
+    
 
     // builds the AUTH-block
     String authBlock = buildAuthenticationBlock(session);
@@ -513,6 +539,186 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     return createXMLSignatureRequest;
   }
   
+  /**
+   * Returns a CreateXMLSignatureRequest for the foreign ID.<br>
+   * 
+   * @param sessionID ID of associated authentication session data
+   * @param infoboxReadResponseParameters The parameters from the response returned from
+   *        the BKU
+   * @param cert The certificate of the foreign ID 
+   * @return String representation of the <code>&lt;CreateXMLSignatureRequest&gt;</code>
+   */
+  public String getCreateXMLSignatureRequestForeignID(String sessionID, Map infoboxReadResponseParameters, X509Certificate cert)
+    throws
+      AuthenticationException,
+      BuildException,
+      ParseException,
+      ConfigurationException,
+      ValidateException,
+      ServiceException {
+
+    if (isEmpty(sessionID))
+      throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID});
+       
+    
+    AuthenticationSession session = getSession(sessionID);
+    AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+    OAAuthParameter oaParam =
+      AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+        session.getPublicOAURLPrefix());
+    
+    
+    return getCreateXMLSignatureRequestForeignID(session, authConf, oaParam);
+  }
+  
+  public String getCreateXMLSignatureRequestForeignID(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam)
+  throws 
+    ConfigurationException, 
+    BuildException,
+    ValidateException {
+  
+  
+  if (authConf==null) authConf = AuthConfigurationProvider.getInstance();
+  if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance().
+    getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+  
+  //BZ.., calculate bPK for signing to be already present in AuthBlock
+//  IdentityLink identityLink = session.getIdentityLink();
+//  if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+//      // only compute bPK if online application is a public service and we have the Stammzahl
+//      String bpkBase64 = new BPKBuilder().buildBPK(
+//          identityLink.getIdentificationValue(),
+//          session.getTarget());
+//      identityLink.setIdentificationValue(bpkBase64);
+//    }
+  //..BZ
+  
+
+  // builds the AUTH-block
+  String authBlock = buildAuthenticationBlock(session);
+//  session.setAuthBlock(authBlock);
+  // builds the <CreateXMLSignatureRequest>
+  String[] transformsInfos = oaParam.getTransformsInfos();
+  if ((transformsInfos == null) || (transformsInfos.length == 0)) {
+    // no OA specific transforms specified, use default ones
+    transformsInfos = authConf.getTransformsInfos();
+  }         
+  String createXMLSignatureRequest =
+    new CreateXMLSignatureRequestBuilder().build(authBlock, 
+                                                 oaParam.getKeyBoxIdentifier(), 
+                                                 transformsInfos, 
+                                                 oaParam.getSlVersion12());
+  return createXMLSignatureRequest;
+}
+  
+  /**
+   * Processes an <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the 
+   * security layer implementation.<br>
+   * <ul>
+   * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+   * <li>Parses response enclosed in <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+   * <li>Verifies signature by calling the MOA SP component</li>
+   * <li>Returns the signer certificate</li>
+   * </ul>
+   * 
+   * @param sessionID ID of associated authentication session data
+   * @param createXMLSignatureResponseParameters The parameters from the response returned from
+   *        the BKU including the <code>&lt;CreateXMLSignatureResponse&gt;</code>
+   */
+  public X509Certificate verifyXMLSignature(String sessionID, Map createXMLSignatureResponseParameters)
+    throws
+      AuthenticationException,
+      BuildException,
+      ParseException,
+      ConfigurationException,
+      ValidateException,
+      ServiceException {
+
+     
+    if (isEmpty(sessionID))
+      throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_SESSIONID});
+    
+    
+    String xmlCreateXMLSignatureResponse = (String)createXMLSignatureResponseParameters.get(PARAM_XMLRESPONSE);
+    
+    System.out.println(xmlCreateXMLSignatureResponse);
+    
+    if (isEmpty(xmlCreateXMLSignatureResponse)) 
+      throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE});
+    
+    AuthenticationSession session = getSession(sessionID);
+    /*if (session.getTimestampIdentityLink() != null)
+      throw new AuthenticationException("auth.01", new Object[] { sessionID });*/
+    //session.setTimestampIdentityLink();
+    AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+       
+    // parses the <CreateXMLSignatureResponse>
+    CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse);
+    CreateXMLSignatureResponse createXMLSignatureResponse = p.parseResponseDsig();
+    
+    // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
+    Element domVerifyXMLSignatureRequest = 
+      new VerifyXMLSignatureRequestBuilder().buildDsig(
+         createXMLSignatureResponse, authConf.getMoaSpAuthBlockTrustProfileID());
+
+    // invokes the call
+    Element domVerifyXMLSignatureResponse =
+      new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+    
+    // parses the <VerifyXMLSignatureResponse>
+    VerifyXMLSignatureResponse verifyXMLSignatureResponse =
+      new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData();
+    
+    
+    //int code = verifyXMLSignatureResponse.getSignatureCheckCode();
+    
+    return verifyXMLSignatureResponse.getX509certificate();
+    
+  }
+  
+  /**
+   * Processes an <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the 
+   * security layer implementation.<br>
+   * <ul>
+   * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+   * <li>Parses response enclosed in <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+   * <li>Verifies signature by calling the MOA SP component</li>
+   * <li>Returns the signer certificate</li>
+   * </ul>
+   * 
+   * @param sessionID ID of associated authentication session data
+   * @param readInfoboxResponseParameters The parameters from the response returned from
+   *        the BKU including the <code>&lt;ReadInfoboxResponse&gt;</code>
+   */
+  public X509Certificate getCertificate(String sessionID, Map readInfoboxResponseParameters)
+    throws
+      AuthenticationException,
+      BuildException,
+      ParseException,
+      ConfigurationException,
+      ValidateException,
+      ServiceException {
+
+     
+    if (isEmpty(sessionID))
+      throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID});
+    
+    
+    String xmlReadInfoboxResponse = (String)readInfoboxResponseParameters.get(PARAM_XMLRESPONSE);
+    
+    if (isEmpty(xmlReadInfoboxResponse)) 
+      throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_XMLRESPONSE});
+               
+    // parses the <CreateXMLSignatureResponse>
+    InfoboxReadResponseParser p = new InfoboxReadResponseParser(xmlReadInfoboxResponse);
+    X509Certificate cert = p.parseCertificate();
+    
+    return cert;
+    
+  }
+  
   /**
    * Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from given session data.
    * @param session authentication session
@@ -523,16 +729,19 @@ public class AuthenticationServer implements MOAIDAuthConstants {
    *                        to be appended to the AUTH-Block.
    */
   private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException {
-    IdentityLink identityLink = session.getIdentityLink();
-    String issuer = identityLink.getName();
-		String gebDat = identityLink.getDateOfBirth();
-    String identificationValue = identityLink.getIdentificationValue();
-    String identificationType = identityLink.getIdentificationType();
-    String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+     IdentityLink identityLink = session.getIdentityLink();
+     String issuer = identityLink.getName();
+       String gebDat = identityLink.getDateOfBirth();
+     String identificationValue = identityLink.getIdentificationValue();
+     String identificationType = identityLink.getIdentificationType();
+
+     String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
     session.setIssueInstant(issueInstant);
     String authURL = session.getAuthURL();
     String target = session.getTarget();
-    String oaURL = session.getPublicOAURLPrefix();
+    //Bug #485 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
+    //String oaURL = session.getPublicOAURLPrefix();
+    String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
     List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
     String authBlock = new AuthenticationBlockAssertionBuilder().buildAuthBlock(
       issuer, 
@@ -824,19 +1033,19 @@ public class AuthenticationServer implements MOAIDAuthConstants {
    * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
    * <li>Parses <code>&lt;CreateXMLSignatureResponse&gt;</code> for error codes</li>
    * <li>Parses authentication block enclosed in 
-   * 		 <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+   *      <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
    * <li>Verifies authentication block by calling the MOA SP component</li>
    * <li>Creates authentication data</li>
    * <li>Creates a corresponding SAML artifact</li>
    * <li>Stores authentication data in the authentication data store 
-   * 		 indexed by the SAML artifact</li>
+   *      indexed by the SAML artifact</li>
    * <li>Deletes authentication session</li>
    * <li>Returns the SAML artifact, encoded BASE64</li>
    * </ul>
    * 
    * @param sessionID session ID of the running authentication session
    * @param xmlCreateXMLSignatureReadResponse String representation of the 
-   * 				<code>&lt;CreateXMLSignatureResponse&gt;</code>
+   *           <code>&lt;CreateXMLSignatureResponse&gt;</code>
    * @return SAML artifact needed for retrieving authentication data, encoded BASE64
    */
   public String verifyAuthenticationBlock(
@@ -851,9 +1060,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       ValidateException {
 
     if (isEmpty(sessionID))
-			throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
+         throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
     if (isEmpty(xmlCreateXMLSignatureReadResponse))
-			throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
+         throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
     AuthenticationSession session = getSession(sessionID);
     AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
     // parses <CreateXMLSignatureResponse>
@@ -874,11 +1083,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     String tpid = authConf.getMoaSpAuthBlockTrustProfileID();
     Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid);
     // debug output
-		
+      
     // invokes the call
     Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq);
     // debug output
-		
+      
     // parses the <VerifyXMLSignatureResponse>
     VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData();
     
@@ -1015,6 +1224,150 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact);
     return samlArtifact;
   }
+
+  /**
+   * Gets the foreign authentication data.<br>
+   * <ul>
+   * <li>Creates authentication data</li>
+   * <li>Creates a corresponding SAML artifact</li>
+   * <li>Stores authentication data in the authentication data store 
+   *      indexed by the SAML artifact</li>
+   * <li>Deletes authentication session</li>
+   * <li>Returns the SAML artifact, encoded BASE64</li>
+   * </ul>
+   * 
+   * @param sessionID session ID of the running authentication session
+    * @return SAML artifact needed for retrieving authentication data, encoded BASE64
+   */
+  public String getForeignAuthenticationData(
+    String sessionID)
+    throws
+      AuthenticationException,
+      BuildException,
+      ParseException,
+      ConfigurationException,
+      ServiceException,
+      ValidateException {
+
+    if (isEmpty(sessionID))
+         throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
+    
+    AuthenticationSession session = getSession(sessionID);
+    //AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+    try {
+      String serializedAssertion = DOMUtils.serializeNode(session.getIdentityLink().getSamlAssertion());
+      session.setAuthBlock(serializedAssertion);
+    } catch (TransformerException e) {
+      throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
+    } catch (IOException e) {
+      throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
+    }
+    // post processing of the infoboxes
+    Iterator iter = session.getInfoboxValidatorIterator();
+    boolean formpending = false;
+    if (iter != null) {
+      while (!formpending && iter.hasNext()) {
+        Vector infoboxValidatorVector = (Vector) iter.next();
+        String identifier = (String) infoboxValidatorVector.get(0);
+        String friendlyName = (String) infoboxValidatorVector.get(1);
+        InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
+        InfoboxValidationResult infoboxValidationResult = null;
+        try {
+         infoboxValidationResult = infoboxvalidator.validate(session.getIdentityLink().getSamlAssertion());
+        } catch (ValidateException e) {
+          Logger.error("Error validating "  + identifier + " infobox:" + e.getMessage());
+          throw new ValidateException(
+            "validator.44", new Object[] {friendlyName});
+        }
+        if (!infoboxValidationResult.isValid()) {
+          Logger.info("Validation of "  + identifier + " infobox failed.");
+          throw new ValidateException(
+            "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()});
+        }
+        String form = infoboxvalidator.getForm();
+        if (ParepUtils.isEmpty(form)) {
+          AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName);
+        } else {
+          return "Redirect to Input Processor";
+        }
+      }
+    }
+
+    // Exchange person data information by a mandate if needed
+    List oaAttributes = session.getExtendedSAMLAttributesOA();
+    IdentityLink replacementIdentityLink = null;
+    if (session.isMandateCompatibilityMode() && oaAttributes != null && oaAttributes.size()>0) {
+      // look if we have a mandate
+      boolean foundMandate = false;
+      Iterator it = oaAttributes.iterator();
+      while (!foundMandate && it.hasNext()) {
+        ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next();
+        if (ParepValidator.EXT_SAML_MANDATE_RAW.equals(samlAttribute.getName())) {
+          Object value = samlAttribute.getValue();
+          if (value instanceof Element) {
+            Element mandate = (Element) value;
+            replacementIdentityLink = new IdentityLink();
+            Element mandator = ParepUtils.extractMandator(mandate);
+            String dateOfBirth = "";
+            Element prPerson = null;
+            String familyName = "";
+            String givenName = "";
+            String identificationType = "";
+            String identificationValue = "";
+            if (mandator != null) {
+              boolean physical = ParepUtils.isPhysicalPerson(mandator);
+              if (physical) {
+                familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+                givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+                dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+              } else {
+                familyName = ParepUtils.extractMandatorFullName(mandator);
+              }
+              identificationType = ParepUtils.getIdentification(mandator, "Type");
+              identificationValue = ParepUtils.extractMandatorWbpk(mandator);
+              prPerson = ParepUtils.extractPrPersonOfMandate(mandate);
+              if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) {
+                // now we calculate the wbPK and do so if we got it from the BKU
+                identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier();
+                identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier());
+                ParepUtils.HideStammZahlen(prPerson, true, null, null, true);
+              }
+
+            }
+            replacementIdentityLink.setDateOfBirth(dateOfBirth);
+            replacementIdentityLink.setFamilyName(familyName);
+            replacementIdentityLink.setGivenName(givenName);
+            replacementIdentityLink.setIdentificationType(identificationType);
+            replacementIdentityLink.setIdentificationValue(identificationValue);
+            replacementIdentityLink.setPrPerson(prPerson);
+            try {
+              replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion());
+            } catch (Exception e) {
+              throw new ValidateException("validator.64", null);
+            }
+          } else {
+            Logger.info("The type of Mandate SAML-Attribute is not \"org.w3c.dom.Element\"");
+            throw new ValidateException("validator.64", null);
+          }
+        }
+      }
+    }
+    
+    VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse();
+    X509Certificate cert = session.getForeignSignerCertificate();
+    vsresp.setX509certificate(cert);
+    AuthenticationData authData = buildAuthenticationData(session, vsresp, replacementIdentityLink);
+    String samlArtifact =
+      new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
+    storeAuthenticationData(samlArtifact, authData);
+    
+    // invalidates the authentication session
+    sessionStore.remove(sessionID);
+    Logger.info(
+      "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact);
+    return samlArtifact;
+  }
+  
   /**
    * Builds the AuthenticationData object together with the
    * corresponding <code>&lt;saml:Assertion&gt;</code>
@@ -1076,13 +1429,17 @@ public class AuthenticationServer implements MOAIDAuthConstants {
         authData.setWBPK(identityLink.getIdentificationValue());        
       } else {
         authData.setBPK(identityLink.getIdentificationValue());
+        
+        //BZ.., calculation of bPK already before sending AUTHBlock
+        /*
         if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
           // only compute bPK if online application is a public service and we have the Stammzahl
           String bpkBase64 = new BPKBuilder().buildBPK(
               identityLink.getIdentificationValue(),
               session.getTarget());
           authData.setBPK(bpkBase64);
-        }
+        }*/
+        
       }
       String ilAssertion =
         oaParam.getProvideIdentityLink()
@@ -1186,7 +1543,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
    * @param id Session ID
    * @return AuthenticationSession created
    * @exception AuthenticationException
-   * 						 thrown when an <code>AuthenticationSession</code> is running 
+   *                  thrown when an <code>AuthenticationSession</code> is running 
    *             already for the given session ID
    */
   private static AuthenticationSession newSession() throws AuthenticationException {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 5aa1bf45e..88859dc3f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -54,6 +54,10 @@ public interface MOAIDAuthConstants {
   public static final String REQ_START_AUTHENTICATION = "StartAuthentication";
   /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */
   public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink";
+  /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet} is mapped to */
+  public static final String REQ_GET_FOREIGN_ID = "GetForeignID";
+  /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet} is mapped to */
+  public static final String REQ_VERIFY_CERTIFICATE = "VerifyCertificate";
   /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet} is mapped to */
   public static final String REQ_PROCESS_VALIDATOR_INPUT = "ProcessInput";
   /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java
index 398a6731d..f4827c189 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java
@@ -29,8 +29,10 @@ public class WrongParametersException extends MOAIDException {
   /**
    * Constructor
    */
-  public WrongParametersException(String call, String parameter) {
-    super("auth.05", new Object[] {call, parameter});
+  public WrongParametersException(String call, String parameter, String errorID) {
+     super(errorID, new Object[] {call, parameter});
+        //super("auth.5", new Object[] {call, parameter});
+             //super("auth.12", new Object[] {call, parameter});
   }
-
+  
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index f9d8e7091..d684c16c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -18,11 +18,21 @@ package at.gv.egovernment.moa.id.auth.builder;
 import java.text.MessageFormat;
 import java.util.List;
 
+import org.w3c.dom.Element;
+
 import at.gv.egovernment.moa.id.BuildException;
 import at.gv.egovernment.moa.id.ParseException;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
 
 /**
  * Builder for the authentication block <code>&lt;saml:Assertion&gt;</code>
@@ -66,6 +76,13 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
     "     </saml:AttributeValue>" + NL +
     "   </saml:Attribute>" + NL;
   
+  
+  private static String PR_IDENTIFICATION_ATTRIBUTE =     
+       "       <pr:Identification xmlns:pr=\"" + PD_NS_URI + "\">" + NL +
+       "         <pr:Value>{0}</pr:Value>" + NL +
+       "         <pr:Type>{1}</pr:Type>" + NL +
+       "       </pr:Identification>" + NL;
+  
   /**
    * The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes).
    */
@@ -123,20 +140,72 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
     session.setSAMLAttributeGebeORwbpk(true);
     String gebeORwbpk = "";
     String wbpkNSDeclaration = "";
+    
+    //BZ.., reading OA parameters
+    OAAuthParameter oaParam;
+   try {
+      oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+           session.getPublicOAURLPrefix());
+   } catch (ConfigurationException e) {
+      Logger.error("Error on building AUTH-Block: " + e.getMessage());
+         throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+   }
+   //..BZ
+    
+    
     if (target == null) {
       // OA is a business application
       if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) {
-    	  // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator
-	      gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
-	      wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
+        // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator
+         gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
+         wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
+         
+         //BZ.., adding type of wbPK domain identifier        
+        ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute = 
+             new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+            
+        extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute);
+        //..BZ
+         
       } else {
-    	  // We do not have a wbPK, therefore no SAML-Attribute is provided
-    	  session.setSAMLAttributeGebeORwbpk(false);
+        // We do not have a wbPK, therefore no SAML-Attribute is provided
+        session.setSAMLAttributeGebeORwbpk(false);
       }
     } else {
-      gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target });
+      // OA is a govermental application
+      //BZ..
+      String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);      
+      //gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target });
+      gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target + " (" + sectorName + ")" });
+      //..BZ
+      
+      //BZ.., no business service, adding bPK
+      
+      Element bpkSamlValueElement;
+      try {
+         bpkSamlValueElement = DOMUtils.parseDocument(MessageFormat.format(PR_IDENTIFICATION_ATTRIBUTE, new Object[] { identityLinkValue, Constants.URN_PREFIX_BPK }), false, null, null).getDocumentElement();
+      } catch (Exception e) {
+         Logger.error("Error on building AUTH-Block: " + e.getMessage());
+          throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+      } 
+      ExtendedSAMLAttribute bpkAttribute = 
+          new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+         
+     extendedSAMLAttributes.add(bpkAttribute);
+      //gebeORwbpk = gebeORwbpk  + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
+     wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
+     //..BZ     
     }
     
+    //BZ.., adding friendly name of OA    
+    String oaFriendlyName = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); 
+    
+    ExtendedSAMLAttribute oaFriendlyNameAttribute = 
+         new ExtendedSAMLAttributeImpl("oaFriendlyName", oaFriendlyName, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+    
+    extendedSAMLAttributes.add(oaFriendlyNameAttribute);
+    //..BZ
+    
     String assertion;
     try {
       assertion = MessageFormat.format(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java
new file mode 100644
index 000000000..9227d5303
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java
@@ -0,0 +1,126 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import at.gv.egovernment.moa.id.BuildException;
+
+
+/**
+ * Builder for CreateXMLSignatureRequest to sign data from a foreign 
+ * eID card.
+ *  
+ */
+
+public class CreateXMLSignatureRequestBuilderForeign extends Builder {
+
+  /** special tag in the XML template to be substituted for the KeyboxIdentifier */
+  private static final String KEYBOXID_TAG = "<KEYBOXID>";
+  /** special tag in the XML template to be substituted for the content */
+  private static final String XMLCONTENT_TAG = "<XMLContent>";
+  /** private static int all contains the representation to replace all tags*/
+  private static final int ALL = -1;
+
+  /** default HTML template */
+  private static final String DEFAULT_XML_TEMPLATE = 
+	  "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + 
+	  "<sl:CreateXMLSignatureRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">" + 
+	  "<sl:KeyboxIdentifier>" + KEYBOXID_TAG + "</sl:KeyboxIdentifier>" + 
+	  "<sl:DataObjectInfo Structure=\"enveloping\">" + 
+	  "<sl:DataObject>" +
+	  "<sl:XMLContent>" + XMLCONTENT_TAG + "</sl:XMLContent>" +
+	  "</sl:DataObject>" + 
+	  "<sl:TransformsInfo>" + 
+	  "<sl:FinalDataMetaInfo>" + 
+	  "<sl:MimeType>text/plain</sl:MimeType>" + 
+	  "</sl:FinalDataMetaInfo>" + 
+	  "</sl:TransformsInfo>" + 
+	  "</sl:DataObjectInfo>" +
+	  "</sl:CreateXMLSignatureRequest>";
+  
+  /** default HTML template */
+  private static final String DEFAULT_XHTML_TEMPLATE = 
+	  "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + 
+	  "<sl:CreateXMLSignatureRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">" + 
+	  "<sl:KeyboxIdentifier>" + KEYBOXID_TAG + "</sl:KeyboxIdentifier>" + 
+	  "<sl:DataObjectInfo Structure=\"enveloping\">" + 
+	  "<sl:DataObject>" +
+	  "<sl:XMLContent>" + XMLCONTENT_TAG + "</sl:XMLContent>" +
+	  "</sl:DataObject>" + 
+	  "<sl:TransformsInfo>" + 
+	  "<sl:FinalDataMetaInfo>" + 
+	  "<sl:MimeType>application/xhtml+xml</sl:MimeType>" + 
+	  "</sl:FinalDataMetaInfo>" + 
+	  "</sl:TransformsInfo>" + 
+	  "</sl:DataObjectInfo>" +
+	  "</sl:CreateXMLSignatureRequest>";
+	  
+  /**
+   * Constructor for CreateXMLSignatureRequestBuilderForeign.
+   */
+  public CreateXMLSignatureRequestBuilderForeign() {
+    super();
+  }
+  /**
+   * Builds the XML request.
+   * 
+   * @param xmlRequest XML Request to be sent as a parameter in the form
+   * @param bkuURL URL of the "B&uuml;rgerkartenumgebung" the form will be submitted to;
+   *         may be <code>null</code>, in this case the default URL will be used
+   * @param dataURL DataURL to be sent as a parameter in the form
+   */
+  public String build(
+    String keyboxIdentifier, 
+    String xmlContent)
+  throws BuildException 
+  {      
+  	String xmlRequest = DEFAULT_XHTML_TEMPLATE;
+  	xmlRequest = replaceTag(xmlRequest, KEYBOXID_TAG, keyboxIdentifier, true, ALL);
+    //htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL);
+    xmlRequest = replaceTag(xmlRequest, XMLCONTENT_TAG, xmlContent, true, ALL);
+  	return xmlRequest;
+  }
+  /**
+   * Encodes a string for inclusion as a parameter in the form.
+   * Double quotes are substituted by <code>"&amp;quot;"</code>.
+   * @param s the string to be encoded
+   * @return the string encoded
+   * @throws BuildException on any exception encountered
+   */
+  public static String encodeParameter(String s) throws BuildException {
+    StringReader in = new StringReader(s);
+    StringWriter out = new StringWriter();
+    try {
+      for (int ch = in.read(); ch >= 0; ch = in.read()) {
+        if (ch == '"')
+          out.write("&quot;");
+        else if (ch == '<')
+          out.write("&lt;");
+        else if (ch == '>')
+          out.write("&gt;");
+        else if (ch == 'ä')
+          out.write("&auml;");
+        else if (ch == 'ö')
+          out.write("&ouml;");
+        else if (ch == 'ü')
+          out.write("&uuml;");
+        else if (ch == 'Ä')
+          out.write("&Auml;");
+        else if (ch == 'Ö')
+          out.write("&Ouml;");
+        else if (ch == 'Ü')
+          out.write("&Uuml;");
+        else if (ch == 'ß')
+          out.write("&szlig;");
+        else
+          out.write(ch);
+      }
+    }
+    catch (IOException ex) {
+      throw new BuildException("builder.00", new Object[] {"GetIdentityLinkForm", ex.toString()});
+    }
+    return out.toString();
+  }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java
new file mode 100644
index 000000000..60feb7d2f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java
@@ -0,0 +1,94 @@
+/*
+* Copyright 2003 Federal Chancellery Austria
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egovernment.moa.id.auth.builder;
+
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Builder for the <code>&lt;InfoboxReadRequest&gt;</code> structure
+ * used for requesting the identity link from the security layer implementation.
+ * 
+ * @author Paul Ivancsics
+ * @version $Id: InfoboxReadRequestBuilder.java 1087 2008-08-28 07:55:59Z mcentner $
+ */
+public class InfoboxReadRequestBuilderCertificate implements Constants {
+
+
+  /**
+   * Constructor for InfoboxReadRequestBuilder.
+   */
+  public InfoboxReadRequestBuilderCertificate() {
+  }
+   
+  
+  /**
+   * Builds an <code>&lt;InfoboxReadRequest&gt;</code>.
+   * 
+   * @param slVersion12           specifies whether the Security Layer version is
+   *                              version 1.2 or not
+   * @param businessService       specifies whether the online application is a
+   *                              business service or not
+   * @param identityLinkDomainIdentifier  the identification number of the business 
+   *                              company; maybe <code>null</code> if the OA
+   *                              is a public service; must not be <code>null</code>
+   *                              if the OA is a business service
+   * 
+   * @return <code>&lt;InfoboxReadRequest&gt;</code> as String
+   */
+  public String build(boolean slVersion12) {
+    
+    String slPrefix;
+    String slNsDeclaration;
+    
+    if (slVersion12) {
+      slPrefix = SL12_PREFIX;
+      slNsDeclaration = SL12_NS_URI;
+    } else {
+      slPrefix = SL10_PREFIX;
+      slNsDeclaration = SL10_NS_URI;
+    }
+            
+    StringBuffer sb = new StringBuffer("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>");
+    sb.append("<");
+    sb.append(slPrefix);
+    sb.append(":InfoboxReadRequest xmlns:");
+    sb.append(slPrefix);
+    sb.append("=\"");
+    sb.append(slNsDeclaration);
+    sb.append("\">");
+    sb.append("<");
+    sb.append(slPrefix);
+    sb.append(":InfoboxIdentifier>Certificates</");
+    sb.append(slPrefix);
+    sb.append(":InfoboxIdentifier>");
+    sb.append("<");
+    sb.append(slPrefix);
+    sb.append(":AssocArrayParameters>");
+    sb.append("<");
+    sb.append(slPrefix);
+    sb.append(":ReadValue Key=\"SecureSignatureKeypair\"/>");
+    sb.append("</");
+    sb.append(slPrefix);
+    sb.append(":AssocArrayParameters>");
+    sb.append("</");
+    sb.append(slPrefix);
+    sb.append(":InfoboxReadRequest>");
+    
+    return sb.toString();
+       
+  }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index ffe4ad9b6..a14d0325f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -217,5 +217,67 @@ public class VerifyXMLSignatureRequestBuilder {
 
     return requestElem_;
   }
+  
+  /**
+   * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+   * from the signed data with a known trustProfileID which 
+   * has to exist in MOA-SP
+   * @param csr - signed AUTH-Block
+   * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+   * @return Element - The complete request as Dom-Element
+   * @throws ParseException
+   */
+  public Element buildDsig(
+    CreateXMLSignatureResponse csr,
+    String trustProfileID)
+    throws BuildException { //samlAssertionObject
+    
+    try {
+      // build the request
+//      requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:" 
+//        + Constants.XML_PREFIX, Constants.XMLNS_NS_URI);
+     
+      Element verifiySignatureInfoElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+      requestElem_.appendChild(verifiySignatureInfoElem);
+      Element verifySignatureEnvironmentElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+      verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+      
+      Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent");
+      verifySignatureEnvironmentElem.appendChild(xmlContentElem);
+      xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve");
+      
+      // insert the dsig:Signature
+      xmlContentElem.appendChild(requestDoc_.importNode(csr.getDsigSignature(), true));          
+      // specify the signature location
+      Element verifySignatureLocationElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+      verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+      Node signatureLocation = requestDoc_.createTextNode("/"+ DSIG + "Signature");
+      verifySignatureLocationElem.appendChild(signatureLocation);      
+      // signature manifest params
+      Element signatureManifestCheckParamsElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+      requestElem_.appendChild(signatureManifestCheckParamsElem);
+      signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true");
+      // add the transform profile IDs
+      Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
+        signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
+        
+      Element returnHashInputDataElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+      requestElem_.appendChild(returnHashInputDataElem);
+      Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+      
+      trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+      requestElem_.appendChild(trustProfileIDElem);
+
+    } catch (Throwable t) {
+      throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t);
+    }
+
+    return requestElem_;
+  }
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 969e628f4..eca02a77b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -15,6 +15,8 @@
 */
 package at.gv.egovernment.moa.id.auth.data;
 
+import iaik.x509.X509Certificate;
+
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.Iterator;
@@ -87,7 +89,11 @@ public class AuthenticationSession {
      * service or not
      */
     private boolean businessService;
-
+    
+    /**
+     * Signer certificate of the foreign citizen
+     */
+    private X509Certificate signerCertificate;
   /**
    * SAML attributes from an extended infobox validation to be appended
    * to the SAML assertion delivered to the final online application.
@@ -149,6 +155,14 @@ public class AuthenticationSession {
     infoboxValidators = new ArrayList();
   }
 
+  public X509Certificate getForeignSignerCertificate() {
+	  return signerCertificate;
+  }
+  
+  public void setForeignSignerCertificate(X509Certificate signerCertificate) {
+	  this.signerCertificate = signerCertificate;
+  }
+  
   /**
    * Returns the identityLink.
    * @return IdentityLink
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java
index 81dc2f736..fc3831161 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java
@@ -1,18 +1,3 @@
-/*
-* Copyright 2003 Federal Chancellery Austria
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*     http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
 package at.gv.egovernment.moa.id.auth.data;
 
 import org.w3c.dom.Element;
@@ -35,6 +20,11 @@ private SAMLAttribute[] samlAttributes;
    * the original saml:Assertion-Element
    */
   private Element samlAssertion;
+  
+  /**
+   * the original dsig:Signature-Element
+   */
+  private Element dsigSignature;
 /**
  * Returns the samlAssertion.
  * @return Element
@@ -43,6 +33,14 @@ public Element getSamlAssertion() {
   return samlAssertion;
 }
 
+/**
+ * Returns the dsig:Signature
+ * @return Element
+ */
+public Element getDsigSignature() {
+	return dsigSignature;
+}
+
 /**
  * Returns the samlAttribute.
  * @return SAMLAttribute[]
@@ -67,6 +65,10 @@ public void setSamlAssertion(Element samlAssertion) {
   this.samlAssertion = samlAssertion;
 }
 
+public void setDsigSignature(Element dsigSignature) {
+	this.dsigSignature = dsigSignature;
+}
+
 /**
  * Sets the samlAttribute.
  * @param samlAttributes The samlAttributes to set
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
index 74bad617c..d5b6f9aa9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
@@ -21,6 +21,7 @@ import java.util.ArrayList;
 import java.util.List;
 
 import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
 import org.w3c.dom.traversal.NodeIterator;
 
 import at.gv.egovernment.moa.id.AuthenticationException;
@@ -129,6 +130,31 @@ public class CreateXMLSignatureResponseParser {
       throw new ParseException("parser.01", new Object[] { t.toString()}, t);
     }
   }
+  
+  /**
+   * Unmarshalls the <@link sigResponse> to an 
+   * <code>&lt;CreateXMLSignatureResponse&gt;</code> object.
+   * 
+   * @return a <code>&lt;CreateXMLSignatureResponse&gt;</code> object
+   * @throws ParseException
+   */
+
+  public CreateXMLSignatureResponse parseResponseDsig() throws ParseException {
+    CreateXMLSignatureResponse cResp;
+    try {
+      cResp = new CreateXMLSignatureResponse();
+
+      NodeList list = sigResponse_.getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature");
+      Element dsigSignatureNode = (Element) list.item(0);
+      
+      Element dsigSignatureElement = (Element) dsigSignatureNode;
+      cResp.setDsigSignature(dsigSignatureElement);
+    }
+    catch (Throwable t) {
+      throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+    }
+    return cResp;
+  }
 
   /**
    * Unmarshalls the <@link sigResponse> to an 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
index 954488173..b53a1a2dc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
@@ -15,17 +15,31 @@
 */
 package at.gv.egovernment.moa.id.auth.parser;
 
+import iaik.x509.X509Certificate;
+
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
+import java.security.cert.CertificateException;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+
+import org.apache.axis.encoding.Base64;
+import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.id.AuthenticationException;
 import at.gv.egovernment.moa.id.ParseException;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.XPathUtils;
 
+import com.sun.org.apache.xpath.internal.XPathAPI;
+
 /**
  * Parses an <code>&lt;InfoboxReadResponse&gt;</code>.
  * 
@@ -175,6 +189,43 @@ public class InfoboxReadResponseParser {
     IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
     return ilParser.parseIdentityLink();
   }
+   
+   /**
+    * Returns the certificate given in the InfoboxReadResponse
+    * @return
+    * @throws ParseException
+    */
+   public X509Certificate parseCertificate() throws ParseException {
+      try {
+         DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+         Document doc = builder.newDocument();
+         
+         Element nameSpaceNode = doc.createElement("NameSpaceNode");
+         nameSpaceNode.setAttribute("xmlns:" + Constants.PD_PREFIX, Constants.PD_NS_URI);
+         nameSpaceNode.setAttribute("xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+         nameSpaceNode.setAttribute("xmlns:" + Constants.SL12_PREFIX, Constants.SL12_NS_URI);
+         
+         Element base64ContentElement = (Element)XPathAPI.selectSingleNode(infoBoxElem_.getParentNode(), "//sl:Base64Content[1]", nameSpaceNode);
+
+         if (base64ContentElement == null) {
+            throw new ParseException("parser.01", new Object[] { "Could not find Base64Content for X509Certificate."});
+         }
+         
+         String base64Content = DOMUtils.getText(base64ContentElement);
+         
+         // Decode Base64 value to X509Certificate
+         byte[] content = Base64.decode(base64Content);
+         return new X509Certificate(content);
+         
+      } catch (ParserConfigurationException e) {
+         throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e);
+      } catch (TransformerException e) {
+         throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e);
+      } catch (CertificateException e) {
+         throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e);
+      } 
+
+   }
   
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index 0656d37d3..bff0a3fca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -123,6 +123,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
    * Logs all servlet parameters for debugging purposes.
    */
   protected void logParameters(HttpServletRequest req) {
+   //@TODO Parameter?
     for (Enumeration params = req.getParameterNames(); params.hasMoreElements(); ) {
       String parname = (String)params.nextElement();
       Logger.debug("Parameter " + parname + req.getParameter(parname));    
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
new file mode 100644
index 000000000..0599c79bd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -0,0 +1,287 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import iaik.pki.PKIException;
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.cert.CertificateEncodingException;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.axis.encoding.Base64;
+import org.apache.commons.fileupload.FileUploadException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Text;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+/**
+ * Servlet requested for getting the foreign eID
+ * provided by the security layer implementation.
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ */
+public class GetForeignIDServlet extends AuthServlet {
+
+  /**
+   * Constructor for GetForeignIDServlet.
+   */
+  public GetForeignIDServlet() {
+    super();
+  }
+
+  /**
+   * GET requested by security layer implementation to verify
+   * that data URL resource is available.
+   * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+   */
+  protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+    throws ServletException, IOException { 
+    	
+		Logger.debug("GET GetForeignIDServlet");
+		
+		
+  }
+
+  /**
+   * Verifies the identity link and responds with a new 
+   * <code>CreateXMLSignatureRequest</code>.
+   * <br>
+   * Request parameters:
+   * <ul>
+   * <li>MOASessionID: ID of associated authentication session</li>
+   * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
+   * </ul>
+   * Response:
+   * <ul>
+   * <li>Content type: <code>"text/xml"</code></li>
+   * <li>Content: see return value of {@link AuthenticationServer#verifyIdentityLink}</li>
+   * <li>Error status: <code>500</code>
+   * </ul>
+   * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+   */
+  protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+    throws ServletException, IOException {
+
+		Logger.debug("POST GetForeignIDServlet");
+		
+		Map parameters;
+	    try 
+	    {
+	      parameters = getParameters(req);
+	    } catch (FileUploadException e) 
+	    {
+	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+	      throw new IOException(e.getMessage());
+	     	}
+	    String sessionID = req.getParameter(PARAM_SESSIONID);
+	    String redirectURL = null;
+	    X509Certificate cert = null;
+	    AuthenticationSession session = null;
+	    try {
+          // check parameter
+          if (!ParamValidatorUtils.isValidSessionID(sessionID))
+             throw new WrongParametersException("GetForeignID", PARAM_SESSIONID, "auth.12");
+
+	    	session = AuthenticationServer.getSession(sessionID);
+	    	
+	    	cert = AuthenticationServer.getInstance().verifyXMLSignature(sessionID, parameters);
+
+//       Element signature = AuthenticationServer.getInstance().getDsigElement
+//       (sessionID, parameters);
+
+//	    	if (signature == null) {
+	    	if (cert == null) {
+	    	  handleError("Error retrieving signature from foreign eID card.", null, req, resp);
+	    	}
+	    	else {
+	    	   
+	    	   // make SZR request	    		
+	    	   //Element samlAssertion = getIdentityLink(signature);
+	    	  Element samlAssertion = getIdentityLink(cert);
+      		   	    
+	    	   IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
+	    	   IdentityLink identitylink = ilParser.parseIdentityLink();
+	    	   session.setIdentityLink(identitylink);
+   		   	   	
+	    	   String samlArtifactBase64 = 
+	    	      AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID);
+	    	   if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
+	    	      redirectURL = session.getOAURLRequested();
+	    	      if (!session.getBusinessService()) {
+	    	         redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
+	    	      }
+	    	      redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+	    	      redirectURL = resp.encodeRedirectURL(redirectURL);
+	    	   } else {
+	    	      redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+	    	   }
+	    	   resp.setContentType("text/html");
+	    	   resp.setStatus(302);
+	    	   resp.addHeader("Location", redirectURL);
+	    	   Logger.debug("REDIRECT TO: " + redirectURL);
+	    	} 
+			    		      
+	    }
+	    catch (ParseException ex) {
+	    	handleError(null, ex, req, resp);
+	    }
+	    catch (MOAIDException ex) {
+	      handleError(null, ex, req, resp);
+	    } 
+	    catch (SZRGWClientException ex) {
+	       handleError(null, ex, req, resp);
+		}
+  }
+    
+  /**
+   * Adds a parameter to a URL.
+   * @param url the URL
+   * @param paramname parameter name
+   * @param paramvalue parameter value
+   * @return the URL with parameter added
+   */
+  private static String addURLParameter(String url, String paramname, String paramvalue) {
+		String param = paramname + "=" + paramvalue;
+  	if (url.indexOf("?") < 0)
+	  	return url + "?" + param;
+  	else
+  		return url + "&" + param;
+  }
+  
+  /**
+   * Does the request to the SZR-GW
+   * @param givenname
+   * @param familyname
+   * @param dateofbirth
+   * @return Identity link assertion
+ * @throws SZRGWClientException 
+   */
+  /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/
+     private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException {
+
+    SZRGWClient client = new SZRGWClient();
+      
+    try {
+    	AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+    	 ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
+     	//url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation";
+    	Logger.debug("Connection Parameters: " + connectionParameters);
+      client.setAddress(connectionParameters.getUrl());
+      if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+         Logger.debug("Initialisiere SSL Verbindung");
+         try {
+            client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+         } catch (IOException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+         } catch (GeneralSecurityException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+         } catch (PKIException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+         }
+       }
+       
+       Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
+      
+   
+    }
+   catch (ConfigurationException e) {
+      Logger.warn(e);
+      Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
+
+    }
+    	// create request
+    	Document doc = buildGetIdentityLinkRequest(cert);
+    	Element request = doc.getDocumentElement();
+    	CreateIdentityLinkResponse response = null;
+   
+    //try {
+        response = client.createIdentityLinkResponse(request);
+    //} catch (SZRGWClientException e) {
+        // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+      //  client = new SZRGWClient(url);
+      //  response = client.createIdentityLinkResponse(request);
+   // }
+   	 
+        
+	return response.getAssertion();
+	
+  }
+  
+  /**
+   * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW
+   * @param givenname
+   * @param familyname
+   * @param birthday
+   * @return
+   */
+  private static Document buildGetIdentityLinkRequest(X509Certificate cert) {
+	  
+	  try {
+		  	byte[] certbyte = cert.getEncoded();
+		  	String certstring = Base64.encode(certbyte); 
+	      
+			DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
+			factory.setNamespaceAware(true);
+	        DocumentBuilder builder = factory.newDocumentBuilder();
+	        Document doc = builder.newDocument();
+	        
+	        Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest");
+	        getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS);
+	        doc.appendChild(getIdentityLink);
+	        
+	        Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate");
+	        getIdentityLink.appendChild(x509certificate);
+	        Text certbase64 = doc.createTextNode(certstring);
+	        x509certificate.appendChild(certbase64);
+	                          
+	        return doc;
+	    } catch (ParserConfigurationException e) {
+	    	e.printStackTrace();
+	    } catch (CertificateEncodingException e) {
+			e.printStackTrace();
+		}
+	    return null;
+	
+	}
+  
+    /**
+   * Checks a parameter.
+   * @param param parameter
+   * @return true if the parameter is null or empty
+   */
+  private boolean isEmpty(String param) {
+    return param == null || param.length() == 0;
+  }
+ 
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
index 894b05428..317af3e06 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
@@ -73,7 +73,7 @@ public class ProcessValidatorInputServlet extends AuthServlet {
     } catch (FileUploadException e) {
       Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
       throw new IOException(e.getMessage());
-    }
+    }
     String sessionID = req.getParameter(PARAM_SESSIONID);
     if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
     if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
@@ -124,7 +124,8 @@ public class ProcessValidatorInputServlet extends AuthServlet {
     } catch (FileUploadException e) {
       Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
       throw new IOException(e.getMessage());
-    }
+    }
+  //@TODO Parameter
     String sessionID = req.getParameter(PARAM_SESSIONID);
     if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
     if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
@@ -142,13 +143,15 @@ public class ProcessValidatorInputServlet extends AuthServlet {
         String htmlForm = null;
         
         boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed 
+      //@TODO Parameter
         String inputProcessorSignForm = req.getParameter("Sign_Form");
         if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");
         if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");
         if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_");
         if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");
         if (doInputProcessorSign) {
-          // Test if we have a user input form sign template
+          // Test if we have a user input form sign template
+         //@TODO Parameter
           String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
           String inputProcessorSignTemplate = null;
           OAAuthParameter oaParam =
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
index 78c028767..09b3ae15f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
@@ -29,6 +29,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -74,6 +75,7 @@ public class SelectBKUServlet extends AuthServlet {
       authURL = authURL.concat(":" + req.getServerPort());
     }
     authURL = authURL.concat(req.getContextPath() + "/");
+
     String target = req.getParameter(PARAM_TARGET);
     String oaURL = req.getParameter(PARAM_OA);
     String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE);
@@ -84,6 +86,16 @@ public class SelectBKUServlet extends AuthServlet {
     resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
 
     try {
+       
+       // check parameter
+       if (!ParamValidatorUtils.isValidTarget(target))
+          throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+       if (!ParamValidatorUtils.isValidOA(oaURL))
+          throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+       if (!ParamValidatorUtils.isValidTemplate(templateURL))
+          throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+
+       
       String returnValue = AuthenticationServer.getInstance().selectBKU(
         authURL, target, oaURL, bkuSelectionTemplateURL, templateURL);
       String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index 961511ee7..8165f90f8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -61,18 +62,36 @@ public class StartAuthenticationServlet extends AuthServlet {
       authURL = authURL.concat(":" + req.getServerPort());
     }
     authURL = authURL.concat(req.getContextPath() + "/");
-		String target = req.getParameter(PARAM_TARGET);
-		String oaURL = req.getParameter(PARAM_OA);
+
+	 String target = req.getParameter(PARAM_TARGET);
+	 String oaURL = req.getParameter(PARAM_OA);
     String bkuURL = req.getParameter(PARAM_BKU);
     String templateURL = req.getParameter(PARAM_TEMPLATE);
     String sessionID = req.getParameter(PARAM_SESSIONID);
+    
     resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
     resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
     resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
     resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
-		try {
+    
+    
+    	try {
+		      // check parameter
+		    if (!ParamValidatorUtils.isValidTarget(target))
+		       throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+		    if (!ParamValidatorUtils.isValidOA(oaURL))
+             throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+		    if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
+		       throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
+		    if (!ParamValidatorUtils.isValidTemplate(templateURL))
+		       throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+		    if (!ParamValidatorUtils.isValidSessionID(sessionID))
+             throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
+		    
+		    
 			String getIdentityLinkForm =
 				AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme());
+			
 			resp.setContentType("text/html;charset=UTF-8");
 			PrintWriter out = new PrintWriter(resp.getOutputStream());
 			out.print(getIdentityLinkForm);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 43947f6f0..824df9ca8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -16,9 +16,7 @@
 package at.gv.egovernment.moa.id.auth.servlet;
 
 import java.io.IOException;
-import java.util.Iterator;
 import java.util.Map;
-import java.util.Vector;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -28,11 +26,10 @@ import org.apache.commons.fileupload.FileUploadException;
 
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
-import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
-import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.URLEncoder;
 
@@ -99,10 +96,16 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
       Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
       throw new IOException(e.getMessage());
     }
+  //@TODO Parameter
 		String sessionID = req.getParameter(PARAM_SESSIONID);
 		String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
 		String redirectURL = null;
 		try {
+         // check parameter
+         if (!ParamValidatorUtils.isValidSessionID(sessionID))
+            throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+
+         
 			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
 			String samlArtifactBase64 = 
 				AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
new file mode 100644
index 000000000..c9c1e794d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -0,0 +1,286 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import iaik.pki.PKIException;
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.cert.CertificateEncodingException;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.axis.encoding.Base64;
+import org.apache.commons.fileupload.FileUploadException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Text;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for getting the foreign eID
+ * provided by the security layer implementation.
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ */
+public class VerifyCertificateServlet extends AuthServlet {
+
+  /**
+   * Constructor for VerifyCertificateServlet.
+   */
+  public VerifyCertificateServlet() {
+    super();
+  }
+
+  /**
+   * GET requested by security layer implementation to verify
+   * that data URL resource is available.
+   * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+   */
+  protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+    throws ServletException, IOException { 
+    	
+		Logger.debug("GET VerifyCertificateServlet");
+		
+		
+  }
+
+  /**
+   * Gets the signer certificate from the InfoboxReadRequest and 
+   * responds with a new 
+   * <code>CreateXMLSignatureRequest</code>.
+   * <br>
+   * Request parameters:
+   * <ul>
+   * <li>MOASessionID: ID of associated authentication session</li>
+   * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
+   * </ul>
+   * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+   */
+  protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+    throws ServletException, IOException {
+
+		Logger.debug("POST VerifyCertificateServlet");
+		
+		Map parameters;
+	    try 
+	    {
+	      parameters = getParameters(req);
+	    } catch (FileUploadException e) 
+	    {
+	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+	      throw new IOException(e.getMessage());
+	     	}
+	    //@TODO Parameter
+	    String sessionID = req.getParameter(PARAM_SESSIONID);
+	    AuthenticationSession session = null;
+	    try {
+	       // check parameter
+	       if (!ParamValidatorUtils.isValidSessionID(sessionID))
+	          throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
+	       
+	    	session = AuthenticationServer.getSession(sessionID);
+	    	
+	    	X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
+	    	
+	    	System.out.println(cert);
+	    	
+	    	String createXMLSignatureRequest = AuthenticationServer.getInstance().getCreateXMLSignatureRequestForeignID(sessionID, parameters, cert);
+
+	    	System.out.println(createXMLSignatureRequest);
+	    	
+	      // build dataurl (to the GetForeignIDSerlvet)
+       String dataurl =
+             new DataURLBuilder().buildDataURL(
+               session.getAuthURL(),
+               REQ_GET_FOREIGN_ID,
+               session.getSessionID());
+       
+       ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+	    	
+	    	
+//       Logger.debug("Send CreateXMLSignatureRequest to BKU");
+//       String keyboxIdentifier = "SecureSignatureKeypair";
+//       //String keyboxIdentifier = "CertifiedKeypair";             
+//       String xmlContent = "<html xmlns=\"http://www.w3.org/1999/xhtml\"> " +
+//          "<head><title>CreateXMLSignatureRequest</title>" + 
+//          "<style type=\"text/css\"/></head>" +
+//           "<body>" +
+//           "<p>I hereby request to access this e-government application by using my " +
+//           "domestic electronic identity. </p>" +
+//           "<p>I further affirm that I am not yet registered with the Austrian Central " + 
+//           "Residents Registry and that I am not obliged to register with the Austrian " + 
+//           "Central Residents Registry according to Austrian law.</p>" + 
+//           "<p>In the event I am not yet registered with the Supplementary Register, I " + 
+//           "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " +
+//           "BGBl. I Nr.  7/2008 und BGBl. I Nr. 59/2008).</p>" +
+//          "</body></html>";
+//    
+//       // create the CreateXMLSignatureRequest
+//       String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilderForeign().build(
+//             keyboxIdentifier,
+//             xmlContent);
+//       
+//       // build dataurl (to the GetForeignIDSerlvet)
+//       String dataurl =
+//             new DataURLBuilder().buildDataURL(
+//               session.getAuthURL(),
+//               REQ_GET_FOREIGN_ID,
+//               session.getSessionID());
+//       
+//       ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+//       
+	    	
+			    		      
+	    }
+	    catch (MOAIDException ex) {
+	      handleError(null, ex, req, resp);
+	    } 
+  }
+    
+  /**
+   * Adds a parameter to a URL.
+   * @param url the URL
+   * @param paramname parameter name
+   * @param paramvalue parameter value
+   * @return the URL with parameter added
+   */
+  private static String addURLParameter(String url, String paramname, String paramvalue) {
+		String param = paramname + "=" + paramvalue;
+  	if (url.indexOf("?") < 0)
+	  	return url + "?" + param;
+  	else
+  		return url + "&" + param;
+  }
+  
+  /**
+   * Does the request to the SZR-GW
+   * @param givenname
+   * @param familyname
+   * @param dateofbirth
+   * @return Identity link assertion
+ * @throws SZRGWClientException 
+   */
+  /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/
+     private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException {
+
+    SZRGWClient client = new SZRGWClient();
+      
+    try {
+    	AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+    	 ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
+     	//url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation";
+    	Logger.debug("Connection Parameters: " + connectionParameters);
+      client.setAddress(connectionParameters.getUrl());
+      if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+         Logger.debug("Initialisiere SSL Verbindung");
+         try {
+            client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+         } catch (IOException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+         } catch (GeneralSecurityException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+         } catch (PKIException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+         }
+       }
+       
+       Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
+      
+   
+    }
+   catch (ConfigurationException e) {
+      Logger.warn(e);
+      Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
+
+    }
+    	// create request
+    	Document doc = buildGetIdentityLinkRequest(cert);
+    	Element request = doc.getDocumentElement();
+    	CreateIdentityLinkResponse response = null;
+   
+    //try {
+        response = client.createIdentityLinkResponse(request);
+    //} catch (SZRGWClientException e) {
+        // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+      //  client = new SZRGWClient(url);
+      //  response = client.createIdentityLinkResponse(request);
+   // }
+   	 
+        
+	return response.getAssertion();
+	
+  }
+  
+  /**
+   * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW
+   * @param givenname
+   * @param familyname
+   * @param birthday
+   * @return
+   */
+  private static Document buildGetIdentityLinkRequest(X509Certificate cert) {
+	  
+	  try {
+		  	byte[] certbyte = cert.getEncoded();
+		  	String certstring = Base64.encode(certbyte); 
+	      
+			DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
+			factory.setNamespaceAware(true);
+	        DocumentBuilder builder = factory.newDocumentBuilder();
+	        Document doc = builder.newDocument();
+	        
+	        Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest");
+	        getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS);
+	        doc.appendChild(getIdentityLink);
+	        
+	        Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate");
+	        getIdentityLink.appendChild(x509certificate);
+	        Text certbase64 = doc.createTextNode(certstring);
+	        x509certificate.appendChild(certbase64);
+	                          
+	        return doc;
+	    } catch (ParserConfigurationException e) {
+	    	e.printStackTrace();
+	    } catch (CertificateEncodingException e) {
+			e.printStackTrace();
+		}
+	    return null;
+	
+	}
+  
+    /**
+   * Checks a parameter.
+   * @param param parameter
+   * @return true if the parameter is null or empty
+   */
+  private boolean isEmpty(String param) {
+    return param == null || param.length() == 0;
+  }
+ 
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 329749e96..4f98e85e2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -25,8 +25,13 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.fileupload.FileUploadException;
 
 import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.ParseException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.id.util.ServletUtils;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -60,7 +65,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
 
   /**
    * Verifies the identity link and responds with a new 
-   * <code>CreateXMLSignatureRequest</code>.
+   * <code>CreateXMLSignatureRequest</code> or a new <code>
+   * InfoboxReadRequest</code> (in case of a foreign eID card).
    * <br>
    * Request parameters:
    * <ul>
@@ -88,13 +94,56 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
       Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
       throw new IOException(e.getMessage());
     }
+  //@TODO Parameter
     String sessionID = req.getParameter(PARAM_SESSIONID);
     
+    
+
+    
     try {
-      AuthenticationSession session = AuthenticationServer.getSession(sessionID);
-      String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters);
-      ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); 
+    // check parameter
+       if (!ParamValidatorUtils.isValidSessionID(sessionID))
+          throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
+       
+    	AuthenticationSession session = AuthenticationServer.getSession(sessionID);  
+    	String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters);
+    	
+    	if (createXMLSignatureRequestOrRedirect == null) {
+    	   
+    	   System.out.println("Send InfoboxReadRequest to BKU to get signer certificate.");
+    		// no identity link found
+    		try {
+    		
+    		   Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+    		   
+    		// create the InfoboxReadRequest to get the certificate
+    		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+
+    		   // build dataurl (to the GetForeignIDSerlvet)
+          String dataurl =
+                new DataURLBuilder().buildDataURL(
+                  session.getAuthURL(),
+                  REQ_VERIFY_CERTIFICATE,
+                  session.getSessionID());
+          
+         
+          ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate", dataurl);
+    	    	
+    	    }
+    	    catch(Exception e) {
+    	    	handleError(null, e, req, resp);
+    	    }
+    	    
+    	}
+    	else {
+    		ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
+    	}
+      
+    }
+    catch (ParseException ex) {
+    	handleError(null, ex, req, resp);
     }
+    
     catch (MOAIDException ex) {
       handleError(null, ex, req, resp);
     }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 99c49ca09..072b6c48f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -26,6 +26,7 @@ import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
+import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.StringUtils;
@@ -70,7 +71,7 @@ public class CreateXMLSignatureResponseValidator {
    * @throws ValidateException
    */
   public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session)
-  	throws ValidateException {
+   throws ValidateException {
       
       // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
     
@@ -123,57 +124,60 @@ public class CreateXMLSignatureResponseValidator {
     
     SAMLAttribute samlAttribute;
     if (session.getSAMLAttributeGebeORwbpk()) {
-    	// check the first attribute ("Geschaeftsbereich" or "wbPK")
-		samlAttribute = samlAttributes[0];
-		if (businessService) {
-		  if (!samlAttribute.getName().equals("wbPK")) {
-		    if (samlAttribute.getName().equals("Geschaeftsbereich")) {
-		      throw new ValidateException("validator.26", null);
-		    } else {
-		      throw new ValidateException(
-		      "validator.37", 
-		      new Object[] {samlAttribute.getName(), "wbPK", String.valueOf(1)});
-		    }
-		  }          
-		  if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {          
-		    foundWBPK = true;
-		    try {
-		      Element attrValue = (Element)samlAttribute.getValue();
-		      String value = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Value").item(0)).getFirstChild().getNodeValue();
-		      String type =  ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Type").item(0)).getFirstChild().getNodeValue();
-		      if (!value.equals(identityLink.getIdentificationValue())) {
-		        throw new ValidateException("validator.28", null); 
-		      }
-		      if (!type.equals(identityLink.getIdentificationType())) {
-		        throw new ValidateException("validator.28", null); 
-		      }
-		    } catch (Exception ex) {
-		      throw new ValidateException("validator.29", null);
-		    }
-		  } else {
-		    throw new ValidateException("validator.30", null);
-		  }    
-		} else {
-		  if (!samlAttribute.getName().equals("Geschaeftsbereich")) {
-		    if (samlAttribute.getName().equals("wbPK")) {
-		      throw new ValidateException("validator.26", null);
-		    } else {
-		      throw new ValidateException(
-		      "validator.37", 
-		      new Object[] {samlAttribute.getName(), "Geschaeftsbereich", String.valueOf(1)});
-		    }
-		  }
-		  if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {          
-		    foundGB = true;             
-		    if (!gbTarget.equals((String)samlAttribute.getValue())) {
-		      throw new ValidateException("validator.13", null); 
-		    }             
-		  } else {
-		    throw new ValidateException("validator.12", null);
-		  }
-		}
+      // check the first attribute ("Geschaeftsbereich" or "wbPK")
+      samlAttribute = samlAttributes[0];
+      if (businessService) {
+        if (!samlAttribute.getName().equals("wbPK")) {
+          if (samlAttribute.getName().equals("Geschaeftsbereich")) {
+            throw new ValidateException("validator.26", null);
+          } else {
+            throw new ValidateException(
+            "validator.37", 
+            new Object[] {samlAttribute.getName(), "wbPK", String.valueOf(1)});
+          }
+        }          
+        if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {          
+          foundWBPK = true;
+          try {
+            Element attrValue = (Element)samlAttribute.getValue();
+            String value = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Value").item(0)).getFirstChild().getNodeValue();
+            String type =  ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Type").item(0)).getFirstChild().getNodeValue();
+            if (!value.equals(identityLink.getIdentificationValue())) {
+              throw new ValidateException("validator.28", null); 
+            }
+            if (!type.equals(identityLink.getIdentificationType())) {
+              throw new ValidateException("validator.28", null); 
+            }
+          } catch (Exception ex) {
+            throw new ValidateException("validator.29", null);
+          }
+        } else {
+          throw new ValidateException("validator.30", null);
+        }    
+      } else {
+        if (!samlAttribute.getName().equals("Geschaeftsbereich")) {
+          if (samlAttribute.getName().equals("wbPK")) {
+            throw new ValidateException("validator.26", null);
+          } else {
+            throw new ValidateException(
+            "validator.37", 
+            new Object[] {samlAttribute.getName(), "Geschaeftsbereich", String.valueOf(1)});
+          }
+        }
+        if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {          
+          foundGB = true;             
+          //BZ..         
+          gbTarget = gbTarget + " (" + TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget) + ")";
+          //..BZ
+          if (!gbTarget.equals((String)samlAttribute.getValue())) {
+            throw new ValidateException("validator.13", null); 
+          }             
+        } else {
+          throw new ValidateException("validator.12", null);
+        }
+      }
     } else {
-		offset--;
+      offset--;
     }
 
     // check the second attribute (must be "OA")
@@ -234,11 +238,11 @@ public class CreateXMLSignatureResponseValidator {
         Object actualValue = samlAttribute.getValue();
         try {
           if (expectedValue instanceof String) {
-          	// replace \r\n because text might be base64-encoded
-          	String expValue = StringUtils.replaceAll((String)expectedValue,"\r","");
-          	expValue = StringUtils.replaceAll(expValue,"\n","");
-          	String actValue = StringUtils.replaceAll((String)actualValue,"\r","");
-          	actValue = StringUtils.replaceAll(actValue,"\n","");
+            // replace \r\n because text might be base64-encoded
+            String expValue = StringUtils.replaceAll((String)expectedValue,"\r","");
+            expValue = StringUtils.replaceAll(expValue,"\n","");
+            String actValue = StringUtils.replaceAll((String)actualValue,"\r","");
+            actValue = StringUtils.replaceAll(actValue,"\n","");
             if (!expValue.equals(actValue)) {
               throw new ValidateException(
               "validator.38", 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java
new file mode 100644
index 000000000..6448f9392
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java
@@ -0,0 +1,27 @@
+package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * This class implements a SZR-gateway GetIdentityLink Response.
+ * 
+ */
+public class CreateIdentityLinkResponse {
+  
+	private Element assertion;
+
+	public Element getAssertion() {
+		return assertion;
+	}
+	
+	public void setAssertion(Element assertion) {
+	  this.assertion = assertion;
+	}
+	
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
index 6c367594b..0c84a9b18 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
@@ -16,20 +16,20 @@
 
 package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
 
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-
-import javax.net.ssl.SSLSocketFactory;
-
-import org.apache.commons.httpclient.HttpClient;
-import org.apache.commons.httpclient.methods.PostMethod;
-import org.apache.commons.httpclient.protocol.Protocol;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
-import at.gv.egovernment.moa.logging.Logger;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.logging.Logger;
 
 
 /**
@@ -41,7 +41,6 @@ import at.gv.egovernment.moa.logging.Logger;
  * <li>Detailed Request</li>
  * </ol>
  * 
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
  */
 public class SZRGWClient {
   /**
@@ -136,6 +135,110 @@ public class SZRGWClient {
       //e.printStackTrace();
       throw new SZRGWClientException(e);
     }
+  }
+  
+  /**
+   * Gets a identity link.
+   * 
+   * @param reqElem the request.
+   * @return a SZR-gateway response containing the result
+   * @throws SZRGWException when an error occurs creating the mandate.
+   */
+  public CreateIdentityLinkResponse createIdentityLinkResponse(Element reqElem) throws SZRGWClientException {
+     
+     Logger.info("Connecting to SZR-gateway.");
+       try {
+         if (address == null) {
+           throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null.");
+         }
+         HttpClient client = new HttpClient();
+         PostMethod method = new PostMethod(address);
+         method.setRequestHeader("SOAPAction", "");
+
+         
+         // ssl settings
+         if (sSLSocketFactory != null) {
+           SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); 
+           Protocol.registerProtocol("https", new Protocol("https", fac, 443));
+         }
+         
+         // create soap body
+         Element soapBody = getSOAPBody();
+         Document doc = soapBody.getOwnerDocument();
+         soapBody.appendChild(doc.importNode(reqElem, true));
+         Element requestElement = soapBody.getOwnerDocument().getDocumentElement();
+         
+         //ParepUtils.saveElementToFile(requestElement, new File("c:/temp/szrRequest.xml"));
+         ByteArrayOutputStream bos = new ByteArrayOutputStream();
+         ParepUtils.serializeElementAsDocument(requestElement, bos);
+         
+         method.setRequestBody(new ByteArrayInputStream(bos.toByteArray()));
+         client.executeMethod(method);
+         CreateIdentityLinkResponse response = new CreateIdentityLinkResponse();
+         
+         bos = new ByteArrayOutputStream();
+         doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream());
+
+         //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/temp/szrResponse.xml"));
+         
+         //check if errorresponse
+         boolean isError = checkErrorResponse(doc.getDocumentElement());
+         
+         if (isError) {
+           String error = getErrorCodeandMessage(doc.getDocumentElement());
+           throw new SZRGWClientException(error);
+         }
+         else {
+           response.setAssertion(doc.getDocumentElement());  
+         }
+         
+         return response;
+       } catch(Exception e) {
+         e.printStackTrace();
+         throw new SZRGWClientException(e);
+       }
+      
+  }
+  
+  /**
+   * Returns an errorstring containing errorcode and info from SZR-GW error response
+   * @param element
+   * @return
+   */
+  private String getErrorCodeandMessage(Element element) {
+     String error = "Fehler im SZR-Gateway: ";
+     
+     String code = "";
+     NodeList list = element.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "ErrorCode");
+     for (int i = 0; i < list.getLength(); i++) {
+        Element elem = (Element)list.item(i);
+        code += elem.getTextContent() + "/";
+     }
+     
+     String info = "";
+     list = element.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "Info");
+     for (int i = 0; i < list.getLength(); i++) {
+        Element elem = (Element)list.item(i);
+        info += elem.getTextContent() + "/";
+     }
+     
+     error += code + " " + info;
+     return error;
+  }
+  
+  /**
+   * Checks if response from SZR-GW is errorresponse or not
+   * @param element
+   * @return
+   */
+  private boolean checkErrorResponse(Element element) {
+     
+     NodeList list = element.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "ErrorResponse");
+     
+     if (list.getLength() == 0)
+        return false;
+     else 
+        return true;
   }
   
   /*
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index d22fef5e7..7cc33ca52 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -98,7 +98,7 @@ public class ConfigurationBuilder {
   protected static final String INPUT_PROCESSOR_TEMPLATE_XPATH =
     ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "InputProcessorSignTemplate/@URL";
   /** an XPATH-Expression */ 
-	public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH =
+   public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH =
     ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename";
   /** an XPATH-Expression */ 
   protected static final String AUTH_MOA_SP_XPATH =
@@ -121,6 +121,12 @@ public class ConfigurationBuilder {
   public static final String AUTH_VERIFY_INFOBOXES_XPATH =
     ROOT + CONF + "AuthComponent/" + CONF + "VerifyInfoboxes";
   
+  /** an XPATH-Expression */ 
+  public static final String AUTH_FOREIGN_IDENTITIES_XPATH =
+    ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities";
+  
+  
+  
   /** an XPATH-Expression */ 
   protected static final String OA_XPATH = ROOT + CONF + "OnlineApplication";
   /** an XPATH-Expression */ 
@@ -182,10 +188,10 @@ public class ConfigurationBuilder {
   
 
   
-	/**
-	 * main configuration file directory name used to configure MOA-ID 
-	 */
-	protected String rootConfigFileDir_;
+   /**
+    * main configuration file directory name used to configure MOA-ID 
+    */
+   protected String rootConfigFileDir_;
   
   /** The root element of the MOA-ID configuration */
   protected Element configElem_;
@@ -220,6 +226,18 @@ public class ConfigurationBuilder {
     if (authBKU==null) return null;
     return buildConnectionParameter(authBKU);
   }
+  
+  /**
+   * Build a ConnectionParameter containing all information
+   * of the foreignid element in the authentication component
+   * @return ConnectionParameter of the authentication component foreignid element
+   */
+  public ConnectionParameter buildForeignIDConnectionParameter() {
+     Element foreignid = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_FOREIGN_IDENTITIES_XPATH);
+     if (foreignid==null) return null;
+     return buildConnectionParameter(foreignid);
+
+  }
 
   /**
    * Method buildAuthBKUSelectionType.
@@ -407,7 +425,7 @@ public class ConfigurationBuilder {
   {
 
     String bkuSelectionTemplateURL =     
-    	  XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null);
+        XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null);
     String templateURL =     
         XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null);
     String inputProcessorSignTemplateURL =     
@@ -425,6 +443,7 @@ public class ConfigurationBuilder {
       String publicURLPrefix = oAElem.getAttribute("publicURLPrefix");
       oap.setPublicURLPrefix(publicURLPrefix);
       oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier"));
+      oap.setFriendlyName(oAElem.getAttribute("friendlyName"));
       
       // get the type of the online application
       String oaType = oAElem.getAttribute("type");
@@ -447,12 +466,15 @@ public class ConfigurationBuilder {
           throw new ConfigurationException("config.02", null);
         }
         if ("false".equalsIgnoreCase(oAElem.getAttribute("calculateHPI"))) {
-        	oap.setIdentityLinkDomainIdentifier(buildIdentityLinkDomainIdentifier(identificationNumberChild));
+         oap.setIdentityLinkDomainIdentifier(buildIdentityLinkDomainIdentifier(identificationNumberChild));
+         //BZ.., setting type of IdLinkDomainIdentifier
+         oap.setIdentityLinkDomainIdentifierType(identificationNumberChild.getLocalName());
+         //..BZ
         } else {
-        	// If we have business service and want to dealt with GDA, the security layer can be advised to calulate 
-        	// the Health Professional Identifier HPI instead of the wbPK
+         // If we have business service and want to dealt with GDA, the security layer can be advised to calulate 
+         // the Health Professional Identifier HPI instead of the wbPK
             Logger.info("OA uses HPI for Identification");
-        	oap.setIdentityLinkDomainIdentifier(Constants.URN_PREFIX_HPI);
+         oap.setIdentityLinkDomainIdentifier(Constants.URN_PREFIX_HPI);
         }
         
         // if OA type is "businessSErvice" set slVersion to 1.2 and ignore parameter in config file
@@ -514,7 +536,7 @@ public class ConfigurationBuilder {
   protected String buildTemplateURL(Element oaAuthComponent, String xpathExpr, String defaultURL) {
     String templateURL = XPathUtils.getAttributeValue(oaAuthComponent, xpathExpr, defaultURL);
     if (templateURL != null) {
-    	templateURL = FileUtils.makeAbsoluteURL(templateURL, rootConfigFileDir_);
+      templateURL = FileUtils.makeAbsoluteURL(templateURL, rootConfigFileDir_);
     }
     return templateURL;
   }
@@ -533,7 +555,7 @@ public class ConfigurationBuilder {
       XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null));
     
     result.setAcceptedServerCertificates(FileUtils.makeAbsoluteURL(
-    	result.getAcceptedServerCertificates(), rootConfigFileDir_));
+      result.getAcceptedServerCertificates(), rootConfigFileDir_));
       
     result.setUrl(
       XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, ""));
@@ -541,10 +563,10 @@ public class ConfigurationBuilder {
       XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null));
     
     result.setClientKeyStore(FileUtils.makeAbsoluteURL(
-    	result.getClientKeyStore(), rootConfigFileDir_));
+      result.getClientKeyStore(), rootConfigFileDir_));
     
     result.setClientKeyStorePassword(
-    	XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,""));
+      XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,""));
     
     if ((result.getAcceptedServerCertificates()==null)
         && (result.getUrl()=="")
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
index 9193a591e..a61a3de97 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
@@ -118,4 +118,13 @@ public class ConnectionParameter {
     this.clientKeyStorePassword = clientKeyStorePassword;
   }
 
+  public String toString() {
+     String s = "* ConnectionParameter *\n";
+     s += "URL: " + url + "\n";
+     s += "acceptedServerCertificates: " + acceptedServerCertificates + "\n";
+     s += "clientKeyStore: " + clientKeyStore + "\n";
+     s += "clientKeyStorePassword: " + clientKeyStorePassword;
+     
+     return s;
+  }
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
index b55164eed..f5aa9225a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
@@ -40,6 +40,11 @@ public class OAParameter {
    */
   private String publicURLPrefix;
   
+  /**
+   * specifies a human readable name of the Online Application
+   */
+  private String friendlyName;
+  
   /**
    * Returns the type of the online application.
    * @return the type of the online application.
@@ -87,5 +92,24 @@ public class OAParameter {
   public void setPublicURLPrefix(String publicURLPrefix) {
     this.publicURLPrefix = publicURLPrefix;
   }
+  
+  
+  /**
+   * Gets the friendly name of the OA
+   * @return Friendly Name of the OA
+   */
+   public String getFriendlyName() {
+      return friendlyName;
+   }
+   
+   /**
+    * Sets the friendly name of the OA
+    * @param friendlyName
+    */
+   public void setFriendlyName(String friendlyName) {
+      this.friendlyName = friendlyName;
+   }
+  
+  
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java
new file mode 100644
index 000000000..af28be56a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java
@@ -0,0 +1,67 @@
+/**
+ * 
+ */
+package at.gv.egovernment.moa.id.config;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author bzwattendorfer
+ *
+ */
+public class TargetToSectorNameMapper implements TargetsAndSectorNames {
+
+	private static Map targetMap = new HashMap(41);
+	
+	static {
+		targetMap.put(TARGET_AR, TARGET_AR_SECTOR);
+		targetMap.put(TARGET_AS, TARGET_AS_SECTOR);
+		targetMap.put(TARGET_BF, TARGET_BF_SECTOR);
+		targetMap.put(TARGET_BR, TARGET_BR_SECTOR);
+		targetMap.put(TARGET_BW, TARGET_BW_SECTOR);
+		targetMap.put(TARGET_EA, TARGET_EA_SECTOR);
+		targetMap.put(TARGET_EF, TARGET_EF_SECTOR);
+		targetMap.put(TARGET_GH, TARGET_GH_SECTOR);
+		targetMap.put(TARGET_GS, TARGET_GS_SECTOR);
+		targetMap.put(TARGET_GS_RE, TARGET_GS_RE_SECTOR);
+		targetMap.put(TARGET_HR, TARGET_HR_SECTOR);
+		targetMap.put(TARGET_JR, TARGET_JR_SECTOR);
+		targetMap.put(TARGET_KI, TARGET_KI_SECTOR);
+		targetMap.put(TARGET_KL, TARGET_KL_SECTOR);
+		targetMap.put(TARGET_KU, TARGET_KU_SECTOR);
+		targetMap.put(TARGET_LF, TARGET_LF_SECTOR);
+		targetMap.put(TARGET_LV, TARGET_LV_SECTOR);
+		targetMap.put(TARGET_OI, TARGET_OI_SECTOR);
+		targetMap.put(TARGET_PV, TARGET_PV_SECTOR);
+		targetMap.put(TARGET_RD, TARGET_RD_SECTOR);
+		targetMap.put(TARGET_RT, TARGET_RT_SECTOR);
+		targetMap.put(TARGET_SA, TARGET_SA_SECTOR);
+		targetMap.put(TARGET_SF, TARGET_SF_SECTOR);
+		targetMap.put(TARGET_SO, TARGET_SO_SECTOR);
+		targetMap.put(TARGET_SO_VR, TARGET_SO_VR_SECTOR);
+		targetMap.put(TARGET_SR_RG, TARGET_SR_RG_SECTOR);
+		targetMap.put(TARGET_SV, TARGET_SV_SECTOR);
+		targetMap.put(TARGET_UW, TARGET_UW_SECTOR);
+		targetMap.put(TARGET_VT, TARGET_VT_SECTOR);
+		targetMap.put(TARGET_VV, TARGET_VV_SECTOR);
+		targetMap.put(TARGET_WT, TARGET_WT_SECTOR);
+		targetMap.put(TARGET_ZP, TARGET_ZP_SECTOR);
+		targetMap.put(TARGET_BR, TARGET_BR_SECTOR);
+		targetMap.put(TARGET_HR, TARGET_HR_SECTOR);
+		targetMap.put(TARGET_KI, TARGET_KI_SECTOR);
+		targetMap.put(TARGET_OI, TARGET_OI_SECTOR);
+		targetMap.put(TARGET_PV, TARGET_PV_SECTOR);
+		targetMap.put(TARGET_RD, TARGET_RD_SECTOR);
+		targetMap.put(TARGET_VS, TARGET_VS_SECTOR);
+		targetMap.put(TARGET_VS_RG, TARGET_VS_RG_SECTOR);
+		targetMap.put(TARGET_ZU, TARGET_ZU_SECTOR);		
+		
+	}
+	
+	public static String getSectorNameViaTarget(String target) {
+		
+		return targetMap.get(target) != null ? (String) targetMap.get(target) : ""; 
+	}
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java
new file mode 100644
index 000000000..c30e7b2b6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java
@@ -0,0 +1,194 @@
+/**
+ * 
+ */
+package at.gv.egovernment.moa.id.config;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * This interface contains all actual possible targets in Austria (shortcuts and friendly names)
+ * Bereichskennung and Tätigkeitsbereich
+ * @author bzwattendorfer
+ *
+ */
+public interface TargetsAndSectorNames {
+	
+	/** Bereichskennung AR */
+	public static String TARGET_AR = "AR";
+	/** Tätigkeitsbereich AR */
+	public static String TARGET_AR_SECTOR = "Arbeit";
+	
+	/** Bereichskennung AS */
+	public static String TARGET_AS = "AS";
+	/** Tätigkeitsbereich AS */
+	public static String TARGET_AS_SECTOR = "Amtliche Statistik";
+	
+	/** Bereichskennung BF */
+	public static String TARGET_BF = "BF";
+	/** Tätigkeitsbereich BF */
+	public static String TARGET_BF_SECTOR = "Bildung und Forschung";
+	
+	/** Bereichskennung BW */
+	public static String TARGET_BW = "BW";
+	/** Tätigkeitsbereich BW */
+	public static String TARGET_BW_SECTOR = "Bauen und Wohnen";
+	
+	/** Bereichskennung EA */
+	public static String TARGET_EA = "EA";
+	/** Tätigkeitsbereich EA */
+	public static String TARGET_EA_SECTOR = "EU und Auswärtige Angelegenheiten";
+	
+	/** Bereichskennung EF */
+	public static String TARGET_EF = "EF";
+	/** Tätigkeitsbereich EF */
+	public static String TARGET_EF_SECTOR = "Ein- und Ausfuhr";
+	
+	/** Bereichskennung GH */
+	public static String TARGET_GH = "GH";
+	/** Tätigkeitsbereich GH */
+	public static String TARGET_GH_SECTOR = "Gesundheit";
+	
+	/** Bereichskennung GS */
+	public static String TARGET_GS = "GS";
+	/** Tätigkeitsbereich GS */
+	public static String TARGET_GS_SECTOR = "Gesellschaft und Soziales";
+	
+	/** Bereichskennung GS-RE */
+	public static String TARGET_GS_RE = "GS-RE";
+	/** Tätigkeitsbereich GS-RE */
+	public static String TARGET_GS_RE_SECTOR = "Restitution";
+	
+	/** Bereichskennung JR */
+	public static String TARGET_JR = "JR";
+	/** Tätigkeitsbereich JR */
+	public static String TARGET_JR_SECTOR = "Justiz/Zivilrechtswesen";
+	
+	/** Bereichskennung KL */
+	public static String TARGET_KL = "KL";
+	/** Tätigkeitsbereich KL */
+	public static String TARGET_KL_SECTOR = "Kultus";
+	
+	/** Bereichskennung KU */
+	public static String TARGET_KU = "KU";
+	/** Tätigkeitsbereich KU */
+	public static String TARGET_KU_SECTOR = "Kunst und Kultur";
+	
+	/** Bereichskennung LF */
+	public static String TARGET_LF = "LF";
+	/** Tätigkeitsbereich LF */
+	public static String TARGET_LF_SECTOR = "Land- und Forstwirtschaft";
+	
+	/** Bereichskennung LV */
+	public static String TARGET_LV = "LV";
+	/** Tätigkeitsbereich LV */
+	public static String TARGET_LV_SECTOR = "Landesverteidigung";
+	
+	/** Bereichskennung RT */
+	public static String TARGET_RT = "RT";
+	/** Tätigkeitsbereich RT */
+	public static String TARGET_RT_SECTOR = "Rundfunk und sonstige " +
+			"Medien sowie Telekommunikation";
+	
+	/** Bereichskennung SA */
+	public static String TARGET_SA = "SA";
+	/** Tätigkeitsbereich SA */
+	public static String TARGET_SA_SECTOR = "Steuern und Abgaben";
+	
+	/** Bereichskennung SF */
+	public static String TARGET_SF = "SF";
+	/** Tätigkeitsbereich SF */
+	public static String TARGET_SF_SECTOR = "Sport und Freizeit";
+	
+	/** Bereichskennung SO */
+	public static String TARGET_SO = "SO";
+	/** Tätigkeitsbereich SO */
+	public static String TARGET_SO_SECTOR = "Sicherheit und Ordnung";
+	
+	/** Bereichskennung SO-VR */
+	public static String TARGET_SO_VR = "SO-VR";
+	/** Tätigkeitsbereich SO-VR */
+	public static String TARGET_SO_VR_SECTOR = "Vereinsregister";
+	
+	/** Bereichskennung SR-RG */
+	public static String TARGET_SR_RG = "SR-RG";
+	/** Tätigkeitsbereich SR-RG */
+	public static String TARGET_SR_RG_SECTOR = "Strafregister";
+	
+	/** Bereichskennung SV */
+	public static String TARGET_SV = "SV";
+	/** Tätigkeitsbereich SV */
+	public static String TARGET_SV_SECTOR = "Sozialversicherung";
+	
+	/** Bereichskennung UW */
+	public static String TARGET_UW = "UW";
+	/** Tätigkeitsbereich UW */
+	public static String TARGET_UW_SECTOR = "Umwelt";
+	
+	/** Bereichskennung VT */
+	public static String TARGET_VT = "VT";
+	/** Tätigkeitsbereich VT */
+	public static String TARGET_VT_SECTOR = "Verkehr und Technik";
+	
+	/** Bereichskennung VV */
+	public static String TARGET_VV = "VV";
+	/** Tätigkeitsbereich VV */
+	public static String TARGET_VV_SECTOR = "Vermögensverwaltung";
+	
+	/** Bereichskennung WT */
+	public static String TARGET_WT = "WT";
+	/** Tätigkeitsbereich WT */
+	public static String TARGET_WT_SECTOR = "Wirtschaft";
+	
+	/** Bereichskennung ZP */
+	public static String TARGET_ZP = "ZP";
+	/** Tätigkeitsbereich ZP */
+	public static String TARGET_ZP_SECTOR = "Personenidentität und Bürgerrechte (zur Person)";
+	
+	/** Bereichskennung BR */
+	public static String TARGET_BR = "BR";
+	/** Tätigkeitsbereich BR */
+	public static String TARGET_BR_SECTOR = "Bereichsübergreifender Rechtsschutz";
+	
+	/** Bereichskennung HR */
+	public static String TARGET_HR = "HR";
+	/** Tätigkeitsbereich HR */
+	public static String TARGET_HR_SECTOR = "Zentrales Rechnungswesen";
+	
+	/** Bereichskennung KI */
+	public static String TARGET_KI = "KI";
+	/** Tätigkeitsbereich KI */
+	public static String TARGET_KI_SECTOR = "Auftraggeberinterne allgemeine Kanzleiindizes";
+	
+	/** Bereichskennung OI */
+	public static String TARGET_OI = "OI";
+	/** Tätigkeitsbereich OI */
+	public static String TARGET_OI_SECTOR = "Öffentlichkeitsarbeit";
+	
+	/** Bereichskennung PV */
+	public static String TARGET_PV = "PV";
+	/** Tätigkeitsbereich PV */
+	public static String TARGET_PV_SECTOR = "Personalverwaltung";
+	
+	/** Bereichskennung RD */
+	public static String TARGET_RD = "RD";
+	/** Tätigkeitsbereich RD */
+	public static String TARGET_RD_SECTOR = "Zentraler Rechtsdienst";
+	
+	/** Bereichskennung VS */
+	public static String TARGET_VS = "VS";
+	/** Tätigkeitsbereich VS */
+	public static String TARGET_VS_SECTOR = "Zentrale Durchführung von Verwaltungsstrafverfahren";
+	
+	/** Bereichskennung VS-RG */
+	public static String TARGET_VS_RG = "VS-RG";
+	/** Tätigkeitsbereich VS-RG */
+	public static String TARGET_VS_RG_SECTOR = "Zentrales Verwaltungsstrafregister";
+	
+	/** Bereichskennung ZU */
+	public static String TARGET_ZU = "ZU";
+	/** Tätigkeitsbereich ZU */
+	public static String TARGET_ZU_SECTOR = "Zustellungen";
+			
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index fc988f161..a25bc1af5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -119,6 +119,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
    * parameters for connection to MOA SP component
    */
   private ConnectionParameter moaSpConnectionParameter;
+  
+
 	/**
 	 * trust profile ID to be used for verifying the identity link signature via MOA ID SP
 	 */  
@@ -157,6 +159,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
    */
   private ConnectionParameter bKUConnectionParameter;
   
+  /**
+   * parameter for connection to SZR-GW GetIdentityLink
+   */
+  private ConnectionParameter foreignIDConnectionParameter;
+  
  /**
    * Return the single instance of configuration data.
    * 
@@ -256,6 +263,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
           defaultVerifyInfoboxParameters = 
             builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID);
         }
+        
+        
+      foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter();
     	onlineApplicationAuthParameters  = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID);
     	identityLinkX509SubjectNames =  builder.getIdentityLink_X509SubjectNames();
     	defaultChainingMode = builder.getDefaultChainingMode();
@@ -368,6 +378,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
   public ConnectionParameter getMoaSpConnectionParameter() {
     return moaSpConnectionParameter;
   }
+  
+  /**
+   * Return a ConnectionParameter bean containing all information
+   * of the authentication component foreigid element
+   * @return ConnectionParameter of the authentication component foreignid element
+   */
+  public ConnectionParameter getForeignIDConnectionParameter() {
+     return foreignIDConnectionParameter;
+  }
 
   /**
    * Return a string with a url-reference to the VerifyIdentityLink trust 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index c095d9fc1..c352fae6c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -46,26 +46,26 @@ public class OAAuthParameter extends OAParameter {
    * security layer as input for wbPK computation
    */
   private String identityLinkDomainIdentifier;  
-	/**
-	 * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair)
-	 */  
+   /**
+    * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair)
+    */  
   private String keyBoxIdentifier;
   /**
    * transformations for rendering in the secure viewer of the security layer 
    * implementation; multiple transformation can be given for different mime types
    */  
   private String[] transformsInfos;
-	/**
-	 * determines whether "Stammzahl" is to be included in the authentication data
-	 */
+   /**
+    * determines whether "Stammzahl" is to be included in the authentication data
+    */
   private boolean provideStammzahl;
-	/**
-	 * determines whether AUTH block is to be included in the authentication data
-	 */
+   /**
+    * determines whether AUTH block is to be included in the authentication data
+    */
   private boolean provideAuthBlock;
-	/**
-	 * determines whether identity link is to be included in the authentication data
-	 */
+   /**
+    * determines whether identity link is to be included in the authentication data
+    */
   private boolean provideIdentityLink;
   /**
    * determines whether the certificate is to be included in the authentication data
@@ -88,6 +88,12 @@ public class OAAuthParameter extends OAParameter {
    */
   private VerifyInfoboxParameters verifyInfoboxParameters;
   
+  /**
+   * BZ
+   * Type for authentication number (e.g. Firmenbuchnummer)
+   */
+  private String identityLinkDomainIdentifierType;
+  
   /**
    * Returns <code>true</code> if the Security Layer version is version 1.2,
    * otherwise <code>false</code>.
@@ -156,13 +162,13 @@ public class OAAuthParameter extends OAParameter {
     return provideCertificate;
   }
   
-	/**
-		* Returns the key box identifier.
-		* @return String
-		*/
-	 public String getKeyBoxIdentifier() {
-		 return keyBoxIdentifier;
-	 }
+   /**
+      * Returns the key box identifier.
+      * @return String
+      */
+    public String getKeyBoxIdentifier() {
+       return keyBoxIdentifier;
+    }
    
    /**
    * Returns the BkuSelectionTemplate url.
@@ -259,31 +265,31 @@ public class OAAuthParameter extends OAParameter {
     this.provideCertificate = provideCertificate;
   }
 
-	/**
-	 * Sets the key box identifier.
-	 * @param keyBoxIdentifier to set
-	 */
-	public void setKeyBoxIdentier(String keyBoxIdentifier) {
-		this.keyBoxIdentifier = keyBoxIdentifier;
-	}
+   /**
+    * Sets the key box identifier.
+    * @param keyBoxIdentifier to set
+    */
+   public void setKeyBoxIdentier(String keyBoxIdentifier) {
+      this.keyBoxIdentifier = keyBoxIdentifier;
+   }
   
   /**
    * Sets the BkuSelectionTemplate url.
    * @param bkuSelectionTemplateURL The url string specifying the location
    *        of a BkuSelectionTemplate.
    */
-	public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) {
-		this.bkuSelectionTemplateURL = bkuSelectionTemplateURL;
-	}
+   public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) {
+      this.bkuSelectionTemplateURL = bkuSelectionTemplateURL;
+   }
   
   /**
    * Sets the Template url.
    * @param templateURL The url string specifying the location
    *        of a Template.
    */
-	public void setTemplateURL(String templateURL) {
-		this.templateURL = templateURL;
-	}
+   public void setTemplateURL(String templateURL) {
+      this.templateURL = templateURL;
+   }
 
   /**
    * Sets the input processor sign form template url.
@@ -303,5 +309,21 @@ public class OAAuthParameter extends OAParameter {
   public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) {
     this.verifyInfoboxParameters = verifyInfoboxParameters;
   }
+  
+  /**
+   * Gets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
+   * @return IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
+   */
+  public String getIdentityLinkDomainIdentifierType() {
+      return identityLinkDomainIdentifierType;
+  }
+
+  /**
+   * Sets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer)
+   * @param identityLinkDomainIdentifierType The IdentityLinkDomainIdentifier to set (e.g. Firmenbuchnummer)
+   */
+  public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) {
+      this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType;
+  }
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
index 7f0dfe509..b8b53e7f3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
@@ -103,7 +103,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder {
       HttpsURLConnection httpsConn = (HttpsURLConnection) conn;
       httpsConn.setSSLSocketFactory(sslSocketFactory);
       if (cbDisableHostnameVerification)
-        httpsConn.setHostnameVerifier(new HostnameNonVerifier());
+      	httpsConn.setHostnameVerifier(new HostnameNonVerifier());
     }
 
     return conn;
@@ -163,7 +163,6 @@ public class DefaultConnectionBuilder implements ConnectionBuilder {
       return true;
    }
 
-     
     /**
      * @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
      */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
index d13a6829c..badee38ac 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
@@ -36,8 +36,9 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
   /**
    * Constructor
    */
-  public DefaultLoginParameterResolver() {
-  }
+  //public DefaultLoginParameterResolver() {
+  //}
+  //@TODO: Änderung von 1.4.4
   
   /**
    * Configuration mehtod (not used)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
index 6810c9223..f3527055d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
@@ -119,7 +119,8 @@ public class ElakConnectionBuilder implements ConnectionBuilder {
       
       String parameter[] = new String[2];  
       for (Iterator iter = parameters.iterator(); iter.hasNext();) {
-	        parameter = (String[]) iter.next();   	
+	        parameter = (String[]) iter.next(); 
+	          	
         if(query.indexOf(parameter[0]) >= 0) iter.remove();
       }
     }
@@ -253,6 +254,7 @@ public class ElakConnectionBuilder implements ConnectionBuilder {
      */
 //JSSE Abhängigkeit
   private class HostnameNonVerifier implements HostnameVerifier {
+  		
     
      public boolean verify(String hostname, SSLSession session) {
         // TODO Auto-generated method stub
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
index 4af2561b2..7e27082a0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
@@ -162,13 +162,14 @@ public class EnhancedConnectionBuilder implements ConnectionBuilder {
 	// JSSE Abhängigkeit
 	  private class HostnameNonVerifier implements HostnameVerifier {
 	    
-	     /**
-	     * @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
-	     */
+	    
 	      public boolean verify(String hostname, SSLSession session) {
 	         return true;
 	      }
 
+	     /**
+	        * @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
+	        */
 //	     public boolean verify(String arg0, String arg1) {
 //	      return true;
 //	    }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index b986d7c2c..0cd0a0b7a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -117,6 +117,7 @@ public class ProxyServlet extends HttpServlet {
   protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
 
     Logger.debug("getRequestURL:" + req.getRequestURL().toString());
+  //@TODO Parameter
     try {
       if (req.getParameter(PARAM_SAMLARTIFACT) != null) {
  		// check if SAML Artifact was already used in this session (in case of page reload)
@@ -175,7 +176,8 @@ public class ProxyServlet extends HttpServlet {
     String binding = "";
     
     if (session.getAttribute(ATT_BROWSERREQU)==null) {
-	  	
+	 
+     //@TODO Parameter
 	    samlArtifact = req.getParameter(PARAM_SAMLARTIFACT);
 	    Logger.debug("moa-id-proxy login " + PARAM_SAMLARTIFACT + ": " + samlArtifact);
 	    // String target = req.getParameter(PARAM_TARGET); parameter given but not processed
@@ -496,7 +498,7 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map
   
   
   Vector parameters  = new Vector();
-
+//@TODO Parameter
   for (Enumeration enu = req.getParameterNames(); enu.hasMoreElements();) {
     String paramName = (String) enu.nextElement();
     if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
new file mode 100644
index 000000000..684291c59
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -0,0 +1,158 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+
+public class ParamValidatorUtils {
+   
+   /**
+    * Checks if the given target is valid
+    * @param target HTTP parameter from request
+    * @return 
+    */
+   public static boolean isValidTarget(String target) {
+   
+      // if non parameter is given return true
+      if (target == null)
+         return true;
+      
+      Pattern pattern = Pattern.compile("[a-zA-Z-]{1,5}");
+      Matcher matcher = pattern.matcher(target);
+      return matcher.matches();     
+   }
+   
+   /**
+    * Checks if the given bkuURI is valid
+    * @param target HTTP parameter from request
+    * @return 
+    */
+   public static boolean isValidBKUURI(String bkuURI) {
+   
+      // if non parameter is given return true
+      if (bkuURI == null)
+         return true;
+      
+      // check if bkuURI is a valid URL
+      try {
+         new URL(bkuURI);
+         return true;
+      } catch (MalformedURLException e) {
+         return false;
+      }
+   }
+   
+   /**
+    * Checks if the given template is valid
+    * @param target HTTP parameter from request
+    * @return 
+    */
+   public static boolean isValidTemplate(String template) {
+   
+      // if non parameter is given return true
+      if (template == null)
+         return true;
+      
+      // check if template is a valid URL
+      try {
+         new URL(template);
+         return true;         
+      } catch (MalformedURLException e) {
+         e.printStackTrace();
+         return false;
+      }
+   }
+   
+   /**
+    * Checks if the given template is valid
+    * @param target HTTP parameter from request
+    * @return 
+    */
+   public static boolean isValidSessionID(String sessionID) {
+   
+      // if non parameter is given return true
+      if (sessionID == null)
+         return true;
+
+      Pattern pattern = Pattern.compile("[0-9-]*");
+      Matcher matcher = pattern.matcher(sessionID);
+      return matcher.matches();     
+
+
+   }
+   
+   /**
+    * Checks if the given oa is valid
+    * @param target HTTP parameter from request
+    * @return 
+    */
+   public static boolean isValidOA(String oa) {
+   
+      // if non parameter is given return true
+      if (oa == null)
+         return true;
+     
+      // check if oa is a valid URL
+      try {
+         new URL(oa);
+         return true;
+      } catch (MalformedURLException e) {
+         return false;
+      }
+   }
+   
+   /**
+    * Checks if <BKU>, <XMLRequest>, <DataURL>, <CertInfoXMLRequest>, 
+    * <CertInfoDataURL> placeholders are contained in the given string.
+    * The placeholder <PushInfobox> is not checked, as it is only required, 
+    * if other infoboxes as identity link will be treated. 
+    * @param data
+    * @return
+    */
+   private static boolean checkPlaceHolders(String data) {
+
+      boolean bku = data.contains("<BKU>");
+      boolean xmlrequest = data.contains("<XMLRequest>");
+      boolean dataurl = data.contains("<DataURL>");
+      boolean certinfoxmlrequest = data.contains("<CertInfoXMLRequest>");
+      boolean certinfodataurl = data.contains("<CertInfoDataURL>");
+      
+      System.out.println("Check Data: ");
+      System.out.println("bku: " + bku);
+      System.out.println("xmlrequest: " + xmlrequest);
+      System.out.println("dataurl: " + dataurl);
+      System.out.println("certinfoxmlrequest: " + certinfoxmlrequest);
+      System.out.println("certinfodataurl: " + certinfodataurl);
+
+      
+      //return bku && xmlrequest && dataurl && certinfoxmlrequest && certinfodataurl;
+      return true;
+      
+   }
+   
+
+   /**
+    * Converts an input stream to a string
+    * @param is
+    * @return
+    * @throws Exception
+    */
+   private static String convertStreamToString(InputStream is) throws Exception {
+       BufferedReader reader = new BufferedReader(new InputStreamReader(is));
+       StringBuilder sb = new StringBuilder();
+       String line = null;
+       while ((line = reader.readLine()) != null) {
+         sb.append(line);
+       }
+       is.close();
+       return sb.toString();
+     }
+
+}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index e287e7118..8799082b3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -69,10 +69,10 @@ public class SSLUtils {
    */
   public static void initialize() {
     sslSocketFactories = new HashMap();
- // JSSE Abhängigkeit
-    //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
-    Security.addProvider(new IAIK());
-    //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+    // JSSE Abhängigkeit
+    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+    //Security.addProvider(new IAIK());
+    System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
     
     
   }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
index 7fa3fe8f0..1915ce40a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
@@ -73,6 +73,35 @@ public class ServletUtils {
       Logger.debug("REDIRECT TO: " + redirectURL);
       
     }
+  }
+  /**
+   * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing 
+   * depending on the requests starting text.
+   * 
+   * @param resp The httpServletResponse
+   * @param session The current AuthenticationSession
+   * @param createXMLSignatureRequestOrRedirect The request
+   * @param servletGoal The servlet to which the redirect should happen
+   * @param servletName The servlet name for debug purposes
+   * @throws MOAIDException
+   * @throws IOException
+   */
+  public static void writeCreateXMLSignatureRequest(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName, String dataURL) 
+  throws MOAIDException,
+         IOException
+  { 
+      resp.setStatus(307);
+      resp.addHeader("Location", dataURL);
+      
+      //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
+      resp.setContentType("text/xml;charset=UTF-8");
+      
+      OutputStream out = resp.getOutputStream();
+      out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
+      out.flush();
+      out.close();
+      Logger.debug("Finished POST " + servletName);
+    
   }
 
 }
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 552619e45..14e4d5347 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -29,6 +29,7 @@ auth.08=In der B
 auth.09=Zur Auswahlseite der Bürgertenumgebung (URL={0}) konnte keine Verbindung hergestellt werden. : <br>HTTP-Statuscode <i>{1}</i>
 auth.10=Fehler beim Aufruf von "{0}": Parameter "{1}" fehlt
 auth.11=Die zentral gespeicherte Auswahlseite für Bürgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals. <br>URL "{0}" Interne Fehlermeldung: {1}
+auth.12=Fehlerhafter Parameter "{1}" beim Aufruf von "{0}"
 
 init.00=MOA ID Authentisierung wurde erfolgreich gestartet
 init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist möglicherweise nicht verfügbar
diff --git a/id/server/pom.xml b/id/server/pom.xml
index 32c345d6a..01432ce11 100644
--- a/id/server/pom.xml
+++ b/id/server/pom.xml
@@ -4,14 +4,14 @@
     <parent>
         <groupId>MOA</groupId>
         <artifactId>id</artifactId>
-        <version>1.4.6</version>
+        <version>1.4.7</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>MOA.id</groupId>
     <artifactId>moa-id</artifactId>
     <packaging>pom</packaging>
-    <version>1.4.6</version>
+    <version>1.4.7</version>
     <name>MOA ID Server</name>
 
     <modules>
diff --git a/id/server/proxy/.settings/org.eclipse.wst.common.component b/id/server/proxy/.settings/org.eclipse.wst.common.component
index fad3275dd..a934dee5b 100644
--- a/id/server/proxy/.settings/org.eclipse.wst.common.component
+++ b/id/server/proxy/.settings/org.eclipse.wst.common.component
@@ -1,17 +1,17 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-    <wb-module deploy-name="moa-id-proxy">
-        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
-        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
-            <dependency-type>uses</dependency-type>
-        </dependent-module>
-        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
-            <dependency-type>uses</dependency-type>
-        </dependent-module>
-        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
-            <dependency-type>uses</dependency-type>
-        </dependent-module>
-        <property name="context-root" value="moa-id-proxy"/>
-        <property name="java-output-path"/>
-    </wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+    <wb-module deploy-name="moa-id-proxy">
+        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
+            <dependency-type>uses</dependency-type>
+        </dependent-module>
+        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
+            <dependency-type>uses</dependency-type>
+        </dependent-module>
+        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
+            <dependency-type>uses</dependency-type>
+        </dependent-module>
+        <property name="context-root" value="moa-id-proxy"/>
+        <property name="java-output-path"/>
+    </wb-module>
+</project-modules>
diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml
index 5bc7f77ae..754381607 100644
--- a/id/server/proxy/pom.xml
+++ b/id/server/proxy/pom.xml
@@ -2,7 +2,7 @@
 	<parent>
 		<groupId>MOA.id</groupId>
 		<artifactId>moa-id</artifactId>
-		<version>1.4.6</version>
+		<version>1.4.7</version>
 	</parent>
 	
 	<properties>
@@ -13,7 +13,7 @@
 	<groupId>MOA.id.server</groupId>
 	<artifactId>moa-id-proxy</artifactId>
 	<packaging>war</packaging>
-	<version>1.4.6</version>
+	<version>1.4.7</version>
 	<name>MOA ID-Proxy WebService</name>
 	
 	<build>
diff --git a/id/templates/.settings/org.eclipse.wst.common.component b/id/templates/.settings/org.eclipse.wst.common.component
index 1e8a98df8..dfa33a627 100644
--- a/id/templates/.settings/org.eclipse.wst.common.component
+++ b/id/templates/.settings/org.eclipse.wst.common.component
@@ -1,8 +1,8 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-    <wb-module deploy-name="moa-id-templates">
-        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
-        <property name="context-root" value="moa-id-templates"/>
-        <property name="java-output-path"/>
-    </wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+    <wb-module deploy-name="moa-id-templates">
+        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+        <property name="context-root" value="moa-id-templates"/>
+        <property name="java-output-path"/>
+    </wb-module>
+</project-modules>
diff --git a/id/templates/pom.xml b/id/templates/pom.xml
index 004643687..f011940f8 100644
--- a/id/templates/pom.xml
+++ b/id/templates/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <groupId>MOA</groupId>
         <artifactId>id</artifactId>
-        <version>1.4.6</version>
+        <version>1.4.7</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/pom.xml b/pom.xml
index 805062d39..aa5a1da57 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
     <groupId>MOA</groupId>
     <artifactId>MOA</artifactId>
     <packaging>pom</packaging>
-    <version>1.4.6</version>
+    <version>1.4.7</version>
     <name>MOA</name>
 
     <properties>
@@ -180,25 +180,25 @@
             <dependency>
                 <groupId>MOA</groupId>
                 <artifactId>moa-common</artifactId>
-                <version>1.4.6</version>
+                <version>1.4.7</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
                 <groupId>MOA.id.server</groupId>
                 <artifactId>moa-id-lib</artifactId>
-                <version>1.4.6</version>
+                <version>1.4.7</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
                 <groupId>MOA.spss.server</groupId>
                 <artifactId>moa-spss-lib</artifactId>
-                <version>1.4.6</version>
+                <version>1.4.7</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
                 <groupId>MOA</groupId>
                 <artifactId>moa-common</artifactId>
-                <version>1.4.6</version>
+                <version>1.4.7</version>
                 <type>test-jar</type>
                 <scope>test</scope>
             </dependency>
@@ -238,7 +238,6 @@
                 <version>0.2</version>
                 <scope>compile</scope>
             </dependency>
-
             <!-- IAIK libraries -->
             <dependency>
                 <groupId>iaik.prod</groupId>
@@ -249,7 +248,7 @@
             <dependency>
                 <groupId>iaik.prod</groupId>
                 <artifactId>iaik_moa</artifactId>
-                <version>1.26</version>
+                <version>1.27</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
diff --git a/repository/iaik/prod/iaik_moa/1.27/iaik_moa-1.27.jar b/repository/iaik/prod/iaik_moa/1.27/iaik_moa-1.27.jar
new file mode 100644
index 000000000..0f4f153e1
Binary files /dev/null and b/repository/iaik/prod/iaik_moa/1.27/iaik_moa-1.27.jar differ
diff --git a/repository/iaik/prod/iaik_moa/maven-metadata-local.xml b/repository/iaik/prod/iaik_moa/maven-metadata-local.xml
new file mode 100644
index 000000000..dcb33bf4b
--- /dev/null
+++ b/repository/iaik/prod/iaik_moa/maven-metadata-local.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<metadata>
+  <groupId>iaik.prod</groupId>
+  <artifactId>iaik_moa</artifactId>
+  <version>1.27</version>
+  <versioning>
+    <versions>
+      <version>1.27</version>
+    </versions>
+    <lastUpdated>20100618102247</lastUpdated>
+  </versioning>
+</metadata>
diff --git a/spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.component b/spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.component
index ea8402b5f..a5e02254b 100644
--- a/spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.component
+++ b/spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.component
@@ -1,8 +1,8 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-    <wb-module deploy-name="moa-spss-handbook-referencedData">
-        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
-        <property name="context-root" value="moa-spss-handbook-referencedData"/>
-        <property name="java-output-path"/>
-    </wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+    <wb-module deploy-name="moa-spss-handbook-referencedData">
+        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+        <property name="context-root" value="moa-spss-handbook-referencedData"/>
+        <property name="java-output-path"/>
+    </wb-module>
+</project-modules>
diff --git a/spss/handbook/clients/webservice/conf/http.properties b/spss/handbook/clients/webservice/conf/http.properties
index e969c0574..8bf490a85 100644
--- a/spss/handbook/clients/webservice/conf/http.properties
+++ b/spss/handbook/clients/webservice/conf/http.properties
@@ -30,7 +30,7 @@ signRequest = resources/requests/CreateXMLSignatureRequest.Simple.xml
 verifyServiceQName = SignatureVerification
 
 # Zugangspunkt des Webservices
-verifyServiceEndPoint = http://localhost:8080/moa-spss/services/SignatureVerification
+verifyServiceEndPoint = http://localhost:18080/moa-spss/services/SignatureVerification
 #verifyServiceEndPoint = https://localhost:8443/moa-spss/services/SignatureVerification
 
 # Name des zu sendenden Signaturprüfrequests (entweder absolute
diff --git a/spss/handbook/handbook/config/MOA-SPSS-config-1.4.5.xsd b/spss/handbook/handbook/config/MOA-SPSS-config-1.4.5.xsd
deleted file mode 100644
index 8da3a72b0..000000000
--- a/spss/handbook/handbook/config/MOA-SPSS-config-1.4.5.xsd
+++ /dev/null
@@ -1,268 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  MOA SP/SS 1.4.5 Configuration Schema
--->
-<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified" xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema">
-	<xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
-	<xs:element name="MOAConfiguration">
-		<xs:complexType>
-			<xs:sequence>
-				<xs:element name="Common" minOccurs="0">
-					<xs:complexType>
-						<xs:sequence>
-							<xs:element name="HardwareCryptoModule" minOccurs="0" maxOccurs="unbounded">
-								<xs:complexType>
-									<xs:sequence>
-										<xs:element name="Name" type="xs:string"/>
-										<xs:element name="SlotId" type="xs:string" minOccurs="0"/>
-										<xs:element name="UserPIN" type="xs:string"/>
-									</xs:sequence>
-								</xs:complexType>
-							</xs:element>
-						</xs:sequence>
-					</xs:complexType>
-				</xs:element>
-				<xs:element name="SignatureCreation" minOccurs="0">
-					<xs:complexType>
-						<xs:sequence>
-							<xs:element name="KeyModules">
-								<xs:complexType>
-									<xs:choice maxOccurs="unbounded">
-										<xs:element name="HardwareKeyModule">
-											<xs:complexType>
-												<xs:sequence>
-													<xs:element name="Id" type="xs:token"/>
-													<xs:element name="Name" type="xs:string"/>
-													<xs:element name="SlotId" type="xs:string" minOccurs="0"/>
-													<xs:element name="UserPIN" type="xs:string"/>
-												</xs:sequence>
-											</xs:complexType>
-										</xs:element>
-										<xs:element name="SoftwareKeyModule">
-											<xs:complexType>
-												<xs:sequence>
-													<xs:element name="Id" type="xs:token"/>
-													<xs:element name="FileName" type="xs:string"/>
-													<xs:element name="Password" type="xs:string" minOccurs="0"/>
-												</xs:sequence>
-											</xs:complexType>
-										</xs:element>
-									</xs:choice>
-								</xs:complexType>
-							</xs:element>
-							<xs:element name="KeyGroup" maxOccurs="unbounded">
-								<xs:complexType>
-									<xs:sequence>
-										<xs:element name="Id" type="xs:token"/>
-										<xs:sequence maxOccurs="unbounded">
-											<xs:element name="Key">
-												<xs:complexType>
-													<xs:sequence>
-														<xs:element name="KeyModuleId" type="xs:token"/>
-														<xs:element name="KeyCertIssuerSerial" type="dsig:X509IssuerSerialType"/>
-													</xs:sequence>
-												</xs:complexType>
-											</xs:element>
-										</xs:sequence>
-									</xs:sequence>
-								</xs:complexType>
-							</xs:element>
-							<xs:element name="KeyGroupMapping" maxOccurs="unbounded">
-								<xs:complexType>
-									<xs:sequence>
-										<xs:element name="CustomerId" type="dsig:X509IssuerSerialType" minOccurs="0"/>
-										<xs:element name="KeyGroupId" type="xs:token" maxOccurs="unbounded"/>
-									</xs:sequence>
-								</xs:complexType>
-							</xs:element>
-							<xs:element name="XMLDSig">
-								<xs:complexType>
-									<xs:sequence>
-										<xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" minOccurs="0"/>
-										<xs:element name="DigestMethodAlgorithm" type="xs:anyURI" minOccurs="0"/>
-									</xs:sequence>
-								</xs:complexType>
-							</xs:element>
-							<xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
-							<xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
-						</xs:sequence>
-					</xs:complexType>
-				</xs:element>
-				<xs:element name="SignatureVerification" minOccurs="0">
-					<xs:complexType>
-						<xs:sequence>
-							<xs:element name="CertificateValidation">
-								<xs:complexType>
-									<xs:sequence>
-										<xs:element name="PathConstruction">
-											<xs:complexType>
-												<xs:sequence>
-													<xs:element name="AutoAddCertificates" type="xs:boolean"/>
-													<xs:element name="UseAuthorityInformationAccess" type="xs:boolean"/>
-													<xs:element name="CertificateStore">
-														<xs:complexType>
-															<xs:choice>
-																<xs:element name="DirectoryStore">
-																	<xs:complexType>
-																		<xs:sequence>
-																			<xs:element name="Location" type="xs:token"/>
-																		</xs:sequence>
-																	</xs:complexType>
-																</xs:element>
-															</xs:choice>
-														</xs:complexType>
-													</xs:element>
-												</xs:sequence>
-											</xs:complexType>
-										</xs:element>
-										<xs:element name="PathValidation">
-											<xs:complexType>
-												<xs:sequence>
-													<xs:element name="ChainingMode">
-														<xs:complexType>
-															<xs:sequence>
-																<xs:element name="DefaultMode" type="config:ChainingModeType"/>
-																<xs:element name="TrustAnchor" minOccurs="0" maxOccurs="unbounded">
-																	<xs:complexType>
-																		<xs:sequence>
-																			<xs:element name="Identification" type="dsig:X509IssuerSerialType"/>
-																			<xs:element name="Mode" type="config:ChainingModeType"/>
-																		</xs:sequence>
-																	</xs:complexType>
-																</xs:element>
-															</xs:sequence>
-														</xs:complexType>
-													</xs:element>
-													<xs:element name="TrustProfile" maxOccurs="unbounded">
-														<xs:complexType>
-															<xs:sequence>
-																<xs:element name="Id" type="xs:token"/>
-																<xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>
-																<xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>
-															</xs:sequence>
-														</xs:complexType>
-													</xs:element>
-												</xs:sequence>
-											</xs:complexType>
-										</xs:element>
-										<xs:element name="RevocationChecking">
-											<xs:complexType>
-												<xs:sequence>
-													<xs:element name="EnableChecking" type="xs:boolean"/>
-													<xs:element name="MaxRevocationAge" type="xs:integer"/>
-													<xs:element name="ServiceOrder" minOccurs="0">
-														<xs:complexType>
-															<xs:sequence minOccurs="1" maxOccurs="2">
-																<xs:element name="Service">
-																	<xs:simpleType>
-																		<xs:restriction base="xs:token">
-																			<xs:enumeration value="OCSP"/>
-																			<xs:enumeration value="CRL"/>
-																		</xs:restriction>
-																	</xs:simpleType>
-																</xs:element>
-															</xs:sequence>
-														</xs:complexType>
-													</xs:element>
-													<xs:element name="Archiving">
-														<xs:complexType>
-															<xs:sequence>
-																<xs:element name="EnableArchiving" type="xs:boolean"/>
-																<xs:element name="ArchiveDuration" type="xs:nonNegativeInteger" minOccurs="0"/>
-																<xs:element name="Archive" minOccurs="0">
-																	<xs:complexType>
-																		<xs:choice>
-																			<xs:element name="DatabaseArchive">
-																				<xs:complexType>
-																					<xs:sequence>
-																						<xs:element name="JDBCURL" type="xs:anyURI"/>
-																						<xs:element name="JDBCDriverClassName" type="xs:token"/>
-																					</xs:sequence>
-																				</xs:complexType>
-																			</xs:element>
-																		</xs:choice>
-																	</xs:complexType>
-																</xs:element>
-															</xs:sequence>
-														</xs:complexType>
-													</xs:element>
-													<xs:element name="DistributionPoint" minOccurs="0" maxOccurs="unbounded">
-														<xs:complexType>
-															<xs:sequence>
-																<xs:element name="CAIssuerDN" type="xs:token"/>
-																<xs:choice maxOccurs="unbounded">
-																	<xs:element name="CRLDP">
-																		<xs:complexType>
-																			<xs:sequence>
-																				<xs:element name="Location" type="xs:anyURI"/>
-																				<xs:element name="ReasonCode" minOccurs="0" maxOccurs="unbounded">
-																					<xs:simpleType>
-																						<xs:restriction base="xs:token">
-																							<xs:enumeration value="unused"/>
-																							<xs:enumeration value="keyCompromise"/>
-																							<xs:enumeration value="cACompromise"/>
-																							<xs:enumeration value="affiliationChanged"/>
-																							<xs:enumeration value="superseded"/>
-																							<xs:enumeration value="cessationOfOperation"/>
-																							<xs:enumeration value="certificateHold"/>
-																							<xs:enumeration value="privilegeWithdrawn"/>
-																							<xs:enumeration value="aACompromise"/>
-																						</xs:restriction>
-																					</xs:simpleType>
-																				</xs:element>
-																			</xs:sequence>
-																		</xs:complexType>
-																	</xs:element>
-																	<xs:element name="OCSPDP">
-																		<xs:complexType>
-																			<xs:sequence>
-																				<xs:element name="Location" type="xs:anyURI"/>
-																			</xs:sequence>
-																		</xs:complexType>
-																	</xs:element>
-																</xs:choice>
-															</xs:sequence>
-														</xs:complexType>
-													</xs:element>
-													<xs:element name="CrlRetentionIntervals" minOccurs="0">
-														<xs:complexType>
-															<xs:sequence maxOccurs="unbounded">
-																<xs:element name="CA">
-																	<xs:complexType>
-																		<xs:sequence>
-																			<xs:element name="X509IssuerName" type="xs:string"/>
-																			<xs:element name="Interval" type="xs:integer"/>
-																		</xs:sequence>
-																	</xs:complexType>
-																</xs:element>
-															</xs:sequence>
-														</xs:complexType>
-													</xs:element>
-												</xs:sequence>
-											</xs:complexType>
-										</xs:element>
-									</xs:sequence>
-								</xs:complexType>
-							</xs:element>
-							<xs:element name="VerifyTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
-							<xs:element name="SupplementProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
-							<xs:element name="PermitFileURIs" type="xs:boolean" default="false" minOccurs="0"/>
-						</xs:sequence>
-					</xs:complexType>
-				</xs:element>
-			</xs:sequence>
-		</xs:complexType>
-	</xs:element>
-	<xs:simpleType name="ChainingModeType">
-		<xs:restriction base="xs:string">
-			<xs:enumeration value="chaining"/>
-			<xs:enumeration value="pkix"/>
-		</xs:restriction>
-	</xs:simpleType>
-	<xs:complexType name="ProfileType">
-		<xs:sequence>
-			<xs:element name="Id" type="xs:token"/>
-			<xs:element name="Location" type="xs:anyURI"/>
-		</xs:sequence>
-	</xs:complexType>
-</xs:schema>
diff --git a/spss/handbook/handbook/config/MOA-SPSS-config-1.4.7.xsd b/spss/handbook/handbook/config/MOA-SPSS-config-1.4.7.xsd
new file mode 100644
index 000000000..a61eed289
--- /dev/null
+++ b/spss/handbook/handbook/config/MOA-SPSS-config-1.4.7.xsd
@@ -0,0 +1,270 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v2004 rel. 4 U (http://www.xmlspy.com) by Klaus Stranacher (ORiON) -->
+<!--
+  MOA SP/SS 1.4.5 Configuration Schema
+-->
+<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified" xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+	<xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+	<xs:element name="MOAConfiguration">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="Common" minOccurs="0">
+					<xs:complexType>
+						<xs:sequence>
+							<xs:element name="HardwareCryptoModule" minOccurs="0" maxOccurs="unbounded">
+								<xs:complexType>
+									<xs:sequence>
+										<xs:element name="Name" type="xs:string"/>
+										<xs:element name="SlotId" type="xs:string" minOccurs="0"/>
+										<xs:element name="UserPIN" type="xs:string"/>
+									</xs:sequence>
+								</xs:complexType>
+							</xs:element>
+						</xs:sequence>
+					</xs:complexType>
+				</xs:element>
+				<xs:element name="SignatureCreation" minOccurs="0">
+					<xs:complexType>
+						<xs:sequence>
+							<xs:element name="KeyModules">
+								<xs:complexType>
+									<xs:choice maxOccurs="unbounded">
+										<xs:element name="HardwareKeyModule">
+											<xs:complexType>
+												<xs:sequence>
+													<xs:element name="Id" type="xs:token"/>
+													<xs:element name="Name" type="xs:string"/>
+													<xs:element name="SlotId" type="xs:string" minOccurs="0"/>
+													<xs:element name="UserPIN" type="xs:string"/>
+												</xs:sequence>
+											</xs:complexType>
+										</xs:element>
+										<xs:element name="SoftwareKeyModule">
+											<xs:complexType>
+												<xs:sequence>
+													<xs:element name="Id" type="xs:token"/>
+													<xs:element name="FileName" type="xs:string"/>
+													<xs:element name="Password" type="xs:string" minOccurs="0"/>
+												</xs:sequence>
+											</xs:complexType>
+										</xs:element>
+									</xs:choice>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="KeyGroup" maxOccurs="unbounded">
+								<xs:complexType>
+									<xs:sequence>
+										<xs:element name="Id" type="xs:token"/>
+										<xs:sequence maxOccurs="unbounded">
+											<xs:element name="Key">
+												<xs:complexType>
+													<xs:sequence>
+														<xs:element name="KeyModuleId" type="xs:token"/>
+														<xs:element name="KeyCertIssuerSerial" type="dsig:X509IssuerSerialType"/>
+													</xs:sequence>
+												</xs:complexType>
+											</xs:element>
+										</xs:sequence>
+									</xs:sequence>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="KeyGroupMapping" maxOccurs="unbounded">
+								<xs:complexType>
+									<xs:sequence>
+										<xs:element name="CustomerId" type="dsig:X509IssuerSerialType" minOccurs="0"/>
+										<xs:element name="KeyGroupId" type="xs:token" maxOccurs="unbounded"/>
+									</xs:sequence>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="XMLDSig">
+								<xs:complexType>
+									<xs:sequence>
+										<xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" minOccurs="0"/>
+										<xs:element name="DigestMethodAlgorithm" type="xs:anyURI" minOccurs="0"/>
+									</xs:sequence>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+							<xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+						</xs:sequence>
+					</xs:complexType>
+				</xs:element>
+				<xs:element name="SignatureVerification" minOccurs="0">
+					<xs:complexType>
+						<xs:sequence>
+							<xs:element name="CertificateValidation">
+								<xs:complexType>
+									<xs:sequence>
+										<xs:element name="PathConstruction">
+											<xs:complexType>
+												<xs:sequence>
+													<xs:element name="AutoAddCertificates" type="xs:boolean"/>
+													<xs:element name="UseAuthorityInformationAccess" type="xs:boolean"/>
+													<xs:element name="CertificateStore">
+														<xs:complexType>
+															<xs:choice>
+																<xs:element name="DirectoryStore">
+																	<xs:complexType>
+																		<xs:sequence>
+																			<xs:element name="Location" type="xs:token"/>
+																		</xs:sequence>
+																	</xs:complexType>
+																</xs:element>
+															</xs:choice>
+														</xs:complexType>
+													</xs:element>
+												</xs:sequence>
+											</xs:complexType>
+										</xs:element>
+										<xs:element name="PathValidation">
+											<xs:complexType>
+												<xs:sequence>
+													<xs:element name="ChainingMode">
+														<xs:complexType>
+															<xs:sequence>
+																<xs:element name="DefaultMode" type="config:ChainingModeType"/>
+																<xs:element name="TrustAnchor" minOccurs="0" maxOccurs="unbounded">
+																	<xs:complexType>
+																		<xs:sequence>
+																			<xs:element name="Identification" type="dsig:X509IssuerSerialType"/>
+																			<xs:element name="Mode" type="config:ChainingModeType"/>
+																		</xs:sequence>
+																	</xs:complexType>
+																</xs:element>
+															</xs:sequence>
+														</xs:complexType>
+													</xs:element>
+													<xs:element name="TrustProfile" maxOccurs="unbounded">
+														<xs:complexType>
+															<xs:sequence>
+																<xs:element name="Id" type="xs:token"/>
+																<xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>
+																<xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>
+																<xs:element name="TSLLocation" type="xs:anyURI" minOccurs="0"/>
+															</xs:sequence>
+														</xs:complexType>
+													</xs:element>
+												</xs:sequence>
+											</xs:complexType>
+										</xs:element>
+										<xs:element name="RevocationChecking">
+											<xs:complexType>
+												<xs:sequence>
+													<xs:element name="EnableChecking" type="xs:boolean"/>
+													<xs:element name="MaxRevocationAge" type="xs:integer"/>
+													<xs:element name="ServiceOrder" minOccurs="0">
+														<xs:complexType>
+															<xs:sequence maxOccurs="2">
+																<xs:element name="Service">
+																	<xs:simpleType>
+																		<xs:restriction base="xs:token">
+																			<xs:enumeration value="OCSP"/>
+																			<xs:enumeration value="CRL"/>
+																		</xs:restriction>
+																	</xs:simpleType>
+																</xs:element>
+															</xs:sequence>
+														</xs:complexType>
+													</xs:element>
+													<xs:element name="Archiving">
+														<xs:complexType>
+															<xs:sequence>
+																<xs:element name="EnableArchiving" type="xs:boolean"/>
+																<xs:element name="ArchiveDuration" type="xs:nonNegativeInteger" minOccurs="0"/>
+																<xs:element name="Archive" minOccurs="0">
+																	<xs:complexType>
+																		<xs:choice>
+																			<xs:element name="DatabaseArchive">
+																				<xs:complexType>
+																					<xs:sequence>
+																						<xs:element name="JDBCURL" type="xs:anyURI"/>
+																						<xs:element name="JDBCDriverClassName" type="xs:token"/>
+																					</xs:sequence>
+																				</xs:complexType>
+																			</xs:element>
+																		</xs:choice>
+																	</xs:complexType>
+																</xs:element>
+															</xs:sequence>
+														</xs:complexType>
+													</xs:element>
+													<xs:element name="DistributionPoint" minOccurs="0" maxOccurs="unbounded">
+														<xs:complexType>
+															<xs:sequence>
+																<xs:element name="CAIssuerDN" type="xs:token"/>
+																<xs:choice maxOccurs="unbounded">
+																	<xs:element name="CRLDP">
+																		<xs:complexType>
+																			<xs:sequence>
+																				<xs:element name="Location" type="xs:anyURI"/>
+																				<xs:element name="ReasonCode" minOccurs="0" maxOccurs="unbounded">
+																					<xs:simpleType>
+																						<xs:restriction base="xs:token">
+																							<xs:enumeration value="unused"/>
+																							<xs:enumeration value="keyCompromise"/>
+																							<xs:enumeration value="cACompromise"/>
+																							<xs:enumeration value="affiliationChanged"/>
+																							<xs:enumeration value="superseded"/>
+																							<xs:enumeration value="cessationOfOperation"/>
+																							<xs:enumeration value="certificateHold"/>
+																							<xs:enumeration value="privilegeWithdrawn"/>
+																							<xs:enumeration value="aACompromise"/>
+																						</xs:restriction>
+																					</xs:simpleType>
+																				</xs:element>
+																			</xs:sequence>
+																		</xs:complexType>
+																	</xs:element>
+																	<xs:element name="OCSPDP">
+																		<xs:complexType>
+																			<xs:sequence>
+																				<xs:element name="Location" type="xs:anyURI"/>
+																			</xs:sequence>
+																		</xs:complexType>
+																	</xs:element>
+																</xs:choice>
+															</xs:sequence>
+														</xs:complexType>
+													</xs:element>
+													<xs:element name="CrlRetentionIntervals" minOccurs="0">
+														<xs:complexType>
+															<xs:sequence maxOccurs="unbounded">
+																<xs:element name="CA">
+																	<xs:complexType>
+																		<xs:sequence>
+																			<xs:element name="X509IssuerName" type="xs:string"/>
+																			<xs:element name="Interval" type="xs:integer"/>
+																		</xs:sequence>
+																	</xs:complexType>
+																</xs:element>
+															</xs:sequence>
+														</xs:complexType>
+													</xs:element>
+												</xs:sequence>
+											</xs:complexType>
+										</xs:element>
+									</xs:sequence>
+								</xs:complexType>
+							</xs:element>
+							<xs:element name="VerifyTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+							<xs:element name="SupplementProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+							<xs:element name="PermitFileURIs" type="xs:boolean" default="false" minOccurs="0"/>
+						</xs:sequence>
+					</xs:complexType>
+				</xs:element>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:simpleType name="ChainingModeType">
+		<xs:restriction base="xs:string">
+			<xs:enumeration value="chaining"/>
+			<xs:enumeration value="pkix"/>
+		</xs:restriction>
+	</xs:simpleType>
+	<xs:complexType name="ProfileType">
+		<xs:sequence>
+			<xs:element name="Id" type="xs:token"/>
+			<xs:element name="Location" type="xs:anyURI"/>
+		</xs:sequence>
+	</xs:complexType>
+</xs:schema>
diff --git a/spss/handbook/handbook/config/config.html b/spss/handbook/handbook/config/config.html
index 88c770dc1..1fe63c118 100644
--- a/spss/handbook/handbook/config/config.html
+++ b/spss/handbook/handbook/config/config.html
@@ -15,7 +15,7 @@
     </tr>
   </table>
   <hr/> 
-  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.6</a></p> 
+  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.7</a></p> 
   <p class="subtitle">Konfiguration</p> 
   <hr/>
   <h1>Inhalt</h1>
@@ -135,7 +135,7 @@
     </tr>
   </table>
   <h2><a name="übersicht_zentraledatei" id="übersicht_zentraledatei"></a>1.2 Zentrale Konfigurationsdatei</h2>
-  <p>Die Konfiguration von MOA SP/SS erfolgt zentral &uuml;ber eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema <a href="./MOA-SPSS-config-1.4.5.xsd">MOA-SPSS-config-1.4.5.xsd</a> entsprechen. <a href="#konfigurationsparameter">Abschnitt 2</a> erl&auml;utert die Konfigurationsm&ouml;glichkeiten im Einzelnen.</p>
+  <p>Die Konfiguration von MOA SP/SS erfolgt zentral &uuml;ber eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema <a href="./MOA-SPSS-config-1.4.7.xsd">MOA-SPSS-config-1.4.7.xsd</a> entsprechen. <a href="#konfigurationsparameter">Abschnitt 2</a> erl&auml;utert die Konfigurationsm&ouml;glichkeiten im Einzelnen.</p>
   <h3><a name="&uuml;bersicht_zentraledatei_aktualisierung" id="&uuml;bersicht_zentraledatei_aktualisierung"></a>1.2.1
     Aktualisierung auf das Format von MOA SP/SS 1.3</h3>
   <p>Mit dem Wechsel auf  Version 1.3 verwendet MOA SP/SS ein neues, &uuml;bersichtlicheres Format f&uuml;r die
@@ -690,6 +690,12 @@ als relativ zum Pfad jenes Verzeichnisses interpretiert werden, in dem die zentr
               gespeichert ist. Eine absolute URL muss als Protokoll-Teil <code>file</code> verwenden. Das referenzierte
               Verzeichnis muss eine oder mehrere DER-kodierte Zertifikatsdateien beinhalten. Jede Zertifikatsdatei
               repr&auml;sentiert ein explizit erlaubtes Signatorzertifikat. </li>
+            <li>Element <code>TSLLocation</code>: Dieses optionale Element vom Typ <code>xs:anyURI </code> enth&auml;lt
+            eine relative oder absolute URL, die ein Verzeichnis im lokalen Dateisystem referenziert. 
+              Eine relative URL wird relativ zum Pfad jenes Verzeichnisses interpretiert, in dem die zentrale
+            Konfigurationsdatei gespeichert ist. Eine absolute URL muss als Protokoll-Teil <code>file</code> verwenden. Das referenzierte Verzeichnis muss ein oder mehrere Trust-sercice Status Lists beinhalten.<br>
+            Ist dieses Element vorhanden so wird zus&auml;tzlich eine TSL Verifkation durchgef&uuml;hrt, deren Ergebnis in der Response im Element <code>TSLCheck</code> vorhanden ist. <br>
+            <strong>Anmerkung</strong>: F&uuml;r die Nutzung der TSLs gehen wir davon aus, dass die Signatur der TSLs zuvor &uuml;berpr&uuml;ft worden ist. </li>
         </ul></td>
     </tr>
   </table>
diff --git a/spss/handbook/handbook/faq/faq.html b/spss/handbook/handbook/faq/faq.html
index d7e034053..0cf712c63 100644
--- a/spss/handbook/handbook/faq/faq.html
+++ b/spss/handbook/handbook/faq/faq.html
@@ -15,7 +15,7 @@
     </tr>
   </table>
   <hr/> 
-  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.6</a></p>
+  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.7</a></p>
   <p class="subtitle">FAQ</p> 
   <hr/>
   <h1>Inhalt</h1>
diff --git a/spss/handbook/handbook/index.html b/spss/handbook/handbook/index.html
index 72d213fa7..b817c893d 100644
--- a/spss/handbook/handbook/index.html
+++ b/spss/handbook/handbook/index.html
@@ -16,7 +16,7 @@
   </table>
   <hr/> 
   <p class="title">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP) </p> 
-  <p class="subtitle">&Uuml;bersicht zur Dokumentation der Version 1.4.6 </p> 
+  <p class="subtitle">&Uuml;bersicht zur Dokumentation der Version 1.4.7 </p> 
   <hr/>
   <dl>
     <dt><a href="./intro/intro.html">Einf&uuml;hrung</a></dt>
diff --git a/spss/handbook/handbook/install/install.html b/spss/handbook/handbook/install/install.html
index 642f80d6f..f27da9479 100644
--- a/spss/handbook/handbook/install/install.html
+++ b/spss/handbook/handbook/install/install.html
@@ -15,7 +15,7 @@
     </tr>
   </table>
   <hr/> 
-  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.6</a></p> 
+  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.7</a></p> 
   <p class="subtitle">Installation</p> 
   <hr/>
   <h1>Inhalt</h1>
@@ -114,7 +114,7 @@
   <p> Die Basisinstallation des Webservices stellt einerseits die minimalen Anforderungen f&uuml;r den Betrieb von MOA SP/SS als Webservices dar, andererseits dient sie als Ausgangspunkt f&uuml;r optionale <a href="#webservice_erweiterungsm&#246;glichkeiten">Erweiterungsm&ouml;glichkeiten</a>.</p>
   <p>    Folgende Software ist Voraussetzung f&uuml;r die Basisinstallation des Webservices: </p>
   <ul>
-    <li><a href="#referenziertesoftware">J2SE 1.4.x SDK oder J2SE 5.0 SDK </a></li>
+    <li><a href="#referenziertesoftware">J2SE 1.4.x SDK oder J2SE 5.0 SDK </a>(Anmerkung: F&uuml;r die Nutzung der TSL Funktionlit&auml;t ist <a href="#referenziertesoftware">J2SE 5.0 SDK</a> Voraussetzung)</li>
     <li><a href="#referenziertesoftware">Apache Tomcat 4.1.18 oder h&ouml;her </a></li>
   </ul>
   <p>In diesem Betriebs-Szenario wird das MOA SP/SS Webservice in Tomcat zum Einsatz gebracht. Tomcat fungiert gleichzeitig als HTTP- und HTTPS-Endpunkt f&uuml;r das MOA SP/SS Webservice. Beide Protokolle werden direkt in Tomcat konfiguriert. Das MOA SP/SS Webservice verwendet Log4j als Logging Toolkit.</p>
diff --git a/spss/handbook/handbook/intro/intro.html b/spss/handbook/handbook/intro/intro.html
index 27031018d..339528911 100644
--- a/spss/handbook/handbook/intro/intro.html
+++ b/spss/handbook/handbook/intro/intro.html
@@ -15,7 +15,7 @@
     </tr>
   </table>
   <hr/> 
-  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.6</a></p> 
+  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.7</a></p> 
   <p class="subtitle">Einf&uuml;hrung</p> 
   <hr/>
   <h1>Inhalt</h1>
diff --git a/spss/handbook/handbook/spec/MOA-SPSS-1.3.wsdl b/spss/handbook/handbook/spec/MOA-SPSS-1.3.wsdl
index cc7aec4dc..8ae1c1ff4 100644
--- a/spss/handbook/handbook/spec/MOA-SPSS-1.3.wsdl
+++ b/spss/handbook/handbook/spec/MOA-SPSS-1.3.wsdl
@@ -3,7 +3,7 @@
   Web Service Description for MOA SP/SS 1.3
 -->
 <definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-  <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-1.3.xsd"/>
+  <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="MOA-SPSS-1.3.xsd"/>
   <message name="CreateXMLSignatureInput">
     <part name="body" element="moa:CreateXMLSignatureRequest"/>
   </message>
diff --git a/spss/handbook/handbook/usage/usage.html b/spss/handbook/handbook/usage/usage.html
index 71b901812..a3c411a1d 100644
--- a/spss/handbook/handbook/usage/usage.html
+++ b/spss/handbook/handbook/usage/usage.html
@@ -15,7 +15,7 @@
     </tr>
   </table>
   <hr/>
-  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.6</a></p>
+  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.7</a></p>
   <p class="subtitle">Anwendung</p>
   <hr/>
   <h1>Inhalt</h1>
@@ -1213,10 +1213,6 @@ Ich habe weiters ein eigenens ID-Attribut bekommen.&lt;/doc:Paragraph&gt;
       <td><a href="http://xml.apache.org/axis/">Apache Axis</a></td>
       <td>Webservice-Framework  aus dem Apache Project</td>
     </tr>
-    <tr>
-      <td><a href="http://java.sun.com/j2se/1.3.1/" target="_blank">J2SE 1.3.1 SDK/JRE</a> </td>
-      <td>Java 2 Standard Edition in der Version 1.3.1 (Software Development Kit bzw. Java Runtime Environment) </td>
-    </tr>
     <tr>
       <td><a href="http://java.sun.com/j2se/1.4.2/" target="_blank">J2SE 1.4.2 SDK/JRE</a></td>
       <td>Java 2 Standard Edition in der Version 1.4.2 (Software Development Kit bzw. Java Runtime Environment) </td>
diff --git a/spss/pom.xml b/spss/pom.xml
index 841f1e665..d0ea8fd65 100644
--- a/spss/pom.xml
+++ b/spss/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <groupId>MOA</groupId>
         <artifactId>MOA</artifactId>
-        <version>1.4.6</version>
+        <version>1.4.7</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/spss/server/history.txt b/spss/server/history.txt
index 3aa79b3f6..3f2f420a0 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -1,4 +1,17 @@
 ##############
+1.4.7
+##############
+
+- In den Trustprofilen können nun Trust-service Status Lists (TSLs) angegeben werden.
+  MOA-SP liefert hierbei in der Response das TSL Verifikationsergebnis im Element
+  TSLCheck retour (siehe hierzu Dokumentation - Konfiguration Kapitel "2.3.1.2.2 
+  Vertrauensprofile").
+
+- Bei Nutzung der TSL-Funktionalität ist Java 1.5 Voraussetzung
+
+- IAIK Libraries aktualisiert:
+	iaik-moa:           Version 1.27
+##############
 1.4.6
 ##############
 
diff --git a/spss/server/readme.update.txt b/spss/server/readme.update.txt
index e2d2f5dbd..fb87ed327 100644
--- a/spss/server/readme.update.txt
+++ b/spss/server/readme.update.txt
@@ -1,11 +1,11 @@
 
 ======================================================================
-  Update einer bestehenden MOA-SPSS-Installation auf Version 1.4.6
+  Update einer bestehenden MOA-SPSS-Installation auf Version 1.4.7
 ======================================================================
 
 Es gibt zwei Möglichkeiten (im Folgenden als "Update Variante A" und 
 "Update Variante B" bezeichnet), das Update von MOA-SPSS auf Version
-1.4.6 durchzuführen. Update Variante A geht dabei den Weg über eine 
+1.4.7 durchzuführen. Update Variante A geht dabei den Weg über eine 
 vorangestellte Neuinstallation, während Variante B direkt eine  
 bestehende Installation aktualisiert.
 
@@ -16,8 +16,10 @@ JAVA_HOME bezeichnet das Wurzelverzeichnis der JDK-Installation
 CATALINA_HOME bezeichnet das Wurzelverzeichnis der Tomcat-Installation
 
 MOA_SPSS_INST bezeichnet das Verzeichnis, in das Sie die Datei
-moa-spss-1.4.6.zip entpackt haben.
+moa-spss-1.4.7.zip entpackt haben.
 
+Anmerkung: Wenn Sie MOA-SP mit TSL Unterstützung verwenden wollen, dann 
+ist die Verwendung von Java 1.5 Voraussetzung dafür. 
 
 =================
 Update Variante A 
@@ -35,8 +37,7 @@ Update Variante A
 	die Sie aus Ihrer alten Installation beibehalten möchten, aus Ihrer
 	Sicherungskopie in die entsprechenden Verzeichnisse der neuen
 	Installation.
-	Anmerkung: Diese Distribution enthält neue A-TRUST und E-CARD-Zertifikate.
-	Falls Sie Ihre alten Trustprofile beibehalten wollen, gehen Sie wie unter
+	Anmerkung: Falls Sie Ihre alten Trustprofile beibehalten wollen, gehen Sie wie unter
 	Update Variante B, Punkt 9 beschrieben vor, um Ihre alten Trustprofile
 	auf einen aktuellen Stand zu bringen.
 	
@@ -55,7 +56,7 @@ Update Variante B
 1.)	Erstellen Sie eine Sicherungskopie des kompletten Tomcat-Verzeichnisses
 	Ihrer MOA-SPSS-Installation.
 	
-2.)	Entpacken Sie die Datei "moa-spss-1.4.6.zip" in das Verzeichnis MOA_SPSS_INST.
+2.)	Entpacken Sie die Datei "moa-spss-1.4.7.zip" in das Verzeichnis MOA_SPSS_INST.
 
 3.)	Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
 	JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach.
diff --git a/spss/server/serverlib/.classpath b/spss/server/serverlib/.classpath
index 1c79cc393..f0e483a4a 100644
--- a/spss/server/serverlib/.classpath
+++ b/spss/server/serverlib/.classpath
@@ -1,9 +1,13 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
-	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
-	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
-	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
-	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
-	<classpathentry kind="output" path="target/classes"/>
-</classpath>
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
+	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
+	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
+	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.nondependency" value=""/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/spss/server/serverlib/.settings/org.eclipse.wst.common.component b/spss/server/serverlib/.settings/org.eclipse.wst.common.component
index ebc030867..e4ceae723 100644
--- a/spss/server/serverlib/.settings/org.eclipse.wst.common.component
+++ b/spss/server/serverlib/.settings/org.eclipse.wst.common.component
@@ -1,8 +1,7 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-<wb-module deploy-name="moa-spss-lib">
-<wb-resource deploy-path="/" source-path="/src/main/java"/>
-<wb-resource deploy-path="/" source-path="/src/test/java"/>
-<wb-resource deploy-path="/" source-path="/src/main/resources"/>
-</wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+<wb-module deploy-name="moa-spss-lib">
+<wb-resource deploy-path="/" source-path="/src/main/java"/>
+<wb-resource deploy-path="/" source-path="/src/main/resources"/>
+</wb-module>
+</project-modules>
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml
index 6648f8c55..4ee7075e3 100644
--- a/spss/server/serverlib/pom.xml
+++ b/spss/server/serverlib/pom.xml
@@ -9,7 +9,7 @@
 	<groupId>MOA.spss.server</groupId>
 	<artifactId>moa-spss-lib</artifactId>
 	<packaging>jar</packaging>
-	<version>1.4.6</version>
+	<version>1.4.7</version>
 	<name>MOA SP/SS API</name>
 
 	<properties>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index 0aedba6a6..1a778ad2b 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -22,17 +22,17 @@ import java.util.Date;
 import java.util.List;
 import java.util.Map;
 
+import org.apache.commons.discovery.tools.DiscoverClass;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
-import org.apache.commons.discovery.tools.DiscoverClass;
-
 import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
 import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
 import at.gv.egovernment.moa.spss.api.common.Content;
 import at.gv.egovernment.moa.spss.api.common.MetaInfo;
 import at.gv.egovernment.moa.spss.api.common.SignerInfo;
@@ -434,6 +434,7 @@ public abstract class SPSSFactory {
    * @param signerInfo Information about the signer certificate.
    * @param signatureCheck Result of the singature value check.
    * @param certificateCheck Result of the certificate status check.
+   * @param tslCheck Result of the TSL check
    * @return The new <code>VerifyCMSSignatureResponseElement</code> containing
    * the above data.
    * 
@@ -444,7 +445,8 @@ public abstract class SPSSFactory {
   public abstract VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement(
     SignerInfo signerInfo,
     CheckResult signatureCheck,
-    CheckResult certificateCheck);
+    CheckResult certificateCheck, 
+    CheckTSLResult tslCheck);
 
   //
   // Factory methods for verifying XML signatures
@@ -698,7 +700,8 @@ public abstract class SPSSFactory {
     ReferencesCheckResult signatureCheck,
     ReferencesCheckResult signatureManifestCheck,
     List xmlDsigManifestChecks,
-    CheckResult certificateCheck);
+    CheckResult certificateCheck, 
+    CheckTSLResult tslCheck);
 
   /**
    * Create a new <code>ReferencesCheckResult</code> object.
@@ -987,6 +990,19 @@ public abstract class SPSSFactory {
    */
   public abstract CheckResult createCheckResult(int code, NodeList info);
 
+  /**
+   * Create a new <code>CheckTSLResult</code> object.
+   * 
+   * @param code The numerical error code.
+   * @param info Verbose error information.
+   * @return The new <code>CheckTSLResult</code> containing the above data.
+   * 
+   * @pre code >= 0
+   * @pre info != null
+   * @post return != null
+   */
+  public abstract CheckTSLResult createCheckTSLResult(int code, String info);
+  
   /**
    * Create a new <code>SignerInfo</code> object.
    * 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
index 26fd5911d..e2f44c540 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
@@ -16,6 +16,7 @@
 package at.gv.egovernment.moa.spss.api.cmsverify;
 
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
 import at.gv.egovernment.moa.spss.api.common.SignerInfo;
 
 /**
@@ -44,4 +45,10 @@ public interface VerifyCMSSignatureResponseElement {
    * @return The result of the certificate verification.
    */
   public CheckResult getCertificateCheck();
+  /**
+   * Gets the result of the TSL verification
+   * 
+   * @return The result of the TSL verification
+   */
+  public CheckTSLResult getTSLCheck();
 }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java
new file mode 100644
index 000000000..f31512cdb
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java
@@ -0,0 +1,40 @@
+/*
+* Copyright 2003 Federal Chancellery Austria
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egovernment.moa.spss.api.common;
+
+import org.w3c.dom.NodeList;
+
+/**
+ * Object encapsulating the result of a TSL verification.
+ * 
+ * @author Patrick Peck
+ * @author Stephan Grill
+ * @version $Id: CheckResult.java 1087 2008-08-28 07:55:59Z mcentner $
+ */
+public interface CheckTSLResult {
+  /**
+   * Gets the result code.
+   * 
+   * @return The result code.
+   */
+  public int getCode();
+  /**
+   * Gets descriptive information.
+   * 
+   * @return Descriptive information.
+   */
+  public String getInfo();
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java
new file mode 100644
index 000000000..62f3ab979
--- /dev/null
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java
@@ -0,0 +1,66 @@
+/*
+* Copyright 2003 Federal Chancellery Austria
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egovernment.moa.spss.api.impl;
+
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
+
+/**
+ * Default implementation of <code>CheckTSLResult</code>.
+ * 
+ * @author Fatemeh Philippi
+ * @author Klaus Stranacher
+ * @version $Id: CheckResultImpl.java 1087 2008-08-28 07:55:59Z mcentner $
+ */
+public class CheckTSLResultImpl implements CheckTSLResult {
+  /** The result code. */
+  private int code;
+  
+  /** Additional information. */ 
+  private String info;
+
+  /**
+   * Sets a result code.
+   * 
+   * @param code The result code.
+   */
+  public void setCode(int code) {
+    this.code = code;
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.CheckTSLResult#getCode()
+   */
+  public int getCode() {
+    return code;
+  }
+
+  /**
+   * Sets a descriptive information.
+   * 
+   * @param info The descriptive information.
+   */
+  public void setInfo(String info) {
+    this.info = info;
+  }
+
+  /**
+   * @see at.gv.egovernment.moa.spss.api.common.CheckTSLResult#getInfo()
+   */
+  public String getInfo() {
+    return info;
+  }
+
+}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
index f0d16046c..8cf06bb15 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -32,6 +32,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
 import at.gv.egovernment.moa.spss.api.common.Content;
 import at.gv.egovernment.moa.spss.api.common.MetaInfo;
 import at.gv.egovernment.moa.spss.api.common.SignerInfo;
@@ -259,12 +260,15 @@ public class SPSSFactoryImpl extends SPSSFactory {
   public VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement(
     SignerInfo signerInfo,
     CheckResult signatureCheck,
-    CheckResult certificateCheck) {
+    CheckResult certificateCheck, 
+    CheckTSLResult tslCheck) {
     VerifyCMSSignatureResponseElementImpl verifyCMSSignatureResponseElement =
       new VerifyCMSSignatureResponseElementImpl();
     verifyCMSSignatureResponseElement.setSignerInfo(signerInfo);
     verifyCMSSignatureResponseElement.setSignatureCheck(signatureCheck);
     verifyCMSSignatureResponseElement.setCertificateCheck(certificateCheck);
+    verifyCMSSignatureResponseElement.setTSLCheck(tslCheck);
+    
     return verifyCMSSignatureResponseElement;
   }
 
@@ -390,7 +394,8 @@ public class SPSSFactoryImpl extends SPSSFactory {
     ReferencesCheckResult signatureCheck,
     ReferencesCheckResult signatureManifestCheck,
     List xmlDsigManifestChecks,
-    CheckResult certificateCheck) {
+    CheckResult certificateCheck, 
+    CheckTSLResult tslCheck) {
     VerifyXMLSignatureResponseImpl verifyXMLSignatureResponse =
       new VerifyXMLSignatureResponseImpl();
     verifyXMLSignatureResponse.setSignerInfo(signerInfo);
@@ -401,6 +406,8 @@ public class SPSSFactoryImpl extends SPSSFactory {
       signatureManifestCheck);
     verifyXMLSignatureResponse.setXMLDsigManifestChecks(xmlDsigManifestChecks);
     verifyXMLSignatureResponse.setCertificateCheck(certificateCheck);
+    verifyXMLSignatureResponse.setTSLCheck(tslCheck);
+    
     return verifyXMLSignatureResponse;
   }
 
@@ -557,6 +564,13 @@ public class SPSSFactoryImpl extends SPSSFactory {
     checkResult.setInfo(info);
     return checkResult;
   }
+  
+  public CheckTSLResult createCheckTSLResult(int code, String info) {
+     CheckTSLResultImpl checkTSLResult = new CheckTSLResultImpl();
+     checkTSLResult.setCode(code);
+     checkTSLResult.setInfo(info);
+     return checkTSLResult;
+  }
 
   public SignerInfo createSignerInfo(
     X509Certificate signerCertificate,
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
index 322e83baa..f80c4ace2 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
@@ -17,6 +17,7 @@ package at.gv.egovernment.moa.spss.api.impl;
 
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
 import at.gv.egovernment.moa.spss.api.common.SignerInfo;
 
 /**
@@ -34,7 +35,9 @@ public class VerifyCMSSignatureResponseElementImpl
   private CheckResult signatureCheck;
   /** Information about the certificate check. */
   private CheckResult certificateCheck;
-
+  /** Information about the TSL check */
+  private CheckTSLResult tslCheck;
+  
   /**
    * Sets a SignerInfo element according to CMS.
    * 
@@ -73,5 +76,17 @@ public class VerifyCMSSignatureResponseElementImpl
   public CheckResult getCertificateCheck() {
     return certificateCheck;
   }
+  
+  /**
+   * Sets a result of the TSL verification.
+   * 
+   * @param tslCheck The result of the TSL verification.
+   */
+  public void setTSLCheck(CheckTSLResult tslCheck) {
+    this.tslCheck = tslCheck;
+  }
 
+  public CheckTSLResult getTSLCheck() {
+    return tslCheck;
+  }
 }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
index 3777e8958..ea6a180a7 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
@@ -20,6 +20,7 @@ import java.util.Collections;
 import java.util.List;
 
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
 import at.gv.egovernment.moa.spss.api.common.SignerInfo;
 import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
 import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
@@ -52,7 +53,9 @@ public class VerifyXMLSignatureResponseImpl
   private List xmlDsigManifestChecks = new ArrayList();
   /** Information about the certificate check. */
   private CheckResult certificateCheck;
-
+  /** Information about the TSL check. */
+  private CheckTSLResult tslCheck;
+  
   /**
    * Sets information about the signer certificate.
    * 
@@ -136,6 +139,18 @@ public class VerifyXMLSignatureResponseImpl
   public CheckResult getCertificateCheck() {
     return certificateCheck;
   }
+  /**
+   * Sets the result of the TSL verification.
+   * 
+   * @param certificateCheck The result of the TSL verification.
+   */
+  public void setTSLCheck(CheckTSLResult tslCheck) {
+    this.tslCheck = tslCheck;
+  }
+
+  public CheckTSLResult getTSLCheck() {
+    return tslCheck;
+  }
 
   /**
    * Sets the XMLDSigManifestChecks.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
index 3bef8659a..30d19023a 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -217,5 +217,40 @@ class ResponseBuilderUtils {
     }
     root.appendChild(codeInfoElem);
   }
+  
+  /**
+   * Add an element containing <code>Code</code> and <code>Info</code>
+   * subelements.
+   * 
+   * @param response The response document, in order to create new elements in
+   * it.
+   * @param root The root element into which to insert the newly created
+   * element.
+   * @param elementName The name of the newly created element.
+   * @param code The content of the <code>Code</code> subelement.
+   * @param info The content of the <code>Info</code> subelement.
+   */
+  public static void addCodeInfoElement(
+    Document response,
+    Element root,
+    String elementName,
+    int code,
+    String info) {
+
+    Element codeInfoElem = response.createElementNS(MOA_NS_URI, elementName);
+    Element codeElem = response.createElementNS(MOA_NS_URI, "Code");
+    Element infoElem;
+    int i;
+
+    codeElem.appendChild(response.createTextNode(Integer.toString(code)));
+    codeInfoElem.appendChild(codeElem);
+    
+    if (info != null) {
+      infoElem = response.createElementNS(MOA_NS_URI, "Info");
+      infoElem.appendChild(response.createTextNode(info));
+      codeInfoElem.appendChild(infoElem);
+    }
+    root.appendChild(codeInfoElem);
+  }
 
 }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
index 80d8575f9..2e4a95a89 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
@@ -25,6 +25,7 @@ import at.gv.egovernment.moa.spss.MOASystemException;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
 import at.gv.egovernment.moa.spss.api.common.SignerInfo;
 
 /**
@@ -89,6 +90,7 @@ public class VerifyCMSSignatureResponseBuilder {
     SignerInfo signerInfo = responseElement.getSignerInfo();
     CheckResult signatureCheck = responseElement.getSignatureCheck();
     CheckResult certCheck = responseElement.getCertificateCheck();
+    CheckTSLResult tslCheck = responseElement.getTSLCheck();
 
     ResponseBuilderUtils.addSignerInfo(
       responseDoc,
@@ -111,6 +113,13 @@ public class VerifyCMSSignatureResponseBuilder {
       "CertificateCheck",
       certCheck.getCode(),
       certCheck.getInfo());
+    
+    ResponseBuilderUtils.addCodeInfoElement(
+          responseDoc,
+          responseElem,
+          "TSLCheck",
+          tslCheck.getCode(),
+          tslCheck.getInfo());
   }
 
 }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
index a8be59766..dedb1dc88 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
@@ -135,6 +135,13 @@ public class VerifyXMLSignatureResponseBuilder {
       "CertificateCheck",
       response.getCertificateCheck().getCode(),
       response.getCertificateCheck().getInfo());
+    
+    ResponseBuilderUtils.addCodeInfoElement(
+          responseDoc,
+          responseElem,
+          "TSLCheck",
+          response.getTSLCheck().getCode(),
+          response.getTSLCheck().getInfo());
 
     return responseDoc;
   }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
index 01fe9cf2c..63da503cb 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
@@ -18,6 +18,7 @@ package at.gv.egovernment.moa.spss.api.xmlverify;
 import java.util.List;
 
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
 import at.gv.egovernment.moa.spss.api.common.SignerInfo;
 
 /**
@@ -71,5 +72,14 @@ public interface VerifyXMLSignatureResponse {
    * @return The result of the certificate verification.
    */
   public CheckResult getCertificateCheck();
+  
+  /**
+   * Gets the result of the TSL verification.
+   * 
+   * @return The result of the TSL verification.
+   */
+  public CheckTSLResult getTSLCheck();
+  
+  
 
 }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 3ad7b761f..51669026f 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -949,7 +949,8 @@ public class ConfigurationPartsBuilder {
       String id = getElementValue(profileElem, CONF + "Id", null);
       String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null);
       String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null);
-
+      String tslLocStr = getElementValue(profileElem, CONF + "TSLLocation", null);
+      
       URI trustAnchorsLocURI = null;
       try
       {
@@ -973,6 +974,34 @@ public class ConfigurationPartsBuilder {
         warn("config.27", new Object[] { "uri", id });
         continue;
       }
+      
+      
+      URI tslLocURI = null;
+      if (tslLocStr != null) {
+         
+         try
+         {
+           tslLocURI = new URI(tslLocStr);
+           if (!tslLocURI.isAbsolute()) { // make it absolute to the config file
+              tslLocURI = new URI(configRoot_.toURL() + tslLocStr);
+           }
+         }
+         catch (URIException e) {
+           warn("config.14", new Object[] { "uriTSL", id, tslLocStr }, e);
+           continue;
+         }
+         catch (MalformedURLException e)
+         {
+           warn("config.33", new Object[] {id}, e);
+           continue;
+         }
+   
+         File profileDirTSL = new File(tslLocURI.getPath());
+         if (!profileDirTSL.exists() || !profileDirTSL.isDirectory()) {
+            warn("config.27", new Object[] { "uriTSL", id });
+           continue;
+         }
+      }
 
       if (trustProfiles.containsKey(id)) {
         warn("config.04", new Object[] { "TrustProfile", id });
@@ -1004,7 +1033,10 @@ public class ConfigurationPartsBuilder {
       }
       
       signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null;
-      TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr);
+      String tslLocURIString = null;
+      if (tslLocURI != null)
+         tslLocURIString = tslLocURI.toString();      
+      TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, tslLocURIString);
       trustProfiles.put(id, profile);
     }
 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
index 85d3947aa..66c08e34e 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
@@ -28,7 +28,9 @@ public class TrustProfile {
   private String uri;
   /** The URI giving the location of the allowed signer certificates. */
   private String signerCertsUri;
-
+  /** The URI giving the location of the TSLs */
+  private String uriTSL;
+  
   /**
    * Create a <code>TrustProfile</code>.
    * 
@@ -36,11 +38,13 @@ public class TrustProfile {
    * @param uri The URI of the <code>TrustProfile</code> to create.
    * @param signerCertsUri The URI of the location of the allowed signer
    *        certificates of the <code>TrustProfile</code> to create.
+   * @param uriTSL The URI to the TSLs       
    */
-  public TrustProfile(String id, String uri, String signerCertsUri) {
+  public TrustProfile(String id, String uri, String signerCertsUri, String uriTSL) {
     this.id = id;
     this.uri = uri;
     this.signerCertsUri = signerCertsUri;
+    this.uriTSL = uriTSL;
   }
 
   /**
@@ -70,4 +74,12 @@ public class TrustProfile {
   public String getSignerCertsUri() {
     return signerCertsUri;
   }
+  
+  /**
+   * Return the URI of the location of the TSLS
+   * @return The URI of the location of the TSLS
+   */
+  public String getUriTSL() {
+     return uriTSL;
+  }
 }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 96c8b984e..b5c1023ab 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -39,6 +39,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference;
 import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
 import at.gv.egovernment.moa.spss.server.logging.IaikLog;
 import at.gv.egovernment.moa.spss.server.logging.TransactionId;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
@@ -113,7 +114,11 @@ public class CMSSignatureVerificationInvoker {
     // get the signature
     signature = request.getCMSSignature();
 
+ // get the actual trustprofile
+    TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
+    
     try {
+       
       // get the signed content
       signedContent = getSignedContent(request);
 
@@ -169,7 +174,7 @@ public class CMSSignatureVerificationInvoker {
 
       for (resultIter = results.iterator(); resultIter.hasNext();) {
         result = (CMSSignatureVerificationResult) resultIter.next();
-        responseBuilder.addResult(result);
+        responseBuilder.addResult(result, trustProfile);
       }
     } else {
       int i;
@@ -180,7 +185,7 @@ public class CMSSignatureVerificationInvoker {
         try {
           result =
             (CMSSignatureVerificationResult) results.get(signatories[i] - 1);
-          responseBuilder.addResult(result);
+          responseBuilder.addResult(result, trustProfile);
         } catch (IndexOutOfBoundsException e) {
           throw new MOAApplicationException(
             "2249",
@@ -188,7 +193,7 @@ public class CMSSignatureVerificationInvoker {
         }
       }
     }
-
+    
     return responseBuilder.getResponse();
   }
 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index 8a0b3de13..b7bdbc9b8 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -15,19 +15,25 @@
 */
 package at.gv.egovernment.moa.spss.server.invoke;
 
+import iaik.server.modules.cmsverify.CMSSignatureVerificationResult;
+import iaik.server.modules.cmsverify.CertificateValidationResult;
+import iaik.server.modules.xmlverify.XMLSignatureVerificationResult;
+
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.List;
-
-import iaik.server.modules.cmsverify.CMSSignatureVerificationResult;
-import iaik.server.modules.cmsverify.CertificateValidationResult;
+import java.util.ListIterator;
 
 import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.MOAException;
 import at.gv.egovernment.moa.spss.api.SPSSFactory;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
 import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
 
 /**
  * A class to build a <code>VerifyCMSSignatureResponse</code> object.
@@ -60,21 +66,24 @@ public class VerifyCMSSignatureResponseBuilder {
    * Add a verification result to the response.
    * 
    * @param result The result to add.
-   * @throws MOAApplicationException An error occurred adding the result.
+   * @param trustprofile The actual trustprofile
+ * @throws MOAException 
    */
-  public void addResult(CMSSignatureVerificationResult result)
-    throws MOAApplicationException {
+  public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile)
+    throws MOAException {
 
     CertificateValidationResult certResult =
       result.getCertificateValidationResult();
     int signatureCheckCode =
       result.getSignatureValueVerificationCode().intValue();
     int certificateCheckCode = certResult.getValidationResultCode().intValue();
+         
     VerifyCMSSignatureResponseElement responseElement;
     SignerInfo signerInfo;
     CheckResult signatureCheck;
     CheckResult certificateCheck;
-
+    CheckTSLResult tslCheck;
+    
     // add SignerInfo element
     signerInfo =
       factory.createSignerInfo(
@@ -88,14 +97,55 @@ public class VerifyCMSSignatureResponseBuilder {
 
     // add CertificateCheck element
     certificateCheck = factory.createCheckResult(certificateCheckCode, null);
+    
+    // add TSL check
+    tslCheck = validateTSL(result, trustProfile);
+    
 
     // build the response element
     responseElement =
       factory.createVerifyCMSSignatureResponseElement(
         signerInfo,
         signatureCheck,
-        certificateCheck);
+        certificateCheck, 
+        tslCheck);
     responseElements.add(responseElement);
   }
+  
+  /**
+   * Checks the certificate chain against the given (in the provided <code>trustProfile</code>) TSLs 
+   * 
+   * @param result The result produced by the <code>XMLSignatureVerificationModule</code>.
+   * 
+   * @param trustProfile The trust profile the signer certificate is validated against.
+   * 
+   * @return The overal result of the TSL validation.
+   * 
+   * @throws MOAException 
+   */
+  private CheckTSLResult validateTSL(CMSSignatureVerificationResult result, TrustProfile trustProfile)
+  throws MOAException
+{
+     MessageProvider msg = MessageProvider.getInstance();
+     //String logMsg = msg.getMessage("tsl.00", new Object[]{trustProfile.getId(), files[i].getName()});
+  
+     // TODO KS: TSL initialisieren, TSL abfrage mit chain
+     
+     List chain = result.getCertificateValidationResult().getCertificateChain();
+     String uriTSL = trustProfile.getUriTSL();
+     //System.out.println("Size: " + chain.size());
+     ListIterator it = chain.listIterator(); 
+     while(it.hasNext()) {
+        X509Certificate cert = (X509Certificate) it.next();
+        //System.out.println(cert.getSubjectDN());
+     }
+     //System.out.println("URL-TSL: " + uriTSL);
+  
+     int resultCode = 0;
+     String resultInfo = msg.getMessage("tsl.00", null);
+  
+     SPSSFactory factory = SPSSFactory.getInstance();
+     return factory.createCheckTSLResult(resultCode, resultInfo);
+}
 
 }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
index 1250fcad5..68ba4ad7e 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -42,6 +42,7 @@ import org.w3c.dom.NodeList;
 import at.gv.egovernment.moa.spss.MOAApplicationException;
 import at.gv.egovernment.moa.spss.api.SPSSFactory;
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
 import at.gv.egovernment.moa.spss.api.common.Content;
 import at.gv.egovernment.moa.spss.api.common.InputData;
 import at.gv.egovernment.moa.spss.api.common.SignerInfo;
@@ -86,6 +87,9 @@ public class VerifyXMLSignatureResponseBuilder {
   private List xmlDsigManifestChecks;
   /** The result of the certificate check. */
   private CheckResult certificateCheck;
+  /** The result of the TSL check. */
+  private CheckTSLResult tslCheck;
+  
 
   /**
    * Get the <code>VerifyMLSignatureResponse</code> built so far.
@@ -100,7 +104,8 @@ public class VerifyXMLSignatureResponseBuilder {
       signatureCheck,
       signatureManifestCheck,
       xmlDsigManifestChecks,
-      certificateCheck);
+      certificateCheck, 
+      tslCheck);
   }
 
   /**
@@ -113,14 +118,16 @@ public class VerifyXMLSignatureResponseBuilder {
    * @param profile The profile used for verifying the signature.
    * @param transformsSignatureManifestCheck The overall result for the signature 
    *        manifest check.
-   * @param certificateCheck The overall result for the certificate check. 
+   * @param certificateCheck The overall result for the certificate check.
+   * @param tslCheck The result of the TSL check 
    * @throws MOAApplicationException An error occurred adding the result.
    */
   public void setResult(
     XMLSignatureVerificationResult result,
     XMLSignatureVerificationProfile profile,
     ReferencesCheckResult transformsSignatureManifestCheck,
-    CheckResult certificateCheck)
+    CheckResult certificateCheck, 
+    CheckTSLResult tslCheck)
     throws MOAApplicationException {
 
     CertificateValidationResult certResult =
@@ -284,6 +291,10 @@ public class VerifyXMLSignatureResponseBuilder {
 
     // create the certificate check 
     this.certificateCheck = certificateCheck;
+    
+    // create the tsl check
+    this.tslCheck = tslCheck;
+    
   }
 
   /**
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index f08588ecb..765a48e79 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -43,6 +43,7 @@ import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
+import java.util.ListIterator;
 import java.util.Map;
 import java.util.Set;
 
@@ -58,6 +59,7 @@ import at.gv.egovernment.moa.spss.MOAException;
 import at.gv.egovernment.moa.spss.MOASystemException;
 import at.gv.egovernment.moa.spss.api.SPSSFactory;
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
+import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
 import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
 import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
 import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
@@ -225,6 +227,7 @@ public class XMLSignatureVerificationInvoker {
       signatureEnvironmentParent.appendChild(signatureEnvironment.getElement());
     }
 
+    
     // check the result
     signatureManifestCheck =
       validateSignatureManifest(request, result, profile);
@@ -233,8 +236,11 @@ public class XMLSignatureVerificationInvoker {
     TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
     CheckResult certificateCheck = validateSignerCertificate(result, trustProfile);
     
+    // Check the TSL result   
+    CheckTSLResult tslCheck = validateTSL(result, trustProfile);
+   
     // build the response
-    responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck);
+    responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, tslCheck);
 
     return responseBuilder.getResponse();
   }
@@ -318,6 +324,42 @@ public class XMLSignatureVerificationInvoker {
     SPSSFactory factory = SPSSFactory.getInstance();
     return factory.createCheckResult(resultCode, null);
   }
+  
+  /**
+   * Checks the certificate chain against the given (in the provided <code>trustProfile</code>) TSLs 
+   * 
+   * @param result The result produced by the <code>XMLSignatureVerificationModule</code>.
+   * 
+   * @param trustProfile The trust profile the signer certificate is validated against.
+   * 
+   * @return The overal result of the TSL validation.
+   * 
+   * @throws MOAException 
+   */
+  private CheckTSLResult validateTSL(XMLSignatureVerificationResult result, TrustProfile trustProfile)
+  throws MOAException
+{
+     MessageProvider msg = MessageProvider.getInstance();
+     //String logMsg = msg.getMessage("tsl.00", new Object[]{trustProfile.getId(), files[i].getName()});
+  
+     // TODO KS: TSL initialisieren, TSL abfrage mit chain
+     
+     List chain = result.getCertificateValidationResult().getCertificateChain();
+     String uriTSL = trustProfile.getUriTSL();
+     //System.out.println("Size: " + chain.size());
+     ListIterator it = chain.listIterator();
+     while(it.hasNext()) {
+        X509Certificate cert = (X509Certificate) it.next();
+        //System.out.println(cert.getSubjectDN());
+     }
+     //System.out.println("URL-TSL: " + uriTSL);
+  
+     int resultCode = 0;
+     String resultInfo = msg.getMessage("tsl.00", null);
+  
+     SPSSFactory factory = SPSSFactory.getInstance();
+     return factory.createCheckTSLResult(resultCode, resultInfo);
+}
 
   /**
    * Select the <code>dsig:Signature</code> DOM element within the signature
diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
index 9b896c059..4c9d11f63 100644
--- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
+++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
@@ -134,7 +134,7 @@ config.28=Einen detaillierten Fehlerbericht entnehmen Sie bitte der Log-Datei.
 config.29=Es sind folgende leichte Fehler aufgetreten: 
 config.31=Fehler in der Konfiguration der KeyGroup mit id={0}: Der Schlüssel im KeyModule id={1} mit IssuerName={2} und SerialNumber={3} konnte nicht geladen werden
 config.32=Fehler in der Konfiguration: Verzeichnisangabe für den Zertifikatsspeicher ist ungültig ({0}).
-
+config.33=Fehler beim Erstellen des TrustProfile id={0}: Name des TSL-Verzeichnisses konnte nicht in eine URL umgewandet werden
 
 handler.00=Starte neue Transaktion: TID={0}, Service={1}
 handler.01=Aufruf von Adresse={0}
@@ -149,3 +149,5 @@ invoker.00=Das Signature Environment konnte nicht validierend geparst werden
 invoker.01=Keine passende Transformationskette gefunden (Index={0})
 invoker.02=Der Hashwert der Transformation stimmt nicht überein (Index={0})
 invoker.03=Signatorzertifikat aus Trustprofile mit id={0} konnte nicht geparst werden (Dateiname={1})
+
+tsl.00 = Das Zertifikat konnte erfolgreich gegen die TSL verifiziert werden
\ No newline at end of file
diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.component b/spss/server/serverws/.settings/org.eclipse.wst.common.component
index c83fdc828..f859c643a 100644
--- a/spss/server/serverws/.settings/org.eclipse.wst.common.component
+++ b/spss/server/serverws/.settings/org.eclipse.wst.common.component
@@ -1,14 +1,14 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-<wb-module deploy-name="moa-spss">
-        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
-        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
-            <dependency-type>uses</dependency-type>
-        </dependent-module>
-        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
-            <dependency-type>uses</dependency-type>
-        </dependent-module>
-<property name="context-root" value="moa-spss"/>
-<property name="java-output-path" value="target/classes"/>
-</wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+<wb-module deploy-name="moa-spss">
+        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
+            <dependency-type>uses</dependency-type>
+        </dependent-module>
+        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
+            <dependency-type>uses</dependency-type>
+        </dependent-module>
+<property name="context-root" value="moa-spss"/>
+<property name="java-output-path" value="target/classes"/>
+</wb-module>
+</project-modules>
diff --git a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.3.wsdl b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.3.wsdl
index c5cd8fc0f..68c3d0ebd 100644
--- a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.3.wsdl
+++ b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.3.wsdl
@@ -3,7 +3,7 @@
   Web Service Description for MOA SP/SS 1.4
 -->
 <definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-  <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-1.3.xsd"/>
+  <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="MOA-SPSS-1.3.xsd"/>
   <message name="CreateXMLSignatureInput">
     <part name="body" element="moa:CreateXMLSignatureRequest"/>
   </message>
-- 
cgit v1.2.3


From fa30b5b2a26a6df4e56a81283761c35ef81770e3 Mon Sep 17 00:00:00 2001
From: kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Tue, 13 Jul 2010 06:25:09 +0000
Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1166
 d688527b-c9ab-4aba-bd8d-4036d912da1d

---
 common/.classpath                                  |  24 +-
 .../at/gv/egovernment/moa/util/DateTimeUtils.java  |  31 ++
 .../java/at/gv/egovernment/moa/util/SSLUtils.java  |   3 +-
 .../.settings/org.eclipse.wst.common.component     |  36 +-
 .../moa-id/certs/ca-certs/A-Trust-nQual-03.cer     | Bin 0 -> 979 bytes
 .../conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer   | Bin 0 -> 1147 bytes
 .../ca-certs/gateway.stammzahlenregister.gv.at.cer | Bin 1922 -> 1356 bytes
 .../transforms/TransformsInfoAuthBlockTable_EN.xml |   2 +-
 ...\207\303\20403e694(SecureSignatureKeypair).cer" | Bin 0 -> 975 bytes
 id/server/idserverlib/.classpath                   |  22 +-
 .../moa/id/auth/AuthenticationServer.java          |  58 +--
 .../AuthenticationBlockAssertionBuilder.java       | 132 +++++
 .../builder/CreateXMLSignatureRequestBuilder.java  | 138 ++++++
 .../moa/id/auth/servlet/GetForeignIDServlet.java   | 260 +++++-----
 .../auth/servlet/StartAuthenticationServlet.java   |   4 +-
 .../servlet/VerifyAuthenticationBlockServlet.java  |   1 -
 .../id/auth/servlet/VerifyCertificateServlet.java  |  47 +-
 .../id/auth/servlet/VerifyIdentityLinkServlet.java |   8 +-
 .../client/szrgw/CreateIdentityLinkResponse.java   |  14 +
 .../parep/client/szrgw/CreateMandateRequest.java   |  25 +-
 .../parep/client/szrgw/CreateMandateResponse.java  |  16 +-
 .../parep/client/szrgw/SOAPConstants.java          |  19 +-
 .../validator/parep/client/szrgw/SZRGWClient.java  | 537 +++++++++++++--------
 .../parep/client/szrgw/SZRGWClientException.java   |  70 +--
 .../parep/client/szrgw/SZRGWConstants.java         | 103 ++--
 .../client/szrgw/SZRGWSecureSocketFactory.java     | 244 +++++-----
 .../moa/id/config/ConnectionParameter.java         |   9 -
 .../at/gv/egovernment/moa/id/util/SSLUtils.java    |  14 +-
 .../.settings/org.eclipse.wst.common.component     |  34 +-
 .../.settings/org.eclipse.wst.common.component     |  16 +-
 .../.settings/org.eclipse.wst.common.component     |  16 +-
 spss/server/serverlib/.classpath                   |  22 +-
 .../.settings/org.eclipse.wst.common.component     |  28 +-
 33 files changed, 1119 insertions(+), 814 deletions(-)
 create mode 100644 id/server/data/deploy/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cer
 create mode 100644 id/server/data/deploy/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer
 create mode 100644 "id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer"

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/common/.classpath b/common/.classpath
index 2ea0c3c6d..acbdc4f5b 100644
--- a/common/.classpath
+++ b/common/.classpath
@@ -1,14 +1,10 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
-	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
-	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
-	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
-	<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/>
-	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.nondependency" value=""/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="output" path="target/classes"/>
-</classpath>
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
+	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
+	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
+	<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/>
+	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java
index 5f31809dd..88133832a 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java
@@ -73,6 +73,37 @@ public class DateTimeUtils {
     return out.toString();
   }
   
+  /**
+   * Builds a <code>dateTime</code> value from a <code>Calendar</code> value.
+   * @param cal the <code>Calendar</code> value
+   * @return the <code>dateTime</code> value
+   */
+  public static String buildDate(Calendar cal) {
+    StringWriter out = new StringWriter();
+    out.write("" + cal.get(Calendar.YEAR));
+    out.write("-");
+    out.write(to2DigitString(cal.get(Calendar.MONTH) + 1));
+    out.write("-");
+    out.write(to2DigitString(cal.get(Calendar.DAY_OF_MONTH)));
+    return out.toString();
+  }
+  
+  /**
+   * Builds a <code>dateTime</code> value from a <code>Calendar</code> value.
+   * @param cal the <code>Calendar</code> value
+   * @return the <code>dateTime</code> value
+   */
+  public static String buildTime(Calendar cal) {
+	  StringWriter out = new StringWriter();
+	  out.write(to2DigitString(cal.get(Calendar.HOUR_OF_DAY)));
+	  out.write(":");
+	  out.write(to2DigitString(cal.get(Calendar.MINUTE)));
+	  out.write(":");
+	  out.write(to2DigitString(cal.get(Calendar.SECOND)));
+	  
+	  return out.toString();
+  }
+  
   /**
    * Converts month, day, hour, minute, or second value
    * to a 2 digit String.
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java
index 6d6aedb22..a7937b1bd 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java
@@ -110,8 +110,7 @@ public class SSLUtils {
   	String clientKeyStorePassword)
  	  throws IOException, GeneralSecurityException {
   		
-    //System.setProperty("javax.net.debug", "all");
-	  TrustManager[] tms = getTrustManagers(trustStore);
+ 	  TrustManager[] tms = getTrustManagers(trustStore);
 		KeyManager[] kms = getKeyManagers(clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
 		SSLContext ctx = SSLContext.getInstance("TLS");
 		ctx.init(kms, tms, null);
diff --git a/id/server/auth/.settings/org.eclipse.wst.common.component b/id/server/auth/.settings/org.eclipse.wst.common.component
index 6e8785869..b116cf610 100644
--- a/id/server/auth/.settings/org.eclipse.wst.common.component
+++ b/id/server/auth/.settings/org.eclipse.wst.common.component
@@ -1,18 +1,18 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-<wb-module deploy-name="moa-id-auth">
-<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
-        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
-        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
-            <dependency-type>uses</dependency-type>
-        </dependent-module>
-        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
-            <dependency-type>uses</dependency-type>
-        </dependent-module>
-        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
-            <dependency-type>uses</dependency-type>
-        </dependent-module>
-<property name="java-output-path" value="target/classes"/>
-        <property name="context-root" value="moa-id-auth"/>
-</wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+<wb-module deploy-name="moa-id-auth">
+<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
+        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
+            <dependency-type>uses</dependency-type>
+        </dependent-module>
+        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
+            <dependency-type>uses</dependency-type>
+        </dependent-module>
+        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
+            <dependency-type>uses</dependency-type>
+        </dependent-module>
+<property name="java-output-path" value="target/classes"/>
+        <property name="context-root" value="moa-id-auth"/>
+</wb-module>
+</project-modules>
diff --git a/id/server/data/deploy/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cer b/id/server/data/deploy/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cer
new file mode 100644
index 000000000..33e776369
Binary files /dev/null and b/id/server/data/deploy/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cer differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer b/id/server/data/deploy/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer
new file mode 100644
index 000000000..a699436ca
Binary files /dev/null and b/id/server/data/deploy/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer b/id/server/data/deploy/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer
index c3b67e05d..ff90e35f5 100644
Binary files a/id/server/data/deploy/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer and b/id/server/data/deploy/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer differ
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
index d30dbb42f..1f8085aa3 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
@@ -5,7 +5,7 @@
 				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
 					<html>
 						<head>
-							<title>Signatur der Anmeldedaten</title>
+							<title>Signing the authentication data</title>
 							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
 							.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: x-small; } 
 							.h4style{ font-family: Verdana; }
diff --git "a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer" "b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer"
new file mode 100644
index 000000000..ab9e0cd7d
Binary files /dev/null and "b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer" differ
diff --git a/id/server/idserverlib/.classpath b/id/server/idserverlib/.classpath
index f0e483a4a..1c79cc393 100644
--- a/id/server/idserverlib/.classpath
+++ b/id/server/idserverlib/.classpath
@@ -1,13 +1,9 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
-	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
-	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
-	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
-	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.nondependency" value=""/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="output" path="target/classes"/>
-</classpath>
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
+	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
+	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
+	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index fcaa4f053..01c6a512f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -21,6 +21,7 @@ import iaik.x509.X509Certificate;
 import java.io.File;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
+import java.security.Principal;
 import java.util.Calendar;
 import java.util.Date;
 import java.util.HashMap;
@@ -540,15 +541,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
   }
   
   /**
-   * Returns a CreateXMLSignatureRequest for the foreign ID.<br>
+   * Returns an CreateXMLSignatureRequest for signing the ERnP statement.<br>
+   * <ul>
+   * <li>Creates an CreateXMLSignatureRequest to be signed by the user</li>
+   * </ul>
    * 
    * @param sessionID ID of associated authentication session data
-   * @param infoboxReadResponseParameters The parameters from the response returned from
-   *        the BKU
-   * @param cert The certificate of the foreign ID 
+   * @param cert The certificate from the user 
    * @return String representation of the <code>&lt;CreateXMLSignatureRequest&gt;</code>
    */
-  public String getCreateXMLSignatureRequestForeignID(String sessionID, Map infoboxReadResponseParameters, X509Certificate cert)
+  public String createXMLSignatureRequestForeignID(String sessionID, X509Certificate cert)
     throws
       AuthenticationException,
       BuildException,
@@ -558,57 +560,33 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       ServiceException {
 
     if (isEmpty(sessionID))
-      throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID});
+      throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID});
        
-    
     AuthenticationSession session = getSession(sessionID);
+    
     AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
-
+    
     OAAuthParameter oaParam =
       AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
         session.getPublicOAURLPrefix());
     
-    
-    return getCreateXMLSignatureRequestForeignID(session, authConf, oaParam);
+    return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, cert);
   }
   
-  public String getCreateXMLSignatureRequestForeignID(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam)
-  throws 
-    ConfigurationException, 
-    BuildException,
-    ValidateException {
+  public String getCreateXMLSignatureRequestForeigID(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam, X509Certificate cert) throws ConfigurationException
+  {
   
+  // check for intermediate processing of the infoboxes
+  if (session.isValidatorInputPending()) return "Redirect to Input Processor";
   
   if (authConf==null) authConf = AuthConfigurationProvider.getInstance();
   if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance().
     getOnlineApplicationParameter(session.getPublicOAURLPrefix());
   
-  //BZ.., calculate bPK for signing to be already present in AuthBlock
-//  IdentityLink identityLink = session.getIdentityLink();
-//  if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
-//      // only compute bPK if online application is a public service and we have the Stammzahl
-//      String bpkBase64 = new BPKBuilder().buildBPK(
-//          identityLink.getIdentificationValue(),
-//          session.getTarget());
-//      identityLink.setIdentificationValue(bpkBase64);
-//    }
-  //..BZ
+  Principal subject = cert.getSubjectDN();
   
-
-  // builds the AUTH-block
-  String authBlock = buildAuthenticationBlock(session);
-//  session.setAuthBlock(authBlock);
-  // builds the <CreateXMLSignatureRequest>
-  String[] transformsInfos = oaParam.getTransformsInfos();
-  if ((transformsInfos == null) || (transformsInfos.length == 0)) {
-    // no OA specific transforms specified, use default ones
-    transformsInfos = authConf.getTransformsInfos();
-  }         
   String createXMLSignatureRequest =
-    new CreateXMLSignatureRequestBuilder().build(authBlock, 
-                                                 oaParam.getKeyBoxIdentifier(), 
-                                                 transformsInfos, 
-                                                 oaParam.getSlVersion12());
+    new CreateXMLSignatureRequestBuilder().buildForeignID(subject.toString(), oaParam, session);
   return createXMLSignatureRequest;
 }
   
@@ -642,7 +620,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     
     String xmlCreateXMLSignatureResponse = (String)createXMLSignatureResponseParameters.get(PARAM_XMLRESPONSE);
     
-    System.out.println(xmlCreateXMLSignatureResponse);
     
     if (isEmpty(xmlCreateXMLSignatureResponse)) 
       throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE});
@@ -757,6 +734,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       
     return authBlock;
   }
+
   
   /**
    * Verifies the infoboxes (except of the  identity link infobox) returned by the BKU by 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index d684c16c9..bab387b4a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -153,6 +153,138 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
    //..BZ
     
     
+    if (target == null) {
+      // OA is a business application
+      if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) {
+        // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator
+         gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
+         wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
+         
+         //BZ.., adding type of wbPK domain identifier        
+        ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute = 
+             new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+            
+        extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute);
+        //..BZ
+         
+      } else {
+        // We do not have a wbPK, therefore no SAML-Attribute is provided
+        session.setSAMLAttributeGebeORwbpk(false);
+      }
+    } else {
+      // OA is a govermental application
+      //BZ..
+      String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);      
+      //gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target });
+      gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target + " (" + sectorName + ")" });
+      //..BZ
+      
+      //BZ.., no business service, adding bPK
+      
+      Element bpkSamlValueElement;
+      try {
+         bpkSamlValueElement = DOMUtils.parseDocument(MessageFormat.format(PR_IDENTIFICATION_ATTRIBUTE, new Object[] { identityLinkValue, Constants.URN_PREFIX_BPK }), false, null, null).getDocumentElement();
+      } catch (Exception e) {
+         Logger.error("Error on building AUTH-Block: " + e.getMessage());
+          throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+      } 
+      ExtendedSAMLAttribute bpkAttribute = 
+          new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+         
+     extendedSAMLAttributes.add(bpkAttribute);
+      //gebeORwbpk = gebeORwbpk  + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
+     wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
+     //..BZ     
+    }
+    
+    //BZ.., adding friendly name of OA    
+    String oaFriendlyName = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); 
+    
+    ExtendedSAMLAttribute oaFriendlyNameAttribute = 
+         new ExtendedSAMLAttributeImpl("oaFriendlyName", oaFriendlyName, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+    
+    extendedSAMLAttributes.add(oaFriendlyNameAttribute);
+    //..BZ
+    
+    String assertion;
+    try {
+      assertion = MessageFormat.format(
+        AUTH_BLOCK, new Object[] { 
+          wbpkNSDeclaration, 
+          issuer, 
+          issueInstant, 
+          authURL, 
+          gebeORwbpk, 
+          oaURL, 
+          gebDat,
+          buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+    } catch (ParseException e) {
+      Logger.error("Error on building AUTH-Block: " + e.getMessage());
+      throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+    }
+    
+    return assertion;
+    
+  }
+  
+  /**
+   * Builds the authentication block <code>&lt;saml:Assertion&gt;</code> 
+   * 
+   * @param issuer authentication block issuer; <code>"GivenName FamilyName"</code>
+   * @param issueInstant current timestamp
+   * @param authURL URL of MOA-ID authentication component
+   * @param target "Gesch&auml;ftsbereich"; maybe <code>null</code> if the application
+   *               is a business application
+   * @param identityLinkValue the content of the <code>&lt;pr:Value&gt;</code>
+   *                          child element of the <code>&lt;pr:Identification&gt;</code>
+   *                          element derived from the Identitylink; this is the
+   *                          value of the <code>wbPK</code>;
+   *                          maybe <code>null</code> if the application is a public service
+   * @param identityLinkType  the content of the <code>&lt;pr:Type&gt;</code>
+   *                          child element of the <code>&lt;pr:Identification&gt;</code>
+   *                          element derived from the Identitylink; this includes the
+   *                          URN prefix and the identification number of the business
+   *                          application used as input for wbPK computation;
+   *                          maybe <code>null</code> if the application is a public service
+   * @param oaURL public URL of online application requested
+   * @param gebDat The date of birth from the identity link.
+   * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock.
+   * 
+   * @return String representation of authentication block 
+   *          <code>&lt;saml:Assertion&gt;</code> built
+   *          
+   * @throws BuildException If an error occurs on serializing an extended SAML attribute 
+   *                        to be appended to the AUTH-Block.
+   */
+  public String buildAuthBlockForeignID(
+    String issuer, 
+    String issueInstant, 
+    String authURL, 
+    String target,
+    String identityLinkValue, 
+    String identityLinkType,
+    String oaURL, 
+    String gebDat,
+    List extendedSAMLAttributes,
+    AuthenticationSession session)
+  throws BuildException
+  {
+    session.setSAMLAttributeGebeORwbpk(true);
+    String gebeORwbpk = "";
+    String wbpkNSDeclaration = "";
+    
+    //BZ.., reading OA parameters
+    OAAuthParameter oaParam;
+   try {
+      oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+           session.getPublicOAURLPrefix());
+   } catch (ConfigurationException e) {
+      Logger.error("Error on building AUTH-Block: " + e.getMessage());
+         throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+   }
+   //..BZ
+    
+    
     if (target == null) {
       // OA is a business application
       if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index fe73ce16b..4ef8dc359 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -16,8 +16,13 @@
 package at.gv.egovernment.moa.id.auth.builder;
 
 import java.text.MessageFormat;
+import java.util.Calendar;
 
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DateTimeUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 
 /**
@@ -105,4 +110,137 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
     
 		return request;
 	}
+	
+	/**
+	 * Builds the <code>&lt;CreateXMLSignatureRequest&gt;</code> for a foreign ID.
+	 * 
+	 * @param subject the subject of the foreign certificate
+	 * @param oaParam parameter for the OA
+	 * @param session current session
+	 * @return String representation of <code>&lt;CreateXMLSignatureRequest&gt;</code>
+	 */
+	public String buildForeignID(String subject, OAAuthParameter oaParam, AuthenticationSession session) {
+
+		String target = session.getTarget();		
+		String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);
+		
+		Calendar cal = Calendar.getInstance();
+		String date = DateTimeUtils.buildDate(cal);
+		String time = DateTimeUtils.buildTime(cal);
+		
+		String request = "";
+		request += "<sl:CreateXMLSignatureRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">"; 
+		request += "<sl:KeyboxIdentifier>SecureSignatureKeypair</sl:KeyboxIdentifier>";
+		request += "<sl:DataObjectInfo Structure=\"enveloping\">"; 
+		request += "<sl:DataObject>";
+		request += "<sl:XMLContent>";
+		
+		request += "<html xmlns=\"http://www.w3.org/1999/xhtml\">";
+		request += "<head>";
+		request += "<title>Signatur der Anmeldedaten</title>";
+		request += "<style type=\"text/css\" media=\"screen\">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}";
+		request += ".titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: x-small; }"; 
+		request += ".ernpstyle { font-size: x-small; }";
+		request += ".h4style{ font-family: Verdana; }";
+		request += "table.parameters { font-size: x-small; }";                                                                        
+		request += "</style>";
+		request += "</head>";
+		request += "<body>";
+		request += "<h4 class=\"h4style\">Authentication Data:</h4>";
+		request += "<p class=\"titlestyle\">Personal Data</p>";
+		request += "<table class=\"parameters\">";
+		request += "<tr>";
+		request += "<td class=\"italicstyle\">Name:</td>";
+		request += "<td>";
+		request += subject;
+		request += "</td>";
+		request += "</tr>";
+		request += "</table>";
+		request += "<p class=\"titlestyle\">Application Data</p>";
+		request += "<table class=\"parameters\">";
+		request += "<tr>";
+		request += "<td class=\"italicstyle\">Name:</td>";
+		request += "<td>";
+		// friendlyname from OA
+		request += StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName();
+		request += "</td>";
+		request += "</tr>";
+		request += "<tr>";
+		request += "<td class=\"italicstyle\">Country:</td>";
+		request += "<td>Austria</td>";
+		request += "</tr>";
+		request += "</table>";
+		request += "<p class=\"titlestyle\">Technical Parameters</p>";
+		request += "<table class=\"parameters\">";
+		request += "<tr>";
+		request += "<td class=\"italicstyle\">URL:</td>";
+		request += "<td>";
+		//public URL prefix from OA
+		request += oaParam.getPublicURLPrefix();
+		request += "</td>";
+		request += "</tr>";
+		boolean business = oaParam.getBusinessService();
+		if (business) {
+			// OA is businessservice
+			String identifierType = oaParam.getIdentityLinkDomainIdentifierType();
+			String identifier = oaParam.getIdentityLinkDomainIdentifier();
+			request += "<tr>";
+			request += "<td class=\"italicstyle\">";
+			request += identifierType + ":";
+			request += "</td>";
+			request += "<td>";
+			request += identifier;
+			request += "</td>";
+			request += "</tr>";			
+		}
+		else {
+			// OA is publicservice
+			request += "<tr>";
+			request += "<td class=\"italicstyle\">";
+			request += "Sector:</td>";
+			request += "<td>";
+			request += target + " (" + sectorName + ")";
+			request += "</td>";
+			request += "</tr>";
+
+		}
+		
+		request += "<tr>";
+		request += "<td class=\"italicstyle\">Date:</td>";
+		request += "<td>";   
+		request += date;
+		request += "</td>";
+		request += "</tr>";
+		request += "<tr>";
+		request += "<td class=\"italicstyle\">Time:</td>";
+		request += "<td>";
+		request += time;
+		request += "</td>";
+		request += "</tr>";
+		request += "</table>";
+		
+		request += "<p class=\"ernpstyle\">I hereby request to access this e-government application by using my " +
+			"domestic electronic identity. <br/>" +
+			"I further affirm that I am not yet registered with the Austrian Central " + 
+			"Residents Registry and that I am not obliged to register with the Austrian " + 
+			"Central Residents Registry according to Austrian law.<br/>" + 
+			"In the event I am not yet registered with the Supplementary Register, I " + 
+			"explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " +
+			"BGBl. I Nr.  7/2008 und BGBl. I Nr. 59/2008).</p>";
+		
+		request += "</body>";
+		request += "</html>";
+
+		request += "</sl:XMLContent>";		
+		request += "</sl:DataObject>";
+		request += "<sl:TransformsInfo>";
+		request += "<sl:FinalDataMetaInfo>";
+		request += "<sl:MimeType>application/xhtml+xml</sl:MimeType>";
+		request += "</sl:FinalDataMetaInfo>";
+		request += "</sl:TransformsInfo>";
+		request += "</sl:DataObjectInfo>";
+		request += "</sl:CreateXMLSignatureRequest>";
+				
+		return request;
+	}
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index 0599c79bd..c2de2e3e1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -1,38 +1,31 @@
 package at.gv.egovernment.moa.id.auth.servlet;
 
 import iaik.pki.PKIException;
-import iaik.x509.X509Certificate;
 
 import java.io.IOException;
 import java.security.GeneralSecurityException;
-import java.security.cert.CertificateEncodingException;
 import java.util.Map;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
 
-import org.apache.axis.encoding.Base64;
 import org.apache.commons.fileupload.FileUploadException;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
-import org.w3c.dom.Text;
 
 import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.ParseException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -103,7 +96,6 @@ public class GetForeignIDServlet extends AuthServlet {
 	     	}
 	    String sessionID = req.getParameter(PARAM_SESSIONID);
 	    String redirectURL = null;
-	    X509Certificate cert = null;
 	    AuthenticationSession session = null;
 	    try {
           // check parameter
@@ -112,46 +104,46 @@ public class GetForeignIDServlet extends AuthServlet {
 
 	    	session = AuthenticationServer.getSession(sessionID);
 	    	
-	    	cert = AuthenticationServer.getInstance().verifyXMLSignature(sessionID, parameters);
-
-//       Element signature = AuthenticationServer.getInstance().getDsigElement
-//       (sessionID, parameters);
+	    	String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
+	    	
+	    	Logger.debug(xmlCreateXMLSignatureResponse);
+	    	
+	    	CreateXMLSignatureResponse csresp =
+	    	      new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse).parseResponseDsig();
 
-//	    	if (signature == null) {
-	    	if (cert == null) {
-	    	  handleError("Error retrieving signature from foreign eID card.", null, req, resp);
+	    	Element signature = csresp.getDsigSignature();
+	    	
+	    	// make SZR request to the identity link
+	    	CreateIdentityLinkResponse response = getIdentityLink(signature);
+	    	
+	    	if (response.isError()) {	    		
+	    		throw new SZRGWClientException(response.getError());
 	    	}
 	    	else {
-	    	   
-	    	   // make SZR request	    		
-	    	   //Element samlAssertion = getIdentityLink(signature);
-	    	  Element samlAssertion = getIdentityLink(cert);
-      		   	    
-	    	   IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
-	    	   IdentityLink identitylink = ilParser.parseIdentityLink();
-	    	   session.setIdentityLink(identitylink);
-   		   	   	
-	    	   String samlArtifactBase64 = 
-	    	      AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID);
-	    	   if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
-	    	      redirectURL = session.getOAURLRequested();
-	    	      if (!session.getBusinessService()) {
-	    	         redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
-	    	      }
-	    	      redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
-	    	      redirectURL = resp.encodeRedirectURL(redirectURL);
-	    	   } else {
-	    	      redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
-	    	   }
-	    	   resp.setContentType("text/html");
-	    	   resp.setStatus(302);
-	    	   resp.addHeader("Location", redirectURL);
-	    	   Logger.debug("REDIRECT TO: " + redirectURL);
-	    	} 
-			    		      
-	    }
-	    catch (ParseException ex) {
-	    	handleError(null, ex, req, resp);
+	    		Element samlAssertion = response.getAssertion();
+		    	
+		    	IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
+		    	IdentityLink identitylink = ilParser.parseIdentityLink();
+		    	session.setIdentityLink(identitylink);
+	  	   	
+		    	String samlArtifactBase64 = 
+		    		AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID);
+		    	if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
+		    		redirectURL = session.getOAURLRequested();
+		    		if (!session.getBusinessService()) {
+		    			redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
+		    		}
+		    		redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+		    		redirectURL = resp.encodeRedirectURL(redirectURL);
+		    	} else {
+		    		redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+		    	}
+		    	resp.setContentType("text/html");
+		    	resp.setStatus(302);
+		    	resp.addHeader("Location", redirectURL);
+		    	Logger.debug("REDIRECT TO: " + redirectURL);
+	    	}
+	    	    		      
 	    }
 	    catch (MOAIDException ex) {
 	      handleError(null, ex, req, resp);
@@ -178,63 +170,59 @@ public class GetForeignIDServlet extends AuthServlet {
   
   /**
    * Does the request to the SZR-GW
-   * @param givenname
-   * @param familyname
-   * @param dateofbirth
+   * @param signature XMLDSIG signature
    * @return Identity link assertion
  * @throws SZRGWClientException 
    */
-  /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/
-     private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException {
+     private CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException {
 
-    SZRGWClient client = new SZRGWClient();
-      
-    try {
-    	AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
-    	 ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
-     	//url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation";
-    	Logger.debug("Connection Parameters: " + connectionParameters);
-      client.setAddress(connectionParameters.getUrl());
-      if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
-         Logger.debug("Initialisiere SSL Verbindung");
-         try {
-            client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
-         } catch (IOException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
-         } catch (GeneralSecurityException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
-         } catch (PKIException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
-         }
-       }
-       
-       Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
-      
-   
-    }
-   catch (ConfigurationException e) {
-      Logger.warn(e);
-      Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
+	    SZRGWClient client = new SZRGWClient();
+	 
+	    try {
+	    	AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+	    	ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
 
-    }
-    	// create request
-    	Document doc = buildGetIdentityLinkRequest(cert);
-    	Element request = doc.getDocumentElement();
-    	CreateIdentityLinkResponse response = null;
-   
-    //try {
-        response = client.createIdentityLinkResponse(request);
-    //} catch (SZRGWClientException e) {
-        // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
-      //  client = new SZRGWClient(url);
-      //  response = client.createIdentityLinkResponse(request);
-   // }
-   	 
+	    	client.setAddress(connectionParameters.getUrl());
+	    	if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+	    		Logger.debug("Initialisiere SSL Verbindung");
+	    		try {
+	    			client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+	    		} catch (IOException e) {
+	    			throw new SZRGWClientException(e);
+	    		} catch (GeneralSecurityException e) {
+	    			throw new SZRGWClientException(e);
+	    		} catch (PKIException e) {
+	    			throw new SZRGWClientException(e);
+	    		} 
+	    	}
+	    	Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
+	    }
+	    catch (ConfigurationException e) {
+	    	Logger.warn(e);
+	    	Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
+	    }
+	    
+	    // create request
+	    CreateIdentityLinkResponse response = null;
+	    Element request = null;
+	    try {
+	    	Document doc = client.buildGetIdentityLinkRequest(null, null, null, null, signature);
+	    	request = doc.getDocumentElement();
+	    	
+	    	// send request
+	    	response = client.createIdentityLinkResponse(request);
+	    } catch (SZRGWClientException e) {
+	    	// 	give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+	    	try {
+	    		response = client.createIdentityLinkResponse(request);
+	    	} 
+	    	catch (SZRGWClientException e1) {
+	    		throw new SZRGWClientException(e1);
+	    	}
+	    }
         
-	return response.getAssertion();
+	    
+	    return response;
 	
   }
   
@@ -245,43 +233,43 @@ public class GetForeignIDServlet extends AuthServlet {
    * @param birthday
    * @return
    */
-  private static Document buildGetIdentityLinkRequest(X509Certificate cert) {
-	  
-	  try {
-		  	byte[] certbyte = cert.getEncoded();
-		  	String certstring = Base64.encode(certbyte); 
-	      
-			DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
-			factory.setNamespaceAware(true);
-	        DocumentBuilder builder = factory.newDocumentBuilder();
-	        Document doc = builder.newDocument();
-	        
-	        Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest");
-	        getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS);
-	        doc.appendChild(getIdentityLink);
-	        
-	        Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate");
-	        getIdentityLink.appendChild(x509certificate);
-	        Text certbase64 = doc.createTextNode(certstring);
-	        x509certificate.appendChild(certbase64);
-	                          
-	        return doc;
-	    } catch (ParserConfigurationException e) {
-	    	e.printStackTrace();
-	    } catch (CertificateEncodingException e) {
-			e.printStackTrace();
-		}
-	    return null;
-	
-	}
-  
-    /**
-   * Checks a parameter.
-   * @param param parameter
-   * @return true if the parameter is null or empty
-   */
-  private boolean isEmpty(String param) {
-    return param == null || param.length() == 0;
-  }
+//  private static Document buildGetIdentityLinkRequest(X509Certificate cert) {
+//	  
+//	  try {
+//		  	byte[] certbyte = cert.getEncoded();
+//		  	String certstring = Base64.encode(certbyte); 
+//	      
+//			DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
+//			factory.setNamespaceAware(true);
+//	        DocumentBuilder builder = factory.newDocumentBuilder();
+//	        Document doc = builder.newDocument();
+//	        
+//	        Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest");
+//	        getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS);
+//	        doc.appendChild(getIdentityLink);
+//	        
+//	        Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate");
+//	        getIdentityLink.appendChild(x509certificate);
+//	        Text certbase64 = doc.createTextNode(certstring);
+//	        x509certificate.appendChild(certbase64);
+//	                          
+//	        return doc;
+//	    } catch (ParserConfigurationException e) {
+//	    	e.printStackTrace();
+//	    } catch (CertificateEncodingException e) {
+//			e.printStackTrace();
+//		}
+//	    return null;
+//	
+//	}
+//  
+//    /**
+//   * Checks a parameter.
+//   * @param param parameter
+//   * @return true if the parameter is null or empty
+//   */
+//  private boolean isEmpty(String param) {
+//    return param == null || param.length() == 0;
+//  }
  
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index 8165f90f8..2430095b2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -63,7 +63,7 @@ public class StartAuthenticationServlet extends AuthServlet {
     }
     authURL = authURL.concat(req.getContextPath() + "/");
 
-	 String target = req.getParameter(PARAM_TARGET);
+    String target = req.getParameter(PARAM_TARGET);
 	 String oaURL = req.getParameter(PARAM_OA);
     String bkuURL = req.getParameter(PARAM_BKU);
     String templateURL = req.getParameter(PARAM_TEMPLATE);
@@ -91,7 +91,7 @@ public class StartAuthenticationServlet extends AuthServlet {
 		    
 			String getIdentityLinkForm =
 				AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme());
-			
+		
 			resp.setContentType("text/html;charset=UTF-8");
 			PrintWriter out = new PrintWriter(resp.getOutputStream());
 			out.print(getIdentityLinkForm);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 824df9ca8..8ae951dda 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -96,7 +96,6 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
       Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
       throw new IOException(e.getMessage());
     }
-  //@TODO Parameter
 		String sessionID = req.getParameter(PARAM_SESSIONID);
 		String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
 		String redirectURL = null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index c9c1e794d..1b96ce8a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -93,7 +93,6 @@ public class VerifyCertificateServlet extends AuthServlet {
 	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
 	      throw new IOException(e.getMessage());
 	     	}
-	    //@TODO Parameter
 	    String sessionID = req.getParameter(PARAM_SESSIONID);
 	    AuthenticationSession session = null;
 	    try {
@@ -104,55 +103,19 @@ public class VerifyCertificateServlet extends AuthServlet {
 	    	session = AuthenticationServer.getSession(sessionID);
 	    	
 	    	X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
-	    	
-	    	System.out.println(cert);
-	    	
-	    	String createXMLSignatureRequest = AuthenticationServer.getInstance().getCreateXMLSignatureRequestForeignID(sessionID, parameters, cert);
-
-	    	System.out.println(createXMLSignatureRequest);
-	    	
+	    		    	
+	    	String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert);
 	      // build dataurl (to the GetForeignIDSerlvet)
-       String dataurl =
+	    	String dataurl =
              new DataURLBuilder().buildDataURL(
                session.getAuthURL(),
                REQ_GET_FOREIGN_ID,
                session.getSessionID());
        
-       ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-	    	
+	    	ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
 	    	
-//       Logger.debug("Send CreateXMLSignatureRequest to BKU");
-//       String keyboxIdentifier = "SecureSignatureKeypair";
-//       //String keyboxIdentifier = "CertifiedKeypair";             
-//       String xmlContent = "<html xmlns=\"http://www.w3.org/1999/xhtml\"> " +
-//          "<head><title>CreateXMLSignatureRequest</title>" + 
-//          "<style type=\"text/css\"/></head>" +
-//           "<body>" +
-//           "<p>I hereby request to access this e-government application by using my " +
-//           "domestic electronic identity. </p>" +
-//           "<p>I further affirm that I am not yet registered with the Austrian Central " + 
-//           "Residents Registry and that I am not obliged to register with the Austrian " + 
-//           "Central Residents Registry according to Austrian law.</p>" + 
-//           "<p>In the event I am not yet registered with the Supplementary Register, I " + 
-//           "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " +
-//           "BGBl. I Nr.  7/2008 und BGBl. I Nr. 59/2008).</p>" +
-//          "</body></html>";
-//    
-//       // create the CreateXMLSignatureRequest
-//       String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilderForeign().build(
-//             keyboxIdentifier,
-//             xmlContent);
-//       
-//       // build dataurl (to the GetForeignIDSerlvet)
-//       String dataurl =
-//             new DataURLBuilder().buildDataURL(
-//               session.getAuthURL(),
-//               REQ_GET_FOREIGN_ID,
-//               session.getSessionID());
-//       
-//       ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-//       
 	    	
+	    	Logger.debug("Send CreateXMLSignatureRequest to BKU");
 			    		      
 	    }
 	    catch (MOAIDException ex) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 4f98e85e2..1fc5013f3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -94,7 +94,6 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
       Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
       throw new IOException(e.getMessage());
     }
-  //@TODO Parameter
     String sessionID = req.getParameter(PARAM_SESSIONID);
     
     
@@ -109,9 +108,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
     	String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters);
     	
     	if (createXMLSignatureRequestOrRedirect == null) {
-    	   
-    	   System.out.println("Send InfoboxReadRequest to BKU to get signer certificate.");
-    		// no identity link found
+    	   // no identity link found
+    		
     		try {
     		
     		   Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
@@ -127,7 +125,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
                   session.getSessionID());
           
          
-          ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate", dataurl);
+          ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
     	    	
     	    }
     	    catch(Exception e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java
index 6448f9392..aa6ed32d2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java
@@ -14,14 +14,28 @@ import org.w3c.dom.NodeList;
 public class CreateIdentityLinkResponse {
   
 	private Element assertion;
+	private String error;
+	private boolean isError;
 
 	public Element getAssertion() {
 		return assertion;
 	}
+	public String getError() {
+		return error;
+	}
 	
 	public void setAssertion(Element assertion) {
+		isError = false;
 	  this.assertion = assertion;
 	}
+	public void setError(String error) {
+		isError = true;
+		this.error = error;
+	}
+	
+	public boolean isError() {
+		return isError;
+	}
 	
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java
index 25c3d7199..b856ee988 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java
@@ -15,20 +15,17 @@
 */
 package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
 
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-
-import org.apache.xpath.XPathAPI;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
-import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
-import at.gv.egovernment.moa.util.Constants;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.util.Constants;
 
 /**
  * This class implements a detailed CreateMandateRequest that
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java
index f19c21513..dcc3161e7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java
@@ -1,20 +1,6 @@
-/*
-* Copyright 2003 Federal Chancellery Austria
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*     http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
 package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
 
+
 import org.apache.xpath.XPathAPI;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java
index eaf07da13..026632589 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java
@@ -1,20 +1,6 @@
-/*
-* Copyright 2003 Federal Chancellery Austria
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*     http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
 package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
 
+
 /**
  * SOAP Envelope Constants.
  * 
@@ -40,4 +26,7 @@ public interface SOAPConstants {
   public static final String XPATH_SOAP_FAULTCODE = XPATH_SOAP_FAULT + "/faultcode/text()";
   public static final String XPATH_SOAP_FAULTSTRING = XPATH_SOAP_FAULT + "/faultstring/text()";
   
+  
+  
 }
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
index 0c84a9b18..2080118d0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
@@ -20,121 +20,128 @@ import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 
 import javax.net.ssl.SSLSocketFactory;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
 
 import org.apache.commons.httpclient.HttpClient;
 import org.apache.commons.httpclient.methods.PostMethod;
 import org.apache.commons.httpclient.protocol.Protocol;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
+import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
+import org.w3c.dom.Text;
 
 import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
-import at.gv.egovernment.moa.logging.Logger;
-
-
-/**
- * This class implements a client for communication with the SZR-gateway
- * <p>
- * Two types of requests are supported
- * <ol>
- * <li>Basic Request</li>
- * <li>Detailed Request</li>
- * </ol>
- * 
- */
-public class SZRGWClient {
-  /**
-   * The URL of the SZR-gateway webservice.
-   */
-  private String address;
-  
-  /**
-   * The SSL socket factory when using a secure connection.
-   */
-  private SSLSocketFactory sSLSocketFactory;
-  
-  /**
-   * Constructor
-   */
-  public SZRGWClient() {
-  }
-
-  /**
-   * Constructor
-   * 
-   * @param address the URL of the SZR-gateway webservice.
-   */
-  public SZRGWClient(String address) {
-    this.address = address;
-  }
-  /**
-   * Sets the SSL socket factory.
-   * 
-   * @param factory the SSL socket factory.
-   */
-  public void setSSLSocketFactory(SSLSocketFactory factory) {
-    this.sSLSocketFactory = factory;
-  }
-  
-  /**
-   * Sets the SZR webservice URL
-   * 
-   * @param address the URL of the SZR-gateway webservice.
-   */
-  public void setAddress(String address) {
-    this.address = address;
-  }
-  
-  /**
-   * Creates a mandate.
-   * 
-   * @param reqElem the request.
-   * @return a SZR-gateway response containing the result
-   * @throws SZRGWException when an error occurs creating the mandate.
-   */
-  public CreateMandateResponse createMandateResponse(Element reqElem) throws SZRGWClientException {
-    Logger.info("Connecting to SZR-gateway.");
-    try {
-      if (address == null) {
-        throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null.");
-      }
-      HttpClient client = new HttpClient();
-      PostMethod method = new PostMethod(address);
-      method.setRequestHeader("SOAPAction", "");
-
-      
-      // ssl settings
-      if (sSLSocketFactory != null) {
-        SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); 
-        Protocol.registerProtocol("https", new Protocol("https", fac, 443));
-      }
-      
-      // create soap body
-      Element soapBody = getSOAPBody();
-      Document doc = soapBody.getOwnerDocument();
-      soapBody.appendChild(doc.importNode(reqElem, true));
-      Element requestElement = soapBody.getOwnerDocument().getDocumentElement();
-      
-      //ParepUtils.saveElementToFile(requestElement, new File("c:/szrRequest.xml"));
-      ByteArrayOutputStream bos = new ByteArrayOutputStream();
-      ParepUtils.serializeElementAsDocument(requestElement, bos);
-      
-      method.setRequestBody(new ByteArrayInputStream(bos.toByteArray()));
-      client.executeMethod(method);
-      CreateMandateResponse response = new CreateMandateResponse();
-      
-      bos = new ByteArrayOutputStream();
-      doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream());
-      
-      //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/szrResponse.xml"));
-      response.parse(doc.getDocumentElement());
-      
-      
-      return response;
-    } catch(Exception e) {
-      //e.printStackTrace();
-      throw new SZRGWClientException(e);
-    }
+import at.gv.egovernment.moa.util.DOMUtils;
+
+
+
+/**
+ * This class implements a client for communication with the SZR-gateway
+ * <p>
+ * Two types of requests are supported
+ * <ol>
+ * <li>Basic Request</li>
+ * <li>Detailed Request</li>
+ * </ol>
+ * 
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWClient {
+  /**
+   * The URL of the SZR-gateway webservice.
+   */
+  private String address;
+  
+  /**
+   * The SSL socket factory when using a secure connection.
+   */
+  private SSLSocketFactory sSLSocketFactory;
+  
+  /**
+   * Constructor
+   */
+  public SZRGWClient() {
+  }
+
+  /**
+   * Constructor
+   * 
+   * @param address the URL of the SZR-gateway webservice.
+   */
+  public SZRGWClient(String address) {
+    this.address = address;
+  }
+  /**
+   * Sets the SSL socket factory.
+   * 
+   * @param factory the SSL socket factory.
+   */
+  public void setSSLSocketFactory(SSLSocketFactory factory) {
+    this.sSLSocketFactory = factory;
+  }
+  
+  /**
+   * Sets the SZR webservice URL
+   * 
+   * @param address the URL of the SZR-gateway webservice.
+   */
+  public void setAddress(String address) {
+    this.address = address;
+  }
+  
+  /**
+   * Creates a mandate.
+   * 
+   * @param reqElem the request.
+   * @return a SZR-gateway response containing the result
+   * @throws SZRGWException when an error occurs creating the mandate.
+   */
+  public CreateMandateResponse createMandateResponse(Element reqElem) throws SZRGWClientException {
+    //Logger.info("Connecting to SZR-gateway.");
+    try {
+      if (address == null) {
+        throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null.");
+      }
+      HttpClient client = new HttpClient();
+      PostMethod method = new PostMethod(address);
+      method.setRequestHeader("SOAPAction", "");
+
+      
+      // ssl settings
+      if (sSLSocketFactory != null) {
+        SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); 
+        Protocol.registerProtocol("https", new Protocol("https", fac, 443));
+      }
+      
+      // create soap body
+      Element soapBody = getSOAPBody();
+      Document doc = soapBody.getOwnerDocument();
+      soapBody.appendChild(doc.importNode(reqElem, true));
+      Element requestElement = soapBody.getOwnerDocument().getDocumentElement();
+      
+      //ParepUtils.saveElementToFile(requestElement, new File("c:/temp/szrRequest.xml"));
+      ByteArrayOutputStream bos = new ByteArrayOutputStream();
+      ParepUtils.serializeElementAsDocument(requestElement, bos);
+      
+      method.setRequestBody(new ByteArrayInputStream(bos.toByteArray()));
+      client.executeMethod(method);
+      CreateMandateResponse response = new CreateMandateResponse();
+      
+      bos = new ByteArrayOutputStream();
+      doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream());
+      
+      //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/temp/szrResponse.xml"));
+      response.parse(doc.getDocumentElement());
+      
+      
+      return response;
+    } catch(Exception e) {
+      //e.printStackTrace();
+      throw new SZRGWClientException(e);
+    }
   }
   
   /**
@@ -145,119 +152,221 @@ public class SZRGWClient {
    * @throws SZRGWException when an error occurs creating the mandate.
    */
   public CreateIdentityLinkResponse createIdentityLinkResponse(Element reqElem) throws SZRGWClientException {
-     
-     Logger.info("Connecting to SZR-gateway.");
-       try {
-         if (address == null) {
-           throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null.");
-         }
-         HttpClient client = new HttpClient();
-         PostMethod method = new PostMethod(address);
-         method.setRequestHeader("SOAPAction", "");
+    
+	  try {
+      if (address == null) {
+        throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null.");
+      }
+      HttpClient client = new HttpClient();
+      PostMethod method = new PostMethod(address);
+      method.setRequestHeader("SOAPAction", "");
 
-         
-         // ssl settings
-         if (sSLSocketFactory != null) {
-           SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); 
-           Protocol.registerProtocol("https", new Protocol("https", fac, 443));
-         }
-         
-         // create soap body
-         Element soapBody = getSOAPBody();
-         Document doc = soapBody.getOwnerDocument();
-         soapBody.appendChild(doc.importNode(reqElem, true));
-         Element requestElement = soapBody.getOwnerDocument().getDocumentElement();
-         
-         //ParepUtils.saveElementToFile(requestElement, new File("c:/temp/szrRequest.xml"));
-         ByteArrayOutputStream bos = new ByteArrayOutputStream();
-         ParepUtils.serializeElementAsDocument(requestElement, bos);
-         
-         method.setRequestBody(new ByteArrayInputStream(bos.toByteArray()));
-         client.executeMethod(method);
-         CreateIdentityLinkResponse response = new CreateIdentityLinkResponse();
-         
-         bos = new ByteArrayOutputStream();
-         doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream());
+      
+      // ssl settings
+      if (sSLSocketFactory != null) {
+        SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); 
+        Protocol.registerProtocol("https", new Protocol("https", fac, 443));
+      }
+      
+      // create soap body
+      Element soapBody = getSOAPBody();
+      Document doc = soapBody.getOwnerDocument();
+      soapBody.appendChild(doc.importNode(reqElem, true));
+      Element requestElement = soapBody.getOwnerDocument().getDocumentElement();
+      
+      //ParepUtils.saveElementToFile(requestElement, new File("c:/temp/szrRequest.xml"));
+      ByteArrayOutputStream bos = new ByteArrayOutputStream();
+      ParepUtils.serializeElementAsDocument(requestElement, bos);
+      
+      method.setRequestBody(new ByteArrayInputStream(bos.toByteArray()));
+      client.executeMethod(method);
+      CreateIdentityLinkResponse response = new CreateIdentityLinkResponse();
+      
+      bos = new ByteArrayOutputStream();
+      doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream());
+      //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/temp/szrResponse.xml"));
+      
+      NodeList list = doc.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "ErrorResponse");
+      if (list.getLength() > 0) {
+    	  // set error response
+    	  list = doc.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "Info");
+    	  String error = DOMUtils.getText(list.item(0));
 
-         //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/temp/szrResponse.xml"));
-         
-         //check if errorresponse
-         boolean isError = checkErrorResponse(doc.getDocumentElement());
-         
-         if (isError) {
-           String error = getErrorCodeandMessage(doc.getDocumentElement());
-           throw new SZRGWClientException(error);
-         }
-         else {
-           response.setAssertion(doc.getDocumentElement());  
-         }
-         
-         return response;
-       } catch(Exception e) {
-         e.printStackTrace();
-         throw new SZRGWClientException(e);
-       }
+    	  response.setError(error);
+      }
+      else {
+    	  // set assertion
+    	  response.setAssertion(doc.getDocumentElement());
+      }
+    	
+      return response;
       
+    } catch(Exception e) {
+      throw new SZRGWClientException(e);
+    }
   }
   
-  /**
-   * Returns an errorstring containing errorcode and info from SZR-GW error response
-   * @param element
-   * @return
+  
+  /*
+   * builds an XML soap envelope
    */
-  private String getErrorCodeandMessage(Element element) {
-     String error = "Fehler im SZR-Gateway: ";
-     
-     String code = "";
-     NodeList list = element.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "ErrorCode");
-     for (int i = 0; i < list.getLength(); i++) {
-        Element elem = (Element)list.item(i);
-        code += elem.getTextContent() + "/";
-     }
-     
-     String info = "";
-     list = element.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "Info");
-     for (int i = 0; i < list.getLength(); i++) {
-        Element elem = (Element)list.item(i);
-        info += elem.getTextContent() + "/";
-     }
-     
-     error += code + " " + info;
-     return error;
+  private Element getSOAPBody() throws SZRGWClientException {
+    Document doc_;
+	try {
+		doc_ = ParepUtils.createEmptyDocument();
+		Element root = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENVELOPE);
+	    doc_.appendChild(root);
+	    
+	    root.setAttribute("xmlns" + SOAPConstants.SOAP_ENV_POSTFIX, SOAPConstants.SOAP_ENV_NS);
+	    //root.setAttribute(SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENCODING_STYLE, SOAPConstants.SOAP_ENV_ENCODING_STYLE);
+	    root.setAttribute("xmlns:xsd", "http://www.w3.org/2001/XMLSchema");
+	    root.setAttribute("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance");
+	        
+	    Element body = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.BODY);
+	    root.appendChild(body);
+	    
+	    return body;
+	} catch (SZRGWClientException e) {
+		throw new SZRGWClientException(e);
+	}
+    
   }
   
-  /**
-   * Checks if response from SZR-GW is errorresponse or not
-   * @param element
-   * @return
-   */
-  private boolean checkErrorResponse(Element element) {
-     
-     NodeList list = element.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "ErrorResponse");
-     
-     if (list.getLength() == 0)
-        return false;
-     else 
-        return true;
-  }
-  
-  /*
-   * builds an XML soap envelope
-   */
-  private Element getSOAPBody() throws SZRGWClientException {
-    Document doc_ = ParepUtils.createEmptyDocument();
-    Element root = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENVELOPE);
-    doc_.appendChild(root);
-    
-    root.setAttribute("xmlns" + SOAPConstants.SOAP_ENV_POSTFIX, SOAPConstants.SOAP_ENV_NS);
-    //root.setAttribute(SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENCODING_STYLE, SOAPConstants.SOAP_ENV_ENCODING_STYLE);
-    root.setAttribute("xmlns:xsd", "http://www.w3.org/2001/XMLSchema");
-    root.setAttribute("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance");
-        
-    Element body = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.BODY);
-    root.appendChild(body);
-    
-    return body;
-  }
-  
-}
+  public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException {
+
+	  String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
+		  try {
+			DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
+			factory.setNamespaceAware(true);
+	        DocumentBuilder builder = factory.newDocumentBuilder();
+	        Document doc = builder.newDocument();
+	        
+	        Element getIdentityLink = doc.createElementNS(SZRGW_NS, "szrgw:GetIdentityLinkRequest");
+	        getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGW_NS);
+	        doc.appendChild(getIdentityLink);
+	            
+	        if ( (PEPSIdentifier != null) || (PEPSFirstname != null) || (PEPSFamilyname != null) || (PEPSDateOfBirth != null) ) {
+	        	
+	        	Element pepsDataElem = doc.createElementNS(SZRGW_NS, "szrgw:PEPSData");
+	        	getIdentityLink.appendChild(pepsDataElem);
+	        	
+	        	if (PEPSIdentifier != null) {
+	            	Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Identifier");
+	            	pepsDataElem.appendChild(elem);
+	            	Text text= doc.createTextNode(PEPSIdentifier);
+	            	elem.appendChild(text);
+	            }
+	        	if (PEPSFirstname != null) {
+	            	Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Firstname");
+	            	pepsDataElem.appendChild(elem);
+	            	Text text= doc.createTextNode(PEPSFirstname);
+	            	elem.appendChild(text);
+	            }
+
+	        	if (PEPSFamilyname != null) {
+	            	Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Familyname");
+	            	pepsDataElem.appendChild(elem);
+	            	Text text= doc.createTextNode(PEPSFamilyname);
+	            	elem.appendChild(text);
+	            }
+
+	        	if (PEPSDateOfBirth != null) {
+	            	Element elem = doc.createElementNS(SZRGW_NS, "szrgw:DateOfBirth");
+	            	pepsDataElem.appendChild(elem);
+	            	Text text= doc.createTextNode(PEPSDateOfBirth);
+	            	elem.appendChild(text);
+	            }
+	        }
+	        
+	        if (signature == null)
+	        	throw new SZRGWClientException("Signature element must not be null!");
+	        else {
+	        	Element sig = doc.createElementNS(SZRGW_NS, "szrgw:Signature");
+	        	Element xmlcontent = doc.createElementNS(SZRGW_NS, "szrgw:XMLContent");
+	        	sig.appendChild(xmlcontent);	        	
+	        	Node n = doc.importNode(signature, true);	        	
+	        	getIdentityLink.appendChild(sig);
+	        	xmlcontent.appendChild(n);
+	        }
+	        
+	                          
+	        return doc;
+	    } catch (ParserConfigurationException e) {
+	    	throw new SZRGWClientException(e);
+	    } /*catch (CertificateEncodingException e) {
+	    	throw new SZRGWClientException(e);
+		}*/
+	    
+
+	}
+  
+  public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException {
+
+	  String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
+	  
+	  try {
+			DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
+			factory.setNamespaceAware(true);
+	        DocumentBuilder builder = factory.newDocumentBuilder();
+	        Document doc = builder.newDocument();
+	        
+	        Element getIdentityLink = doc.createElementNS(SZRGW_NS, "szrgw:GetIdentityLinkRequest");
+	        getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGW_NS);
+	        doc.appendChild(getIdentityLink);
+	            
+	        if ( (PEPSIdentifier != null) || (PEPSFirstname != null) || (PEPSFamilyname != null) || (PEPSDateOfBirth != null) ) {
+	        	
+	        	Element pepsDataElem = doc.createElementNS(SZRGW_NS, "szrgw:PEPSData");
+	        	getIdentityLink.appendChild(pepsDataElem);
+	        	
+	        	if (PEPSIdentifier != null) {
+	            	Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Identifier");
+	            	pepsDataElem.appendChild(elem);
+	            	Text text= doc.createTextNode(PEPSIdentifier);
+	            	elem.appendChild(text);
+	            }
+	        	if (PEPSFirstname != null) {
+	            	Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Firstname");
+	            	pepsDataElem.appendChild(elem);
+	            	Text text= doc.createTextNode(PEPSFirstname);
+	            	elem.appendChild(text);
+	            }
+
+	        	if (PEPSFamilyname != null) {
+	            	Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Familyname");
+	            	pepsDataElem.appendChild(elem);
+	            	Text text= doc.createTextNode(PEPSFamilyname);
+	            	elem.appendChild(text);
+	            }
+
+	        	if (PEPSDateOfBirth != null) {
+	            	Element elem = doc.createElementNS(SZRGW_NS, "szrgw:DateOfBirth");
+	            	pepsDataElem.appendChild(elem);
+	            	Text text= doc.createTextNode(PEPSDateOfBirth);
+	            	elem.appendChild(text);
+	            }
+	        }
+	        
+	        if (signature == null)
+	        	throw new SZRGWClientException("Signature element must not be null!");
+	        else {
+	        	Element sig = doc.createElementNS(SZRGW_NS, "szrgw:Signature");
+	        	Element base64content = doc.createElementNS(SZRGW_NS, "szrgw:Base64Content");
+	        	sig.appendChild(base64content);	  
+	        	getIdentityLink.appendChild(sig);
+	        	Text text= doc.createTextNode(signature);
+	        	base64content.appendChild(text);
+	        }
+	                          
+	        return doc;
+	    } catch (ParserConfigurationException e) {
+	    	throw new SZRGWClientException(e);
+	    } /*catch (CertificateEncodingException e) {
+	    	throw new SZRGWClientException(e);
+		}*/
+	    
+
+	}
+  
+}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java
index 25390dc0b..a70ccef90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java
@@ -15,38 +15,38 @@
 */
 package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
 
-/**
- * This class implements the basic exception type for the SZR-gateway client
- * 
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
- */
-public class SZRGWClientException extends Exception {
-
-  /*
-   * see super constructor.
-   */
-  public SZRGWClientException() {
-    super();
-  }
-
-  /*
-   * see super constructor.
-   */
-  public SZRGWClientException(String arg0) {
-    super(arg0);
-  }
-
-  /*
-   * see super construction.
-   */
-  public SZRGWClientException(Throwable arg0) {
-    super(arg0);
-  }
-
-  /*
-   * see super constructor
-   */
-  public SZRGWClientException(String arg0, Throwable arg1) {
-    super(arg0, arg1);
-  }
-}
+/**
+ * This class implements the basic exception type for the SZR-gateway client
+ * 
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWClientException extends Exception {
+
+  /*
+   * see super constructor.
+   */
+  public SZRGWClientException() {
+    super();
+  }
+
+  /*
+   * see super constructor.
+   */
+  public SZRGWClientException(String arg0) {
+    super(arg0);
+  }
+
+  /*
+   * see super construction.
+   */
+  public SZRGWClientException(Throwable arg0) {
+    super(arg0);
+  }
+
+  /*
+   * see super constructor
+   */
+  public SZRGWClientException(String arg0, Throwable arg1) {
+    super(arg0, arg1);
+  }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java
index 476573ec0..4e6f6fa1b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java
@@ -15,54 +15,55 @@
 */
 package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
 
-/**
- * This interface specifies all the constants needed for the communication with the SZR-gateway.
- * 
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
- */
-public interface SZRGWConstants {
-
-  //PersonData
-  public static final String PD_PREFIX = "pr:";
-  public static final String PD_POSTFIX = ":pr";
-  public static final String SAML_PREFIX = "saml:";
-  public static final String SAML_POSTFIX = ":saml";
-  public static final String PERSON = "Person";
-  public static final String PHYSICALPERSON = "PhysicalPerson";
-  public static final String CORPORATEBODY = "CorporateBody";
-  public static final String IDENTIFICATION = "Identification";
-  public static final String VALUE = "Value";
-  public static final String TYPE = "Type";
-  public static final String NAME = "Name";
-  public static final String GIVENNAME = "GivenName";
-  public static final String FAMILYNAME = "FamilyName";
-  public static final String DATEOFBIRTH = "DateOfBirth";
-  public static final String FULLNAME = "FullName";
-  public static final String ORGANIZATION = "Organization";
-  
-  public static final String POSTALADDRESS = "PostalAddress";
-  public static final String DELIVERYADDRESS = "DeliveryAddress";
-  public static final String MUNICIPALITY = "Municipality";
-  public static final String POSTALCODE = "PostalCode";
-  public static final String STREETNAME = "StreetName";
-  public static final String BUILDINGNUMBER = "BuildingNumber";
-  public static final String UNIT = "Unit";
-  //String ADDRESS = "Address";
-  //String COUNTRYCODE = "CountryCode";
-  //String DOORNUMBER = "DoorNumber";
-
-  // SZR-gateway constants
-  public static final String SZRGW_REQUEST_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
-  public static final String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#";
-  public static final String SZRGW_PREFIX = "sgw:";
-  public static final String SZRGW_POSTFIX = ":sgw";
-  public static final String CREATE_MANDATE_REQUEST = "CreateMandateRequest";
-  public static final String CREATE_MANDATE_RESPONSE = "CreateMandateResponse";
-  public static final String ERROR_RESPONSE = "ErrorResponse";
-  public static final String MANDATOR = "Mandator";
-  public static final String REPRESENTATIVE = "Representative";
-  public static final String MANDATE = "Mandate";
-  public static final String MANDATE_PREFIX = "md:";
-  public static final String MANDATE_POSTFIX = ":md";
-
-}
+/**
+ * This interface specifies all the constants needed for the communication with the SZR-gateway.
+ * 
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public interface SZRGWConstants {
+
+  //PersonData
+  public static final String PD_PREFIX = "pr:";
+  public static final String PD_POSTFIX = ":pr";
+  public static final String PERSON = "Person";
+  public static final String PHYSICALPERSON = "PhysicalPerson";
+  public static final String CORPORATEBODY = "CorporateBody";
+  public static final String IDENTIFICATION = "Identification";
+  public static final String VALUE = "Value";
+  public static final String TYPE = "Type";
+  public static final String NAME = "Name";
+  public static final String GIVENNAME = "GivenName";
+  public static final String FAMILYNAME = "FamilyName";
+  public static final String DATEOFBIRTH = "DateOfBirth";
+  public static final String FULLNAME = "FullName";
+  public static final String ORGANIZATION = "Organization";
+  
+  public static final String POSTALADDRESS = "PostalAddress";
+  public static final String DELIVERYADDRESS = "DeliveryAddress";
+  public static final String MUNICIPALITY = "Municipality";
+  public static final String POSTALCODE = "PostalCode";
+  public static final String STREETNAME = "StreetName";
+  public static final String BUILDINGNUMBER = "BuildingNumber";
+  public static final String UNIT = "Unit";
+  //String ADDRESS = "Address";
+  //String COUNTRYCODE = "CountryCode";
+  //String DOORNUMBER = "DoorNumber";
+
+  // SZR-gateway constants
+  public static final String SZRGW_REQUEST_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
+  public static final String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#";
+  public static final String SZRGW_PREFIX = "sgw:";
+  public static final String SZRGW_POSTFIX = ":sgw";
+  public static final String CREATE_MANDATE_REQUEST = "CreateMandateRequest";
+  public static final String CREATE_MANDATE_RESPONSE = "CreateMandateResponse";
+  public static final String ERROR_RESPONSE = "ErrorResponse";
+  public static final String MANDATOR = "Mandator";
+  public static final String REPRESENTATIVE = "Representative";
+  public static final String MANDATE = "Mandate";
+  public static final String MANDATE_PREFIX = "md:";
+  public static final String MANDATE_POSTFIX = ":md";
+  
+  public static final String SAML_PREFIX = "saml:";
+  public static final String SAML_POSTFIX = ":saml";
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java
index af66ca331..bd0595524 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java
@@ -14,126 +14,126 @@
 * limitations under the License.
 */
 package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
 
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.Socket;
-import java.net.UnknownHostException;
-
-import javax.net.ssl.SSLSocketFactory;
-
-import org.apache.commons.httpclient.params.HttpConnectionParams;
-import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
-
-
-/**
- * This class implements a secure protocol socket factory
- * for the Apache HTTP client.
- * 
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
- */
-public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory {
-
-  /**
-   * The SSL socket factory.
-   */
-  private SSLSocketFactory factory;
-  
-  /**
-   * Creates a new Secure socket factory for the
-   * Apache HTTP client.
-   * 
-   * @param factory the SSL socket factory to use.
-   */
-  public SZRGWSecureSocketFactory(SSLSocketFactory factory) {
-    this.factory = factory;
-  }
-  
-  
-  /**
-   * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
-   */
-  public Socket createSocket(
-      String host,
-      int port,
-      InetAddress clientHost,
-      int clientPort)
-      throws IOException, UnknownHostException {
-
-      return this.factory.createSocket(
-          host,
-          port,
-          clientHost,
-          clientPort
-      );
-  }
-
-  /**
-   * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
-   */
-  public Socket createSocket(String host, int port)
-      throws IOException, UnknownHostException {
-      return this.factory.createSocket(
-          host,
-          port
-      );
-  }
-
-  /**
-   * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
-   */
-  public Socket createSocket(
-      Socket socket,
-      String host,
-      int port,
-      boolean autoClose)
-      throws IOException, UnknownHostException {
-      return this.factory.createSocket(
-          socket,
-          host,
-          port,
-          autoClose
-      );
-  }
-  
-  /**
-   * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int,org.apache.commons.httpclient.params.HttpConnectionParams)
-   */
-  public Socket createSocket(
-      String host,
-      int port,
-      InetAddress clientHost,
-      int clientPort,
-      HttpConnectionParams params)
-      throws IOException, UnknownHostException, org.apache.commons.httpclient.ConnectTimeoutException {
-
-      Socket socket = createSocket(host, port, clientHost, clientPort);
-      if (socket != null) {
-          // socket.setKeepAlive(false);
-          if (params.getReceiveBufferSize() >= 0)
-              socket.setReceiveBufferSize(params.getReceiveBufferSize());
-          if (params.getSendBufferSize() >= 0)
-              socket.setSendBufferSize(params.getSendBufferSize());
-          socket.setReuseAddress(true);
-          if (params.getSoTimeout() >= 0)
-              socket.setSoTimeout(params.getSoTimeout());
-      }
-      return socket;
-    
-  }
-
-  /**
-   * @see java.lang.Object#equals(java.lang.Object)
-   */
-  public boolean equals(Object obj) {
-      return ((obj != null) && obj.getClass().equals(SZRGWSecureSocketFactory.class));
-  }
-
-  /**
-   * @see java.lang.Object#hashCode()
-   */
-  public int hashCode() {
-      return SZRGWSecureSocketFactory.class.hashCode();
-  }
-  
-}
+/**
+ * This class implements a secure protocol socket factory
+ * for the Apache HTTP client.
+ * 
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory {
+
+  /**
+   * The SSL socket factory.
+   */
+  private SSLSocketFactory factory;
+  
+  /**
+   * Creates a new Secure socket factory for the
+   * Apache HTTP client.
+   * 
+   * @param factory the SSL socket factory to use.
+   */
+  public SZRGWSecureSocketFactory(SSLSocketFactory factory) {
+    this.factory = factory;
+  }
+  
+  
+  /**
+   * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
+   */
+  public Socket createSocket(
+      String host,
+      int port,
+      InetAddress clientHost,
+      int clientPort)
+      throws IOException, UnknownHostException {
+
+      return this.factory.createSocket(
+          host,
+          port,
+          clientHost,
+          clientPort
+      );
+  }
+
+  /**
+   * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
+   */
+  public Socket createSocket(String host, int port)
+      throws IOException, UnknownHostException {
+      return this.factory.createSocket(
+          host,
+          port
+      );
+  }
+
+  /**
+   * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
+   */
+  public Socket createSocket(
+      Socket socket,
+      String host,
+      int port,
+      boolean autoClose)
+      throws IOException, UnknownHostException {
+      return this.factory.createSocket(
+          socket,
+          host,
+          port,
+          autoClose
+      );
+  }
+  
+  /**
+   * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int,org.apache.commons.httpclient.params.HttpConnectionParams)
+   */
+  public Socket createSocket(
+      String host,
+      int port,
+      InetAddress clientHost,
+      int clientPort,
+      HttpConnectionParams params)
+      throws IOException, UnknownHostException, org.apache.commons.httpclient.ConnectTimeoutException {
+
+      Socket socket = createSocket(host, port, clientHost, clientPort);
+      if (socket != null) {
+          // socket.setKeepAlive(false);
+          if (params.getReceiveBufferSize() >= 0)
+              socket.setReceiveBufferSize(params.getReceiveBufferSize());
+          if (params.getSendBufferSize() >= 0)
+              socket.setSendBufferSize(params.getSendBufferSize());
+          socket.setReuseAddress(true);
+          if (params.getSoTimeout() >= 0)
+              socket.setSoTimeout(params.getSoTimeout());
+      }
+      return socket;
+    
+  }
+
+  /**
+   * @see java.lang.Object#equals(java.lang.Object)
+   */
+  public boolean equals(Object obj) {
+      return ((obj != null) && obj.getClass().equals(SZRGWSecureSocketFactory.class));
+  }
+
+  /**
+   * @see java.lang.Object#hashCode()
+   */
+  public int hashCode() {
+      return SZRGWSecureSocketFactory.class.hashCode();
+  }
+  
+}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
index a61a3de97..9193a591e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
@@ -118,13 +118,4 @@ public class ConnectionParameter {
     this.clientKeyStorePassword = clientKeyStorePassword;
   }
 
-  public String toString() {
-     String s = "* ConnectionParameter *\n";
-     s += "URL: " + url + "\n";
-     s += "acceptedServerCertificates: " + acceptedServerCertificates + "\n";
-     s += "clientKeyStore: " + clientKeyStore + "\n";
-     s += "clientKeyStorePassword: " + clientKeyStorePassword;
-     
-     return s;
-  }
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index 8799082b3..a50a366a5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -20,7 +20,6 @@ import iaik.pki.PKIException;
 import iaik.pki.PKIFactory;
 import iaik.pki.PKIProfile;
 import iaik.pki.jsse.IAIKX509TrustManager;
-import iaik.security.provider.IAIK;
 
 import java.io.BufferedInputStream;
 import java.io.BufferedReader;
@@ -51,6 +50,7 @@ import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl;
 import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager;
 import at.gv.egovernment.moa.logging.Logger;
 
+
 /**
  * Utility for a obtaining a secure socket factory using <code>IAIKX509TrustManager</code>.
  * This <code>TrustManager</code> implementation features CRL checking.<br/>
@@ -102,25 +102,29 @@ public class SSLUtils {
     Logger.debug("Get SSLSocketFactory for " + connParam.getUrl());
     // retrieve SSLSocketFactory if already created
     SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl());
-    if (ssf != null)
+    if (ssf != null) 
       return ssf;
+    
     // else create new SSLSocketFactory
     String trustStoreURL = conf.getTrustedCACertificates();
+    
     if (trustStoreURL == null)
       throw new ConfigurationException(
         "config.08", new Object[] {"TrustedCACertificates"});
     String acceptedServerCertURL = connParam.getAcceptedServerCertificates();
+    
     TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL);
+    
     KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
       "pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword());
     SSLContext ctx = SSLContext.getInstance("TLS");
-    ctx.init(kms, tms, null);
-    ssf = ctx.getSocketFactory();
+    ctx.init(kms, tms, null);    ssf = ctx.getSocketFactory();
     // store SSLSocketFactory
     sslSocketFactories.put(connParam.getUrl(), ssf);
     return ssf;
   }
-
+  
+  
   /**
    * Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
    * using configuration data.
diff --git a/id/server/proxy/.settings/org.eclipse.wst.common.component b/id/server/proxy/.settings/org.eclipse.wst.common.component
index a934dee5b..fad3275dd 100644
--- a/id/server/proxy/.settings/org.eclipse.wst.common.component
+++ b/id/server/proxy/.settings/org.eclipse.wst.common.component
@@ -1,17 +1,17 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-    <wb-module deploy-name="moa-id-proxy">
-        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
-        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
-            <dependency-type>uses</dependency-type>
-        </dependent-module>
-        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
-            <dependency-type>uses</dependency-type>
-        </dependent-module>
-        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
-            <dependency-type>uses</dependency-type>
-        </dependent-module>
-        <property name="context-root" value="moa-id-proxy"/>
-        <property name="java-output-path"/>
-    </wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+    <wb-module deploy-name="moa-id-proxy">
+        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
+            <dependency-type>uses</dependency-type>
+        </dependent-module>
+        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
+            <dependency-type>uses</dependency-type>
+        </dependent-module>
+        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
+            <dependency-type>uses</dependency-type>
+        </dependent-module>
+        <property name="context-root" value="moa-id-proxy"/>
+        <property name="java-output-path"/>
+    </wb-module>
+</project-modules>
diff --git a/id/templates/.settings/org.eclipse.wst.common.component b/id/templates/.settings/org.eclipse.wst.common.component
index dfa33a627..1e8a98df8 100644
--- a/id/templates/.settings/org.eclipse.wst.common.component
+++ b/id/templates/.settings/org.eclipse.wst.common.component
@@ -1,8 +1,8 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-    <wb-module deploy-name="moa-id-templates">
-        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
-        <property name="context-root" value="moa-id-templates"/>
-        <property name="java-output-path"/>
-    </wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+    <wb-module deploy-name="moa-id-templates">
+        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+        <property name="context-root" value="moa-id-templates"/>
+        <property name="java-output-path"/>
+    </wb-module>
+</project-modules>
diff --git a/spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.component b/spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.component
index a5e02254b..ea8402b5f 100644
--- a/spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.component
+++ b/spss/handbook/clients/referencedData/.settings/org.eclipse.wst.common.component
@@ -1,8 +1,8 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-    <wb-module deploy-name="moa-spss-handbook-referencedData">
-        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
-        <property name="context-root" value="moa-spss-handbook-referencedData"/>
-        <property name="java-output-path"/>
-    </wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+    <wb-module deploy-name="moa-spss-handbook-referencedData">
+        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+        <property name="context-root" value="moa-spss-handbook-referencedData"/>
+        <property name="java-output-path"/>
+    </wb-module>
+</project-modules>
diff --git a/spss/server/serverlib/.classpath b/spss/server/serverlib/.classpath
index f0e483a4a..1c79cc393 100644
--- a/spss/server/serverlib/.classpath
+++ b/spss/server/serverlib/.classpath
@@ -1,13 +1,9 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
-	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
-	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
-	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
-	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.nondependency" value=""/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="output" path="target/classes"/>
-</classpath>
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
+	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
+	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.4"/>
+	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.component b/spss/server/serverws/.settings/org.eclipse.wst.common.component
index f859c643a..c83fdc828 100644
--- a/spss/server/serverws/.settings/org.eclipse.wst.common.component
+++ b/spss/server/serverws/.settings/org.eclipse.wst.common.component
@@ -1,14 +1,14 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-<wb-module deploy-name="moa-spss">
-        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
-        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
-            <dependency-type>uses</dependency-type>
-        </dependent-module>
-        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
-            <dependency-type>uses</dependency-type>
-        </dependent-module>
-<property name="context-root" value="moa-spss"/>
-<property name="java-output-path" value="target/classes"/>
-</wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+<wb-module deploy-name="moa-spss">
+        <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
+            <dependency-type>uses</dependency-type>
+        </dependent-module>
+        <dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
+            <dependency-type>uses</dependency-type>
+        </dependent-module>
+<property name="context-root" value="moa-spss"/>
+<property name="java-output-path" value="target/classes"/>
+</wb-module>
+</project-modules>
-- 
cgit v1.2.3


From 4aa19048995f9ddca2f8943287a681992a55b79a Mon Sep 17 00:00:00 2001
From: kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Tue, 13 Jul 2010 09:38:55 +0000
Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1169
 d688527b-c9ab-4aba-bd8d-4036d912da1d

---
 .../resources/resources/schemas/MOA-SPSS-1.4.7.xsd |  18 +-
 .../resources/schemas/MOA-SPSS-config-1.4.7.xsd    |   6 +-
 .../conf/moa-id/SampleMOAIDConfiguration.xml       | 204 +++++++----------
 .../conf/moa-id/SampleMOAIDConfigurationProxy.xml  | 230 +++++++++----------
 .../SampleMOAIDConfiguration_withTestBKs.xml       | 207 ++++++++---------
 .../SampleMOAIDConfiguration_withTestBKsProxy.xml  | 245 +++++++++-----------
 .../conf/moa-id/SampleMOAWIDConfiguration.xml      | 202 ++++++++--------
 .../conf/moa-id/SampleMOAWIDConfigurationProxy.xml | 241 +++++++++----------
 .../SampleMOAWIDConfiguration_withTestBKs.xml      | 216 ++++++++---------
 .../SampleMOAWIDConfiguration_withTestBKsProxy.xml | 255 ++++++++++-----------
 id/server/data/deploy/conf/moa-id/log4j.properties |  10 +-
 .../moa-id/transforms/TransformsInfoAuthBlock.xml  | 190 ---------------
 .../transforms/TransformsInfoAuthBlockText.xml     | 107 ---------
 .../TransformsInfoAuthBlockTextPlain.xml           |  93 --------
 .../TransformsInfoAuthBlockText_deprecated.xml     |  88 -------
 .../TransformsInfoAuthBlock_deprecated.xml         | 183 ---------------
 .../conf/moa-spss/SampleMOASPSSConfiguration.xml   |  20 --
 .../moa-spss/profiles/MOAIDTransformAuthBlock.xml  | 188 ---------------
 .../profiles/MOAIDTransformAuthBlockText.xml       | 105 ---------
 .../profiles/MOAIDTransformAuthBlockTextPlain.xml  |  91 --------
 .../MOAIDTransformAuthBlockText_deprecated.xml     |  86 -------
 .../MOAIDTransformAuthBlock_deprecated.xml         | 181 ---------------
 .../moa/id/proxy/DefaultConnectionBuilder.java     |  24 +-
 .../41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA       | Bin 0 -> 1165 bytes
 .../42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA       | Bin 0 -> 975 bytes
 .../handbook/config/MOA-SPSS-config-1.4.7.xsd      |   8 +-
 spss/handbook/handbook/config/config.html          |   8 +-
 spss/handbook/handbook/install/install.html        |   2 +-
 spss/server/history.txt                            |   8 +-
 spss/server/readme.update.txt                      |   3 -
 .../gv/egovernment/moa/spss/api/SPSSFactory.java   |  23 +-
 .../VerifyCMSSignatureResponseElement.java         |   8 +-
 .../moa/spss/api/common/CheckTSLResult.java        |  40 ----
 .../moa/spss/api/impl/CheckTSLResultImpl.java      |  66 ------
 .../moa/spss/api/impl/SPSSFactoryImpl.java         |  15 +-
 .../VerifyCMSSignatureResponseElementImpl.java     |  15 --
 .../api/impl/VerifyXMLSignatureResponseImpl.java   |  16 +-
 .../xmlbind/VerifyCMSSignatureResponseBuilder.java |  11 +-
 .../xmlbind/VerifyXMLSignatureResponseBuilder.java |   7 +-
 .../api/xmlverify/VerifyXMLSignatureResponse.java  |   7 -
 .../server/config/ConfigurationPartsBuilder.java   |  34 +--
 .../moa/spss/server/config/TrustProfile.java       |  14 +-
 .../invoke/VerifyCMSSignatureResponseBuilder.java  |  47 +---
 .../invoke/VerifyXMLSignatureResponseBuilder.java  |  14 +-
 .../invoke/XMLSignatureVerificationInvoker.java    |  39 +---
 .../properties/spss_messages_de.properties         |   5 +-
 46 files changed, 877 insertions(+), 2703 deletions(-)
 delete mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
 delete mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
 delete mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTextPlain.xml
 delete mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
 delete mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml
 delete mode 100644 id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
 delete mode 100644 id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
 delete mode 100644 id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTextPlain.xml
 delete mode 100644 id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml
 delete mode 100644 id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml
 create mode 100644 spss/handbook/conf/moa-spss/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA
 create mode 100644 spss/handbook/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA
 delete mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java
 delete mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/common/src/main/resources/resources/schemas/MOA-SPSS-1.4.7.xsd b/common/src/main/resources/resources/schemas/MOA-SPSS-1.4.7.xsd
index e3b06b416..653bec578 100644
--- a/common/src/main/resources/resources/schemas/MOA-SPSS-1.4.7.xsd
+++ b/common/src/main/resources/resources/schemas/MOA-SPSS-1.4.7.xsd
@@ -107,14 +107,6 @@
 			</xsd:element>
 			<xsd:element name="SignatureCheck" type="CheckResultType"/>
 			<xsd:element name="CertificateCheck" type="CheckResultType"/>
-			<xsd:element name="TSLCheck" minOccurs="0">
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
-						<xsd:element name="Info" type="xsd:string" minOccurs="0"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
 		</xsd:sequence>
 	</xsd:complexType>
 	<!--########## Verify XML Signature ###-->
@@ -169,15 +161,7 @@
 			<xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
 			<xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
 			<xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
-			<xsd:element name="CertificateCheck" type="CheckResultType"/>
-			<xsd:element name="TSLCheck" minOccurs="0">
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
-						<xsd:element name="Info" type="xsd:string" minOccurs="0"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>			
 		</xsd:sequence>
 	</xsd:complexType>
 	<xsd:simpleType name="ProfileIdentifierType">
diff --git a/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.7.xsd b/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.7.xsd
index a61eed289..4808f3cb7 100644
--- a/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.7.xsd
+++ b/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.4.7.xsd
@@ -1,7 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- edited with XMLSPY v2004 rel. 4 U (http://www.xmlspy.com) by Klaus Stranacher (ORiON) -->
 <!--
-  MOA SP/SS 1.4.5 Configuration Schema
+  MOA SP/SS 1.4.7 Configuration Schema
 -->
 <xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified" xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema">
 	<xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
@@ -140,7 +139,6 @@
 																<xs:element name="Id" type="xs:token"/>
 																<xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>
 																<xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>
-																<xs:element name="TSLLocation" type="xs:anyURI" minOccurs="0"/>
 															</xs:sequence>
 														</xs:complexType>
 													</xs:element>
@@ -154,7 +152,7 @@
 													<xs:element name="MaxRevocationAge" type="xs:integer"/>
 													<xs:element name="ServiceOrder" minOccurs="0">
 														<xs:complexType>
-															<xs:sequence maxOccurs="2">
+															<xs:sequence minOccurs="1" maxOccurs="2">
 																<xs:element name="Service">
 																	<xs:simpleType>
 																		<xs:restriction base="xs:token">
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index f8f6f2677..7c2ca5b67 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -1,78 +1,49 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-ID ohne Proxy mit Unterstuetzung fuer A-Trust und A1-Signatur  -->
+<!-- Beispielkonfiguration fuer MOA-ID ohne Proxy mit Unterstuetzung fuer A-Trust und Handy-Signatur  -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
-  <!-- Konfiguration fuer MOA-ID-AUTH -->
-  <AuthComponent>
-    <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-    <BKUSelection BKUSelectionAlternative="HTMLSelect">
-      <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-        <!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-      </ConnectionParameter>
-    </BKUSelection>
-    <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+	<!-- Konfiguration fuer MOA-ID-AUTH -->
+	<AuthComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+		<BKUSelection BKUSelectionAlternative="HTMLSelect">
+			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+				<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			</ConnectionParameter>
+		</BKUSelection>
+		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
         &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
-    <Templates>
-      <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-      <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-      <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-    </Templates>
-    <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
-    <SecurityLayer>
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
-      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
-      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>-->
-      <!-- TransformInfo in Plaintext, alternative Variante -->
-	  <!--
-	    NOTE:
-		This TransformsInfo produces plain text output. It does not use the
-		XSL transform output method 'text', as the way new line characters are
-		rendered by the XSL transform implementation is platform dependent.
-		Therefore, an output method of 'xml' is used to create a single
-		element node with the plain text as child element and a XPath filter
-		transform is used to remove all nodes, but text nodes.
-	  -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTextPlain.xml"/>
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-    </SecurityLayer>
-    <MOA-SP>
-      <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+		<Templates>
+			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+		</Templates>
+		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+		<SecurityLayer>
+			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+		</SecurityLayer>
+		<MOA-SP>
+			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
            Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
-      <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
-      <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
-      <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-      <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-      <!-- </ConnectionParameter> -->
-      <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-      <VerifyIdentityLink>
-        <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
-      </VerifyIdentityLink>
-      <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-      <VerifyAuthBlock>
-        <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
-        <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
-        <!-- VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> -->
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTextPlain</VerifyTransformsInfoProfileID>
-        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
-        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
-        <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
-        <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
-        <!-- Für TransformsInfoProfile in Tabellenform -->
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
-      </VerifyAuthBlock>
-    </MOA-SP>
-    
-    <VerifyInfoboxes>
-      <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-      <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+			<!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
+			<!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			<!-- </ConnectionParameter> -->
+			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyIdentityLink>
+				<TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
+			</VerifyIdentityLink>
+			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyAuthBlock>
+				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
+				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+			</VerifyAuthBlock>
+		</MOA-SP>
+		<VerifyInfoboxes>
+			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
+			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
         <FriendlyName>Vollmachten</FriendlyName>
         <!--
         <ApplicationSpecificParameters>
@@ -122,54 +93,53 @@
           </PartyRepresentation>
         </ParepSpecificParameters>
       </Infobox?>
-    </VerifyInfoboxes>
-    
-  </AuthComponent>
-
-
-  <!-- Eintragung fuer jede Online-Applikation -->
-  <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
-  <OnlineApplication publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
-    <!-- fuer MOA-ID-AUTH -->
-    <AuthComponent slVersion="1.2">
-      <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+		</VerifyInfoboxes>
+		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
+		<ForeignIdentities>
+			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+			</ConnectionParameter>
+		</ForeignIdentities>
+	</AuthComponent>
+	<!-- Eintragung fuer jede Online-Applikation -->
+	<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
+	<OnlineApplication publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
+		<!-- fuer MOA-ID-AUTH -->
+		<AuthComponent slVersion="1.2">
+			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
            &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
            nur f&uuml;r diese Online Applikation<-->
-      <Templates>
-        <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-        <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-        <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-      </Templates>
-      <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-    </AuthComponent>
-  </OnlineApplication>
-
-  <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
-  <ChainingModes systemDefaultMode="pkix">
+			<Templates>
+				<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+				<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+				<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+			</Templates>
+			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+			<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+			<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+			<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</AuthComponent>
+	</OnlineApplication>
+	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+	<ChainingModes systemDefaultMode="pkix">
   </ChainingModes>
-  
-  <!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
        zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
-  <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
-  
-  <!-- Cache-Verzeichnis fuer-Zertifikate -->
-  <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
-  <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
-  <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
-  <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
-  <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
-  <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
-  
-  <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
-  <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
-  <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
-  <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+	<!-- Cache-Verzeichnis fuer-Zertifikate -->
+	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index b6a0ed6a2..fb5a0b344 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -1,66 +1,49 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer A-Trust und A1-Signatur -->
+<!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer A-Trust und Handy-Signatur -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
-  <!-- Konfiguration fuer MOA-ID-AUTH -->
-  <AuthComponent>
-    <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-    <BKUSelection BKUSelectionAlternative="HTMLSelect">
-      <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-        <!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-      </ConnectionParameter>
-    </BKUSelection>
-    <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+	<!-- Konfiguration fuer MOA-ID-AUTH -->
+	<AuthComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+		<BKUSelection BKUSelectionAlternative="HTMLSelect">
+			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+				<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			</ConnectionParameter>
+		</BKUSelection>
+		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
         &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
-    <Templates>
-      <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-      <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-      <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-    </Templates>
-    <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
-    <SecurityLayer>
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>      
-      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
-      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-    </SecurityLayer>
-    <MOA-SP>
-      <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+		<Templates>
+			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+		</Templates>
+		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+		<SecurityLayer>
+			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+		</SecurityLayer>
+		<MOA-SP>
+			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
            Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
-      <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
-      <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
-      <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-      <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-      <!-- </ConnectionParameter> -->
-      <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-      <VerifyIdentityLink>
-        <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
-      </VerifyIdentityLink>
-      <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-      <VerifyAuthBlock>
-        <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
-        <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
-        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
-        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
-        <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
-        <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
-        <!-- Für TransformsInfoProfile in Tabellenform -->
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
-      </VerifyAuthBlock>
-    </MOA-SP>
-    
-    <VerifyInfoboxes>
-      <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-      <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+			<!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
+			<!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			<!-- </ConnectionParameter> -->
+			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyIdentityLink>
+				<TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
+			</VerifyIdentityLink>
+			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyAuthBlock>
+				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
+				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+			</VerifyAuthBlock>
+		</MOA-SP>
+		<VerifyInfoboxes>
+			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
+			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
         <FriendlyName>Vollmachten</FriendlyName>
         <!--
         <ApplicationSpecificParameters>
@@ -110,74 +93,73 @@
           </PartyRepresentation>
         </ParepSpecificParameters>
       </Infobox?>
-    </VerifyInfoboxes>
-    
-  </AuthComponent>
-
-  <!-- Konfiguration fuer MOA-ID-PROXY -->
-  <ProxyComponent>
-    <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
-    <AuthComponent>
-      <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
-        <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-        <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-      </ConnectionParameter>
-    </AuthComponent>
-  </ProxyComponent>
-  
-  
-  <!-- Eintragung fuer jede Online-Applikation -->
-  <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
-  <OnlineApplication publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
-    <!-- fuer MOA-ID-AUTH -->
-    <AuthComponent slVersion="1.2">
-      <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+		</VerifyInfoboxes>
+		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
+		<ForeignIdentities>
+			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+			</ConnectionParameter>
+		</ForeignIdentities>
+	</AuthComponent>
+	<!-- Konfiguration fuer MOA-ID-PROXY -->
+	<ProxyComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+		<AuthComponent>
+			<ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+				<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+				<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			</ConnectionParameter>
+		</AuthComponent>
+	</ProxyComponent>
+	<!-- Eintragung fuer jede Online-Applikation -->
+	<!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
+	<OnlineApplication publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
+		<!-- fuer MOA-ID-AUTH -->
+		<AuthComponent slVersion="1.2">
+			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
            &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
            nur f&uuml;r diese Online Applikation<-->
-      <Templates>
-        <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-        <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-        <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-      </Templates>
-      <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-    </AuthComponent>
-    <!-- fuer MOA-ID-PROXY -->
-    <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
-      <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
-      <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
-      <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
-        <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-        <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-      </ConnectionParameter>
-    </ProxyComponent>
-  </OnlineApplication>
-
-  <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
-  <ChainingModes systemDefaultMode="pkix">
+			<Templates>
+				<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+				<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+				<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+			</Templates>
+			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+			<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+			<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+			<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</AuthComponent>
+		<!-- fuer MOA-ID-PROXY -->
+		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
+			<!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
+			<!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+			<ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
+				<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+				<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			</ConnectionParameter>
+		</ProxyComponent>
+	</OnlineApplication>
+	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+	<ChainingModes systemDefaultMode="pkix">
   </ChainingModes>
-
-  <!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
        fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird 
        zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
-  <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
-
-  <!-- Cache-Verzeichnis fuer-Zertifikate -->
-  <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
-  <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
-  <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
-  <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
-  <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
-  <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
-  <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
-  <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
-  <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
-  <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+	<!-- Cache-Verzeichnis fuer-Zertifikate -->
+	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index f25557ea2..519b83f60 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -1,75 +1,55 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-ID ohne Proxy mit Unterstuetzung fuer 
-     A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext
--->
+<!-- Beispielkonfiguration fuer MOA-ID ohne Proxy mit Unterstuetzung fuer A-Trust und Handy-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
-  <!-- Konfiguration fuer MOA-ID-AUTH -->
-  <AuthComponent>
-    <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-    <BKUSelection BKUSelectionAlternative="HTMLSelect">
-      <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-        <!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-      </ConnectionParameter>
-    </BKUSelection>
-    <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+	<!-- Konfiguration fuer MOA-ID-AUTH -->
+	<AuthComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+		<BKUSelection BKUSelectionAlternative="HTMLSelect">
+			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+				<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			</ConnectionParameter>
+		</BKUSelection>
+		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
         &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
-    <Templates>
-      <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-      <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-      <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-    </Templates>
-    <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
-    <SecurityLayer>
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>      
-      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
-      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-    </SecurityLayer>
-    <MOA-SP>
-      <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+		<Templates>
+			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+		</Templates>
+		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+		<SecurityLayer>
+			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+		</SecurityLayer>
+		<MOA-SP>
+			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
            Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
-      <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
-      <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-      <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-      <!-- </ConnectionParameter> -->
-      <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-      <VerifyIdentityLink>
-        <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
-        <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
-      </VerifyIdentityLink>
-      <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-      <VerifyAuthBlock>
-        <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-        <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
-        <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
-        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
-        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
-        <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
-        <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
-        <!-- Für TransformsInfoProfile in Tabellenform -->
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
-      </VerifyAuthBlock>
-    </MOA-SP>
-
-    <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
-    <!-- IdentityLinkSigners-->
-    <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-    <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
-    <!--/IdentityLinkSigners-->
-
-    <VerifyInfoboxes>
-      <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-      <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+			<!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			<!-- </ConnectionParameter> -->
+			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyIdentityLink>
+				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
+				<TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
+			</VerifyIdentityLink>
+			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyAuthBlock>
+				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
+				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+			</VerifyAuthBlock>
+		</MOA-SP>
+		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
+		<!-- IdentityLinkSigners-->
+		<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+		<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
+		<!--/IdentityLinkSigners-->
+		<VerifyInfoboxes>
+			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
+			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
         <FriendlyName>Vollmachten</FriendlyName>
         <!--
         <ApplicationSpecificParameters>
@@ -119,54 +99,53 @@
           </PartyRepresentation>
         </ParepSpecificParameters>
       </Infobox?>
-    </VerifyInfoboxes>
-
-  </AuthComponent>
-
-
-  <!-- Eintragung fuer jede Online-Applikation -->
-  <!--  publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden  -->
-  <OnlineApplication publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
-    <!-- fuer MOA-ID-AUTH -->
-    <AuthComponent slVersion="1.2">
-      <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+		</VerifyInfoboxes>
+		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
+		<ForeignIdentities>
+			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+			</ConnectionParameter>
+		</ForeignIdentities>
+	</AuthComponent>
+	<!-- Eintragung fuer jede Online-Applikation -->
+	<!--  publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden  -->
+	<OnlineApplication publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
+		<!-- fuer MOA-ID-AUTH -->
+		<AuthComponent slVersion="1.2">
+			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
            &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
            nur f&uuml;r diese Online Applikation<-->
-      <Templates>
-        <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-        <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-        <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-      </Templates>
-      <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-    </AuthComponent>
-  </OnlineApplication>
-
-  <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
-  <ChainingModes systemDefaultMode="pkix">
+			<Templates>
+				<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+				<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+				<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+			</Templates>
+			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+			<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+			<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+			<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</AuthComponent>
+	</OnlineApplication>
+	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+	<ChainingModes systemDefaultMode="pkix">
 	</ChainingModes>
-
-  <!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
        zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
-  <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
-
-  <!-- Cache-Verzeichnis fuer-Zertifikate -->
-  <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
-  <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
-  <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
-  <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
-  <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
-  <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
-
-  <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
-  <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
-  <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
-  <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+	<!-- Cache-Verzeichnis fuer-Zertifikate -->
+	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index 81a3d02ca..03065a4da 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -1,74 +1,55 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer 
-     A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext -->
+<!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer A-Trust und Handy-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
-  <!-- Konfiguration fuer MOA-ID-AUTH -->
-  <AuthComponent>
-    <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-    <BKUSelection BKUSelectionAlternative="HTMLSelect">
-      <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-        <!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-      </ConnectionParameter>
-    </BKUSelection>
-    <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+	<!-- Konfiguration fuer MOA-ID-AUTH -->
+	<AuthComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+		<BKUSelection BKUSelectionAlternative="HTMLSelect">
+			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+				<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			</ConnectionParameter>
+		</BKUSelection>
+		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
         &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
-    <Templates>
-      <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-      <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-      <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-    </Templates>
-    <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
-    <SecurityLayer>
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>      
-      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
-      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-    </SecurityLayer>
-    <MOA-SP>
-      <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+		<Templates>
+			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+		</Templates>
+		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+		<SecurityLayer>
+			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+		</SecurityLayer>
+		<MOA-SP>
+			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
            Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
-      <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
-      <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-      <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-      <!-- </ConnectionParameter> -->
-      <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-      <VerifyIdentityLink>
-        <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
-        <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
-      </VerifyIdentityLink>
-      <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-      <VerifyAuthBlock>
-        <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-        <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
-        <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
-        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
-        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
-        <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
-        <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
-        <!-- Für TransformsInfoProfile in Tabellenform -->
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
-      </VerifyAuthBlock>
-    </MOA-SP>
-
-    <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
-    <!-- IdentityLinkSigners-->
-    <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-    <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
-    <!--/IdentityLinkSigners-->
-
-    <VerifyInfoboxes>
-      <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-      <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+			<!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			<!-- </ConnectionParameter> -->
+			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyIdentityLink>
+				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
+				<TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
+			</VerifyIdentityLink>
+			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyAuthBlock>
+				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
+				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+			</VerifyAuthBlock>
+		</MOA-SP>
+		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
+		<!-- IdentityLinkSigners-->
+		<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+		<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
+		<!--/IdentityLinkSigners-->
+		<VerifyInfoboxes>
+			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
+			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
         <FriendlyName>Vollmachten</FriendlyName>
         <!--
         <ApplicationSpecificParameters>
@@ -118,75 +99,73 @@
           </PartyRepresentation>
         </ParepSpecificParameters>
       </Infobox?>
-    </VerifyInfoboxes>
-
-  </AuthComponent>
-
-  <!-- Konfiguration fuer MOA-ID-PROXY -->
-  <ProxyComponent>
-    <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
-    <AuthComponent>
-      <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
-        <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-        <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-      </ConnectionParameter>
-    </AuthComponent>
-  </ProxyComponent>
-
-
-  <!-- Eintragung fuer jede Online-Applikation -->
-  <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
-  <OnlineApplication publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
-    <!-- fuer MOA-ID-AUTH -->
-    <AuthComponent slVersion="1.2">
-      <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+		</VerifyInfoboxes>
+		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
+		<ForeignIdentities>
+			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+			</ConnectionParameter>
+		</ForeignIdentities>
+	</AuthComponent>
+	<!-- Konfiguration fuer MOA-ID-PROXY -->
+	<ProxyComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+		<AuthComponent>
+			<ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+				<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+				<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			</ConnectionParameter>
+		</AuthComponent>
+	</ProxyComponent>
+	<!-- Eintragung fuer jede Online-Applikation -->
+	<!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
+	<OnlineApplication publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
+		<!-- fuer MOA-ID-AUTH -->
+		<AuthComponent slVersion="1.2">
+			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
            &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
            nur f&uuml;r diese Online Applikation<-->
-      <Templates>
-        <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-        <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-        <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-      </Templates>
-      <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-    </AuthComponent>
-    <!-- fuer MOA-ID-PROXY -->
-    <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
-      <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
-      <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
-      <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
-        <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-        <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-      </ConnectionParameter>
-    </ProxyComponent>
-  </OnlineApplication>
-
-  <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
-  <ChainingModes systemDefaultMode="pkix">
+			<Templates>
+				<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+				<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+				<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+			</Templates>
+			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+			<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+			<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+			<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</AuthComponent>
+		<!-- fuer MOA-ID-PROXY -->
+		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
+			<!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
+			<!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+			<ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
+				<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+				<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			</ConnectionParameter>
+		</ProxyComponent>
+	</OnlineApplication>
+	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+	<ChainingModes systemDefaultMode="pkix">
   </ChainingModes>
-
-  <!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
        fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird 
        zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
-  <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
-
-  <!-- Cache-Verzeichnis fuer-Zertifikate -->
-  <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
-  <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
-  <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
-  <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
-  <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
-  <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
-
-  <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
-  <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
-  <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
-  <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+	<!-- Cache-Verzeichnis fuer-Zertifikate -->
+	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index d6755f14f..af308e454 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -1,66 +1,49 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-WID ohne Proxy mit Unterstuetzung fuer A-Trust und A1-Signatur -->
+<!-- Beispielkonfiguration fuer MOA-WID ohne Proxy mit Unterstuetzung fuer A-Trust und Handy-Signatur -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-  <!-- Konfiguration fuer MOA-ID-AUTH -->
-  <AuthComponent>
-    <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-    <BKUSelection BKUSelectionAlternative="HTMLSelect">
-      <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-        <!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-      </ConnectionParameter>
-    </BKUSelection>
-    <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+	<!-- Konfiguration fuer MOA-ID-AUTH -->
+	<AuthComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+		<BKUSelection BKUSelectionAlternative="HTMLSelect">
+			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+				<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			</ConnectionParameter>
+		</BKUSelection>
+		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
         &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
-    <Templates>
-      <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-      <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-      <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-    </Templates>
-    <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
-    <SecurityLayer>
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>      
-      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
-      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-    </SecurityLayer>
-    <MOA-SP>
-      <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+		<Templates>
+			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+		</Templates>
+		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+		<SecurityLayer>
+			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+		</SecurityLayer>
+		<MOA-SP>
+			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
            Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
-      <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
-      <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
-      <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-      <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-      <!-- </ConnectionParameter> -->
-      <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-      <VerifyIdentityLink>
-        <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
-      </VerifyIdentityLink>
-      <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-      <VerifyAuthBlock>
-        <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
-        <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
-        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
-        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
-        <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
-        <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
-        <!-- Für TransformsInfoProfile in Tabellenform -->
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
-      </VerifyAuthBlock>
-    </MOA-SP>
-    
-    <VerifyInfoboxes>
-      <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-      <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+			<!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
+			<!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			<!-- </ConnectionParameter> -->
+			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyIdentityLink>
+				<TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
+			</VerifyIdentityLink>
+			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyAuthBlock>
+				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
+				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+			</VerifyAuthBlock>
+		</MOA-SP>
+		<VerifyInfoboxes>
+			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
+			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
         <FriendlyName>Vollmachten</FriendlyName>
         <!--
         <ApplicationSpecificParameters>
@@ -108,59 +91,58 @@
           </PartyRepresentation>
         </ParepSpecificParameters>
       </Infobox?>
-    </VerifyInfoboxes>
-    
-  </AuthComponent>
-  
-  
-  <!-- Eintragung fuer jede Online-Applikation -->
-  <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
-  <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
-    <!-- fuer MOA-ID-AUTH WID Modus -->
-    <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
-      <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
-      <IdentificationNumber>
-        <!-- Beispiel Firmenbuchnummer -->
-        <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
-      </IdentificationNumber>
-      <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+		</VerifyInfoboxes>
+		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
+		<ForeignIdentities>
+			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+			</ConnectionParameter>
+		</ForeignIdentities>
+	</AuthComponent>
+	<!-- Eintragung fuer jede Online-Applikation -->
+	<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
+	<OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
+		<!-- fuer MOA-ID-AUTH WID Modus -->
+		<AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
+			<!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
+			<IdentificationNumber>
+				<!-- Beispiel Firmenbuchnummer -->
+				<pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
+			</IdentificationNumber>
+			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
            &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
            nur f&uuml;r diese Online Applikation<-->
-      <Templates>
-        <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-        <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-        <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-      </Templates>
-      <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-    </AuthComponent>
-  </OnlineApplication>
-  
-  <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
-  <ChainingModes systemDefaultMode="pkix">
+			<Templates>
+				<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+				<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+				<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+			</Templates>
+			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+			<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+			<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+			<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</AuthComponent>
+	</OnlineApplication>
+	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+	<ChainingModes systemDefaultMode="pkix">
   </ChainingModes>
-  
-  <!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
        zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
-  <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
-  
-  <!-- Cache-Verzeichnis fuer-Zertifikate -->
-  <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
-  <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
-  <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
-  <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
-  <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
-  <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
-  
-  <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
-  <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
-  <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
-  <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+	<!-- Cache-Verzeichnis fuer-Zertifikate -->
+	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index 163de5cdb..11ee6846c 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -1,66 +1,49 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-WID mit Unterstuetzung fuer A-Trust und A1-Signatur -->
+<!-- Beispielkonfiguration fuer MOA-WID mit Unterstuetzung fuer A-Trust und Handy-Signatur -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-  <!-- Konfiguration fuer MOA-ID-AUTH -->
-  <AuthComponent>
-    <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-    <BKUSelection BKUSelectionAlternative="HTMLSelect">
-      <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-        <!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-      </ConnectionParameter>
-    </BKUSelection>
-    <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+	<!-- Konfiguration fuer MOA-ID-AUTH -->
+	<AuthComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+		<BKUSelection BKUSelectionAlternative="HTMLSelect">
+			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+				<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			</ConnectionParameter>
+		</BKUSelection>
+		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
         &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
-    <Templates>
-      <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-      <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-      <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-    </Templates>
-    <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
-    <SecurityLayer>
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>      
-      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
-      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-    </SecurityLayer>
-    <MOA-SP>
-      <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+		<Templates>
+			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+		</Templates>
+		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+		<SecurityLayer>
+			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+		</SecurityLayer>
+		<MOA-SP>
+			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
            Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
-      <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
-      <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
-      <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-      <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-      <!-- </ConnectionParameter> -->
-      <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-      <VerifyIdentityLink>
-        <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
-      </VerifyIdentityLink>
-      <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-      <VerifyAuthBlock>
-        <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
-        <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
-        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
-        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
-        <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
-        <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
-        <!-- Für TransformsInfoProfile in Tabellenform -->
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
-      </VerifyAuthBlock>
-    </MOA-SP>
-    
-    <VerifyInfoboxes>
-      <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-      <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+			<!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
+			<!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			<!-- </ConnectionParameter> -->
+			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyIdentityLink>
+				<TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
+			</VerifyIdentityLink>
+			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyAuthBlock>
+				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
+				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+			</VerifyAuthBlock>
+		</MOA-SP>
+		<VerifyInfoboxes>
+			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
+			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
         <FriendlyName>Vollmachten</FriendlyName>
         <!--
         <ApplicationSpecificParameters>
@@ -108,80 +91,78 @@
           </PartyRepresentation>
         </ParepSpecificParameters>
       </Infobox?>
-    </VerifyInfoboxes>
-    
-  </AuthComponent>
-  
-  <!-- Konfiguration fuer MOA-ID-PROXY -->
-  <ProxyComponent>
-    <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
-    <AuthComponent>
-      <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
-        <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-        <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-      </ConnectionParameter>
-    </AuthComponent>
-  </ProxyComponent>
-  
-  
-  <!-- Eintragung fuer jede Online-Applikation -->
-  <!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
-  <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
-    <!-- fuer MOA-ID-AUTH WID Modus -->
-    <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
-      <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
-      <IdentificationNumber>
-        <!-- Beispiel Firmenbuchnummer -->
-        <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
-      </IdentificationNumber>
-      <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+		</VerifyInfoboxes>
+		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
+		<ForeignIdentities>
+			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+			</ConnectionParameter>
+		</ForeignIdentities>
+	</AuthComponent>
+	<!-- Konfiguration fuer MOA-ID-PROXY -->
+	<ProxyComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+		<AuthComponent>
+			<ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+				<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+				<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			</ConnectionParameter>
+		</AuthComponent>
+	</ProxyComponent>
+	<!-- Eintragung fuer jede Online-Applikation -->
+	<!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
+	<OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
+		<!-- fuer MOA-ID-AUTH WID Modus -->
+		<AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
+			<!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
+			<IdentificationNumber>
+				<!-- Beispiel Firmenbuchnummer -->
+				<pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
+			</IdentificationNumber>
+			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
            &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
            nur f&uuml;r diese Online Applikation<-->
-      <Templates>
-        <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-        <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-        <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-      </Templates>
-      <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-    </AuthComponent>
-    <!-- fuer MOA-ID-PROXY -->
-    <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
-      <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
-      <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
-      <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
-        <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-        <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-      </ConnectionParameter>
-    </ProxyComponent>
-  </OnlineApplication>
-  
-  <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
-  <ChainingModes systemDefaultMode="pkix">
+			<Templates>
+				<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+				<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+				<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+			</Templates>
+			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+			<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+			<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+			<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</AuthComponent>
+		<!-- fuer MOA-ID-PROXY -->
+		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
+			<!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
+			<!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+			<ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
+				<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+				<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			</ConnectionParameter>
+		</ProxyComponent>
+	</OnlineApplication>
+	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+	<ChainingModes systemDefaultMode="pkix">
   </ChainingModes>
-  
-  <!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
        fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird 
        zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
-  <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
-  
-  <!-- Cache-Verzeichnis fuer-Zertifikate -->
-  <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
-  <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
-  <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
-  <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
-  <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
-  <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
-  
-  <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
-  <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
-  <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
-  <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+	<!-- Cache-Verzeichnis fuer-Zertifikate -->
+	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index 965222fd0..cfe35071f 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -1,74 +1,55 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-WID ohne Proxy mit Unterstuetzung fuer 
-     A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext -->
+<!-- Beispielkonfiguration fuer MOA-WID ohne Proxy mit Unterstuetzung fuer A-Trust und Handy-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
-  <!-- Konfiguration fuer MOA-ID-AUTH -->
-  <AuthComponent>
-    <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-    <BKUSelection BKUSelectionAlternative="HTMLSelect">
-      <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-        <!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-      </ConnectionParameter>
-    </BKUSelection>
-    <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+	<!-- Konfiguration fuer MOA-ID-AUTH -->
+	<AuthComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+		<BKUSelection BKUSelectionAlternative="HTMLSelect">
+			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+				<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			</ConnectionParameter>
+		</BKUSelection>
+		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
         &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
-    <Templates>
-      <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-      <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-      <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-    </Templates>
-    <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
-    <SecurityLayer>
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>      
-      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
-      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-    </SecurityLayer>
-    <MOA-SP>
-      <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+		<Templates>
+			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+		</Templates>
+		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+		<SecurityLayer>
+			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+		</SecurityLayer>
+		<MOA-SP>
+			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
            Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
-      <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
-      <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-      <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-      <!-- </ConnectionParameter> -->
-      <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-      <VerifyIdentityLink>
-        <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
-        <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
-      </VerifyIdentityLink>
-      <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-      <VerifyAuthBlock>
-        <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-        <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
-        <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
-        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
-        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
-        <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
-        <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
-        <!-- Für TransformsInfoProfile in Tabellenform -->
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
-      </VerifyAuthBlock>
-    </MOA-SP>
-
-    <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
-    <!-- IdentityLinkSigners-->
-    <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-    <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
-    <!--/IdentityLinkSigners-->
-
-    <VerifyInfoboxes>
-      <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-      <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+			<!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			<!-- </ConnectionParameter> -->
+			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyIdentityLink>
+				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
+				<TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
+			</VerifyIdentityLink>
+			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyAuthBlock>
+				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
+				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+			</VerifyAuthBlock>
+		</MOA-SP>
+		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
+		<!-- IdentityLinkSigners-->
+		<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+		<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
+		<!--/IdentityLinkSigners-->
+		<VerifyInfoboxes>
+			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
+			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
         <FriendlyName>Vollmachten</FriendlyName>
         <!--
         <ApplicationSpecificParameters>
@@ -116,59 +97,58 @@
           </PartyRepresentation>
         </ParepSpecificParameters>
       </Infobox?>
-    </VerifyInfoboxes>
-    
-  </AuthComponent>
-  
-  
-  <!-- Eintragung fuer jede Online-Applikation -->
-  <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
-  <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
-    <!-- fuer MOA-ID-AUTH WID Modus -->
-    <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
-      <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
-      <IdentificationNumber>
-        <!-- Beispiel Firmenbuchnummer -->
-        <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
-      </IdentificationNumber>
-      <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+		</VerifyInfoboxes>
+		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
+		<ForeignIdentities>
+			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+			</ConnectionParameter>
+		</ForeignIdentities>
+	</AuthComponent>
+	<!-- Eintragung fuer jede Online-Applikation -->
+	<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
+	<OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
+		<!-- fuer MOA-ID-AUTH WID Modus -->
+		<AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
+			<!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
+			<IdentificationNumber>
+				<!-- Beispiel Firmenbuchnummer -->
+				<pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
+			</IdentificationNumber>
+			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
            &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
            nur f&uuml;r diese Online Applikation<-->
-      <Templates>
-        <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-        <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-        <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-      </Templates>
-      <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-    </AuthComponent>
-  </OnlineApplication>
-
-  <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
-  <ChainingModes systemDefaultMode="pkix">
+			<Templates>
+				<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+				<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+				<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+			</Templates>
+			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+			<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+			<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+			<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</AuthComponent>
+	</OnlineApplication>
+	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+	<ChainingModes systemDefaultMode="pkix">
   </ChainingModes>
-
-  <!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
        zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
-  <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
-
-  <!-- Cache-Verzeichnis fuer-Zertifikate -->
-  <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
-  <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
-  <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
-  <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
-  <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
-  <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
-
-  <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
-  <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
-  <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
-  <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+	<!-- Cache-Verzeichnis fuer-Zertifikate -->
+	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 545cc892b..e6b012d42 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -1,74 +1,55 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-WID mit Unterstuetzung fuer 
-     A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext -->
+<!-- Beispielkonfiguration fuer MOA-WID mit Unterstuetzung fuer A-Trust und Handy-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
-  <!-- Konfiguration fuer MOA-ID-AUTH -->
-  <AuthComponent>
-    <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-    <BKUSelection BKUSelectionAlternative="HTMLSelect">
-      <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-        <!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-      </ConnectionParameter>
-    </BKUSelection>
-    <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+	<!-- Konfiguration fuer MOA-ID-AUTH -->
+	<AuthComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+		<BKUSelection BKUSelectionAlternative="HTMLSelect">
+			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+				<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			</ConnectionParameter>
+		</BKUSelection>
+		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
         &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
-    <Templates>
-      <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-      <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-      <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-    </Templates>
-    <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
-    <SecurityLayer>
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-      <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>      
-      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/ -->
-      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <!-- TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/ -->
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-    </SecurityLayer>
-    <MOA-SP>
-      <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
+		<Templates>
+			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+		</Templates>
+		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+		<SecurityLayer>
+			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+		</SecurityLayer>
+		<MOA-SP>
+			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
            Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
-      <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
-      <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-      <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-      <!-- </ConnectionParameter> -->
-      <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-      <VerifyIdentityLink>
-        <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
-        <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
-      </VerifyIdentityLink>
-      <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
-      <VerifyAuthBlock>
-        <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-        <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
-        <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
-        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
-        <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
-        <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
-        <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
-        <!-- Für TransformsInfoProfile in Tabellenform -->
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
-      </VerifyAuthBlock>
-    </MOA-SP>
-
-    <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
-    <!-- IdentityLinkSigners-->
-    <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-    <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
-    <!--/IdentityLinkSigners-->
-
-    <VerifyInfoboxes>
-      <!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-      <?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
+			<!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
+			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			<!-- </ConnectionParameter> -->
+			<!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyIdentityLink>
+				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
+				<TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
+			</VerifyIdentityLink>
+			<!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+			<VerifyAuthBlock>
+				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
+				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+			</VerifyAuthBlock>
+		</MOA-SP>
+		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
+		<!-- IdentityLinkSigners-->
+		<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+		<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
+		<!--/IdentityLinkSigners-->
+		<VerifyInfoboxes>
+			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
+			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
         <FriendlyName>Vollmachten</FriendlyName>
         <!--
         <ApplicationSpecificParameters>
@@ -116,80 +97,78 @@
           </PartyRepresentation>
         </ParepSpecificParameters>
       </Infobox?>
-    </VerifyInfoboxes>
-
-  </AuthComponent>
-
-  <!-- Konfiguration fuer MOA-ID-PROXY -->
-  <ProxyComponent>
-    <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
-    <AuthComponent>
-      <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
-        <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-        <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-      </ConnectionParameter>
-    </AuthComponent>
-  </ProxyComponent>
-
-
-  <!-- Eintragung fuer jede Online-Applikation -->
-  <!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
-  <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
-    <!-- fuer MOA-ID-AUTH WID Modus -->
-    <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
-      <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
-      <IdentificationNumber>
-        <!-- Beispiel Firmenbuchnummer -->
-        <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
-      </IdentificationNumber>
-      <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+		</VerifyInfoboxes>
+		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
+		<ForeignIdentities>
+			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+			</ConnectionParameter>
+		</ForeignIdentities>
+	</AuthComponent>
+	<!-- Konfiguration fuer MOA-ID-PROXY -->
+	<ProxyComponent>
+		<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+		<AuthComponent>
+			<ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+				<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+				<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			</ConnectionParameter>
+		</AuthComponent>
+	</ProxyComponent>
+	<!-- Eintragung fuer jede Online-Applikation -->
+	<!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
+	<OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
+		<!-- fuer MOA-ID-AUTH WID Modus -->
+		<AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
+			<!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
+			<IdentificationNumber>
+				<!-- Beispiel Firmenbuchnummer -->
+				<pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
+			</IdentificationNumber>
+			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
            &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
            nur f&uuml;r diese Online Applikation<-->
-      <Templates>
-        <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-        <!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-        <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-      </Templates>
-      <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-      <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-      <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-      <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-      <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-      <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-    </AuthComponent>
-    <!-- fuer MOA-ID-PROXY -->
-    <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
-      <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
-      <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
-      <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
-        <!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-        <!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
-      </ConnectionParameter>
-    </ProxyComponent>
-  </OnlineApplication>
-
-  <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
-  <ChainingModes systemDefaultMode="pkix">
+			<Templates>
+				<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
+				<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
+				<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+			</Templates>
+			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+			<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+			<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+			<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+		</AuthComponent>
+		<!-- fuer MOA-ID-PROXY -->
+		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
+			<!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
+			<!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+			<ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
+				<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+				<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+			</ConnectionParameter>
+		</ProxyComponent>
+	</OnlineApplication>
+	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+	<ChainingModes systemDefaultMode="pkix">
   </ChainingModes>
-
-  <!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
+	<!-- fuer MOA-ID-AUTH:  CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird 
        fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird 
        zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
-  <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
-
-  <!-- Cache-Verzeichnis fuer-Zertifikate -->
-  <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
-  <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
-  <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
-  <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
-  <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
-  <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
-
-  <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
-  <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
-  <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
-  <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+	<!-- Cache-Verzeichnis fuer-Zertifikate -->
+	<!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+	<!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+	<!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+	<!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/log4j.properties b/id/server/data/deploy/conf/moa-id/log4j.properties
index 38550801e..0f31f4891 100644
--- a/id/server/data/deploy/conf/moa-id/log4j.properties
+++ b/id/server/data/deploy/conf/moa-id/log4j.properties
@@ -2,11 +2,11 @@
 org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory
 
 # define log4j root loggers
-log4j.rootLogger=debug, stdout, R
-log4j.logger.moa=debug
-log4j.logger.moa.spss.server=debug
-log4j.logger.iaik.server=debug
-log4j.logger.moa.id.auth=debug
+log4j.rootLogger=info, stdout, R
+log4j.logger.moa=info
+log4j.logger.moa.spss.server=info
+log4j.logger.iaik.server=info
+log4j.logger.moa.id.auth=info
 log4j.logger.moa.id.proxy=info
 
 # configure the stdout appender
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
deleted file mode 100644
index d828ca6b2..000000000
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
+++ /dev/null
@@ -1,190 +0,0 @@
-<sl10:TransformsInfo>
-	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
-			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
-				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
-					<html>
-						<head>
-							<title>Signatur der Anmeldedaten</title>
-							<style type="text/css" media="screen">
-							.boldstyle {font-weight: bold; }
-							.italicstyle { font-style: italic; } 
-							.annotationstyle { font-size: small; }
-							/* table { border:1px solid #000;}
-							td { border:1px solid #000; padding:4px;} */
-							td { padding-top:2px; padding-bottom:2px; padding-left:2px; padding-right:2px;}
-							</style>
-						</head>
-						<body>
-							<h1>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</h1>
-							<table>
-								<tr>
-									<td class="boldstyle">
-										Name:
-									</td>
-									<td>
-										<xsl:value-of select="//@Issuer"/>
-									</td>
-								</tr>
-								<tr>
-									<td class="boldstyle">
-										Geburtsdatum:
-									</td>
-									<td>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
-									</td>
-								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-									<tr>
-										<td class="boldstyle">
-											Rolle im Gesundheitsbereich:
-										</td>
-										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
-											(OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), 
-										</td>
-									</tr>
-								</xsl:if>
-								<tr>
-									<td class="boldstyle">
-										Applikation:
-									</td>
-									<td>
-										<xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
-									</td>
-								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='Target']">
-									<tr>
-										<td class="boldstyle">
-											Geschäftsbereich:
-										</td>
-										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='Target']/saml:AttributeValue"/>
-										</td>
-									</tr>
-								</xsl:if>
-								<tr>
-									<td class="boldstyle">
-										Anmeldeserver:
-									</td>
-									<td>
-										<xsl:value-of select="//saml:NameIdentifier"/>
-									</td>
-								</tr>
-								<tr>
-									<td class="boldstyle">
-										Datum:
-									</td>
-									<td>
-										<xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
-										<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.
-										<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
-									</td>
-								</tr>
-								<tr>
-									<td class="boldstyle">
-										Uhrzeit:
-									</td>
-									<td>
-										<xsl:value-of select="substring(//@IssueInstant,12,2)"/>:
-										<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
-										<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
-									</td>
-								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-									<tr>
-										<td class="boldstyle">
-											HPI(**):
-										</td>
-										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
-										</td>
-									</tr>
-								</xsl:if>
-								<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-									<tr>
-										<td class="boldstyle">
-											wbPK (*):
-										</td>
-										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-										</td>
-									</tr>
-								</xsl:if>
-							</table>
-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-								<p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p>
-								<table>
-									<tr>
-										<td class="boldstyle">
-											Name:
-										</td>
-										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-										</td>
-									</tr>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-										<tr>
-											<td class="boldstyle">
-												Geburtsdatum:
-											</td>
-											<td>
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>.
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>.
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-											</td>
-										</tr>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-										<tr>
-											<td colspan="2">
-												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-											</td>
-										</tr>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-										<tr>
-											<td class="boldstyle">
-												wbPK (*):
-											</td>
-											<td>
-												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
-											</td>
-										</tr>
-									</xsl:if>
-								</table>
-								<p>zu handeln.</p>
-							</xsl:if>
-							<xsl:choose>
-								<xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when>
-								<xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when>
-								<xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when>
-							</xsl:choose>
-							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<div class="annotationstyle">(*): Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</span> wird aus den 
-								jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum 
-								Wirtschaftsunternehmen.</div>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-								<div class="annotationstyle">(**): Der <span class="italicstyle">eHealth Professional Identifier (HPI)</span> wird aus den jeweiligen 
-								Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der 
-								Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='OID']">
-								<div class="annotationstyle">(***): <span class="italicstyle">Object Identifier (OID)</span> sind standardisierte Objekt-Bezeichner und 
-								beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div>
-							</xsl:if>
-						</body>
-					</html>
-				</xsl:template>
-			</xsl:stylesheet>
-		</dsig:Transform>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
-	</dsig:Transforms>
-	<sl10:FinalDataMetaInfo>
-		<sl10:MimeType>application/xhtml+xml</sl10:MimeType>
-	</sl10:FinalDataMetaInfo>
-</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
deleted file mode 100644
index eaaf5c1e2..000000000
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
+++ /dev/null
@@ -1,107 +0,0 @@
-<sl10:TransformsInfo>
-	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
-			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
-				<xsl:output method="xml" xml:space="default"/>
-				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
-					<html>
-						<head>
-							<title>Signatur der Anmeldedaten</title>
-							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; }</style>
-						</head>
-						<body>
-							<h1>Signatur der Anmeldedaten</h1>
-							<p/>
-							<h4>
-								<xsl:text>Mit meiner elektronischen Signatur beantrage ich, </xsl:text>
-								<span class="boldstyle">
-									<xsl:value-of select="//@Issuer"/>
-								</span>
-								<xsl:text>, geboren am </xsl:text> 
-								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
-								<xsl:text>.</xsl:text>
-								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
-								<xsl:text>.</xsl:text>
-								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
-								<xsl:text>, </xsl:text> 
-								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-									<xsl:text>in der Rolle als </xsl:text>
-									<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
-									<xsl:text> (OID***= </xsl:text>
-									<xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
-									<xsl:text>), </xsl:text> 
-								</xsl:if>
-								<xsl:text>den Zugang zur gesicherten Anwendung.</xsl:text>
-							</h4>
-							<p/>
-							<h4>
-								<xsl:text>Datum und Uhrzeit: </xsl:text>
-								<xsl:value-of select="substring(//@IssueInstant,9,2)" />
-								<xsl:text>.</xsl:text>
-								<xsl:value-of select="substring(//@IssueInstant,6,2)" />
-								<xsl:text>.</xsl:text>
-								<xsl:value-of select="substring(//@IssueInstant,1,4)" />
-								<xsl:text>, </xsl:text>
-								<xsl:value-of select="substring(//@IssueInstant,12,2)" />
-								<xsl:text>:</xsl:text>
-								<xsl:value-of select="substring(//@IssueInstant,15,2)" />
-								<xsl:text>:</xsl:text>
-								<xsl:value-of select="substring(//@IssueInstant,18,2)" />
-							</h4>
-							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-								<h4>HPI(**): <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></h4>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-								<hr/>
-								<h4>
-									<xsl:text>Ich bin weiters ermächtigt als </xsl:text> 
-									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-									<xsl:text> von </xsl:text>
-									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-										<xsl:text>, geboren am </xsl:text> 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-										<xsl:text>, </xsl:text>
-										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>
-									<xsl:text>, in deren Auftrag zu handeln.</xsl:text>
-								</h4>
-								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-									<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
-								</xsl:if>
-								<p/>
-							</xsl:if>
-							<xsl:choose>
-								<xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when>
-								<xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when>
-								<xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when>
-							</xsl:choose>
-							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum		Wirtschaftsunternehmen.</div>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-								<div class="annotationstyle">(**) HPI: Der <span class="italicstyle">eHealth Professional Identifier</span> wird aus den jeweiligen	Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='OID']">
-								<div class="annotationstyle">(***) OID: <span class="italicstyle">Object Identifier</span> sind standardisierte Objekt-Bezeichner und		beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div>
-							</xsl:if>
-						</body>
-					</html>
-				</xsl:template>
-			</xsl:stylesheet>
-		</dsig:Transform>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
-	</dsig:Transforms>
-	<sl10:FinalDataMetaInfo>
-		<sl10:MimeType>application/xhtml+xml</sl10:MimeType>
-	</sl10:FinalDataMetaInfo>
-</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTextPlain.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTextPlain.xml
deleted file mode 100644
index 1745b0dbf..000000000
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTextPlain.xml
+++ /dev/null
@@ -1,93 +0,0 @@
-<sl10:TransformsInfo>
-	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
-			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
-			    <xsl:output method="xml" xml:space="default"/>
-			    <xsl:template match="/" xmlns="">
-			    	<text>
-				        <xsl:text>Mit meiner elektronischen Signatur beantrage ich, </xsl:text>
-				        <xsl:value-of select="//@Issuer"/>
-				        <xsl:text>, geboren am </xsl:text>
-				        <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
-				        <xsl:text>.</xsl:text>
-				        <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
-				        <xsl:text>.</xsl:text>
-				        <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
-				        <xsl:text>, </xsl:text>
-				        <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-				            <xsl:text>in der Rolle als </xsl:text>
-				            <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> 
-				            <xsl:text>(OID***= </xsl:text>
-				            <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>)
-				            <xsl:text>, </xsl:text>
-				        </xsl:if>
-				        <xsl:text>den Zugang zur gesicherten Anwendung.</xsl:text>
-						<xsl:text>&#xa;&#xa;Datum und Uhrzeit: </xsl:text>
-				        <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
-				        <xsl:text>.</xsl:text>
-				        <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
-				        <xsl:text>.</xsl:text>
-				        <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
-				        <xsl:text>, </xsl:text>
-				        <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
-				        <xsl:text>:</xsl:text>
-				        <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
-				        <xsl:text>:</xsl:text>
-				        <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
-				        
-				        <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-				            <xsl:text>&#xa;&#xa;HPI(**): </xsl:text>
-				            <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
-				        </xsl:if>
-				        
-				        <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-				            <xsl:text>&#xa;&#xa;wbPK(*): </xsl:text>
-				            <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-				        </xsl:if>
-				        
-				        <xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-				            <xsl:text>&#xa;&#xa;Ich bin weiters ermächtigt als </xsl:text>
-				            <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-				            <xsl:text>von </xsl:text>
-				            <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-				            <xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-				                <xsl:text>, geboren am </xsl:text>
-				                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
-				                <xsl:text>.</xsl:text>
-				                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
-				                <xsl:text>.</xsl:text>
-				                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-				            </xsl:if>
-				            <xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-				                <xsl:text>,</xsl:text>
-				                <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-				            </xsl:if>
-				            <xsl:text>, in deren Auftrag zu handeln.</xsl:text>
-				
-				            <xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-				                <xsl:text>&#xa;&#xa;wbPK(*) des Vollmachtgebers: </xsl:text>
-				                <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
-				            </xsl:if>
-				        </xsl:if>
-				
-				        <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-				            <xsl:text>&#xa;&#xa;(*) wbPK: Das wirtschaftsbereichsspezifische Personenkennzeichen wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</xsl:text>
-				        </xsl:if>
-				        <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-				            <xsl:text>&#xa;&#xa;(**) HPI: Der eHealth Professional Identifier wird aus den jeweiligen Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</xsl:text>
-				        </xsl:if>
-				        <xsl:if test="//saml:Attribute[@AttributeName='OID']">
-				            <xsl:text>&#xa;&#xa;(***) OID: Object Identifier sind standardisierte Objekt-Bezeichner und beschreiben eindeutig die Rollen des GDA-Token Inhabers.</xsl:text>
-				        </xsl:if>
-			        </text>
-			    </xsl:template>
-			</xsl:stylesheet>
-		</dsig:Transform>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
-			<dsig:XPath>not(text())</dsig:XPath>
-		</dsig:Transform>
-	</dsig:Transforms>
-	<sl10:FinalDataMetaInfo>
-		<sl10:MimeType>text/plain</sl10:MimeType>
-	</sl10:FinalDataMetaInfo>
-</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
deleted file mode 100644
index 0da6c3f8e..000000000
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
+++ /dev/null
@@ -1,88 +0,0 @@
-<sl10:TransformsInfo>
-	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
-			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
-				<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes"/>
-				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
-					<html>
-						<head>
-							<title>Signatur der Anmeldedaten</title>
-						</head>
-						<body>
-							<h1>Signatur der Anmeldedaten</h1>
-							<p/>
-							<h4>Mit meiner elektronischen Signatur beantrage ich, 
-								<b><xsl:value-of select="//@Issuer"/></b>, geboren am 
-								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
-								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
-								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, 
-								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-									in der Rolle als <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> 
-									(OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), 
-								</xsl:if>
-								den Zugang zur gesicherten Anwendung.
-							</h4>
-							<p/>
-							<h4>Datum und Uhrzeit: 
-							  <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
-							  <xsl:value-of select="substring(//@IssueInstant,6,2)"/>.
-							  <xsl:value-of select="substring(//@IssueInstant,1,4)"/>, 
-							  <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:
-							  <xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
-							  <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
-							</h4>
-							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-								<h4>HPI(**): <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></h4>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-								<hr/>
-								<h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-									von <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">, geboren am 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">, 
-										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>, in deren Auftrag zu handeln.
-								</h4>
-								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-									<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
-								</xsl:if>
-								<p/>
-							</xsl:if>
-							<xsl:choose>
-								<xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when>
-								<xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when>
-								<xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when>
-							</xsl:choose>
-							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<h6>(*) wbPK: Das <i>wirtschaftsbereichsspezifische Personenkennzeichen</i> wird aus den 
-								jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum 
-								Wirtschaftsunternehmen.</h6>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-								<h6>(**) HPI: Der <i>eHealth Professional Identifier</i> wird aus den jeweiligen 
-								Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der 
-								Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</h6>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='OID']">
-								<h6>(***) OID: <i>Object Identifier</i> sind standardisierte Objekt-Bezeichner und 
-								beschreiben eindeutig die Rollen des GDA-Token Inhabers.</h6>
-							</xsl:if>
-						</body>
-					</html>
-				</xsl:template>
-			</xsl:stylesheet>
-		</dsig:Transform>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
-	</dsig:Transforms>
-	<sl10:FinalDataMetaInfo>
-		<sl10:MimeType>text/html</sl10:MimeType>
-	</sl10:FinalDataMetaInfo>
-</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml
deleted file mode 100644
index 802bc6470..000000000
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml
+++ /dev/null
@@ -1,183 +0,0 @@
-<sl10:TransformsInfo>
-	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
-			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
-				<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes"/>
-				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
-					<html>
-						<head>
-							<title>Signatur der Anmeldedaten</title>
-						</head>
-						<body>
-							<p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p>
-							<table>
-								<tr>
-									<td>
-										<b>Name:</b>
-									</td>
-									<td>
-										<xsl:value-of select="//@Issuer"/>
-									</td>
-								</tr>
-								<tr>
-									<td>
-										<b>Geburtsdatum:</b>
-									</td>
-									<td>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
-									</td>
-								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-									<tr>
-										<td>
-											<b>Rolle im Gesundheitsbereich:</b>
-										</td>
-										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
-											(OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), 
-										</td>
-									</tr>
-								</xsl:if>
-								<tr>
-									<td>
-										<b>Applikation:</b>
-									</td>
-									<td>
-										<xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
-									</td>
-								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='Target']">
-									<tr>
-										<td>
-											<b>Geschäftsbereich:</b>
-										</td>
-										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='Target']/saml:AttributeValue"/>
-										</td>
-									</tr>
-								</xsl:if>
-								<tr>
-									<td>
-										<b>Anmeldeserver:</b>
-									</td>
-									<td>
-										<xsl:value-of select="//saml:NameIdentifier"/>
-									</td>
-								</tr>
-								<tr>
-									<td>
-										<b>Datum:</b>
-									</td>
-									<td>
-										<xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
-										<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.
-										<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
-									</td>
-								</tr>
-								<tr>
-									<td>
-										<b>Uhrzeit:</b>
-									</td>
-									<td>
-										<xsl:value-of select="substring(//@IssueInstant,12,2)"/>:
-										<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
-										<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
-									</td>
-								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-									<tr>
-										<td>
-											<b>HPI(**):</b>
-										</td>
-										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
-										</td>
-									</tr>
-								</xsl:if>
-								<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-									<tr>
-										<td>
-											<b>wbPK (*):</b>
-										</td>
-										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-										</td>
-									</tr>
-								</xsl:if>
-							</table>
-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-								<p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p>
-								<table>
-									<tr>
-										<td>
-											<b>Name:</b>
-										</td>
-										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-										</td>
-									</tr>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-										<tr>
-											<td>
-												<b>Geburtsdatum:</b>
-											</td>
-											<td>
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>.
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>.
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-											</td>
-										</tr>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-										<tr>
-											<td colspan="2">
-												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-											</td>
-										</tr>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-										<tr>
-											<td>
-												<b>wbPK (*):</b>
-											</td>
-											<td>
-												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
-											</td>
-										</tr>
-									</xsl:if>
-								</table>
-								<p>zu handeln.</p>
-							</xsl:if>
-							<xsl:choose>
-								<xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when>
-								<xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when>
-								<xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when>
-							</xsl:choose>
-							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<h6>(*): Das <i>wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</i> wird aus den 
-								jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum 
-								Wirtschaftsunternehmen.</h6>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-								<h6>(**): Der <i>eHealth Professional Identifier (HPI)</i> wird aus den jeweiligen 
-								Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der 
-								Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</h6>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='OID']">
-								<h6>(***): <i>Object Identifier (OID)</i> sind standardisierte Objekt-Bezeichner und 
-								beschreiben eindeutig die Rollen des GDA-Token Inhabers.</h6>
-							</xsl:if>
-						</body>
-					</html>
-				</xsl:template>
-			</xsl:stylesheet>
-		</dsig:Transform>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
-	</dsig:Transforms>
-	<sl10:FinalDataMetaInfo>
-		<sl10:MimeType>text/html</sl10:MimeType>
-	</sl10:FinalDataMetaInfo>
-</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
index 22525e2e4..dbf7cab1c 100644
--- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
@@ -59,26 +59,6 @@
 				</cfg:Archiving>
 			</cfg:RevocationChecking>
 		</cfg:CertificateValidation>
-		<cfg:VerifyTransformsInfoProfile>
-			<cfg:Id>MOAIDTransformAuthBlock</cfg:Id>
-			<cfg:Location>profiles/MOAIDTransformAuthBlock.xml</cfg:Location>
-		</cfg:VerifyTransformsInfoProfile>
-		<cfg:VerifyTransformsInfoProfile>
-			<cfg:Id>MOAIDTransformAuthBlock_deprecated</cfg:Id>
-			<cfg:Location>profiles/MOAIDTransformAuthBlock_deprecated.xml</cfg:Location>
-		</cfg:VerifyTransformsInfoProfile>
-		<cfg:VerifyTransformsInfoProfile>
-			<cfg:Id>MOAIDTransformAuthBlockText</cfg:Id>
-			<cfg:Location>profiles/MOAIDTransformAuthBlockText.xml</cfg:Location>
-		</cfg:VerifyTransformsInfoProfile>
-		<cfg:VerifyTransformsInfoProfile>
-			<cfg:Id>MOAIDTransformAuthBlockText_deprecated</cfg:Id>
-			<cfg:Location>profiles/MOAIDTransformAuthBlockText_deprecated.xml</cfg:Location>
-		</cfg:VerifyTransformsInfoProfile>
-		<cfg:VerifyTransformsInfoProfile>
-			<cfg:Id>MOAIDTransformAuthBlockTextPlain</cfg:Id>
-			<cfg:Location>profiles/MOAIDTransformAuthBlockTextPlain.xml</cfg:Location>
-		</cfg:VerifyTransformsInfoProfile>
 		<cfg:VerifyTransformsInfoProfile>
 			<cfg:Id>MOAIDTransformAuthBlockTable_DE</cfg:Id>
 			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE.xml</cfg:Location>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
deleted file mode 100644
index c6a000331..000000000
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
+++ /dev/null
@@ -1,188 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
-	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
-			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
-				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
-					<html>
-						<head>
-							<title>Signatur der Anmeldedaten</title>
-							<style type="text/css" media="screen">
-							.boldstyle {font-weight: bold; }
-							.italicstyle { font-style: italic; } 
-							.annotationstyle { font-size: small; }
-							/* table { border:1px solid #000;}
-							td { border:1px solid #000; padding:4px;} */
-							td { padding-top:2px; padding-bottom:2px; padding-left:2px; padding-right:2px;}
-							</style>
-						</head>
-						<body>
-							<h1>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</h1>
-							<table>
-								<tr>
-									<td class="boldstyle">
-										Name:
-									</td>
-									<td>
-										<xsl:value-of select="//@Issuer"/>
-									</td>
-								</tr>
-								<tr>
-									<td class="boldstyle">
-										Geburtsdatum:
-									</td>
-									<td>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
-									</td>
-								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-									<tr>
-										<td class="boldstyle">
-											Rolle im Gesundheitsbereich:
-										</td>
-										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
-											(OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), 
-										</td>
-									</tr>
-								</xsl:if>
-								<tr>
-									<td class="boldstyle">
-										Applikation:
-									</td>
-									<td>
-										<xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
-									</td>
-								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='Target']">
-									<tr>
-										<td class="boldstyle">
-											Geschäftsbereich:
-										</td>
-										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='Target']/saml:AttributeValue"/>
-										</td>
-									</tr>
-								</xsl:if>
-								<tr>
-									<td class="boldstyle">
-										Anmeldeserver:
-									</td>
-									<td>
-										<xsl:value-of select="//saml:NameIdentifier"/>
-									</td>
-								</tr>
-								<tr>
-									<td class="boldstyle">
-										Datum:
-									</td>
-									<td>
-										<xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
-										<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.
-										<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
-									</td>
-								</tr>
-								<tr>
-									<td class="boldstyle">
-										Uhrzeit:
-									</td>
-									<td>
-										<xsl:value-of select="substring(//@IssueInstant,12,2)"/>:
-										<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
-										<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
-									</td>
-								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-									<tr>
-										<td class="boldstyle">
-											HPI(**):
-										</td>
-										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
-										</td>
-									</tr>
-								</xsl:if>
-								<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-									<tr>
-										<td class="boldstyle">
-											wbPK (*):
-										</td>
-										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-										</td>
-									</tr>
-								</xsl:if>
-							</table>
-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-								<p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p>
-								<table>
-									<tr>
-										<td class="boldstyle">
-											Name:
-										</td>
-										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-										</td>
-									</tr>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-										<tr>
-											<td class="boldstyle">
-												Geburtsdatum:
-											</td>
-											<td>
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>.
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>.
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-											</td>
-										</tr>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-										<tr>
-											<td colspan="2">
-												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-											</td>
-										</tr>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-										<tr>
-											<td class="boldstyle">
-												wbPK (*):
-											</td>
-											<td>
-												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
-											</td>
-										</tr>
-									</xsl:if>
-								</table>
-								<p>zu handeln.</p>
-							</xsl:if>
-							<xsl:choose>
-								<xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when>
-								<xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when>
-								<xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when>
-							</xsl:choose>
-							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<div class="annotationstyle">(*): Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</span> wird aus den 
-								jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum 
-								Wirtschaftsunternehmen.</div>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-								<div class="annotationstyle">(**): Der <span class="italicstyle">eHealth Professional Identifier (HPI)</span> wird aus den jeweiligen 
-								Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der 
-								Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='OID']">
-								<div class="annotationstyle">(***): <span class="italicstyle">Object Identifier (OID)</span> sind standardisierte Objekt-Bezeichner und 
-								beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div>
-							</xsl:if>
-						</body>
-					</html>
-				</xsl:template>
-			</xsl:stylesheet>
-		</dsig:Transform>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
-	</dsig:Transforms>
-</VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
deleted file mode 100644
index 934520369..000000000
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
+++ /dev/null
@@ -1,105 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<moa:VerifyTransformsInfoProfile xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#">
-	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
-			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
-				<xsl:output method="xml" xml:space="default"/>
-				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
-					<html>
-						<head>
-							<title>Signatur der Anmeldedaten</title>
-							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; }</style>
-						</head>
-						<body>
-							<h1>Signatur der Anmeldedaten</h1>
-							<p/>
-							<h4>
-								<xsl:text>Mit meiner elektronischen Signatur beantrage ich, </xsl:text>
-								<span class="boldstyle">
-									<xsl:value-of select="//@Issuer"/>
-								</span>
-								<xsl:text>, geboren am </xsl:text> 
-								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
-								<xsl:text>.</xsl:text>
-								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
-								<xsl:text>.</xsl:text>
-								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
-								<xsl:text>, </xsl:text> 
-								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-									<xsl:text>in der Rolle als </xsl:text>
-									<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
-									<xsl:text> (OID***= </xsl:text>
-									<xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
-									<xsl:text>), </xsl:text> 
-								</xsl:if>
-								<xsl:text>den Zugang zur gesicherten Anwendung.</xsl:text>
-							</h4>
-							<p/>
-							<h4>
-								<xsl:text>Datum und Uhrzeit: </xsl:text>
-								<xsl:value-of select="substring(//@IssueInstant,9,2)" />
-								<xsl:text>.</xsl:text>
-								<xsl:value-of select="substring(//@IssueInstant,6,2)" />
-								<xsl:text>.</xsl:text>
-								<xsl:value-of select="substring(//@IssueInstant,1,4)" />
-								<xsl:text>, </xsl:text>
-								<xsl:value-of select="substring(//@IssueInstant,12,2)" />
-								<xsl:text>:</xsl:text>
-								<xsl:value-of select="substring(//@IssueInstant,15,2)" />
-								<xsl:text>:</xsl:text>
-								<xsl:value-of select="substring(//@IssueInstant,18,2)" />
-							</h4>
-							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-								<h4>HPI(**): <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></h4>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-								<hr/>
-								<h4>
-									<xsl:text>Ich bin weiters ermächtigt als </xsl:text> 
-									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-									<xsl:text> von </xsl:text>
-									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-										<xsl:text>, geboren am </xsl:text> 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-										<xsl:text>, </xsl:text>
-										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>
-									<xsl:text>, in deren Auftrag zu handeln.</xsl:text>
-								</h4>
-								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-									<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
-								</xsl:if>
-								<p/>
-							</xsl:if>
-							<xsl:choose>
-								<xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when>
-								<xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when>
-								<xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when>
-							</xsl:choose>
-							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum		Wirtschaftsunternehmen.</div>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-								<div class="annotationstyle">(**) HPI: Der <span class="italicstyle">eHealth Professional Identifier</span> wird aus den jeweiligen	Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='OID']">
-								<div class="annotationstyle">(***) OID: <span class="italicstyle">Object Identifier</span> sind standardisierte Objekt-Bezeichner und		beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div>
-							</xsl:if>
-						</body>
-					</html>
-				</xsl:template>
-			</xsl:stylesheet>
-		</dsig:Transform>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
-	</dsig:Transforms>
-</moa:VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTextPlain.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTextPlain.xml
deleted file mode 100644
index 0b431c573..000000000
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTextPlain.xml
+++ /dev/null
@@ -1,91 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<moa:VerifyTransformsInfoProfile xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#">
-	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
-			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
-			    <xsl:output method="xml" xml:space="default"/>
-			    <xsl:template match="/" xmlns="">
-			    	<text>
-				        <xsl:text>Mit meiner elektronischen Signatur beantrage ich, </xsl:text>
-				        <xsl:value-of select="//@Issuer"/>
-				        <xsl:text>, geboren am </xsl:text>
-				        <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
-				        <xsl:text>.</xsl:text>
-				        <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
-				        <xsl:text>.</xsl:text>
-				        <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
-				        <xsl:text>, </xsl:text>
-				        <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-				            <xsl:text>in der Rolle als </xsl:text>
-				            <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> 
-				            <xsl:text>(OID***= </xsl:text>
-				            <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>)
-				            <xsl:text>, </xsl:text>
-				        </xsl:if>
-				        <xsl:text>den Zugang zur gesicherten Anwendung.</xsl:text>
-						<xsl:text>&#xa;&#xa;Datum und Uhrzeit: </xsl:text>
-				        <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
-				        <xsl:text>.</xsl:text>
-				        <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
-				        <xsl:text>.</xsl:text>
-				        <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
-				        <xsl:text>, </xsl:text>
-				        <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
-				        <xsl:text>:</xsl:text>
-				        <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
-				        <xsl:text>:</xsl:text>
-				        <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
-				        
-				        <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-				            <xsl:text>&#xa;&#xa;HPI(**): </xsl:text>
-				            <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
-				        </xsl:if>
-				        
-				        <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-				            <xsl:text>&#xa;&#xa;wbPK(*): </xsl:text>
-				            <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-				        </xsl:if>
-				        
-				        <xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-				            <xsl:text>&#xa;&#xa;Ich bin weiters ermächtigt als </xsl:text>
-				            <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-				            <xsl:text>von </xsl:text>
-				            <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-				            <xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-				                <xsl:text>, geboren am </xsl:text>
-				                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
-				                <xsl:text>.</xsl:text>
-				                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
-				                <xsl:text>.</xsl:text>
-				                <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-				            </xsl:if>
-				            <xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-				                <xsl:text>,</xsl:text>
-				                <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-				            </xsl:if>
-				            <xsl:text>, in deren Auftrag zu handeln.</xsl:text>
-				
-				            <xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-				                <xsl:text>&#xa;&#xa;wbPK(*) des Vollmachtgebers: </xsl:text>
-				                <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
-				            </xsl:if>
-				        </xsl:if>
-				
-				        <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-				            <xsl:text>&#xa;&#xa;(*) wbPK: Das wirtschaftsbereichsspezifische Personenkennzeichen wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</xsl:text>
-				        </xsl:if>
-				        <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-				            <xsl:text>&#xa;&#xa;(**) HPI: Der eHealth Professional Identifier wird aus den jeweiligen Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</xsl:text>
-				        </xsl:if>
-				        <xsl:if test="//saml:Attribute[@AttributeName='OID']">
-				            <xsl:text>&#xa;&#xa;(***) OID: Object Identifier sind standardisierte Objekt-Bezeichner und beschreiben eindeutig die Rollen des GDA-Token Inhabers.</xsl:text>
-				        </xsl:if>
-			        </text>
-			    </xsl:template>
-			</xsl:stylesheet>
-		</dsig:Transform>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
-			<dsig:XPath>not(text())</dsig:XPath>
-		</dsig:Transform>
-	</dsig:Transforms>
-</moa:VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml
deleted file mode 100644
index 89f108020..000000000
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml
+++ /dev/null
@@ -1,86 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
-	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
-			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
-				<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes"/>
-				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
-					<html>
-						<head>
-							<title>Signatur der Anmeldedaten</title>
-						</head>
-						<body>
-							<h1>Signatur der Anmeldedaten</h1>
-							<p/>
-							<h4>Mit meiner elektronischen Signatur beantrage ich, 
-								<b><xsl:value-of select="//@Issuer"/></b>, geboren am 
-								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
-								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
-								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, 
-								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-									in der Rolle als <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> 
-									(OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), 
-								</xsl:if>
-								den Zugang zur gesicherten Anwendung.
-							</h4>
-							<p/>
-							<h4>Datum und Uhrzeit: 
-							  <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
-							  <xsl:value-of select="substring(//@IssueInstant,6,2)"/>.
-							  <xsl:value-of select="substring(//@IssueInstant,1,4)"/>, 
-							  <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:
-							  <xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
-							  <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
-							</h4>
-							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-								<h4>HPI(**): <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></h4>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-								<hr/>
-								<h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-									von <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">, geboren am 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">, 
-										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>, in deren Auftrag zu handeln.
-								</h4>
-								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-									<h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></h4>
-								</xsl:if>
-								<p/>
-							</xsl:if>
-							<xsl:choose>
-								<xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when>
-								<xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when>
-								<xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when>
-							</xsl:choose>
-							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<h6>(*) wbPK: Das <i>wirtschaftsbereichsspezifische Personenkennzeichen</i> wird aus den 
-								jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum 
-								Wirtschaftsunternehmen.</h6>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-								<h6>(**) HPI: Der <i>eHealth Professional Identifier</i> wird aus den jeweiligen 
-								Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der 
-								Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</h6>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='OID']">
-								<h6>(***) OID: <i>Object Identifier</i> sind standardisierte Objekt-Bezeichner und 
-								beschreiben eindeutig die Rollen des GDA-Token Inhabers.</h6>
-							</xsl:if>
-						</body>
-					</html>
-				</xsl:template>
-			</xsl:stylesheet>
-		</dsig:Transform>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
-	</dsig:Transforms>
-</VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml
deleted file mode 100644
index 8924e0f57..000000000
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml
+++ /dev/null
@@ -1,181 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
-	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
-			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
-				<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes"/>
-				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
-					<html>
-						<head>
-							<title>Signatur der Anmeldedaten</title>
-						</head>
-						<body>
-							<p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p>
-							<table>
-								<tr>
-									<td>
-										<b>Name:</b>
-									</td>
-									<td>
-										<xsl:value-of select="//@Issuer"/>
-									</td>
-								</tr>
-								<tr>
-									<td>
-										<b>Geburtsdatum:</b>
-									</td>
-									<td>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
-									</td>
-								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-									<tr>
-										<td>
-											<b>Rolle im Gesundheitsbereich:</b>
-										</td>
-										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
-											(OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), 
-										</td>
-									</tr>
-								</xsl:if>
-								<tr>
-									<td>
-										<b>Applikation:</b>
-									</td>
-									<td>
-										<xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
-									</td>
-								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='Target']">
-									<tr>
-										<td>
-											<b>Geschäftsbereich:</b>
-										</td>
-										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='Target']/saml:AttributeValue"/>
-										</td>
-									</tr>
-								</xsl:if>
-								<tr>
-									<td>
-										<b>Anmeldeserver:</b>
-									</td>
-									<td>
-										<xsl:value-of select="//saml:NameIdentifier"/>
-									</td>
-								</tr>
-								<tr>
-									<td>
-										<b>Datum:</b>
-									</td>
-									<td>
-										<xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
-										<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.
-										<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
-									</td>
-								</tr>
-								<tr>
-									<td>
-										<b>Uhrzeit:</b>
-									</td>
-									<td>
-										<xsl:value-of select="substring(//@IssueInstant,12,2)"/>:
-										<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
-										<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
-									</td>
-								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-									<tr>
-										<td>
-											<b>HPI(**):</b>
-										</td>
-										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
-										</td>
-									</tr>
-								</xsl:if>
-								<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-									<tr>
-										<td>
-											<b>wbPK (*):</b>
-										</td>
-										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-										</td>
-									</tr>
-								</xsl:if>
-							</table>
-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-								<p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p>
-								<table>
-									<tr>
-										<td>
-											<b>Name:</b>
-										</td>
-										<td>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-										</td>
-									</tr>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-										<tr>
-											<td>
-												<b>Geburtsdatum:</b>
-											</td>
-											<td>
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>.
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>.
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-											</td>
-										</tr>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-										<tr>
-											<td colspan="2">
-												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-											</td>
-										</tr>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-										<tr>
-											<td>
-												<b>wbPK (*):</b>
-											</td>
-											<td>
-												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
-											</td>
-										</tr>
-									</xsl:if>
-								</table>
-								<p>zu handeln.</p>
-							</xsl:if>
-							<xsl:choose>
-								<xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when>
-								<xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when>
-								<xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when>
-							</xsl:choose>
-							<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
-								<h6>(*): Das <i>wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</i> wird aus den 
-								jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum 
-								Wirtschaftsunternehmen.</h6>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-								<h6>(**): Der <i>eHealth Professional Identifier (HPI)</i> wird aus den jeweiligen 
-								Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der 
-								Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</h6>
-							</xsl:if>
-							<xsl:if test="//saml:Attribute[@AttributeName='OID']">
-								<h6>(***): <i>Object Identifier (OID)</i> sind standardisierte Objekt-Bezeichner und 
-								beschreiben eindeutig die Rollen des GDA-Token Inhabers.</h6>
-							</xsl:if>
-						</body>
-					</html>
-				</xsl:template>
-			</xsl:stylesheet>
-		</dsig:Transform>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
-	</dsig:Transforms>
-</VerifyTransformsInfoProfile>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
index b8b53e7f3..8a7b2a8bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
@@ -18,6 +18,9 @@ package at.gv.egovernment.moa.id.proxy;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.net.HttpURLConnection;
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.net.URL;
 import java.util.Iterator;
 import java.util.Vector;
@@ -70,7 +73,10 @@ public class DefaultConnectionBuilder implements ConnectionBuilder {
     Vector parameters)
     throws IOException {
 
-    String requestedURL = req.getRequestURL().toString();
+	// Bug [#540]  
+    //String requestedURL = req.getRequestURL().toString();
+    String requestedURL = escapeUrl(req.getRequestURL().toString());
+
     // check whether requested URL starts with publicURLPrefix
 
     //Temporary allow http:// urls instead of the https:// in publicURLPrefix
@@ -109,6 +115,22 @@ public class DefaultConnectionBuilder implements ConnectionBuilder {
     return conn;
   }
   
+  private static String escapeUrl(String unescapedUrlString) throws RuntimeException {
+  		try {
+  			URL unescapedUrl = new URL(unescapedUrlString);
+  			String protocol = unescapedUrl.getProtocol();
+  			String fragment = unescapedUrl.getRef();
+  			String ssp = unescapedUrlString.substring(protocol.length() + 1, unescapedUrlString.length() - ((fragment == null) ? 0 : fragment.length() + 1));
+  			
+  			URL url2 = new URI(protocol, ssp, fragment).toURL();
+  			return url2.toExternalForm();
+  		} catch (MalformedURLException e) {
+  			throw new RuntimeException(e);
+  		} catch (URISyntaxException e) {
+  			throw new RuntimeException(e);
+  		}
+  	}
+
   
   /**
    * Disconnects the HttpURLConnection if necessary.
diff --git a/spss/handbook/conf/moa-spss/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA b/spss/handbook/conf/moa-spss/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA
new file mode 100644
index 000000000..8ddc7d79b
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA differ
diff --git a/spss/handbook/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA b/spss/handbook/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA
new file mode 100644
index 000000000..ab9e0cd7d
Binary files /dev/null and b/spss/handbook/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA differ
diff --git a/spss/handbook/handbook/config/MOA-SPSS-config-1.4.7.xsd b/spss/handbook/handbook/config/MOA-SPSS-config-1.4.7.xsd
index a61eed289..ce1dd3747 100644
--- a/spss/handbook/handbook/config/MOA-SPSS-config-1.4.7.xsd
+++ b/spss/handbook/handbook/config/MOA-SPSS-config-1.4.7.xsd
@@ -1,7 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- edited with XMLSPY v2004 rel. 4 U (http://www.xmlspy.com) by Klaus Stranacher (ORiON) -->
 <!--
-  MOA SP/SS 1.4.5 Configuration Schema
+  MOA SP/SS 1.4.7 Configuration Schema
 -->
 <xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified" xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema">
 	<xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
@@ -139,8 +138,7 @@
 															<xs:sequence>
 																<xs:element name="Id" type="xs:token"/>
 																<xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>
-																<xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>
-																<xs:element name="TSLLocation" type="xs:anyURI" minOccurs="0"/>
+																<xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>																
 															</xs:sequence>
 														</xs:complexType>
 													</xs:element>
@@ -154,7 +152,7 @@
 													<xs:element name="MaxRevocationAge" type="xs:integer"/>
 													<xs:element name="ServiceOrder" minOccurs="0">
 														<xs:complexType>
-															<xs:sequence maxOccurs="2">
+															<xs:sequence minOccurs="1" maxOccurs="2">
 																<xs:element name="Service">
 																	<xs:simpleType>
 																		<xs:restriction base="xs:token">
diff --git a/spss/handbook/handbook/config/config.html b/spss/handbook/handbook/config/config.html
index 1fe63c118..ec9b30d7b 100644
--- a/spss/handbook/handbook/config/config.html
+++ b/spss/handbook/handbook/config/config.html
@@ -689,13 +689,7 @@ als relativ zum Pfad jenes Verzeichnisses interpretiert werden, in dem die zentr
               relative URL wird relativ zum Pfad jenes Verzeichnisses interpretiert, in dem die zentrale Konfigurationsdatei
               gespeichert ist. Eine absolute URL muss als Protokoll-Teil <code>file</code> verwenden. Das referenzierte
               Verzeichnis muss eine oder mehrere DER-kodierte Zertifikatsdateien beinhalten. Jede Zertifikatsdatei
-              repr&auml;sentiert ein explizit erlaubtes Signatorzertifikat. </li>
-            <li>Element <code>TSLLocation</code>: Dieses optionale Element vom Typ <code>xs:anyURI </code> enth&auml;lt
-            eine relative oder absolute URL, die ein Verzeichnis im lokalen Dateisystem referenziert. 
-              Eine relative URL wird relativ zum Pfad jenes Verzeichnisses interpretiert, in dem die zentrale
-            Konfigurationsdatei gespeichert ist. Eine absolute URL muss als Protokoll-Teil <code>file</code> verwenden. Das referenzierte Verzeichnis muss ein oder mehrere Trust-sercice Status Lists beinhalten.<br>
-            Ist dieses Element vorhanden so wird zus&auml;tzlich eine TSL Verifkation durchgef&uuml;hrt, deren Ergebnis in der Response im Element <code>TSLCheck</code> vorhanden ist. <br>
-            <strong>Anmerkung</strong>: F&uuml;r die Nutzung der TSLs gehen wir davon aus, dass die Signatur der TSLs zuvor &uuml;berpr&uuml;ft worden ist. </li>
+              repr&auml;sentiert ein explizit erlaubtes Signatorzertifikat. </li>            
         </ul></td>
     </tr>
   </table>
diff --git a/spss/handbook/handbook/install/install.html b/spss/handbook/handbook/install/install.html
index f27da9479..768f6f045 100644
--- a/spss/handbook/handbook/install/install.html
+++ b/spss/handbook/handbook/install/install.html
@@ -114,7 +114,7 @@
   <p> Die Basisinstallation des Webservices stellt einerseits die minimalen Anforderungen f&uuml;r den Betrieb von MOA SP/SS als Webservices dar, andererseits dient sie als Ausgangspunkt f&uuml;r optionale <a href="#webservice_erweiterungsm&#246;glichkeiten">Erweiterungsm&ouml;glichkeiten</a>.</p>
   <p>    Folgende Software ist Voraussetzung f&uuml;r die Basisinstallation des Webservices: </p>
   <ul>
-    <li><a href="#referenziertesoftware">J2SE 1.4.x SDK oder J2SE 5.0 SDK </a>(Anmerkung: F&uuml;r die Nutzung der TSL Funktionlit&auml;t ist <a href="#referenziertesoftware">J2SE 5.0 SDK</a> Voraussetzung)</li>
+    <li><a href="#referenziertesoftware">J2SE 1.4.x SDK oder J2SE 5.0 SDK </a></li>
     <li><a href="#referenziertesoftware">Apache Tomcat 4.1.18 oder h&ouml;her </a></li>
   </ul>
   <p>In diesem Betriebs-Szenario wird das MOA SP/SS Webservice in Tomcat zum Einsatz gebracht. Tomcat fungiert gleichzeitig als HTTP- und HTTPS-Endpunkt f&uuml;r das MOA SP/SS Webservice. Beide Protokolle werden direkt in Tomcat konfiguriert. Das MOA SP/SS Webservice verwendet Log4j als Logging Toolkit.</p>
diff --git a/spss/server/history.txt b/spss/server/history.txt
index 3f2f420a0..9e838b525 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -2,13 +2,7 @@
 1.4.7
 ##############
 
-- In den Trustprofilen können nun Trust-service Status Lists (TSLs) angegeben werden.
-  MOA-SP liefert hierbei in der Response das TSL Verifikationsergebnis im Element
-  TSLCheck retour (siehe hierzu Dokumentation - Konfiguration Kapitel "2.3.1.2.2 
-  Vertrauensprofile").
-
-- Bei Nutzung der TSL-Funktionalität ist Java 1.5 Voraussetzung
-
+- 
 - IAIK Libraries aktualisiert:
 	iaik-moa:           Version 1.27
 ##############
diff --git a/spss/server/readme.update.txt b/spss/server/readme.update.txt
index fb87ed327..cabee33b6 100644
--- a/spss/server/readme.update.txt
+++ b/spss/server/readme.update.txt
@@ -18,9 +18,6 @@ CATALINA_HOME bezeichnet das Wurzelverzeichnis der Tomcat-Installation
 MOA_SPSS_INST bezeichnet das Verzeichnis, in das Sie die Datei
 moa-spss-1.4.7.zip entpackt haben.
 
-Anmerkung: Wenn Sie MOA-SP mit TSL Unterstützung verwenden wollen, dann 
-ist die Verwendung von Java 1.5 Voraussetzung dafür. 
-
 =================
 Update Variante A 
 =================
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index 1a778ad2b..daca95eb2 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -32,7 +32,6 @@ import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
-import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
 import at.gv.egovernment.moa.spss.api.common.Content;
 import at.gv.egovernment.moa.spss.api.common.MetaInfo;
 import at.gv.egovernment.moa.spss.api.common.SignerInfo;
@@ -434,8 +433,7 @@ public abstract class SPSSFactory {
    * @param signerInfo Information about the signer certificate.
    * @param signatureCheck Result of the singature value check.
    * @param certificateCheck Result of the certificate status check.
-   * @param tslCheck Result of the TSL check
-   * @return The new <code>VerifyCMSSignatureResponseElement</code> containing
+    * @return The new <code>VerifyCMSSignatureResponseElement</code> containing
    * the above data.
    * 
    * @pre signerInfo != null && signatureCheck != null && 
@@ -445,8 +443,7 @@ public abstract class SPSSFactory {
   public abstract VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement(
     SignerInfo signerInfo,
     CheckResult signatureCheck,
-    CheckResult certificateCheck, 
-    CheckTSLResult tslCheck);
+    CheckResult certificateCheck);
 
   //
   // Factory methods for verifying XML signatures
@@ -700,8 +697,7 @@ public abstract class SPSSFactory {
     ReferencesCheckResult signatureCheck,
     ReferencesCheckResult signatureManifestCheck,
     List xmlDsigManifestChecks,
-    CheckResult certificateCheck, 
-    CheckTSLResult tslCheck);
+    CheckResult certificateCheck);
 
   /**
    * Create a new <code>ReferencesCheckResult</code> object.
@@ -990,18 +986,7 @@ public abstract class SPSSFactory {
    */
   public abstract CheckResult createCheckResult(int code, NodeList info);
 
-  /**
-   * Create a new <code>CheckTSLResult</code> object.
-   * 
-   * @param code The numerical error code.
-   * @param info Verbose error information.
-   * @return The new <code>CheckTSLResult</code> containing the above data.
-   * 
-   * @pre code >= 0
-   * @pre info != null
-   * @post return != null
-   */
-  public abstract CheckTSLResult createCheckTSLResult(int code, String info);
+  
   
   /**
    * Create a new <code>SignerInfo</code> object.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
index e2f44c540..4920aac0c 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java
@@ -16,7 +16,6 @@
 package at.gv.egovernment.moa.spss.api.cmsverify;
 
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
-import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
 import at.gv.egovernment.moa.spss.api.common.SignerInfo;
 
 /**
@@ -45,10 +44,5 @@ public interface VerifyCMSSignatureResponseElement {
    * @return The result of the certificate verification.
    */
   public CheckResult getCertificateCheck();
-  /**
-   * Gets the result of the TSL verification
-   * 
-   * @return The result of the TSL verification
-   */
-  public CheckTSLResult getTSLCheck();
+  
 }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java
deleted file mode 100644
index f31512cdb..000000000
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
-* Copyright 2003 Federal Chancellery Austria
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*     http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-package at.gv.egovernment.moa.spss.api.common;
-
-import org.w3c.dom.NodeList;
-
-/**
- * Object encapsulating the result of a TSL verification.
- * 
- * @author Patrick Peck
- * @author Stephan Grill
- * @version $Id: CheckResult.java 1087 2008-08-28 07:55:59Z mcentner $
- */
-public interface CheckTSLResult {
-  /**
-   * Gets the result code.
-   * 
-   * @return The result code.
-   */
-  public int getCode();
-  /**
-   * Gets descriptive information.
-   * 
-   * @return Descriptive information.
-   */
-  public String getInfo();
-}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java
deleted file mode 100644
index 62f3ab979..000000000
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
-* Copyright 2003 Federal Chancellery Austria
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*     http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-package at.gv.egovernment.moa.spss.api.impl;
-
-import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
-
-/**
- * Default implementation of <code>CheckTSLResult</code>.
- * 
- * @author Fatemeh Philippi
- * @author Klaus Stranacher
- * @version $Id: CheckResultImpl.java 1087 2008-08-28 07:55:59Z mcentner $
- */
-public class CheckTSLResultImpl implements CheckTSLResult {
-  /** The result code. */
-  private int code;
-  
-  /** Additional information. */ 
-  private String info;
-
-  /**
-   * Sets a result code.
-   * 
-   * @param code The result code.
-   */
-  public void setCode(int code) {
-    this.code = code;
-  }
-
-  /**
-   * @see at.gv.egovernment.moa.spss.api.common.CheckTSLResult#getCode()
-   */
-  public int getCode() {
-    return code;
-  }
-
-  /**
-   * Sets a descriptive information.
-   * 
-   * @param info The descriptive information.
-   */
-  public void setInfo(String info) {
-    this.info = info;
-  }
-
-  /**
-   * @see at.gv.egovernment.moa.spss.api.common.CheckTSLResult#getInfo()
-   */
-  public String getInfo() {
-    return info;
-  }
-
-}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
index 8cf06bb15..7c8b7b561 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -32,7 +32,6 @@ import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
-import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
 import at.gv.egovernment.moa.spss.api.common.Content;
 import at.gv.egovernment.moa.spss.api.common.MetaInfo;
 import at.gv.egovernment.moa.spss.api.common.SignerInfo;
@@ -260,14 +259,12 @@ public class SPSSFactoryImpl extends SPSSFactory {
   public VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement(
     SignerInfo signerInfo,
     CheckResult signatureCheck,
-    CheckResult certificateCheck, 
-    CheckTSLResult tslCheck) {
+    CheckResult certificateCheck) {
     VerifyCMSSignatureResponseElementImpl verifyCMSSignatureResponseElement =
       new VerifyCMSSignatureResponseElementImpl();
     verifyCMSSignatureResponseElement.setSignerInfo(signerInfo);
     verifyCMSSignatureResponseElement.setSignatureCheck(signatureCheck);
     verifyCMSSignatureResponseElement.setCertificateCheck(certificateCheck);
-    verifyCMSSignatureResponseElement.setTSLCheck(tslCheck);
     
     return verifyCMSSignatureResponseElement;
   }
@@ -394,8 +391,7 @@ public class SPSSFactoryImpl extends SPSSFactory {
     ReferencesCheckResult signatureCheck,
     ReferencesCheckResult signatureManifestCheck,
     List xmlDsigManifestChecks,
-    CheckResult certificateCheck, 
-    CheckTSLResult tslCheck) {
+    CheckResult certificateCheck) {
     VerifyXMLSignatureResponseImpl verifyXMLSignatureResponse =
       new VerifyXMLSignatureResponseImpl();
     verifyXMLSignatureResponse.setSignerInfo(signerInfo);
@@ -406,7 +402,6 @@ public class SPSSFactoryImpl extends SPSSFactory {
       signatureManifestCheck);
     verifyXMLSignatureResponse.setXMLDsigManifestChecks(xmlDsigManifestChecks);
     verifyXMLSignatureResponse.setCertificateCheck(certificateCheck);
-    verifyXMLSignatureResponse.setTSLCheck(tslCheck);
     
     return verifyXMLSignatureResponse;
   }
@@ -565,12 +560,6 @@ public class SPSSFactoryImpl extends SPSSFactory {
     return checkResult;
   }
   
-  public CheckTSLResult createCheckTSLResult(int code, String info) {
-     CheckTSLResultImpl checkTSLResult = new CheckTSLResultImpl();
-     checkTSLResult.setCode(code);
-     checkTSLResult.setInfo(info);
-     return checkTSLResult;
-  }
 
   public SignerInfo createSignerInfo(
     X509Certificate signerCertificate,
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
index f80c4ace2..6d14692fd 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java
@@ -17,7 +17,6 @@ package at.gv.egovernment.moa.spss.api.impl;
 
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
-import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
 import at.gv.egovernment.moa.spss.api.common.SignerInfo;
 
 /**
@@ -35,8 +34,6 @@ public class VerifyCMSSignatureResponseElementImpl
   private CheckResult signatureCheck;
   /** Information about the certificate check. */
   private CheckResult certificateCheck;
-  /** Information about the TSL check */
-  private CheckTSLResult tslCheck;
   
   /**
    * Sets a SignerInfo element according to CMS.
@@ -77,16 +74,4 @@ public class VerifyCMSSignatureResponseElementImpl
     return certificateCheck;
   }
   
-  /**
-   * Sets a result of the TSL verification.
-   * 
-   * @param tslCheck The result of the TSL verification.
-   */
-  public void setTSLCheck(CheckTSLResult tslCheck) {
-    this.tslCheck = tslCheck;
-  }
-
-  public CheckTSLResult getTSLCheck() {
-    return tslCheck;
-  }
 }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
index ea6a180a7..3cad988ff 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java
@@ -20,7 +20,6 @@ import java.util.Collections;
 import java.util.List;
 
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
-import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
 import at.gv.egovernment.moa.spss.api.common.SignerInfo;
 import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
 import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
@@ -53,8 +52,6 @@ public class VerifyXMLSignatureResponseImpl
   private List xmlDsigManifestChecks = new ArrayList();
   /** Information about the certificate check. */
   private CheckResult certificateCheck;
-  /** Information about the TSL check. */
-  private CheckTSLResult tslCheck;
   
   /**
    * Sets information about the signer certificate.
@@ -139,18 +136,7 @@ public class VerifyXMLSignatureResponseImpl
   public CheckResult getCertificateCheck() {
     return certificateCheck;
   }
-  /**
-   * Sets the result of the TSL verification.
-   * 
-   * @param certificateCheck The result of the TSL verification.
-   */
-  public void setTSLCheck(CheckTSLResult tslCheck) {
-    this.tslCheck = tslCheck;
-  }
-
-  public CheckTSLResult getTSLCheck() {
-    return tslCheck;
-  }
+  
 
   /**
    * Sets the XMLDSigManifestChecks.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
index 2e4a95a89..1215f1ccc 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
@@ -25,7 +25,6 @@ import at.gv.egovernment.moa.spss.MOASystemException;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
-import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
 import at.gv.egovernment.moa.spss.api.common.SignerInfo;
 
 /**
@@ -90,8 +89,7 @@ public class VerifyCMSSignatureResponseBuilder {
     SignerInfo signerInfo = responseElement.getSignerInfo();
     CheckResult signatureCheck = responseElement.getSignatureCheck();
     CheckResult certCheck = responseElement.getCertificateCheck();
-    CheckTSLResult tslCheck = responseElement.getTSLCheck();
-
+    
     ResponseBuilderUtils.addSignerInfo(
       responseDoc,
       responseElem,
@@ -114,12 +112,7 @@ public class VerifyCMSSignatureResponseBuilder {
       certCheck.getCode(),
       certCheck.getInfo());
     
-    ResponseBuilderUtils.addCodeInfoElement(
-          responseDoc,
-          responseElem,
-          "TSLCheck",
-          tslCheck.getCode(),
-          tslCheck.getInfo());
+    
   }
 
 }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
index dedb1dc88..1ca931e9c 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
@@ -136,12 +136,7 @@ public class VerifyXMLSignatureResponseBuilder {
       response.getCertificateCheck().getCode(),
       response.getCertificateCheck().getInfo());
     
-    ResponseBuilderUtils.addCodeInfoElement(
-          responseDoc,
-          responseElem,
-          "TSLCheck",
-          response.getTSLCheck().getCode(),
-          response.getTSLCheck().getInfo());
+    
 
     return responseDoc;
   }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
index 63da503cb..1ccbae133 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java
@@ -18,7 +18,6 @@ package at.gv.egovernment.moa.spss.api.xmlverify;
 import java.util.List;
 
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
-import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
 import at.gv.egovernment.moa.spss.api.common.SignerInfo;
 
 /**
@@ -73,12 +72,6 @@ public interface VerifyXMLSignatureResponse {
    */
   public CheckResult getCertificateCheck();
   
-  /**
-   * Gets the result of the TSL verification.
-   * 
-   * @return The result of the TSL verification.
-   */
-  public CheckTSLResult getTSLCheck();
   
   
 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 51669026f..9e0dc7688 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -949,7 +949,6 @@ public class ConfigurationPartsBuilder {
       String id = getElementValue(profileElem, CONF + "Id", null);
       String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null);
       String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null);
-      String tslLocStr = getElementValue(profileElem, CONF + "TSLLocation", null);
       
       URI trustAnchorsLocURI = null;
       try
@@ -976,33 +975,7 @@ public class ConfigurationPartsBuilder {
       }
       
       
-      URI tslLocURI = null;
-      if (tslLocStr != null) {
-         
-         try
-         {
-           tslLocURI = new URI(tslLocStr);
-           if (!tslLocURI.isAbsolute()) { // make it absolute to the config file
-              tslLocURI = new URI(configRoot_.toURL() + tslLocStr);
-           }
-         }
-         catch (URIException e) {
-           warn("config.14", new Object[] { "uriTSL", id, tslLocStr }, e);
-           continue;
-         }
-         catch (MalformedURLException e)
-         {
-           warn("config.33", new Object[] {id}, e);
-           continue;
-         }
-   
-         File profileDirTSL = new File(tslLocURI.getPath());
-         if (!profileDirTSL.exists() || !profileDirTSL.isDirectory()) {
-            warn("config.27", new Object[] { "uriTSL", id });
-           continue;
-         }
-      }
-
+      
       if (trustProfiles.containsKey(id)) {
         warn("config.04", new Object[] { "TrustProfile", id });
         continue;
@@ -1033,10 +1006,7 @@ public class ConfigurationPartsBuilder {
       }
       
       signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null;
-      String tslLocURIString = null;
-      if (tslLocURI != null)
-         tslLocURIString = tslLocURI.toString();      
-      TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, tslLocURIString);
+      TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr);
       trustProfiles.put(id, profile);
     }
 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
index 66c08e34e..b1031c4cb 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
@@ -28,8 +28,6 @@ public class TrustProfile {
   private String uri;
   /** The URI giving the location of the allowed signer certificates. */
   private String signerCertsUri;
-  /** The URI giving the location of the TSLs */
-  private String uriTSL;
   
   /**
    * Create a <code>TrustProfile</code>.
@@ -38,13 +36,11 @@ public class TrustProfile {
    * @param uri The URI of the <code>TrustProfile</code> to create.
    * @param signerCertsUri The URI of the location of the allowed signer
    *        certificates of the <code>TrustProfile</code> to create.
-   * @param uriTSL The URI to the TSLs       
    */
-  public TrustProfile(String id, String uri, String signerCertsUri, String uriTSL) {
+  public TrustProfile(String id, String uri, String signerCertsUri) {
     this.id = id;
     this.uri = uri;
     this.signerCertsUri = signerCertsUri;
-    this.uriTSL = uriTSL;
   }
 
   /**
@@ -75,11 +71,5 @@ public class TrustProfile {
     return signerCertsUri;
   }
   
-  /**
-   * Return the URI of the location of the TSLS
-   * @return The URI of the location of the TSLS
-   */
-  public String getUriTSL() {
-     return uriTSL;
-  }
+  
 }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index b7bdbc9b8..dc23b5c2d 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -30,7 +30,6 @@ import at.gv.egovernment.moa.spss.api.SPSSFactory;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
-import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
 import at.gv.egovernment.moa.spss.api.common.SignerInfo;
 import at.gv.egovernment.moa.spss.server.config.TrustProfile;
 import at.gv.egovernment.moa.spss.util.MessageProvider;
@@ -82,8 +81,7 @@ public class VerifyCMSSignatureResponseBuilder {
     SignerInfo signerInfo;
     CheckResult signatureCheck;
     CheckResult certificateCheck;
-    CheckTSLResult tslCheck;
-    
+        
     // add SignerInfo element
     signerInfo =
       factory.createSignerInfo(
@@ -98,54 +96,17 @@ public class VerifyCMSSignatureResponseBuilder {
     // add CertificateCheck element
     certificateCheck = factory.createCheckResult(certificateCheckCode, null);
     
-    // add TSL check
-    tslCheck = validateTSL(result, trustProfile);
-    
+   
 
     // build the response element
     responseElement =
       factory.createVerifyCMSSignatureResponseElement(
         signerInfo,
         signatureCheck,
-        certificateCheck, 
-        tslCheck);
+        certificateCheck);
     responseElements.add(responseElement);
   }
   
-  /**
-   * Checks the certificate chain against the given (in the provided <code>trustProfile</code>) TSLs 
-   * 
-   * @param result The result produced by the <code>XMLSignatureVerificationModule</code>.
-   * 
-   * @param trustProfile The trust profile the signer certificate is validated against.
-   * 
-   * @return The overal result of the TSL validation.
-   * 
-   * @throws MOAException 
-   */
-  private CheckTSLResult validateTSL(CMSSignatureVerificationResult result, TrustProfile trustProfile)
-  throws MOAException
-{
-     MessageProvider msg = MessageProvider.getInstance();
-     //String logMsg = msg.getMessage("tsl.00", new Object[]{trustProfile.getId(), files[i].getName()});
-  
-     // TODO KS: TSL initialisieren, TSL abfrage mit chain
-     
-     List chain = result.getCertificateValidationResult().getCertificateChain();
-     String uriTSL = trustProfile.getUriTSL();
-     //System.out.println("Size: " + chain.size());
-     ListIterator it = chain.listIterator(); 
-     while(it.hasNext()) {
-        X509Certificate cert = (X509Certificate) it.next();
-        //System.out.println(cert.getSubjectDN());
-     }
-     //System.out.println("URL-TSL: " + uriTSL);
-  
-     int resultCode = 0;
-     String resultInfo = msg.getMessage("tsl.00", null);
-  
-     SPSSFactory factory = SPSSFactory.getInstance();
-     return factory.createCheckTSLResult(resultCode, resultInfo);
-}
+ 
 
 }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
index 68ba4ad7e..7d66811db 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -42,7 +42,6 @@ import org.w3c.dom.NodeList;
 import at.gv.egovernment.moa.spss.MOAApplicationException;
 import at.gv.egovernment.moa.spss.api.SPSSFactory;
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
-import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
 import at.gv.egovernment.moa.spss.api.common.Content;
 import at.gv.egovernment.moa.spss.api.common.InputData;
 import at.gv.egovernment.moa.spss.api.common.SignerInfo;
@@ -87,10 +86,7 @@ public class VerifyXMLSignatureResponseBuilder {
   private List xmlDsigManifestChecks;
   /** The result of the certificate check. */
   private CheckResult certificateCheck;
-  /** The result of the TSL check. */
-  private CheckTSLResult tslCheck;
   
-
   /**
    * Get the <code>VerifyMLSignatureResponse</code> built so far.
    * 
@@ -104,8 +100,7 @@ public class VerifyXMLSignatureResponseBuilder {
       signatureCheck,
       signatureManifestCheck,
       xmlDsigManifestChecks,
-      certificateCheck, 
-      tslCheck);
+      certificateCheck);
   }
 
   /**
@@ -119,15 +114,13 @@ public class VerifyXMLSignatureResponseBuilder {
    * @param transformsSignatureManifestCheck The overall result for the signature 
    *        manifest check.
    * @param certificateCheck The overall result for the certificate check.
-   * @param tslCheck The result of the TSL check 
    * @throws MOAApplicationException An error occurred adding the result.
    */
   public void setResult(
     XMLSignatureVerificationResult result,
     XMLSignatureVerificationProfile profile,
     ReferencesCheckResult transformsSignatureManifestCheck,
-    CheckResult certificateCheck, 
-    CheckTSLResult tslCheck)
+    CheckResult certificateCheck)
     throws MOAApplicationException {
 
     CertificateValidationResult certResult =
@@ -292,8 +285,7 @@ public class VerifyXMLSignatureResponseBuilder {
     // create the certificate check 
     this.certificateCheck = certificateCheck;
     
-    // create the tsl check
-    this.tslCheck = tslCheck;
+    
     
   }
 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index 765a48e79..eb6275b3a 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -59,7 +59,6 @@ import at.gv.egovernment.moa.spss.MOAException;
 import at.gv.egovernment.moa.spss.MOASystemException;
 import at.gv.egovernment.moa.spss.api.SPSSFactory;
 import at.gv.egovernment.moa.spss.api.common.CheckResult;
-import at.gv.egovernment.moa.spss.api.common.CheckTSLResult;
 import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
 import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
 import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
@@ -236,11 +235,9 @@ public class XMLSignatureVerificationInvoker {
     TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
     CheckResult certificateCheck = validateSignerCertificate(result, trustProfile);
     
-    // Check the TSL result   
-    CheckTSLResult tslCheck = validateTSL(result, trustProfile);
    
     // build the response
-    responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, tslCheck);
+    responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck);
 
     return responseBuilder.getResponse();
   }
@@ -325,41 +322,7 @@ public class XMLSignatureVerificationInvoker {
     return factory.createCheckResult(resultCode, null);
   }
   
-  /**
-   * Checks the certificate chain against the given (in the provided <code>trustProfile</code>) TSLs 
-   * 
-   * @param result The result produced by the <code>XMLSignatureVerificationModule</code>.
-   * 
-   * @param trustProfile The trust profile the signer certificate is validated against.
-   * 
-   * @return The overal result of the TSL validation.
-   * 
-   * @throws MOAException 
-   */
-  private CheckTSLResult validateTSL(XMLSignatureVerificationResult result, TrustProfile trustProfile)
-  throws MOAException
-{
-     MessageProvider msg = MessageProvider.getInstance();
-     //String logMsg = msg.getMessage("tsl.00", new Object[]{trustProfile.getId(), files[i].getName()});
-  
-     // TODO KS: TSL initialisieren, TSL abfrage mit chain
-     
-     List chain = result.getCertificateValidationResult().getCertificateChain();
-     String uriTSL = trustProfile.getUriTSL();
-     //System.out.println("Size: " + chain.size());
-     ListIterator it = chain.listIterator();
-     while(it.hasNext()) {
-        X509Certificate cert = (X509Certificate) it.next();
-        //System.out.println(cert.getSubjectDN());
-     }
-     //System.out.println("URL-TSL: " + uriTSL);
-  
-     int resultCode = 0;
-     String resultInfo = msg.getMessage("tsl.00", null);
   
-     SPSSFactory factory = SPSSFactory.getInstance();
-     return factory.createCheckTSLResult(resultCode, resultInfo);
-}
 
   /**
    * Select the <code>dsig:Signature</code> DOM element within the signature
diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
index 4c9d11f63..3920da4d9 100644
--- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
+++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
@@ -134,7 +134,6 @@ config.28=Einen detaillierten Fehlerbericht entnehmen Sie bitte der Log-Datei.
 config.29=Es sind folgende leichte Fehler aufgetreten: 
 config.31=Fehler in der Konfiguration der KeyGroup mit id={0}: Der Schlüssel im KeyModule id={1} mit IssuerName={2} und SerialNumber={3} konnte nicht geladen werden
 config.32=Fehler in der Konfiguration: Verzeichnisangabe für den Zertifikatsspeicher ist ungültig ({0}).
-config.33=Fehler beim Erstellen des TrustProfile id={0}: Name des TSL-Verzeichnisses konnte nicht in eine URL umgewandet werden
 
 handler.00=Starte neue Transaktion: TID={0}, Service={1}
 handler.01=Aufruf von Adresse={0}
@@ -148,6 +147,4 @@ handler.07=SOAP Request empfangen: Request={0}
 invoker.00=Das Signature Environment konnte nicht validierend geparst werden
 invoker.01=Keine passende Transformationskette gefunden (Index={0})
 invoker.02=Der Hashwert der Transformation stimmt nicht überein (Index={0})
-invoker.03=Signatorzertifikat aus Trustprofile mit id={0} konnte nicht geparst werden (Dateiname={1})
-
-tsl.00 = Das Zertifikat konnte erfolgreich gegen die TSL verifiziert werden
\ No newline at end of file
+invoker.03=Signatorzertifikat aus Trustprofile mit id={0} konnte nicht geparst werden (Dateiname={1})
\ No newline at end of file
-- 
cgit v1.2.3


From 0ee460b0e69cc73bb3458f11eaa9ba09e6a49e08 Mon Sep 17 00:00:00 2001
From: kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Tue, 13 Jul 2010 11:05:02 +0000
Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1170
 d688527b-c9ab-4aba-bd8d-4036d912da1d

---
 .../main/webapp/BKAuswahl-Musterseiten-Howto.pdf   | Bin 0 -> 178626 bytes
 .../auth/src/main/webapp/WCAG-Pruefprotokoll.pdf   | Bin 0 -> 721803 bytes
 id/server/auth/src/main/webapp/css/index.css       | 225 ++++++
 id/server/auth/src/main/webapp/iframeHandyBKU.html |  29 +
 .../auth/src/main/webapp/iframeOnlineBKU.html      |  31 +
 .../auth/src/main/webapp/img/ecard_aktivieren.jpg  | Bin 0 -> 18927 bytes
 id/server/auth/src/main/webapp/img/handy.gif       | Bin 0 -> 2632 bytes
 id/server/auth/src/main/webapp/img/karte.gif       | Bin 0 -> 2369 bytes
 id/server/auth/src/main/webapp/img/logo.jpg        | Bin 0 -> 18014 bytes
 .../src/main/webapp/img/mobilsig_aktivieren.jpg    | Bin 0 -> 19202 bytes
 id/server/auth/src/main/webapp/index.html          | 197 +++++
 id/server/auth/src/main/webapp/index.jsp           |  40 -
 id/server/auth/src/main/webapp/info_bk.html        |  96 +++
 id/server/auth/src/main/webapp/js/browser.js       | 165 ++++
 id/server/auth/src/main/webapp/js/deployJava.js    | 898 +++++++++++++++++++++
 .../auth/src/main/webapp/template_handyBKU.html    |  37 +
 .../auth/src/main/webapp/template_localBKU.html    |  29 +
 .../auth/src/main/webapp/template_onlineBKU.html   |  35 +
 .../conf/moa-id/SampleMOAIDConfiguration.xml       |   3 +
 .../conf/moa-id/SampleMOAIDConfigurationProxy.xml  |   3 +
 .../SampleMOAIDConfiguration_withTestBKs.xml       |   3 +
 .../SampleMOAIDConfiguration_withTestBKsProxy.xml  |   3 +
 .../conf/moa-id/SampleMOAWIDConfiguration.xml      |   3 +
 .../conf/moa-id/SampleMOAWIDConfigurationProxy.xml |   3 +
 .../SampleMOAWIDConfiguration_withTestBKs.xml      |   3 +
 .../SampleMOAWIDConfiguration_withTestBKsProxy.xml |   3 +
 26 files changed, 1766 insertions(+), 40 deletions(-)
 create mode 100644 id/server/auth/src/main/webapp/BKAuswahl-Musterseiten-Howto.pdf
 create mode 100644 id/server/auth/src/main/webapp/WCAG-Pruefprotokoll.pdf
 create mode 100644 id/server/auth/src/main/webapp/css/index.css
 create mode 100644 id/server/auth/src/main/webapp/iframeHandyBKU.html
 create mode 100644 id/server/auth/src/main/webapp/iframeOnlineBKU.html
 create mode 100644 id/server/auth/src/main/webapp/img/ecard_aktivieren.jpg
 create mode 100644 id/server/auth/src/main/webapp/img/handy.gif
 create mode 100644 id/server/auth/src/main/webapp/img/karte.gif
 create mode 100644 id/server/auth/src/main/webapp/img/logo.jpg
 create mode 100644 id/server/auth/src/main/webapp/img/mobilsig_aktivieren.jpg
 create mode 100644 id/server/auth/src/main/webapp/index.html
 delete mode 100644 id/server/auth/src/main/webapp/index.jsp
 create mode 100644 id/server/auth/src/main/webapp/info_bk.html
 create mode 100644 id/server/auth/src/main/webapp/js/browser.js
 create mode 100644 id/server/auth/src/main/webapp/js/deployJava.js
 create mode 100644 id/server/auth/src/main/webapp/template_handyBKU.html
 create mode 100644 id/server/auth/src/main/webapp/template_localBKU.html
 create mode 100644 id/server/auth/src/main/webapp/template_onlineBKU.html

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/server/auth/src/main/webapp/BKAuswahl-Musterseiten-Howto.pdf b/id/server/auth/src/main/webapp/BKAuswahl-Musterseiten-Howto.pdf
new file mode 100644
index 000000000..1c0662f15
Binary files /dev/null and b/id/server/auth/src/main/webapp/BKAuswahl-Musterseiten-Howto.pdf differ
diff --git a/id/server/auth/src/main/webapp/WCAG-Pruefprotokoll.pdf b/id/server/auth/src/main/webapp/WCAG-Pruefprotokoll.pdf
new file mode 100644
index 000000000..3722c5d7e
Binary files /dev/null and b/id/server/auth/src/main/webapp/WCAG-Pruefprotokoll.pdf differ
diff --git a/id/server/auth/src/main/webapp/css/index.css b/id/server/auth/src/main/webapp/css/index.css
new file mode 100644
index 000000000..8abeb7a5f
--- /dev/null
+++ b/id/server/auth/src/main/webapp/css/index.css
@@ -0,0 +1,225 @@
+@charset "utf-8";
+
+* {
+	margin:0;
+	padding:0;
+	border:0;
+}
+
+body {
+	margin:0;
+	padding:0;
+	color : #000;
+	background-color : #fff;
+	font-family : Verdana, Geneva, Arial, sans-serif;
+	font-size:76%;
+}
+
+/*  skiplink */
+
+#skiplinks {
+	position:relative;
+}
+
+p#skiplinks  a {
+  
+  position: absolute;
+  top: -999em;
+  left: -999em;
+  height: 0;
+  width: 0;
+  overflow: hidden;
+}
+
+p#skiplinks  a:focus, 
+p#skiplinks  a:hover, 
+p#skiplinks  a:active {  
+  height: auto;
+  width:auto;
+  left: 0;
+  top: 0;
+  padding: 4px;
+  position: absolute;
+  overflow: visible;
+  text-decoration: none;
+  z-index: 100;
+}
+
+/*layout */
+
+#wrapper {
+	min-width:746px;
+	max-width:1258px;	
+	padding: 0 10px;	
+}
+
+#banner {
+	width:100%;
+	min-height:100px;
+	padding-top:20px;
+	position:relative;
+}
+
+#bannerleft {
+	float:left;
+}
+
+#bannerleft h1 {
+	font-size:2em;
+	padding-top:10px;
+}
+
+#bannerright {
+	float:right;
+}
+
+#main {
+	clear:both;
+	position:relative;
+}
+
+/* left */
+
+#leftcontent {
+	float:left;
+	width:210px;		
+}
+
+h2#tabheader, h2#contentheader {
+	padding:2px;
+	font-size:1.1em;
+	color:#fff;
+	border-bottom:2px solid #fff;
+}
+
+#bkulogin {
+	overflow:hidden;	
+	width:210px;
+}
+
+#bkukarte {
+	float:left;
+	background: url(../img/karte.gif) no-repeat top center;
+	padding: 90px 10px 10px 10px;
+	text-align:center;
+	width:40%;
+}
+
+#bkuhandy {
+	float:right;
+	background: url(../img/handy.gif) no-repeat top center;
+	padding: 90px 10px 10px 10px;
+	text-align:center;
+	width:40%;
+}
+
+button {
+	background: #efefef;
+	border:1px solid #000;
+	cursor: pointer;
+}
+
+#installJava, #BrowserNOK {
+	clear:both;
+	font-size:0.8em;
+	padding:4px;
+}
+
+#localBKU {
+	padding:4px;
+}
+
+#tab {
+	margin-top:2px;
+	padding:2px;
+	clear:both;
+}
+
+#leftcontent a {
+	text-decoration:none;
+	color: #000;
+	display:block;
+	padding:4px;	
+}
+
+#leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
+	text-decoration:underline;
+	color: #000;	
+}
+
+#navlist {
+	margin-top:20px;
+}
+
+#navlist ul {
+	list-style: none;
+	margin-left: 0;
+}
+
+#navlist li {	
+	border-bottom:1px solid #fff;
+}
+
+iframe {
+	width:210px;
+}
+
+/* right */
+
+#rightcontent {
+	float:right;
+	width:210px;
+}
+
+#centercontent {
+	width:auto;
+	margin: 0 220px;
+}
+
+/* center */
+
+#content {
+	padding:20px;
+}
+
+#content a {
+	text-decoration:underline;
+	color: #000;
+}
+
+#content a:hover, #content a:focus, #content a:active {
+	text-decoration:underline;
+	color: #000;	
+}
+
+p {
+	margin-bottom:1em;
+}
+
+.lightblock{
+  text-align : left;
+  padding : 5px 5px 5px 5px;
+}
+
+
+/* [OPTIONAL] Geben Sie hier die Farbe fuer den hellen Hintergrund an */
+.hell {
+	background-color : #FFBBCB;
+}
+
+/* [OPTIONAL] Geben Sie hier die Farbe fuer den dunklen Hintergrund an */
+.dunkel {
+	background-color: #993366;
+}
+
+/* [OPTIONAL] Geben Sie hier die Farbe fuer Links an */
+#leftcontent a, #content a {
+	color: blue;
+}
+
+@media print {
+	#wrapper { width:100%;}
+	#banner {width:640px;}
+	#rightcontent {display: none;}
+	#centercontent {width:400px; margin-right:0;}		
+}
diff --git a/id/server/auth/src/main/webapp/iframeHandyBKU.html b/id/server/auth/src/main/webapp/iframeHandyBKU.html
new file mode 100644
index 000000000..24a2d80f9
--- /dev/null
+++ b/id/server/auth/src/main/webapp/iframeHandyBKU.html
@@ -0,0 +1,29 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html lang="de">
+	<head>
+    	<title>iFrame Handy BKU</title>
+		<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+    	<meta http-equiv="CACHE-CONTROL" content="NO-CACHE">
+    	<meta http-equiv="PRAGMA" content="NO-CACHE">
+    	<script type="text/javascript">
+			window.onload=function() {
+      			document.moaidform.submit();
+      			return;
+      		}
+		</script>
+	</head>
+	<body>
+		Bitte warten...
+		
+		<!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an -->
+		<!-- z.B.: action="https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at" -->
+		<FORM  name="moaidform" action="[MOA_ID_STARTAUTHENTICATION]" method="post">
+    	<!-- [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Handy BKU an -->
+			<!-- z.B.: value="https://yoururl.at/moa-id-auth/template_handyBKU.html"-->
+			<input type="hidden" name="Template" value="[URL_TO_HANDYBKU_TEMPLATE]">
+			<input type="hidden" name="bkuURI" value="https://www.a-trust.at/mobile/https-security-layer-request/default.aspx">
+		</FORM>
+		
+		<hr>
+	</body>
+</html>
\ No newline at end of file
diff --git a/id/server/auth/src/main/webapp/iframeOnlineBKU.html b/id/server/auth/src/main/webapp/iframeOnlineBKU.html
new file mode 100644
index 000000000..e92420e7a
--- /dev/null
+++ b/id/server/auth/src/main/webapp/iframeOnlineBKU.html
@@ -0,0 +1,31 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html lang="de">
+	<head>
+		<title>iFrame Online BKU</title>
+    	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+	    <meta http-equiv="CACHE-CONTROL" content="NO-CACHE">
+    	<meta http-equiv="PRAGMA" content="NO-CACHE">
+	    <script type="text/javascript">
+			window.onload=function() {
+    		  	document.moaidform.submit();
+      			return;
+      		}
+		</script>
+	</head>
+	<body>
+		Bitte warten...
+		
+        <!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an -->
+		<!-- z.B.: action="https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at" -->
+		<form method="POST" name="moaidform" id="moa" action="[MOA_ID_STARTAUTHENTICATION]">
+			<!-- [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Online BKU an -->
+			<!-- z.B.: value="https://yoururl.at/moa-id-auth/template_onlineBKU.html"-->
+			<input type="hidden" name="Template" value="[URL_TO_ONLINEBKU_TEMPLATE]">
+            <!-- [MUSS] Geben Sie hier die URL zur Online BKU an -->
+			<!-- z.B.: value="https://yoururl.at/bkuonline/https-security-layer-request"-->
+            <input type="hidden" name="bkuURI" value="[URL_TO_ONLINEBKU]">
+    	</form>
+	
+		<hr>
+	</body>
+</html>
\ No newline at end of file
diff --git a/id/server/auth/src/main/webapp/img/ecard_aktivieren.jpg b/id/server/auth/src/main/webapp/img/ecard_aktivieren.jpg
new file mode 100644
index 000000000..4b29a9786
Binary files /dev/null and b/id/server/auth/src/main/webapp/img/ecard_aktivieren.jpg differ
diff --git a/id/server/auth/src/main/webapp/img/handy.gif b/id/server/auth/src/main/webapp/img/handy.gif
new file mode 100644
index 000000000..088ec0957
Binary files /dev/null and b/id/server/auth/src/main/webapp/img/handy.gif differ
diff --git a/id/server/auth/src/main/webapp/img/karte.gif b/id/server/auth/src/main/webapp/img/karte.gif
new file mode 100644
index 000000000..1ec7afc2e
Binary files /dev/null and b/id/server/auth/src/main/webapp/img/karte.gif differ
diff --git a/id/server/auth/src/main/webapp/img/logo.jpg b/id/server/auth/src/main/webapp/img/logo.jpg
new file mode 100644
index 000000000..6bfc6a1e9
Binary files /dev/null and b/id/server/auth/src/main/webapp/img/logo.jpg differ
diff --git a/id/server/auth/src/main/webapp/img/mobilsig_aktivieren.jpg b/id/server/auth/src/main/webapp/img/mobilsig_aktivieren.jpg
new file mode 100644
index 000000000..e72aeadfc
Binary files /dev/null and b/id/server/auth/src/main/webapp/img/mobilsig_aktivieren.jpg differ
diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
new file mode 100644
index 000000000..cbe587f2e
--- /dev/null
+++ b/id/server/auth/src/main/webapp/index.html
@@ -0,0 +1,197 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html lang="de">
+    <head>
+        <!-- [OPTIONAL] Aendern Sie hier den Titel der Seite -->
+        <title>
+            Musterseite
+        </title>
+        <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+        <meta http-equiv="Content-Style-Type" content="text/css">
+        <link rel="stylesheet" type="text/css" href="css/index.css">
+        <script src="js/browser.js" type="text/javascript"></script>
+        <script src="js/deployJava.js" type="text/javascript"></script>
+        <script type="text/javascript">
+			window.onload=function() {
+				document.getElementById("localBKU").style.display="none";
+				document.getElementById("installJava").style.display="none";
+				document.getElementById("BrowserNOK").style.display="none";
+				return;
+        	}
+
+	        function bkuOnlineClicked() {
+				<!-- [OPTIONAL] Um die lokale BKU auszublenden, ersetzen Sie in der folgenden Zeile "block" durch "none" -->
+				document.getElementById("localBKU").style.display="block"; 
+ 				document.getElementById("installJava").style.display="none";
+        		document.getElementById("BrowserNOK").style.display="none";
+
+		        var el = document.getElementById("bkulogin");
+        		var parent = el.parentNode;
+				
+		        if ( navigator.javaEnabled() && ( deployJava.versionCheck("1.6.0_11+") || (  BrowserDetect.browser.toLowerCase() == "safari" && navigator.platform.toLowerCase().indexOf('win')==0 ))) {
+		      
+				
+        			if( BrowserDetect.browser.toLowerCase() != "explorer" && BrowserDetect.browser.toLowerCase() != "firefox" && BrowserDetect.browser.toLowerCase() != "mozilla") {
+				        alert("Hinweis! \nUm die Online BKU verwenden zu koennen benoetigen Sie Java 1.6 oder hoeher.");
+			        }
+		
+			 		var iframe = document.createElement("iframe");
+			        iframe.setAttribute("src", "iframeOnlineBKU.html");
+			        iframe.setAttribute("width", "210");
+			        iframe.setAttribute("height", "150");
+			        iframe.setAttribute("frameborder", "0");
+			        iframe.setAttribute("scrolling", "no");
+			        iframe.setAttribute("title", "Login");
+
+			        parent.replaceChild(iframe, el);
+        		} 
+				else {
+
+			        okbrowser=true;
+			        if( BrowserDetect.browser.toLowerCase() == "explorer" ||BrowserDetect.browser.toLowerCase() == "firefox" || BrowserDetect.browser.toLowerCase() == "safari" || BrowserDetect.browser.toLowerCase() == "mozilla")    {
+				        okbrowser=true;
+        			} 
+        			else {
+        				okbrowser=false;
+        		}
+				
+				if(okbrowser==true) {  
+        			parent.removeChild(el);
+			        document.getElementById("installJava").style.display="block";
+        		} else {
+       				parent.removeChild(el);
+			        document.getElementById("BrowserNOK").style.display="block";
+        		}
+        	}
+        }
+
+        function bkuHandyClicked() {
+	        document.getElementById("localBKU").style.display="none";
+    	    document.getElementById("installJava").style.display="none";
+        	document.getElementById("BrowserNOK").style.display="none";
+
+	        var el = document.getElementById("bkulogin");
+    	    var parent = el.parentNode;
+         
+        	var iframe = document.createElement("iframe");
+	        iframe.setAttribute("src", "iframeHandyBKU.html");
+    	    iframe.setAttribute("width", "210");
+        	iframe.setAttribute("height", "149");
+	        iframe.setAttribute("frameborder", "0");
+        	iframe.setAttribute("scrolling", "no");
+    	    iframe.setAttribute("title", "Login");
+
+	        parent.replaceChild(iframe, el);
+        }
+        </script>
+    </head>
+    <body>
+        <div id="wrapper">
+            <p id="skiplinks">
+                <a href="#content">Zum Inhalt springen</a>            
+			</p>
+			<div id="banner">
+                <!-- [OPTIONAL] Aendern Sie hier die Titelueberschrift der Seite) -->
+                <div id="bannerleft">
+                    <h1>Musterseite</h1>
+                    <!-- Meldung im Browser, wenn JavaScript nicht aktiviert -->
+                    <noscript>
+                        <p>
+                            Bitte aktivieren Sie JavaScript.                        
+						</p>
+	                </noscript>
+                </div>                
+                <!-- [OPTIONAL] Aendern Sie hier das Logo der Seite (und Alternativtext fuer das Bild) -->
+                <div id="bannerright">
+                    <img src="img/logo.jpg" alt="Logo">                
+                 </div>
+            </div>
+			<div id="main">
+                <div id="leftcontent">
+                    <h2 id="tabheader" class="dunkel">
+                        Login mit B&uuml;rgerkarte                    
+                    </h2>
+                    <div id="bkulogin" class="hell">
+						<!-- [OPTIONAL] Um die Online BKU auszublenden, kommentieren sie das folgende div (bkukarte) aus -->
+                        <div id="bkukarte" class="hell">     
+                            <button name="bkuButton" type="button" onClick="bkuOnlineClicked();">KARTE</button>
+                        </div>
+						<!-- [OPTIONAL] Um die Mobile BKU auszublenden, kommentieren sie das folgende div (bkukhandy) aus -->
+                        <div id="bkuhandy" class="hell">
+                            <button name="bkuButton" type="button" onClick="bkuHandyClicked();">HANDY</button>
+                        </div> 
+                    </div>
+
+                    <div id="installJava" style="display:none" class="hell">
+                        Um die Online BKU verwenden zu koennen benoetigen Sie die aktuellste Version von Java 1.6 oder hoeher. Unter <a href="http://java.sun.com/webapps/getjava/BrowserRedirect?host=java.com" target="_blank">http://java.sun.com/</a> koennen sie Java herunterladen. Sie bekommen diese Meldung auch, wenn Java in den Browser Einstellungen deaktiviert wurde.                    </div>
+
+                    <div id="BrowserNOK" style="display:none" class="hell">
+                        Der von Ihnen verwendete Browser wird derzeit nicht unterstuetzt. Fuer nicht kompatible Browser verwenden Sie bitte den Button Lokale BKU. Um die Online BKU verwenden zu koennen verwenden Sie bitte Internet Explorer, Firefox, Safari oder Google Chrome in der aktuellsten Version.                    </div>
+
+                    <div id="localBKU" style="display:none" class="hell">
+                        <hr>
+                        <!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an -->
+                        <!-- z.B.: action="https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at"-->
+                        <form method="post" action="[MOA_ID_STARTAUTHENTICATION]">
+                            <input type="hidden" name="show" value="false"> 
+							<!-- [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die lokale BKU an -->
+                            <!-- z.B.: value="https://yoururl.at/moa-id-auth/template_localBKU.html"-->
+                            <input type="hidden" name="Template" value="[URL_TO_LOKALBKU_TEMPLATE]">
+                            <input type="hidden" name="bkuURI" value="https://localhost:3496/https-security-layer-request"> 
+                            <input type="submit" size="400" value="Lokale BKU">
+                        </form>
+                        <p>
+                            <small>Alternativ k&ouml;nnen Sie eine lokal installierte BKU verwenden.</small>                        
+                        </p>
+                    </div>
+                    
+                    <div id="tab" class="hell">
+                        <a href="info_bk.html" class="link_nav">Informationen zur B&uuml;rgerkarte</a>                    
+                    </div>
+                    
+                    <div id="navlist" class="hell">
+                        <ul>
+                            <li>
+                                <a href="http://www.buergerkarte.at" target="_blank">B&uuml;rgerkarte.at</a>                            </li>
+                            <li>
+                                <a href="http://www.digitales.oesterreich.gv.at/" target="_blank">Digitales &Ouml;sterreich</a>                            </li>
+                            <li>
+                                <a href="http://www.a-sit.at/" target="_blank">A-SIT</a>                            
+                            </li>
+                            <li>
+                                <a href="http://www.a-trust.at/" target="_blank">A-Trust</a>                            
+                            </li>
+                            <li>
+                                <a href="http://www.egiz.gv.at/" target="_blank">EGIZ</a>                            
+                            </li>
+                        </ul>
+                    </div>
+                </div>
+
+                <div id="rightcontent">
+                    <p>
+                        <a href="http://www.buergerkarte.at/de/aktivieren/online.html" target="_blank"><img src="img/ecard_aktivieren.jpg" border="0" alt="eCard online aktivieren" width="210"></a>                    
+                    </p>
+                    <p>
+                        <a href="http://www.buergerkarte.at/de/aktivieren/mobil.html" target="_blank"><img src="img/mobilsig_aktivieren.jpg" border="0" alt="Mobile Signatur aktivieren" width="210"></a>                    
+                    </p>                   
+                </div>
+
+                <div id="centercontent">
+
+                    <h2 id="contentheader" class="dunkel">
+                        Hinweise zur der Musterseite                   
+                    </h2>
+
+                    <div id="content" class="hell">
+                        <p>
+                        	Eine Anleitung zur Nutzung der Musterseite finden Sie hier: <a href="BKAuswahl-Musterseiten-Howto.pdf" target="_blank">BKAuswahl-Musterseiten-Howto (PDF, 170kB)</a>.
+                        So m&uuml;ssen vor einem Login noch die Parameter für den MOA-ID Aufruf angegeben werden.</p>                        	
+                        <p>
+                        	Diese Musterseite erf&uuml;llt die Richtlinie f&uuml;r barrierefreie Webinhalte 2.0 (WCAG 2.0 des W3C) Stufe AA. Das Pr&uuml;fprotokoll hierzu finden Sie hier: <a href="WCAG-Pruefprotokoll.pdf" target="_blank">Pruefprotokoll.pdf (PDF, 705kB)</a>.
+                        </p>
+   	            	</div>
+                </div>
+            </div>
+    	</div>
+    </body>
+</html>
\ No newline at end of file
diff --git a/id/server/auth/src/main/webapp/index.jsp b/id/server/auth/src/main/webapp/index.jsp
deleted file mode 100644
index 733ba317f..000000000
--- a/id/server/auth/src/main/webapp/index.jsp
+++ /dev/null
@@ -1,40 +0,0 @@
-<html>
-<head>
-<title>MOA ID Auth Sample Login</title>
-</head>
-<body>
-<% 
-  String urlPath = 
-	request.getScheme() + "://" 
-	+ request.getServerName() + ":" + request.getServerPort() 
-	+ request.getContextPath() + "/";
-  String params =
-	"Target=gb&" + 
-	"OA=https://localhost:8443/moa-id-proxy/index.jsp";
-  String urlStartAuth =
-  	urlPath +
-	"StartAuthentication?" + 
-	params;
-  String templateParam =
-    "&Template=http://localhost:18080/oa/AuthTemplate.jsp";
-  String urlStartAuthCustom =
-    urlStartAuth +
-    templateParam;
-  String urlSelectBKU = 
-  	urlPath +
-  	"SelectBKU?" +
-  	params;
-  String urlSelectBKUCustom = 
-  	urlSelectBKU +
-  	templateParam +
-  	"&BKUSelectionTemplate=http://localhost:18080/oa/BKUSelectionTemplate.jsp";
-%>
-<a href="<%=urlStartAuth%>">Log in to sample application</a>
-<br>
-<a href="<%=urlStartAuthCustom%>">Log in to sample application using custom form</a>
-<br>
-<a href="<%=urlSelectBKU%>">Choose BKU (HTMLComplete or HTMLSelect) and log in</a>
-<br>
-<a href="<%=urlSelectBKUCustom%>">Choose BKU (HTMLSelect) using custom form and log in</a>
-</body>
-</html>
\ No newline at end of file
diff --git a/id/server/auth/src/main/webapp/info_bk.html b/id/server/auth/src/main/webapp/info_bk.html
new file mode 100644
index 000000000..8bfee57f2
--- /dev/null
+++ b/id/server/auth/src/main/webapp/info_bk.html
@@ -0,0 +1,96 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html lang="de">
+	<head>
+		<title>Information</title>
+        <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+        <meta http-equiv="Content-Style-Type" content="text/css">
+        <link rel="stylesheet" type="text/css" href="css/index.css">
+	</head>
+	<body>
+		<div id="wrapper">
+            <p id="skiplinks">
+                <a href="#content">Zum Inhalt springen</a>
+            </p>
+            <div id="banner">
+                <!-- [OPTIONAL] Aendern Sie hier die Titelueberschrift der Seite) -->
+                <div id="bannerleft">
+                    <h1>Musterseite</h1>
+                    <!-- Meldung im Browser, wenn JavaScript nicht aktiviert -->
+                    <noscript>
+                        <p>
+                            Bitte aktivieren Sie JavaScript.
+                        </p>
+	                </noscript>
+                </div>                
+                <!-- [OPTIONAL] Aendern Sie hier das Logo der Seite (und Alternativtext fuer das Bild) -->
+                <div id="bannerright">
+                    <img src="img/logo.jpg" alt="Logo">
+                </div>
+            </div>
+            <div id="main">
+                <div id="centercontent">
+                    <h2 id="contentheader" class="dunkel">
+                        Informationen zur B&uuml;rgerkarte
+                    </h2>
+                    <div id="content" class="hell">
+                        <p>
+                        	<B>Hinweis:</B>
+                            F&uuml;r nat&uuml;rliche Personen ist beim Login mit B&uuml;rgerkarte keine Erstanmeldung erforderlich.
+                        </p>
+                        <p>
+                        	Um mit der B&uuml;rgerkarte einsteigen zu k&ouml;nnen, ben&ouml;tigen Sie:
+                        </p>
+                        <ul>
+							<li>
+                               	eine Chipkarte, die f&uuml;r die Verwendung als B&uuml;rgerkarte geeignet ist, wie zum Beispiel Ihre e-card, Bankomatkarte oder Signaturkarte von a-trust oder ein Mobiltelefon, das zur Nutzung als Handy BKU (B&uuml;rgerkartenumgebung) registriert ist.
+							</li>
+							<li>
+                               	einen Kartenleser mit den dazugeh&ouml;rigen Treibern
+							</li>
+							<li>
+                               	eine B&uuml;rgerkartensoftware (BKU)
+                            </li>
+                        </ul>
+                 		<p>                        	
+                            Als B&uuml;rgerkartensoftware stehen folgende drei Varianten zur Verf&uuml;gung:
+                        </p>
+                        <ul>
+                        	<li><i>Lokale BKU</i>: Diese Software wird lokal auf Ihrem Computer installiert. Die Software finden sie unter <a href="http://www.buergerkarte.at/de/voraussetzungen/software.html" target="_blank">http://www.buergerkarte.at/de/voraussetzungen/software.html</a>
+                            </li>
+                            <li><i>Online-BKU</i>: Mit der Online-BKU wird keine lokale B&uuml;rgerkartensoftware am PC ben&ouml;tigt. &Uuml;ber JAVA Technologien werden die ben&ouml;tigten Funktionen als Applet im Browser ausgef&uuml;hrt. Einzige Voraussetzung ist eine aktuelle JAVA Version (ab Java 6).
+                            </li>
+                            <li><i>Mobile BKU</i>: Mit der mobilen BKU k&ouml;nnen sie mittels ihres Mobiltelefons. Voraussetzung ist eine vorherige Registrierung. Mehr Informationen hierzu finden Sie auf <a href="http://www.a-trust.at/mobile/" target="_blank">http://www.a-trust.at/mobile/</a><br>
+                          <b>Hinweis:</b><br>
+                    Wenn das JAVA-Applet nicht funktioniert (bei einer &auml;lteren JAVA Version als Java 6 oder bei einem nicht unterst&uuml;tzten Browser), m&uuml;ssen Sie die lokale BKU installieren und dann &uuml;ber die Button &quot;Login mit B&uuml;rgerkarte&quot; und &quot;Lokale BKU&quot; einsteigen.
+                        	</li>
+                        </ul>
+                        <p>
+                    	    <br>
+                        	<b>Informationen zur B&uuml;rgerkarte finden Sie hier:</b>
+                        </p>
+                        <ul>
+                           	<li>
+                               	<a href="http://www.digitales.oesterreich.gv.at" target="_blank">Digitales &Ouml;sterreich</a>: Informationen rund um E-Government
+                            </li>
+							<li>
+           						<a href="http://www.buergerkarte.at" target="_blank">B&uuml;rgerkarte</a>: Einfach verst&auml;ndliche Informationen zur B&uuml;rgerkarte                     	
+                            </li>
+                        </ul>
+						<p>
+                        	<br>
+					    	<b>Hier bekommen Sie Ihre B&uuml;rgerkarte:</b>                    
+                        </p>
+						<ul>
+                           	<li>
+                               	<a href="http://www.a-trust.at/" target="_blank">A-Trust</a>: Aktivieren der Bankomatkarte/e-card als B&uuml;rgerkarte oder Registrierung ihres Mobiltelefons als B&uuml;rgerkarte oder Ausstellung einer eigenen B&uuml;rgerkarte
+                            </li>
+                        </ul>
+						<p align="center">
+							<a href="javascript:history.back();" class="link_nav">zur&uuml;ck</a>
+						</p>                 
+					</div>
+                </div>
+            </div>
+		</div>
+	</body>
+</html>
\ No newline at end of file
diff --git a/id/server/auth/src/main/webapp/js/browser.js b/id/server/auth/src/main/webapp/js/browser.js
new file mode 100644
index 000000000..6fbf74f0a
--- /dev/null
+++ b/id/server/auth/src/main/webapp/js/browser.js
@@ -0,0 +1,165 @@
+var BrowserDetect = {
+	init: function () {
+		this.browser = this.searchString(this.dataBrowser) || "An unknown browser";
+		this.version = this.searchVersion(navigator.userAgent)
+			|| this.searchVersion(navigator.appVersion)
+			|| "an unknown version";
+		this.OS = this.searchString(this.dataOS) || "an unknown OS";
+	},
+	searchString: function (data) {
+		for (var i=0;i<data.length;i++)	{
+			var dataString = data[i].string;
+			var dataProp = data[i].prop;
+			this.versionSearchString = data[i].versionSearch || data[i].identity;
+			if (dataString) {
+				if (dataString.indexOf(data[i].subString) != -1)
+					return data[i].identity;
+			}
+			else if (dataProp)
+				return data[i].identity;
+		}
+	},
+	searchVersion: function (dataString) {
+		var index = dataString.indexOf(this.versionSearchString);
+		if (index == -1) return;
+		return parseFloat(dataString.substring(index+this.versionSearchString.length+1));
+	},
+	dataBrowser: [
+		{ 	string: navigator.userAgent,
+			subString: "OmniWeb",
+			versionSearch: "OmniWeb/",
+			identity: "OmniWeb"
+		},
+		{
+			string: navigator.vendor,
+			subString: "Apple",
+			identity: "Safari"
+		},
+		{
+			prop: window.opera,
+			identity: "Opera"
+		},
+		{
+			string: navigator.vendor,
+			subString: "iCab",
+			identity: "iCab"
+		},
+		{
+			string: navigator.vendor,
+			subString: "KDE",
+			identity: "Konqueror"
+		},
+		{
+			string: navigator.userAgent,
+			subString: "Firefox",
+			identity: "Firefox"
+		},
+		{
+			string: navigator.vendor,
+			subString: "Camino",
+			identity: "Camino"
+		},
+		{		// for newer Netscapes (6+)
+			string: navigator.userAgent,
+			subString: "Netscape",
+			identity: "Netscape"
+		},
+		{
+			string: navigator.userAgent,
+			subString: "MSIE",
+			identity: "Explorer",
+			versionSearch: "MSIE"
+		},
+		{
+			string: navigator.userAgent,
+			subString: "Gecko",
+			identity: "Mozilla",
+			versionSearch: "rv"
+		},
+		{ 		// for older Netscapes (4-)
+			string: navigator.userAgent,
+			subString: "Mozilla",
+			identity: "Netscape",
+			versionSearch: "Mozilla"
+		}
+	],
+	dataOS : [
+		{
+			string: navigator.platform,
+			subString: "Win",
+			identity: "Windows"
+		},
+		{
+			string: navigator.platform,
+			subString: "Mac",
+			identity: "Mac"
+		},
+		{
+			string: navigator.platform,
+			subString: "Linux",
+			identity: "Linux"
+		}
+	]
+
+};
+BrowserDetect.init();
+function writeBrowser() {
+
+nok=false;
+			if(BrowserDetect.browser.toLowerCase() == "explorer") {
+			if(eval(BrowserDetect.version) < 6) {
+				nok=true;
+			} 
+		}
+		if(BrowserDetect.browser.toLowerCase() == "opera") {
+			if(eval(BrowserDetect.version) < 9) {
+				nok=true;
+			}
+		}	
+		if(BrowserDetect.browser.toLowerCase() == "firefox") {
+			if(eval(BrowserDetect.version) < 1.5) {
+				nok=true;
+			} 
+		}	
+
+ if (nok==true) {
+ 
+		document.write("<TABLE BORDER=0 CELLPADDING=0 WIDTH='100%'><TR><TD VALIGN=TOP WIDTH='85%' BGCOLOR='#003399'><TABLE id='erlaeut' BORDER=1"); 
+		document.write("CELLSPACING=5 CELLPADDING=2 WIDTH='100%' ><TR><TD WIDTH='100%' BGCOLOR='#FFFFFF'><FONT COLOR='#000000'>");
+		document.write("Sehr geehrter FinanzOnline-Teilnehmer!<p>Die Men&uuml;f&uuml;hrung in FinanzOnline wurde aus technischen Gr&uuml;nden ge&auml;ndert. Da Sie m&ouml;glicherweise eine veraltete und nicht mehr dem letzten Sicherheitsstandard entsprechende Version Ihres Webbrowsers verwenden, besteht ab diesem Zeitpunkt die M&ouml;glichkeit, dass das Men&uuml; in FinanzOnline nicht richtig angezeigt werden kann.</p><p>Wir empfehlen daher bereits heute auch zu Ihrer Sicherheit, ein Update auf die aktuell g&uuml;ltige Browserversion durchzuf&uuml;hren. Die unterst&uuml;tzten Webbrowser finden Sie auf der <a href='https://www.bmf.gv.at/EGovernment/FINANZOnline/Browsereinstellungen/_start.htm' target='_blank'>BMF-Homepage unter 'E-Government'/'FinanzOnline'/'Browsereinstellungen'</a>.</p>");
+		
+		
+/*		document.write("Verwendeter Browser: " + BrowserDetect.browser + " " + BrowserDetect.version + " / " + BrowserDetect.OS);
+		if(BrowserDetect.browser.toLowerCase() == "explorer") {
+			if(eval(BrowserDetect.version) < 6) {
+				document.write("<font color='red'> *** nicht supported ***</font>");
+			} else {
+				//document.write("<font color='green'> *** supported ***</font>");
+			}
+		}
+		if(BrowserDetect.browser.toLowerCase() == "opera") {
+			if(eval(BrowserDetect.version) < 9) {
+				document.write("<font color='red'> *** nicht supported ***</font>");
+			} else {
+				//document.write("<font color='green'> *** supported ***</font>");
+			}
+		}	
+		if(BrowserDetect.browser.toLowerCase() == "firefox") {
+			if(eval(BrowserDetect.version) < 1.5) {
+				document.write("<font color='red'> *** nicht supported ***</font>");
+			} else {
+				//document.write("<font color='green'> *** supported ***</font>");
+			}
+		}	
+//		document.write("<br><br>Vorschlag für unterstütze Browser:<br>");
+//		document.write("<ul><li>Internet Explorer 6, PC</li>");
+//		document.write("<li>Internet Explorer 7, PC</li>");
+//		document.write("<li>Firefox (>= 1.5), PC + Mac + Linux</li>");
+//		document.write("<li>Safari (>= 1.3+), Mac (<- WIE TESTEN??)</li>");
+//		document.write("<li>Opera (>= 9), PC + Mac + Linux</li>");
+//		document.write("</ul>");
+*/
+		document.write("</FONT></TD></TR></TABLE></TD></TR><TR><TD WIDTH='85%'>&nbsp;</TD></TR></TABLE>");
+		
+ }		
+}
\ No newline at end of file
diff --git a/id/server/auth/src/main/webapp/js/deployJava.js b/id/server/auth/src/main/webapp/js/deployJava.js
new file mode 100644
index 000000000..0d4340c71
--- /dev/null
+++ b/id/server/auth/src/main/webapp/js/deployJava.js
@@ -0,0 +1,898 @@
+/*
+ *  Copyright (c)  2008 Sun Microsystems, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   - Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *
+ *   - Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ *
+ *   - Neither the name of Sun Microsystems nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * deployJava.js
+ *
+ * This file is part of the Deployment Toolkit.  It provides functions for web
+ * pages to detect the presence of a JRE, install the latest JRE, and easily run
+ * applets or Web Start programs.  Usage guide may be found at http://<TBD>/.
+ * 
+ * The "live" copy of this file may be found at 
+ * http://java.com/js/deployJava.js.  
+ * You are encouraged to link directly to the live copy of the file.
+ *
+ * @version @(#)deployJava.js	1.13 08/10/28
+ */
+
+var deployJava = {
+    debug: null,
+
+    myInterval: null,
+    preInstallJREList: null,
+    returnPage: null,
+    brand: null,
+    locale: null,
+    installType: null,
+    
+    EAInstallEnabled: false,
+    EarlyAccessURL: null,
+    
+    // GetJava page
+    getJavaURL: 'http://java.sun.com/webapps/getjava/BrowserRedirect?host=java.com',
+    
+    // Apple redirect page
+    appleRedirectPage: 'http://www.apple.com/support/downloads/',
+
+    // mime-type of the DeployToolkit plugin object
+    mimeType: 'application/npruntime-scriptable-plugin;DeploymentToolkit',
+
+    // location of the Java Web Start launch button graphic
+    launchButtonPNG: 'http://java.sun.com/products/jfc/tsc/articles/swing2d/webstart.png',
+
+
+    /**
+     * Returns an array of currently-installed JRE version strings.  
+     * Version strings are of the form #.#[.#[_#]], with the function returning
+     * as much version information as it can determine, from just family 
+     * versions ("1.4.2", "1.5") through the full version ("1.5.0_06").
+     *
+     * Detection is done on a best-effort basis.  Under some circumstances 
+     * only the highest installed JRE version will be detected, and 
+     * JREs older than 1.4.2 will not always be detected.
+     */
+    getJREs: function() {
+        var list = new Array();
+        if (deployJava.isPluginInstalled()) {
+         var plugin =  deployJava.getPlugin();
+/*  			for (var i = 0; i < plugin.jvms.getLength(); i++) {
+                list[i] = plugin.jvms.get(i).version;
+            }
+ */		/*bug fix firefox */
+            var jvms = plugin.jvms;
+            for (var i = 0; i < jvms.getLength(); i++) {
+            list[i] = jvms.get(i).version;
+            } 
+        } else {
+            var browser = deployJava.getBrowser();
+        
+            if (browser == 'MSIE') {
+                if (deployJava.testUsingActiveX('1.8.0')) {
+                    list[0] = '1.8.0';
+                } else if (deployJava.testUsingActiveX('1.7.0')) {
+                    list[0] = '1.7.0';
+                } else if (deployJava.testUsingActiveX('1.6.0')) {
+                    list[0] = '1.6.0';
+                } else if (deployJava.testUsingActiveX('1.5.0')) {
+                    list[0] = '1.5.0';
+                } else if (deployJava.testUsingActiveX('1.4.2')) {
+                    list[0] = '1.4.2';
+                } else if (deployJava.testForMSVM()) {
+                    list[0] = '1.1';
+                }
+            }
+            else if (browser == 'Netscape Family') {
+                if (deployJava.testUsingMimeTypes('1.8')) {
+                    list[0] = '1.8.0';
+                } else if (deployJava.testUsingMimeTypes('1.7')) {
+                    list[0] = '1.7.0';
+                } else if (deployJava.testUsingMimeTypes('1.6')) {
+                    list[0] = '1.6.0';
+                } else if (deployJava.testUsingMimeTypes('1.5')) {
+                    list[0] = '1.5.0';
+                } else if (deployJava.testUsingMimeTypes('1.4.2')) {
+                    list[0] = '1.4.2';
+                }
+            } else if (browser == 'Safari') {
+                if (deployJava.testUsingPluginsArray('1.8.0')) {
+                    list[0] = '1.8.0';
+                } else if (deployJava.testUsingPluginsArray('1.7.0')) {
+                    list[0] = '1.7.0';
+                } else if (deployJava.testUsingPluginsArray('1.6.0')) {
+                    list[0] = '1.6.0';
+                } else if (deployJava.testUsingPluginsArray('1.5.0')) {
+                    list[0] = '1.5.0';
+                } else if (deployJava.testUsingPluginsArray('1.4.2')) {
+                    list[0] = '1.4.2';
+                }
+            }
+        }
+            
+        if (deployJava.debug) {
+            for (var i = 0; i < list.length; ++i) {
+                alert('We claim to have detected Java SE ' + list[i]);
+            }
+        }
+    
+        return list;
+    },
+    
+    /**
+     * Triggers a JRE installation.  The exact effect of triggering an 
+     * installation varies based on platform, browser, and if the 
+     * Deployment Toolkit plugin is installed.
+     *
+     * The requestVersion string is of the form #[.#[.#[_#]]][+|*], 
+     * which includes strings such as "1.4", "1.5.0*", and "1.6.0_02+".  
+     * A star (*) means "any version starting within this family" and 
+     * a plus (+) means "any version greater or equal to this".  
+     * "1.5.0*" * matches 1.5.0_06 but not 1.6.0_01, whereas 
+     * "1.5.0+" matches both.
+     *
+     * If the Deployment Toolkit plugin is not present, this will just call 
+     * deployJava.installLatestJRE(). 
+     */
+    installJRE: function(requestVersion) {
+        var ret = false;
+        if (deployJava.isPluginInstalled()) {
+            if (deployJava.getPlugin().installJRE(requestVersion)) {
+                deployJava.refresh();
+                if (deployJava.returnPage != null) {
+                    document.location = deployJava.returnPage;
+                }
+                return true;
+            } else {
+                return false;
+            }
+        } else {
+            return deployJava.installLatestJRE();
+        }
+    },
+
+
+    /**
+     * Triggers a JRE installation.  The exact effect of triggering an 
+     * installation varies based on platform, browser, and if the 
+     * Deployment Toolkit plugin is installed.
+     *
+     * In the simplest case, the browser window will be redirected to the 
+     * java.com JRE installation page, and (if possible) a redirect back to 
+     * the current URL upon successful installation.  The return redirect is 
+     * not always possible, as the JRE installation may require the browser to 
+     * be restarted.
+     *
+     * In the best case (when the Deployment Toolkit plugin is present), this
+     * function will immediately cause a progress dialog to be displayed 
+     * as the JRE is downloaded and installed.
+     */
+    installLatestJRE: function() {
+        if (deployJava.isPluginInstalled()) {
+            if (deployJava.getPlugin().installLatestJRE()) {
+                deployJava.refresh();
+                if (deployJava.returnPage != null) {
+                    document.location = deployJava.returnPage;
+                }
+                return true;
+            } else {
+                return false;
+            }
+        } else {
+            var browser = deployJava.getBrowser();
+            var platform = navigator.platform.toLowerCase();
+            if ((deployJava.EAInstallEnabled == 'true') && 
+                (platform.indexOf('win') != -1) && 
+                (deployJava.EarlyAccessURL != null)) {
+
+                deployJava.preInstallJREList = deployJava.getJREs();
+                if (deployJava.returnPage != null) {
+                    deployJava.myInterval = 
+                        setInterval("deployJava.poll()", 3000);
+                }
+
+                location.href = deployJava.EarlyAccessURL;
+
+                // we have to return false although there may be an install
+                // in progress now, when complete it may go to return page
+                return false;
+            } else {
+                if (browser == 'MSIE') {
+                    return deployJava.IEInstall();
+                } else if ((browser == 'Netscape Family') && 
+                           (platform.indexOf('win32') != -1)) {
+                    return deployJava.FFInstall();
+                } else {
+                    location.href = deployJava.getJavaURL + 
+                        ((deployJava.returnPage != null) ?
+                        ('&returnPage=' + deployJava.returnPage) : '') + 
+                        ((deployJava.locale != null) ?
+                        ('&locale=' + deployJava.locale) : '') +
+                        ((deployJava.brand != null) ? 
+                         ('&brand=' + deployJava.brand) : '');
+                }
+                // we have to return false although there may be an install
+                // in progress now, when complete it may go to return page
+                return false;
+            }
+        }
+    },
+
+
+    /**
+     * Ensures that an appropriate JRE is installed and then runs an applet.
+     * minimumVersion is of the form #[.#[.#[_#]]], and is the minimum 
+     * JRE version necessary to run this applet.  minimumVersion is optional, 
+     * defaulting to the value "1.1" (which matches any JRE).  
+     * If an equal or greater JRE is detected, runApplet() will call 
+     * writeAppletTag(attributes, parameters) to output the applet tag, 
+     * otherwise it will call installJRE(minimumVersion + '+').
+     *
+     * After installJRE() is called, the script will attempt to detect that the 
+     * JRE installation has completed and begin running the applet, but there
+     * are circumstances (such as when the JRE installation requires a browser
+     * restart) when this cannot be fulfilled.
+     *
+     * As with writeAppletTag(), this function should only be called prior to 
+     * the web page being completely rendered.  Note that version wildcards 
+     * (star (*) and plus (+)) are not supported, and including them in the 
+     * minimumVersion will result in an error message.
+     */
+    runApplet: function(attributes, parameters, minimumVersion) {
+        if (minimumVersion == 'undefined' || minimumVersion == null) {
+            minimumVersion = '1.1';
+        }
+
+        var regex = "^(\\d+)(?:\\.(\\d+)(?:\\.(\\d+)(?:_(\\d+))?)?)?$";
+
+        var matchData = minimumVersion.match(regex);
+
+        if (deployJava.returnPage == null) {
+            // if there is an install, come back here and run the applet
+            deployJava.returnPage = document.location;
+        }
+
+        if (matchData != null) {
+            var browser = deployJava.getBrowser();
+            if ((browser != '?') && (browser != 'Safari')) {
+                if (deployJava.versionCheck(minimumVersion + '+')) {
+                    deployJava.writeAppletTag(attributes, parameters);
+                } else if (deployJava.installJRE(minimumVersion + '+')) {
+                    // after successfull install we need to refresh page to pick
+                    // pick up new plugin
+                    deployJava.refresh();
+                    location.href = document.location;
+                    deployJava.writeAppletTag(attributes, parameters);
+                }
+            } else {
+                // for unknown or Safari - just try to show applet
+                deployJava.writeAppletTag(attributes, parameters);
+            }
+        } else {
+            if (deployJava.debug) {
+                alert('Invalid minimumVersion argument to runApplet():' + 
+                      minimumVersion);
+            }
+        }
+    },
+
+    
+    /**
+     * Outputs an applet tag with the specified attributes and parameters, where
+     * both attributes and parameters are associative arrays.  Each key/value 
+     * pair in attributes becomes an attribute of the applet tag itself, while
+     * key/value pairs in parameters become <PARAM> tags.  No version checking 
+     * or other special behaviors are performed; the tag is simply written to 
+     * the page using document.writeln().
+     *
+     * As document.writeln() is generally only safe to use while the page is 
+     * being rendered, you should never call this function after the page 
+     * has been completed.
+     */
+    writeAppletTag: function(attributes, parameters) {
+        var s = '<' + 'applet ';
+        for (var attribute in attributes) {
+            s += (' ' + attribute + '="' + attributes[attribute] + '"');
+        }
+        s += '>';
+        document.write(s);
+    
+        if (parameters != 'undefined' && parameters != null) {
+            var codebaseParam = false;
+            for (var parameter in parameters) {
+                if (parameter == 'codebase_lookup') {
+                    codebaseParam = true;
+                }
+                s = '<param name="' + parameter + '" value="' + 
+                    parameters[parameter] + '">';
+                document.write(s);
+            }
+            if (!codebaseParam) {
+              document.write('<param name="codebase_lookup" value="false">');
+            }
+        }
+        document.write('<' + '/' + 'applet' + '>');
+    },
+    
+    
+     /**
+      * Returns true if there is a matching JRE version currently installed 
+      * (among those detected by getJREs()).  The versionPattern string is 
+      * of the form #[.#[.#[_#]]][+|*], which includes strings such as "1.4", 
+      * "1.5.0*", and "1.6.0_02+".  
+      * A star (*) means "any version within this family" and a plus (+) means 
+      * "any version greater or equal to the specified version".  "1.5.0*"
+      * matches 1.5.0_06 but not 1.6.0_01, whereas "1.5.0+" matches both.
+      *
+      * If the versionPattern does not include all four version components 
+      * but does not end with a star or plus, it will be treated as if it 
+      * ended with a star.  "1.5" is exactly equivalent to "1.5*", and will 
+      * match any version number beginning with "1.5".
+      *
+      * If getJREs() is unable to detect the precise version number, a match 
+      * could be ambiguous.  For example if getJREs() detects "1.5", there is 
+      * no way to know whether the JRE matches "1.5.0_06+".  versionCheck() 
+      * compares only as much of the version information as could be detected, 
+      * so versionCheck("1.5.0_06+") would return true in in this case.
+      *
+      * Invalid versionPattern will result in a JavaScript error alert.  
+      * versionPatterns which are valid but do not match any existing JRE 
+      * release (e.g. "32.65+") will always return false.
+      */
+    versionCheck: function(versionPattern)
+    {
+        var index = 0;
+        var regex = "^(\\d+)(?:\\.(\\d+)(?:\\.(\\d+)(?:_(\\d+))?)?)?(\\*|\\+)?$";
+
+        var matchData = versionPattern.match(regex);
+
+        if (matchData != null) {
+            var familyMatch = true;
+
+            var patternArray = new Array();
+
+            for (var i = 1; i < matchData.length; ++i) {
+                // browser dependency here.
+                // Fx sets 'undefined', IE sets '' string for unmatched groups
+                if ((typeof matchData[i] == 'string') && (matchData[i] != '')) {
+                    patternArray[index] = matchData[i];
+                    index++;
+                }
+            }
+
+            if (patternArray[patternArray.length-1] == '+') {
+                familyMatch = false;
+                patternArray.length--;
+            } else {
+                if (patternArray[patternArray.length-1] == '*') {
+                    patternArray.length--;
+                }
+            }
+
+            var list = deployJava.getJREs();       
+            for (var i = 0; i < list.length; ++i) {
+                if (deployJava.compareVersionToPattern(list[i], patternArray, 
+                                                       familyMatch)) {
+                    return true;
+                }
+            }
+  
+            return false;
+        } else {
+            alert('Invalid versionPattern passed to versionCheck: ' + 
+                  versionPattern);
+            return false;
+        }
+    },
+
+
+    /**
+     * Returns true if an installation of Java Web Start of the specified 
+     * minimumVersion can be detected.  minimumVersion is optional, and 
+     * if not specified, '1.4.2' will be used. 
+     * (Versions earlier than 1.4.2 may not be detected.)
+     */
+    isWebStartInstalled: function(minimumVersion) {
+
+        var browser = deployJava.getBrowser();
+        if ((browser == '?') || (browser == 'Safari')) {
+            // we really don't know - better to try to use it than reinstall
+            return true;
+        }
+
+        if (minimumVersion == 'undefined' || minimumVersion == null) {
+            minimumVersion = '1.4.2';
+        }
+
+        var retval = false;
+        var regex = "^(\\d+)(?:\\.(\\d+)(?:\\.(\\d+)(?:_(\\d+))?)?)?$";
+        var matchData = minimumVersion.match(regex);
+
+        if (matchData != null) {
+            retval = deployJava.versionCheck(minimumVersion + '+');
+        } else {
+            if (deployJava.debug) {
+                alert('Invalid minimumVersion argument to isWebStartInstalled(): ' + minimumVersion);
+            }
+            retval = deployJava.versionCheck('1.4.2+');
+        }
+        return retval;
+    },
+  
+  
+    /**
+     * Outputs a launch button for the specified JNLP URL.  When clicked, the 
+     * button will ensure that an appropriate JRE is installed and then launch 
+     * the JNLP application.  minimumVersion is of the form #[.#[.#[_#]]], and 
+     * is the minimum JRE version necessary to run this JNLP application.  
+     * minimumVersion is optional, and if it is not specified, '1.4.2' 
+     * will be used.
+     * If an appropriate JRE or Web Start installation is detected, 
+     * the JNLP application will be launched, otherwise installLatestJRE() 
+     * will be called.
+     *
+     * After installLatestJRE() is called, the script will attempt to detect 
+     * that the JRE installation has completed and launch the JNLP application,
+     * but there are circumstances (such as when the JRE installation 
+     * requires a browser restart) when this cannot be fulfilled.
+     */
+    createWebStartLaunchButton: function(jnlp, minimumVersion) { 
+
+        if (deployJava.returnPage == null) {
+            // if there is an install, come back and run the jnlp file
+            deployJava.returnPage = jnlp;
+        }
+
+        var url = 'javascript:' +
+                  'if (!deployJava.isWebStartInstalled(&quot;' + 
+                      minimumVersion + '&quot;)) {' + 
+                      'if (deployJava.installLatestJRE()) {' + 
+                        'if (deployJava.launch(&quot;' + jnlp + '&quot;)) {}' +
+                      '}' +
+                  '} else {' +
+                      'if (deployJava.launch(&quot;' + jnlp + '&quot;)) {}' +
+                  '}';
+
+        document.write('<' + 'a href="' + url + 
+                       '" onMouseOver="window.status=\'\'; ' +
+                       'return true;"><' + 'img ' +
+                       'src="' + deployJava.launchButtonPNG + '" ' + 
+                       'border="0" /><' + '/' + 'a' + '>');
+    },
+
+
+    /**
+     * Launch a JNLP application, (using the plugin if available)
+     */
+    launch: function(jnlp) {
+        if (deployJava.isPluginInstalled()) {
+            return deployJava.getPlugin().launch(jnlp);
+        } else {
+            document.location=jnlp;
+            return true;
+        }
+    },
+
+    
+    /*
+     * returns true if the ActiveX or XPI plugin is installed
+     */
+    isPluginInstalled: function() {
+        var plugin = deployJava.getPlugin();
+        if (plugin && plugin.jvms) {
+            return true;
+        } else {
+            return false;
+        }
+    },
+    
+    /* 
+     * returns true if the plugin is installed and AutoUpdate is enabled
+     */
+    isAutoUpdateEnabled: function() {
+        if (deployJava.isPluginInstalled()) {
+            return deployJava.getPlugin().isAutoUpdateEnabled();
+        }
+        return false;
+    },
+
+    /* 
+     * sets AutoUpdate on if plugin is installed
+     */
+    setAutoUpdateEnabled: function() { 
+        if (deployJava.isPluginInstalled()) { 
+            return deployJava.getPlugin().setAutoUpdateEnabled(); 
+        }
+        return false;
+    },
+
+    /*
+     * sets the preferred install type : null, online, kernel
+     */
+    setInstallerType: function(type) {
+        deployJava.installType = type;
+        if (deployJava.isPluginInstalled()) {
+            return deployJava.getPlugin().setInstallerType(type);
+        }
+        return false;
+    },
+
+    /*
+     * sets additional package list - to be used by kernel installer
+     */
+    setAdditionalPackages: function(packageList) {
+        if (deployJava.isPluginInstalled()) {
+            return deployJava.getPlugin().setAdditionalPackages(
+                                                     packageList);
+        }
+        return false;
+    },
+
+    /*
+     * sets preference to install Early Access versions if available
+     */
+    setEarlyAccess: function(enabled) {
+        deployJava.EAInstallEnabled = enabled;
+    },
+
+    /*
+     * Determines if the next generation plugin (Plugin II) is default
+     */
+    isPlugin2: function() {
+        if (deployJava.isPluginInstalled()) {
+            try {
+                return deployJava.getPlugin().isPlugin2();
+            } catch (err) {
+                // older plugin w/o isPlugin2() function - just fall through
+            }
+        }
+        return false;
+    },
+       
+
+    getPlugin: function() {
+        deployJava.refresh();
+        var ret = document.getElementById('deployJavaPlugin');
+        return ret;
+    },
+
+    compareVersionToPattern: function(version, patternArray, familyMatch) {
+        var regex = "^(\\d+)(?:\\.(\\d+)(?:\\.(\\d+)(?:_(\\d+))?)?)?$";
+        var matchData = version.match(regex);  
+
+        if (matchData != null) { 
+            var index = 0;
+            var result = new Array();
+
+            for (var i = 1; i < matchData.length; ++i) {
+                if ((typeof matchData[i] == 'string') && (matchData[i] != ''))
+                {
+                    result[index] = matchData[i];
+                    index++;
+                }
+            }
+
+            var l = Math.min(result.length, patternArray.length);
+
+            if (familyMatch) {
+                for (var i = 0; i < l; ++i) {
+                    if (result[i] != patternArray[i]) return false;
+                }
+
+                return true;
+            } else {
+                for (var i = 0; i < l; ++i) {
+                    if (result[i] < patternArray[i]) {
+                        return false;
+                    } else if (result[i] > patternArray[i]) {
+                        return true;
+                    }
+                }
+                
+                return true;
+            }
+        } else {
+            return false;
+        }
+    },
+
+  
+    getBrowser: function() {
+        var browser = navigator.userAgent.toLowerCase();
+    
+        if (deployJava.debug) {
+            alert('userAgent -> ' + browser);
+        }
+    
+        if ((navigator.vendor) && 
+            (navigator.vendor.toLowerCase().indexOf('apple') != -1) &&
+            (browser.indexOf('safari') != -1)) {
+            if (deployJava.debug) {
+                alert('We claim to have detected "Safari".');
+            }
+            return 'Safari';
+        } else if (browser.indexOf('msie') != -1) {
+            if (deployJava.debug) {
+                alert('We claim to have detected "IE".');
+            }
+            return 'MSIE';
+        } else if ((browser.indexOf('mozilla') != -1) || 
+                   (browser.indexOf('firefox') != -1)) {
+            if (deployJava.debug) {
+                alert('We claim to have detected a Netscape family browser.');
+            }
+            return 'Netscape Family';
+        } else {
+            if (deployJava.debug) {
+                alert('We claim to have failed to detect a browser.');
+            }
+            return '?';
+        }
+    },
+    
+    
+    testUsingActiveX: function(version) {
+        var objectName = 'JavaWebStart.isInstalled.' + version + '.0';
+    
+        if (!ActiveXObject) {
+            if (deployJava.debug) {
+              alert ('Browser claims to be IE, but no ActiveXObject object?');
+            }
+            return false;
+        }
+    
+        try {
+            return (new ActiveXObject(objectName) != null);
+        } catch (exception) {
+            return false;
+        }
+    },
+    
+
+    testForMSVM: function() {
+        var clsid = '{08B0E5C0-4FCB-11CF-AAA5-00401C608500}';
+
+        if (typeof oClientCaps != 'undefined') {
+            var v = oClientCaps.getComponentVersion(clsid, "ComponentID");
+            if ((v == '') || (v == '5,0,5000,0')) {
+                return false;
+            } else {
+                return true;
+            } 
+        } else {
+            return false;
+        }
+    },
+
+    
+    testUsingMimeTypes: function(version) {
+        if (!navigator.mimeTypes) {
+            if (deployJava.debug) {
+                alert ('Browser claims to be Netscape family, but no mimeTypes[] array?');
+            }
+            return false;
+        }
+    
+        for (var i = 0; i < navigator.mimeTypes.length; ++i) {
+            s = navigator.mimeTypes[i].type;
+            var m = s.match(/^application\/x-java-applet\x3Bversion=(1\.8|1\.7|1\.6|1\.5|1\.4\.2)$/);
+            if (m != null) {
+                if (deployJava.compareVersions(m[1], version)) {
+                    return true;   
+                }
+            }
+        }
+        return false;
+    },
+    
+    
+    testUsingPluginsArray: function(version) {
+        if ((!navigator.plugins) || (!navigator.plugins.length)) {
+            if (deployJava.debug) {
+                alert ('Browser claims to be Safari, but no plugins[] array?');
+            }
+            return false;
+        }
+
+        for (var i = 0; i < navigator.plugins.length; ++i) {
+            s = navigator.plugins[i].description;
+    
+            if (s.search(/^Java Switchable Plug-in/) != -1) {
+                return true;
+            }
+    
+            m = s.match(/^Java (1\.4\.2|1\.5|1\.6|1\.7).* Plug-in/);
+            if (m != null) {
+                if (deployJava.compareVersions(m[1], version)) return true; 
+            }
+        }
+        return false;
+    },
+    
+    IEInstall: function() {
+    
+        location.href = deployJava.getJavaURL + 
+            ((deployJava.returnPage != null) ?
+            ('&returnPage=' + deployJava.returnPage) : '') +
+            ((deployJava.locale != null) ?
+            ('&locale=' + deployJava.locale) : '') +
+            ((deployJava.brand != null) ? ('&brand=' + deployJava.brand) : '') +
+            ((deployJava.installType != null) ? 
+             ('&type=' + deployJava.installType) : '');
+
+         // should not actually get here
+         return false;
+    },
+    
+    done: function (name, result) {
+    },
+    
+    FFInstall: function() {
+
+        location.href = deployJava.getJavaURL + 
+            ((deployJava.returnPage != null) ?
+            ('&returnPage=' + deployJava.returnPage) : '') +
+            ((deployJava.locale != null) ?
+            ('&locale=' + deployJava.locale) : '') +
+            ((deployJava.brand != null) ? ('&brand=' + deployJava.brand) : '') +
+            ((deployJava.installType != null) ? 
+                ('&type=' + deployJava.installType) : '');
+
+         // should not actually get here
+         return false;
+    },
+
+    // return true if 'installed' (considered as a JRE version string) is
+    // greater than or equal to 'required' (again, a JRE version string).
+    compareVersions: function(installed, required) {
+
+        var a = installed.split('.');
+        var b = required.split('.');
+    
+        for (var i = 0; i < a.length; ++i) {
+            a[i] = Number(a[i]);
+        }
+        for (var i = 0; i < b.length; ++i) {
+            b[i] = Number(b[i]);
+        }
+        if (a.length == 2) {
+            a[2] = 0;      
+        }
+    
+        if (a[0] > b[0]) return true;
+        if (a[0] < b[0]) return false;
+    
+        if (a[1] > b[1]) return true;
+        if (a[1] < b[1]) return false;
+    
+        if (a[2] > b[2]) return true;
+        if (a[2] < b[2]) return false;
+    
+        return true;
+    },
+    
+    
+    enableAlerts: function() {
+        deployJava.debug = true;
+    },
+
+    poll: function() {
+
+        deployJava.refresh();
+        var postInstallJREList = deployJava.getJREs();           
+
+        if ((deployJava.preInstallJREList.length == 0) && 
+            (postInstallJREList.length != 0)) {
+            clearInterval(deployJava.myInterval);
+            if (deployJava.returnPage != null) {
+                location.href = deployJava.returnPage;
+            };
+        }
+
+        if ((deployJava.preInstallJREList.length != 0) && 
+            (postInstallJREList.length != 0) &&
+            (deployJava.preInstallJREList[0] != postInstallJREList[0])) {
+            clearInterval(deployJava.myInterval);
+            if (deployJava.returnPage != null) {
+                location.href = deployJava.returnPage;
+            }
+        }
+
+    },
+    
+    writePluginTag: function() {
+        var browser = deployJava.getBrowser();
+        if (browser == 'MSIE') {
+            document.write('<' + 
+                'object classid="clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA" ' +
+                'id="deployJavaPlugin" width="0" height="0">' +
+                '<' + '/' + 'object' + '>');
+        } else if (browser == 'Netscape Family') {
+            if (navigator.mimeTypes != null) for (var i=0; 
+                    i < navigator.mimeTypes.length; i++) {
+                if (navigator.mimeTypes[i].type == deployJava.mimeType) {
+                    if (navigator.mimeTypes[i].enabledPlugin) {
+                        document.write('<' + 
+                            'embed id="deployJavaPlugin" type="' + 
+                            deployJava.mimeType + '" hidden="true" />');
+                    }
+                }
+           }
+        }
+    },
+
+    refresh: function() {
+        navigator.plugins.refresh(false);
+
+        var browser = deployJava.getBrowser();
+        if (browser == 'Netscape Family') {
+            var plugin = document.getElementById('deployJavaPlugin');
+            // only do this again if no plugin
+            if (plugin == null) {
+                if (navigator.mimeTypes != null) for (var i=0;
+                    i < navigator.mimeTypes.length; i++) {
+                    if (navigator.mimeTypes[i].type == deployJava.mimeType) {
+                        if (navigator.mimeTypes[i].enabledPlugin) {
+                            document.write('<' +
+                                'embed id="deployJavaPlugin" type="' +
+                                deployJava.mimeType + '" hidden="true" />');
+                        }
+                    }
+               }
+            }
+        }
+    },
+
+    do_initialize: function() {
+        deployJava.writePluginTag();
+        if (deployJava.locale == null) {
+            var loc = null;
+
+            if (loc == null) try {
+                loc = navigator.userLanguage;
+            } catch (err) { }
+
+            if (loc == null) try {
+                loc = navigator.systemLanguage;
+            } catch (err) { }
+    
+            if (loc == null) try {
+                loc = navigator.language;
+            } catch (err) { }
+    
+            if (loc != null) {
+                loc.replace("-","_")
+                deployJava.locale = loc;
+            }
+        }
+    }
+      
+};
+deployJava.do_initialize();
+
diff --git a/id/server/auth/src/main/webapp/template_handyBKU.html b/id/server/auth/src/main/webapp/template_handyBKU.html
new file mode 100644
index 000000000..a89377153
--- /dev/null
+++ b/id/server/auth/src/main/webapp/template_handyBKU.html
@@ -0,0 +1,37 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html lang="de">
+	<head>
+		<title></title>
+		<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+		<script language="javascript" type="text/javascript">
+			function onAnmeldeSubmit() {
+				document.CustomizedForm.submit();
+				document.CustomizedForm.Senden.disabled=true;
+			}
+		</script>
+	</head>
+	<body onLoad="onAnmeldeSubmit()">
+		<form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
+			<input class="button" type="hidden" value="Starte Authentisierung" name="Senden">
+			<input type="hidden" name="XMLRequest" value="<XMLRequest>">
+			<input type="hidden" name="DataURL" value="<DataURL>">
+			<input type="hidden" name="PushInfobox" value="<PushInfobox>">
+			
+			<!-- Angabe der Parameter für die Handy-BKU -->
+			<input type="hidden" name="appletWidth" value="210">
+			<input type="hidden" name="appletHeight" value="149">
+			
+			<!-- [OPTIONAL] Aendern Sie hier die Hintergrundfarbe der Handy-BKU -->
+			<input type="hidden" name="backgroundColor" value="#FFBBCB "> 
+            
+			<input type="hidden" name="redirecttarget" value="_parent">
+		</form>
+
+		<form name="CustomizedInfoForm" action="<BKU>" method="post">
+			<input type="hidden" name="XMLRequest" value="<CertInfoXMLRequest>">
+			<input type="hidden" name="DataURL" value="<CertInfoDataURL>">
+		</form>
+		<form name="DummyForm" action="<BKU>" method="post">
+		</form>
+	</body>
+</html>
\ No newline at end of file
diff --git a/id/server/auth/src/main/webapp/template_localBKU.html b/id/server/auth/src/main/webapp/template_localBKU.html
new file mode 100644
index 000000000..e07ba5d52
--- /dev/null
+++ b/id/server/auth/src/main/webapp/template_localBKU.html
@@ -0,0 +1,29 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html lang="de">
+	<head>
+		<title></title>
+		<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+		<script language="javascript" type="text/javascript">
+			function onAnmeldeSubmit() {
+				document.CustomizedForm.submit();
+				document.CustomizedForm.Senden.disabled=true;
+			}
+		</script>
+	</head>
+	<body onLoad="onAnmeldeSubmit()">
+		<form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
+			<input class="button" type="submit" value="Starte Authentisierung" name="Senden">
+			<input type="hidden" name="XMLRequest" value="<XMLRequest>">
+			<input type="hidden" name="DataURL" value="<DataURL>">
+			<input type="hidden" name="PushInfobox" value="<PushInfobox>">
+		</form>
+		
+		<form name="CustomizedInfoForm" action="<BKU>" method="post">
+			<input type="hidden" name="XMLRequest" value="<CertInfoXMLRequest>">
+			<input type="hidden" name="DataURL" value="<CertInfoDataURL>">
+		</form>
+		
+		<form name="DummyForm" action="<BKU>" method="post">
+		</form>
+	</body>
+</html>
diff --git a/id/server/auth/src/main/webapp/template_onlineBKU.html b/id/server/auth/src/main/webapp/template_onlineBKU.html
new file mode 100644
index 000000000..f4dda9830
--- /dev/null
+++ b/id/server/auth/src/main/webapp/template_onlineBKU.html
@@ -0,0 +1,35 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html lang="de">
+	<head>
+		<title></title>
+		<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+		<script language="javascript" type="text/javascript">
+			function onAnmeldeSubmit() {
+				document.CustomizedForm.submit();
+				document.CustomizedForm.Senden.disabled=true;
+			}
+		</script>
+	</head>
+	<body onLoad="onAnmeldeSubmit()">
+		<form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
+			<input class="button" type="hidden" value="Starte Authentisierung" name="Senden">
+			<input type="hidden" name="XMLRequest" value="<XMLRequest>">
+			<input type="hidden" name="DataURL" value="<DataURL>">
+			<input type="hidden" name="PushInfobox" value="<PushInfobox>">
+		
+			<!-- Angabe der Parameter fuer die Online-BKU -->
+			<input type="hidden" name="appletWidth" value="210">
+			<input type="hidden" name="appletHeight" value="130">
+			
+			<!-- [OPTIONAL] Aendern Sie hier die Hintergrundfarbe der Online-BKU -->
+	      <input type="hidden" name="appletBackgroundColor" value="#FFBBCB">
+		</form>
+		
+		<form name="CustomizedInfoForm" action="<BKU>" method="post">
+			<input type="hidden" name="XMLRequest" value="<CertInfoXMLRequest>">
+			<input type="hidden" name="DataURL" value="<CertInfoDataURL>">
+		</form>
+		<form name="DummyForm" action="<BKU>" method="post">
+		</form>
+	</body>
+</html>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index 7c2ca5b67..82d9beb2c 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -97,6 +97,9 @@
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
+				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungszertifikat. Wenn ihr MOA-ID Zertifikat -->
+				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
 		</ForeignIdentities>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index fb5a0b344..10e767b50 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -97,6 +97,9 @@
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
+				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungszertifikat. Wenn ihr MOA-ID Zertifikat -->
+				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
 		</ForeignIdentities>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 519b83f60..0225a89bf 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -103,6 +103,9 @@
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
+				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungszertifikat. Wenn ihr MOA-ID Zertifikat -->
+				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
 		</ForeignIdentities>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index 03065a4da..98cf0672b 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -103,6 +103,9 @@
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
+				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungszertifikat. Wenn ihr MOA-ID Zertifikat -->
+				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
 		</ForeignIdentities>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index af308e454..425e9cf12 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -95,6 +95,9 @@
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
+				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungszertifikat. Wenn ihr MOA-ID Zertifikat -->
+				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
 		</ForeignIdentities>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index 11ee6846c..3191fbab5 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -95,6 +95,9 @@
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
+				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungszertifikat. Wenn ihr MOA-ID Zertifikat -->
+				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
 		</ForeignIdentities>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index cfe35071f..17112a15f 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -101,6 +101,9 @@
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
+				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungszertifikat. Wenn ihr MOA-ID Zertifikat -->
+				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
 		</ForeignIdentities>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index e6b012d42..75bb3b31e 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -101,6 +101,9 @@
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
+				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungszertifikat. Wenn ihr MOA-ID Zertifikat -->
+				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
 		</ForeignIdentities>
-- 
cgit v1.2.3


From cdb1aad3506a86932d210042c278ab83bfe857ff Mon Sep 17 00:00:00 2001
From: kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Tue, 13 Jul 2010 14:44:11 +0000
Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1171
 d688527b-c9ab-4aba-bd8d-4036d912da1d

---
 id/history.txt                                     |   4 ++
 id/readme_1.4.7.txt                                |  64 ++++++++++++++++++++-
 .../conf/moa-id/SampleMOAIDConfiguration.xml       |   2 +-
 .../conf/moa-id/SampleMOAIDConfigurationProxy.xml  |   2 +-
 .../SampleMOAIDConfiguration_withTestBKs.xml       |   2 +-
 .../SampleMOAIDConfiguration_withTestBKsProxy.xml  |   2 +-
 .../conf/moa-id/SampleMOAWIDConfiguration.xml      |   2 +-
 .../conf/moa-id/SampleMOAWIDConfigurationProxy.xml |   2 +-
 .../SampleMOAWIDConfiguration_withTestBKs.xml      |   2 +-
 .../SampleMOAWIDConfiguration_withTestBKsProxy.xml |   2 +-
 id/server/data/deploy/demo/demoseite.zip           | Bin 225100 -> 0 bytes
 id/server/doc/moa_id/id-admin_1.htm                |  19 ++++--
 id/server/doc/moa_id/id-admin_2.htm                |  26 ++++-----
 id/server/doc/moa_id/moa.htm                       |  10 +++-
 spss/server/history.txt                            |   4 +-
 15 files changed, 108 insertions(+), 35 deletions(-)
 delete mode 100644 id/server/data/deploy/demo/demoseite.zip

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/history.txt b/id/history.txt
index 00faecd7d..92b4dce01 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -5,7 +5,11 @@ History MOA-ID:
 =====
 Version MOA-ID 1.4.7: Änderungen seit Version MOA-ID 1.4.6:
 
+- Anbindung an Stammzahlenregister-Gateway um ausländische Bürger zu integrieren (ERnP-Eintragung 
+  gemäß)
+- Neuer AUTH-Block mit neuen Transformationen
 - Fixed Bug #485 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
+- Fixed Bug #540 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=540&group_id=6&atid=105)
 - IAIK Libraries aktualisiert:
 	iaik-moa:           Version 1.27
 
diff --git a/id/readme_1.4.7.txt b/id/readme_1.4.7.txt
index 5ce6ad552..5059c92a5 100644
--- a/id/readme_1.4.7.txt
+++ b/id/readme_1.4.7.txt
@@ -10,7 +10,11 @@ Mit MOA ID Version 1.4.7 wurden folgende Neuerungen eingef
 erstmals in der Veröffentlichung enthalten sind (siehe auch history.txt im 
 gleichen Verzeichnis):
 
+- Anbindung an Stammzahlenregister-Gateway um ausländische Bürger zu integrieren (ERnP-Eintragung 
+  gemäß)
+- Neuer AUTH-Block mit neuen Transformationen
 - Fixed Bug #485 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
+- Fixed Bug #540 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=540&group_id=6&atid=105)
 - IAIK Libraries aktualisiert:
 	iaik-moa:           Version 1.27
 
@@ -54,7 +58,65 @@ B.1 Durchf
    Kopieren Sie die Datei MOA_ID_PROXY_INST/moa-id-proxy.war nach
    CATALINA_HOME_ID/webapps.
    
-5. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ 5. Kopieren Sie die zwei Dateien aus dem Verzeichnis  
+   MOA_ID_AUTH_INST/conf/moa-id/transforms in das Verzeichnis transforms Ihres
+   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
+   davon ausgegangen).
+   Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
+      * Im Element MOA-IDConfiguration/AuthComponent/SecurityLayer fügen sie eine 
+        der folgende Zeilen	ein:
+      	<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+		<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+      	je nachdem ob sie einen englischen oder deutschen Text zur Anzeige beim
+      	Bürger wünschen.
+      	Alle weiteren TransformsInfo Elemente löschen Sie bitte.
+      * Im Element AuthComponent/MOA-SP/VerifyAuthBlock fügend Sie folgende Zeilen
+        ein:
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+		<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+      
+6. Kopieren Sie die zwei Dateien aus dem Verzeichnis 
+   MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
+   Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_SPSS/conf/moa-spss, wobei 
+   CATALINA_HOME_SPSS für das Basisverzeichnis der Tomcat-Installation 
+   für MOA SPSS steht; wenn Sie MOA SPSS nicht als eigenes Webservice 
+   betreiben, sondern es von MOA ID über die API-Schnittstelle angesprochen
+   wird, lautet dieses Stammverzeichnis für gewöhnlich
+   CATALINA_HOME_ID/conf/moa-spss.
+   Weiters editieren Sie ihre MOA SPSS Konfiguration wie folgt:
+      * Im Element MOAConfiguration/SignatureVerification fügen sie eine der folgende Zeilen 
+      	ein:
+      	<cfg:VerifyTransformsInfoProfile>
+			<cfg:Id>MOAIDTransformAuthBlockTable_DE</cfg:Id>
+			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE.xml</cfg:Location>
+		</cfg:VerifyTransformsInfoProfile>
+		<cfg:VerifyTransformsInfoProfile>
+			<cfg:Id>MOAIDTransformAuthBlockTable_EN</cfg:Id>
+			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_EN.xml</cfg:Location>
+		</cfg:VerifyTransformsInfoProfile>
+   
+7. Kopieren Sie die drei Dateien aus dem Verzeichnis  
+   MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs in das Verzeichnis certs/ca-certs Ihres
+   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
+   davon ausgegangen).
+   Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
+   	 * Im Element MOA-IDConfiguration/AuthComponent fügend Sie als letztes Kind-Element 
+   	   folgende Zeilen ein:   	 
+   	 <ForeignIdentities>
+	   <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+         <ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+	   </ConnectionParameter>
+     </ForeignIdentities>
+       
+       Anmerkung: Im ClientKeyStore Element geben Sie den Client Keystore für den Zugriff auf das 
+       Stammzahlenregister-Gateway an. Voraussetzung ist ein A-Trust Zertifikat mit 
+       Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie 
+       dieses hier angeben. 
+
+8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
    Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
 
 ...............................................................................
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index 82d9beb2c..8c5cf90d3 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -98,7 +98,7 @@
 		<ForeignIdentities>
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
-				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungszertifikat. Wenn ihr MOA-ID Zertifikat -->
+				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
 				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index 10e767b50..a04adaf51 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -98,7 +98,7 @@
 		<ForeignIdentities>
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
-				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungszertifikat. Wenn ihr MOA-ID Zertifikat -->
+				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
 				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 0225a89bf..1a7005eee 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -104,7 +104,7 @@
 		<ForeignIdentities>
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
-				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungszertifikat. Wenn ihr MOA-ID Zertifikat -->
+				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
 				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index 98cf0672b..2070c52a6 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -104,7 +104,7 @@
 		<ForeignIdentities>
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
-				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungszertifikat. Wenn ihr MOA-ID Zertifikat -->
+				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
 				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index 425e9cf12..79fb7cba1 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -96,7 +96,7 @@
 		<ForeignIdentities>
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
-				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungszertifikat. Wenn ihr MOA-ID Zertifikat -->
+				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
 				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index 3191fbab5..af92e8b67 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -96,7 +96,7 @@
 		<ForeignIdentities>
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
-				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungszertifikat. Wenn ihr MOA-ID Zertifikat -->
+				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
 				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index 17112a15f..ed2cdd07c 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -102,7 +102,7 @@
 		<ForeignIdentities>
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
-				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungszertifikat. Wenn ihr MOA-ID Zertifikat -->
+				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
 				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 75bb3b31e..f7ed53249 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -102,7 +102,7 @@
 		<ForeignIdentities>
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
-				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungszertifikat. Wenn ihr MOA-ID Zertifikat -->
+				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
 				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
diff --git a/id/server/data/deploy/demo/demoseite.zip b/id/server/data/deploy/demo/demoseite.zip
deleted file mode 100644
index 1bf3ce84a..000000000
Binary files a/id/server/data/deploy/demo/demoseite.zip and /dev/null differ
diff --git a/id/server/doc/moa_id/id-admin_1.htm b/id/server/doc/moa_id/id-admin_1.htm
index 3e320d850..6a3eddc90 100644
--- a/id/server/doc/moa_id/id-admin_1.htm
+++ b/id/server/doc/moa_id/id-admin_1.htm
@@ -406,14 +406,21 @@ zur Verf&uuml;gung. Der WebService ist unter
 <pre>
 http(s)://host:port/moa-id-auth/services/GetAuthenticationData
 </pre>
-erreichbar. Die Verf&uuml;gbarkeit der Anwendung kann &uuml;berpr&uuml;ft werden, indem die URLs mit einem Web-Browser aufgerufen werden.<br />
+<p>erreichbar. Die Verf&uuml;gbarkeit der Anwendung kann &uuml;berpr&uuml;ft werden, indem die URLs mit einem Web-Browser aufgerufen werden.</p>
+<p><strong>Musterseite</strong><br />
+Nach dem erfolgreichen Starten von Tomcat steht eine Musterseite unter der URL</p>
+<pre>
+http(s)://host:port/moa-id-auth/index.html</pre>
+<p>zur Verf&uuml;gung. Diese Musterseite bietet eine integrierte Darstellung der B&uuml;rgerkartenauswahl bei MOA-ID. Die Musterseite stellt dabei beispielhaft dar, wie eine B&uuml;rgerkartenauswahl m&ouml;glichst nahtlos in MOA-ID integriert werde kann. Sie umfa&szlig;t dabei vorkonfigurierte Loginm&ouml;glichkeiten mittels Online-BKU, lokaler BKU und Handy-BKU. <em>Anmerkung</em>: Um sich &uuml;ber die Musterseite einloggen zu k&ouml;nnen, m&uuml;ssen noch die Parameter f&uuml;r den MOA-ID Aufruf angegeben werden - siehe Dokumentation der Musterseite, die &uuml;ber die Musterseite verlinkt ist bzw. &uuml;ber folgende URL abgerufen werden kann</p>
+<p> http(s)://host:port/moa-id-auth/BKAuswahl-Musterseiten-Howto.pdf </p>
+<p><b>Dynamische Konfigurations-Updates</b><br />
+  Dynamische Konfigurations-Updates k&ouml;nnen f&uuml;r MOA-ID-AUTH durch den Aufruf der URL http://hostname:port/moa-id-auth/ConfigurationUpdate (z.B. durch Eingabe in einem Browser) durchgef&uuml;hrt werden. Analog wird die Konfiguration von MOA-ID-PROXY mittels http://hostname:port/ConfigurationUpdate aktualisiert.<br />
+  <br />
+  <b>Hinweis: </b>Konfigurations&auml;nderungen f&uuml;r die Online-Applikationen betreffen grunds&auml;tzlich sowohl die Auth- als auch die Proxy-Komponente.
+Wenn bspw. das <tt>publicURLPrefix</tt> der OA ge&auml;ndert wird, muss sowohl f&uuml;r die Auth- als auch f&uuml;r die Proxy-Komponente ein ConfigurationUpdate durchgef&uuml;hrt werden. <br /> 
 <br />
-<div id="ConfigUpdate" />
-<b>Dynamische Konfigurations-Updates</b><br />
-Dynamische Konfigurations-Updates k&ouml;nnen f&uuml;r MOA-ID-AUTH durch den Aufruf der URL http://hostname:port/moa-id-auth/ConfigurationUpdate (z.B. durch Eingabe in einem Browser) durchgef&uuml;hrt werden. Analog wird die Konfiguration von MOA-ID-PROXY mittels http://hostname:port/ConfigurationUpdate aktualisiert.<br /><br />
-<b>Hinweis: </b>Konfigurations&auml;nderungen f&uuml;r die Online-Applikationen betreffen grunds&auml;tzlich sowohl die Auth- als auch die Proxy-Komponente.
-Wenn bspw. das <tt>publicURLPrefix</tt> der OA ge&auml;ndert wird, muss sowohl f&uuml;r die Auth- als auch f&uuml;r die Proxy-Komponente ein ConfigurationUpdate durchgef&uuml;hrt werden. <br /> <br />
 Konnte MOA-ID-AUTH bzw. MOA-ID-PROXY nicht ordnungsgem&auml;&szlig; konfiguriert und gestartet werden, geht das aus der Log-Meldung hervor: <br />
+</p>
 <pre>
 FATAL | 03 13:19:06,924 | main | Fehler
 	beim Starten des Service MOA ID Authentisierung
diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm
index 76df09e54..73569b39d 100644
--- a/id/server/doc/moa_id/id-admin_2.htm
+++ b/id/server/doc/moa_id/id-admin_2.htm
@@ -178,15 +178,16 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                 und muss nicht verwendet werden, wenn auf dem Server keine MOA-ID
                 Authentisierungskomponente installiert wird. <br />
                 <br />
-                Das Element <tt>AuthComponent</tt> hat f&uuml;nf Kind-Elemente:
+                Das Element <tt>AuthComponent</tt> hat sechs Kind-Elemente:
               <ul>
                 <li><tt>BKUSelection</tt> (optional)</li>
                 <li><tt>SecurityLayer</tt></li>
                 <li><tt>MOA-SP</tt></li>
                 <li><tt>IdentityLinkSigners</tt></li>
                 <li><tt>VerifyInfoboxes</tt> (optional ab Version 1.4)</li>
+                <li><tt>ForeignIdentities</tt></li>
               </ul>
-              <p></p>
+      <p></p>
               <div id="BKUSelection" />
                 <p id="block"> <b>AuthComponent/BKUSelection</b> <br />
                   Das optionale Element <tt>BKUSelection</tt> enth&auml;lt Parameter
@@ -528,13 +529,8 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                       <br />
                   </p>
                     <p><b>AuthComponent/ForeignIdentities</b> <br />
-Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;ndischen Karten. Hierf&uuml;r ist ein Stammzahlenregister-Gateway n&ouml;tig, dass einen entsprechenden Zugang zum Stammzahlenregister bereitstellt. Es ist hierzu ein ensprechenden <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> zu definieren, der die Zugangsdaten zum Gateway bereith&auml;lt (siehe <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>).<br />
-                      </p>
-      </p>
-                
-
-                      <div id="ProxyComponent" />
-                        <p id="block"> <b>ProxyComponent</b> <br />
+Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;ndischen Karten. Hierf&uuml;r ist ein Stammzahlenregister-Gateway n&ouml;tig, dass einen entsprechenden Zugang zum Stammzahlenregister bereitstellt. Es ist hierzu ein ensprechenden <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> zu definieren, der die Zugangsdaten zum Gateway bereith&auml;lt (siehe <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>). In der Default-Konfiguration ist der Zugang zum Stammzahlenregister-Gateway bereits aktiviert. Es muss nur noch das Client-Zertifikat f&uuml;r die SSL-Verbinung zum Gateway angegeben werden. Voraussetzung daf&uuml;r ist ein Zertifikat von A-Trust mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erf&uuml;llt, k&ouml;nnen Sie dieses hier angeben.<br /></p>
+<p id="block"> <b>ProxyComponent</b> <br />
                           <tt>ProxyComponent</tt> enth&auml;lt Parameter, die
                           nur die MOA-ID Proxykomponente betreffen. Das Element
                           ist optional und muss nicht verwendet werden, wenn auf
@@ -580,17 +576,15 @@ Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;nd
                             von der MOA-ID Proxykomponente durch den URL-Pr&auml;fix
                             der wirklichen Dom&auml;ne (Attribut <tt>OnlineApplication/ProxyComponent/ConnectionParameter/@URL</tt>)
                             ersetzt wird. Es dient als Schl&uuml;ssel zum Auffinden
-                            der Konfigurationsparameter zur Online-Applikation.
-                          </p>
-                          <p id="block">Das Attribut <tt>OnlineApplication/@keyBoxIdentifier</tt>
-                            gibt das Schl&uuml;sselpaar an, welches von der B&uuml;rgerkartenumgebung
+                            der Konfigurationsparameter zur Online-Applikation.                          </p>
+                          <p>Mit dem Attribut <tt>OnlineApplication/@friendlyName</tt> kann eine benutzerfreundlicher Name f&uuml;r die Online-Applikation angegeben werden. Dieser Name scheint beim Login des Benutzer auf.</p>
+                          <p>Das Attribut <tt>OnlineApplication/@keyBoxIdentifier</tt> gibt das Schl&uuml;sselpaar an, welches von der B&uuml;rgerkartenumgebung
                             zum Signieren des Auth Blocks verwendet wird. M&ouml;gliche
                             Werte: <tt>CertifiedKeypair </tt>sowie<tt> SecureSignatureKeypair.<br>
                             </tt><br />
                             Das Element <tt>OnlineApplication</tt> hat optional
-                            zwei Kind-Elemente: <tt>AuthComponent</tt> und <tt>ProxyComponent</tt>.
-                          </p>
-                          <div id="OnlineApplication/AuthComponent" />
+                            zwei Kind-Elemente: <tt>AuthComponent</tt> und <tt>ProxyComponent</tt>.                          </p>
+<div id="OnlineApplication/AuthComponent" />
                             <p id="block"> <b>OnlineApplication/AuthComponent</b>
                               <br />
                               Das Element <tt>OnlineApplication/AuthComponent</tt>
diff --git a/id/server/doc/moa_id/moa.htm b/id/server/doc/moa_id/moa.htm
index d899dd94c..bf5d3611d 100644
--- a/id/server/doc/moa_id/moa.htm
+++ b/id/server/doc/moa_id/moa.htm
@@ -114,7 +114,7 @@ Diese beiden Komponenten k&ouml;nnen auf unterschiedlichen Rechnern
 oder auf dem gleichen Rechner eingesetzt werden.
 <br /><br />
 Die Funktionalit&auml;t und der Aufbau der Schnittstelle zu MOA-ID ist in der
-<a href="../MOA_ID_1.4_20070306.pdf" target="_new">Spezifikation</a> detailliert beschrieben.
+<a href="../MOA_ID_1.4_20070306.pdf" target="_new">Spezifikation</a> bzw. im <a href="../MOA_ID_1.4_Anhang.pdf" target="_new">Anhang zur Spezifikation</a> detailliert beschrieben.
 <br />
 <br />
 F&uuml;r den Betrieb von MOA-ID ist der Einsatz von MOA-Signaturpr&uuml;fung (MOA-SP) erforderlich.
@@ -227,9 +227,13 @@ an den Benutzer weitergeleitet und die Anfragen des Benutzers an die OA weiterge
 
 
 </table>
-
-
+<div id="subtitel">Erg&auml;nzung f&uuml;r ausl&auml;ndische B&uuml;rger</div>
+<div id="block">
+  <p>Ab der MOA Release 1.4.7 ist es m&ouml;glich, dass sich auch ausl&auml;ndische B&uuml;rger mittels MOA-ID einloggen k&ouml;nnen. Hierzu wird eine Verbindung zu einem sogenannten Stammzahlenregister-Gateway aufgebaut, dass basierend auf den Zertifikatsdaten des ausl&auml;ndischen B&uuml;rgers eine Eintragung im Erg&auml;nzungsregister f&uuml;r nat&uuml;rliche Personen gem&auml;&szlig; E-Government Gesetz &sect;6(5) vornimmt. Somit ist es m&ouml;glich, dass eine Personenbindung ausgestellt werden kann, die in weitere Folge an MOA-ID weitergeleitet wird. </p>
+  <p>Der Zugang zu diesem Stammzahlenregister-Gateways ist &uuml;ber eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firma A-Trust, die mit der Verwaltungseigenschaft versehene sind, akzeptiert. </p>
+  </div>
 </td></tr></table>
+
 <br /><br />
 
 <!-- Trailer -->
diff --git a/spss/server/history.txt b/spss/server/history.txt
index 9e838b525..d6249e8cd 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -2,7 +2,9 @@
 1.4.7
 ##############
 
-- 
+- Update Konfiguration:
+	Im Element ServiceOrder unter dem Element RevocationChecking kann nur auch nur ein
+	Service eingetragen werden (bspw. nur CRL)
 - IAIK Libraries aktualisiert:
 	iaik-moa:           Version 1.27
 ##############
-- 
cgit v1.2.3


From ecc31875b8eb4ffa5b44c4f4ef9b863daa22a682 Mon Sep 17 00:00:00 2001
From: kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Tue, 27 Jul 2010 09:37:22 +0000
Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1175
 d688527b-c9ab-4aba-bd8d-4036d912da1d

---
 id/readme_1.4.7.txt                                | 926 +++++++++++++--------
 id/server/auth/src/main/webapp/css/index.css       |   4 +-
 .../auth/src/main/webapp/template_handyBKU.html    |   2 +-
 .../auth/src/main/webapp/template_onlineBKU.html   |   2 +-
 .../transforms/TransformsInfoAuthBlockTable_DE.xml | 161 ----
 .../TransformsInfoAuthBlockTable_DE.xml.old        | 161 ++++
 .../transforms/TransformsInfoAuthBlockTable_EN.xml | 161 ----
 .../TransformsInfoAuthBlockTable_EN.xml.old        | 161 ++++
 .../profiles/MOAIDTransformAuthBlockTable_DE.xml   | 159 ----
 .../MOAIDTransformAuthBlockTable_DE.xml.old        | 159 ++++
 .../profiles/MOAIDTransformAuthBlockTable_EN.xml   | 159 ----
 .../MOAIDTransformAuthBlockTable_EN.xml.old        | 159 ++++
 ...-20180425.SerNoe694(SecureSignatureKeypair).cer | Bin 0 -> 975 bytes
 ...\207\303\20403e694(SecureSignatureKeypair).cer" | Bin 975 -> 0 bytes
 ...-20180425.SerNoe694(SecureSignatureKeypair).cer | Bin 0 -> 975 bytes
 ...\207\303\20403e694(SecureSignatureKeypair).cer" | Bin 975 -> 0 bytes
 id/server/doc/MOA_ID_1.4_Anhang.pdf                | Bin 0 -> 286834 bytes
 id/server/doc/moa_id/id-admin_1.htm                |   2 +-
 id/server/doc/moa_id/id-admin_2.htm                |   3 +-
 id/server/doc/moa_id/moa.htm                       |   2 +-
 .../builder/CreateXMLSignatureRequestBuilder.java  |  34 +-
 spss/server/history.txt                            |   2 +-
 22 files changed, 1229 insertions(+), 1028 deletions(-)
 delete mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml.old
 delete mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml.old
 delete mode 100644 id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
 create mode 100644 id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml.old
 delete mode 100644 id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
 create mode 100644 id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml.old
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
 delete mode 100644 "id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer"
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
 delete mode 100644 "id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer"
 create mode 100644 id/server/doc/MOA_ID_1.4_Anhang.pdf

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/readme_1.4.7.txt b/id/readme_1.4.7.txt
index 994c17a7f..3f04b9e3c 100644
--- a/id/readme_1.4.7.txt
+++ b/id/readme_1.4.7.txt
@@ -1,366 +1,560 @@
-===============================================================================
-MOA ID Version 1.4.7 - Wichtige Informationen zur Installation
-===============================================================================
-
--------------------------------------------------------------------------------
-A. Neuerungen/Änderungen
--------------------------------------------------------------------------------
-
-Mit MOA ID Version 1.4.7 wurden folgende Neuerungen eingeführt, die jetzt 
-erstmals in der Veröffentlichung enthalten sind (siehe auch history.txt im 
-gleichen Verzeichnis):
-
-- Anbindung an Stammzahlenregister-Gateway um ausländische Bürger zu integrieren (ERnP-Eintragung 
-  gemäß E-Government Gesetz §6(5))
-- Neuer AUTH-Block mit neuen Transformationen
-- Fixed Bug #485 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
-- Fixed Bug #540 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=540&group_id=6&atid=105)
-- IAIK Libraries aktualisiert:
-	iaik-moa:           Version 1.27
-
--------------------------------------------------------------------------------
-B. Durchführung eines Updates
--------------------------------------------------------------------------------
-
-Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch
-eine Aktualisierung bestehender Installationen möglich.
-
-...............................................................................
-B.1 Durchführung eines Updates von Version 1.4.5 oder 1.4.6
-...............................................................................
-
-1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
-   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
-
-2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.7.zip) in
-   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
-   bezeichnet.
-   Für MOA ID Proxy:
-   Entpacken Sie die Distribution von MOA ID Proxy (moa-id-proxy-1.4.7.zip) in
-   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_PROXY_INST 
-   bezeichnet.    
-
-3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
-   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
-   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
-   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
-   auch das komplette Verzeichnis moa-id-auth.
-   Für MOA ID Proxy:
-   Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Proxy
-   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
-   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
-   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-proxy.war als 
-   auch das komplette Verzeichnis moa-id-proxy.
-
-4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
-   CATALINA_HOME_ID/webapps.
-   Für MOA ID Proxy:
-   Kopieren Sie die Datei MOA_ID_PROXY_INST/moa-id-proxy.war nach
-   CATALINA_HOME_ID/webapps.
-   
- 5. Kopieren Sie die zwei Dateien aus dem Verzeichnis  
-   MOA_ID_AUTH_INST/conf/moa-id/transforms in das Verzeichnis transforms Ihres
-   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
-   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
-   davon ausgegangen).
-   Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
-      * Im Element MOA-IDConfiguration/AuthComponent/SecurityLayer fügen sie eine 
-        der folgende Zeilen	ein:
-      	<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
-		<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-      	je nachdem ob sie einen englischen oder deutschen Text zur Anzeige beim
-      	Bürger wünschen.
-      	Alle weiteren TransformsInfo Elemente löschen Sie bitte.
-      * Im Element AuthComponent/MOA-SP/VerifyAuthBlock fügend Sie folgende Zeilen
-        ein:
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-		<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
-      
-6. Kopieren Sie die zwei Dateien aus dem Verzeichnis 
-   MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
-   Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet
-   dieses Stammverzeichnis CATALINA_HOME_SPSS/conf/moa-spss, wobei 
-   CATALINA_HOME_SPSS für das Basisverzeichnis der Tomcat-Installation 
-   für MOA SPSS steht; wenn Sie MOA SPSS nicht als eigenes Webservice 
-   betreiben, sondern es von MOA ID über die API-Schnittstelle angesprochen
-   wird, lautet dieses Stammverzeichnis für gewöhnlich
-   CATALINA_HOME_ID/conf/moa-spss.
-   Weiters editieren Sie ihre MOA SPSS Konfiguration wie folgt:
-      * Im Element MOAConfiguration/SignatureVerification fügen sie eine der folgende Zeilen 
-      	ein:
-      	<cfg:VerifyTransformsInfoProfile>
-			<cfg:Id>MOAIDTransformAuthBlockTable_DE</cfg:Id>
-			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE.xml</cfg:Location>
-		</cfg:VerifyTransformsInfoProfile>
-		<cfg:VerifyTransformsInfoProfile>
-			<cfg:Id>MOAIDTransformAuthBlockTable_EN</cfg:Id>
-			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_EN.xml</cfg:Location>
-		</cfg:VerifyTransformsInfoProfile>
-   
-7. Kopieren Sie die drei Dateien aus dem Verzeichnis  
-   MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs in das Verzeichnis certs/ca-certs Ihres
-   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
-   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
-   davon ausgegangen).
-   Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
-   	 * Im Element MOA-IDConfiguration/AuthComponent fügend Sie als letztes Kind-Element 
-   	   folgende Zeilen ein:   	 
-   	 <ForeignIdentities>
-	   <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
-         <ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
-	   </ConnectionParameter>
-     </ForeignIdentities>
-       
-       Anmerkung: Im ClientKeyStore Element geben Sie den Client Keystore für den Zugriff auf das 
-       Stammzahlenregister-Gateway an. Voraussetzung ist ein A-Trust Zertifikat mit 
-       Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie 
-       dieses hier angeben. 
-
-8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
-   Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
-
-...............................................................................
-B.1 Durchführung eines Updates von Version 1.4.3 oder 1.4.4 
-...............................................................................
-
-1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
-   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
-
-2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.5.zip) in
-   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
-   bezeichnet.   
-   Für MOA ID Proxy:
-   Entpacken Sie die Distribution von MOA ID Proxy (moa-id-proxy-1.4.5.zip) in
-   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_PROXY_INST 
-   bezeichnet.
-
-3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
-   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
-   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
-   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
-   auch das komplette Verzeichnis moa-id-auth.
-   Für MOA ID Proxy:
-   Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Proxy
-   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
-   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
-   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-proxy.war als 
-   auch das komplette Verzeichnis moa-id-proxy.
-
-4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
-   CATALINA_HOME_ID/webapps.
-   Für MOA ID Proxy:
-   Kopieren Sie die Datei MOA_ID_PROXY_INST/moa-id-proxy.war nach
-   CATALINA_HOME_ID/webapps.
-      
-5. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
-   JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach.
-
-6. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\ext in das 
-   Verzeichnis JAVA_HOME\jre\lib\ext.
-
-7. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
-   Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
-    
-...............................................................................
-B.2 Durchführung eines Updates von Version 1.4.1 oder 1.4.2 (incl. beta 1)
-...............................................................................
-
-1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
-   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
-
-2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.5.zip) in
-   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
-   bezeichnet.   
-
-3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
-   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
-   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
-   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
-   auch das komplette Verzeichnis moa-id-auth.
-
-4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
-   CATALINA_HOME_ID/webapps.
-
-5. Kopieren Sie die vier Dateien aus dem Verzeichnis  
-   MOA_ID_AUTH_INST/conf/moa-id/transforms in das Verzeichnis transforms Ihres
-   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
-   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
-   davon ausgegangen).
-
-6. Kopieren Sie die vier Dateien aus dem Verzeichnis 
-   MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
-   Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet
-   dieses Stammverzeichnis CATALINA_HOME_SPSS/conf/moa-spss, wobei 
-   CATALINA_HOME_SPSS für das Basisverzeichnis der Tomcat-Installation 
-   für MOA SPSS steht; wenn Sie MOA SPSS nicht als eigenes Webservice 
-   betreiben, sondern es von MOA ID über die API-Schnittstelle angesprochen
-   wird, lautet dieses Stammverzeichnis für gewöhnlich
-   CATALINA_HOME_ID/conf/moa-spss.
-
-7. Sichern Sie ihre MOA-ID Konfigurationsdatei. Kopieren Sie die 
-   Beispielkonfigurationsdateien aus dem Verzeichnis
-   MOA_ID_AUTH_INST/conf/moa-id/SampleMOA*.xml nach 
-   CATALINA_HOME_ID/conf/moa-id. 
-   Verwenden Sie in Ihrer Installation bereits die Vollmachtenprüfung, so 
-   verschieben Sie bitte in der MOA-ID Installationsdatei das Element 
-   <CompatibilityMode> innerhalb des Konfigurationsteiles für die berufliche 
-   Parteienvertreung (ParepSpecificParameters) unter das Element 
-   ApplicationSpecificParameters.
-
-8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
-   Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
-
-...............................................................................
-B.3 Durchführung eines Updates von Version 1.3.1, 1.3.2 oder 1.3.3
-...............................................................................
-
-1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
-   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
-   
-2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.5.zip) in
-   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
-   bezeichnet.
-
-3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
-   JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach.
-
-4. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\ext in das 
-   Verzeichnis JAVA_HOME\jre\lib\ext.
-
-5. Erstellen Sie eine Sicherungskopie aller Dateien im Verzeichnis 
-   CATALINA_HOME\common\endorsed und löschen Sie die dort eventuell vorhandene 
-   Dateien xmlParserAPIs.jar
-
-6. Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\endorsed
-   in das Verzeichnis CATALINA_HOME\common\endorsed. Überschreiben Sie dabei
-   etwaige gleichnamige Dateien.
-
-7. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
-   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
-   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
-   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
-   auch das komplette Verzeichnis moa-id-auth.
-
-8. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
-   CATALINA_HOME_ID/webapps.
-
-9. Kopieren Sie die vier Dateien aus dem Verzeichnis  
-   MOA_ID_AUTH_INST/conf/moa-id/transforms in das Verzeichnis transforms Ihres
-   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
-   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
-   davon ausgegangen).
-
-10.Kopieren Sie die vier Dateien aus dem Verzeichnis 
-   MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
-   Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet
-   dieses Stammverzeichnis CATALINA_HOME_SPSS/conf/moa-spss, wobei 
-   CATALINA_HOME_SPSS für das Basisverzeichnis der Tomcat-Installation 
-   für MOA SPSS steht; wenn Sie MOA SPSS nicht als eigenes Webservice 
-   betreiben, sondern es von MOA ID über dmie API-Schnittstelle angesprochen
-   wird, lautet dieses Stammverzeichnis für gewöhnlich
-   CATALINA_HOME_ID/conf/moa-spss; in weiterer Folge wird von letzterer 
-   Variante ausgegangen).   
-
-11.Update des Cert-Stores.
-   Kopieren Sie den Inhalt des Verzeichnisses
-   MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
-   CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie 
-   vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann 
-   bejahen sie das.
-
-12.Sollen zusätzliche Templates für ältere Bürgerkartenumgebungen aktiviert
-   werden, öffnen Sie die XML-Konfiguration von MOA ID (für gewöhnlich finden 
-   Sie diese XML-Datei direkt im Stammverzeichnis für die MOA ID Konfiguration, 
-   z.B. CATALINA_HOME_ID/conf/moa-id/SampleMOAIDConfiguration.xml); führen Sie 
-   folgende Modifikationen an der XML-Konfiguration durch:
-   
-   a. Ändern Sie die applikationsübergreifende Konfiguration der AuthBlock
-      Transformationen. Sie finden diese Konfiguration im XML-Element
-      /MOA-IDConfiguration/AuthComponent/SecurityLayer. Fügen Sie zusätzlich zum
-      bisherigen Inhalt dieses Elements (für gewöhnlich ein Element
-      TransformsInfo, dessen Attribut filname den Wert
-      transforms/TransformsInfoAuthBlockText.xml aufweist) ein Element 
-      TransformsInfo an, dessen Attribut filename auf die Datei für ältere BKU 
-      zeigt. Sie können auch auf die vordefinierten Elemente aus den 
-      Musterkonfigurationen dieser Distribution (
-      MOA_ID_AUTH_INST/conf/moa-id/SampleMOAIDConfiguration.xml) zurückgreifen.
-
-   b. Fügen Sie Profilbezeichner für die Transformationsprofile in der
-      Konfiguration für MOA SP an. Sie finden diesen Bezeichner im XML-
-      Element /MOA-IDConfiguration/AuthComponent/MOA-SP/VerifyAuthBlock.
-      Hängen Sie ein Element VerifyTransformsInfoProfileID an, das für die Über-
-      prüfung der Transformation älterer BKU vorgesehen ist.
-      Siehe auch Inhalt des Elements VerifyAuthBlock aus der Musterkonfiguration 
-      dieser Distribution (
-      MOA_ID_AUTH_INST/conf/moa-id/SampleMOAIDConfiguration.xml).
-
-   c. Ändern Sie gegebenenfalls die applikationsspezifische Konfiguration
-      der Authblock-Tranformationen. Führen Sie dazu die folgende Tätigkeit
-      für jedes XML-Element /MOA-IDConfiguration/OnlineApplicaton/AuthComponent
-      durch: Fügen Sie zusätzlich zu einem bestehenden Element TransformsInfo 
-      ein Elemnet TransformsInfo an, das die Transformation für ältere BKU 
-      enthält - gleich wie dies bereits in Schritt a. durchgeführt wurde (wenn 
-      Sie dieses Element nicht vorfinden, oder es auskommentiert ist, muss 
-      Schritt c. nicht durchgeführt werden).
-
-   Öffnen Sie die XML-Konfiguration von MOA SPSS (für gewöhnlich finden Sie 
-   XML-Datei direkt im Stammverzeichnisses für die MOA SPSS Konfiguration, z.B.
-   CATALINA_HOME_ID/conf/moa-spss/SampleMOASPSSConfiguration.xml); führen Sie 
-   folgende Modifikationen an der XML-Konfiguration durch:
-
-   a. Ändern Sie die konfigurierten Profile für die zulässigen Transformationen
-      über die signierten Daten. Sie finden diese Profile am Ende der XML-Konfi-
-      guration von MOA SPSS (Elemente des Namens 
-      cfg:VerifyTransformsInfoProfile). Fügen Sie zusätzlich zu den vorkommenden 
-      Elementen dieses Namens (für gewöhnlich zwei Elemente) zwei weitere 
-      Elemente dieses Namens hinzu, die die Profile für die älteren Bürger-
-      kartenumgebungen aufnehmen - diese sind durch den Namensteil "_deprecated" 
-      gekennzeichnet (siehe auch Musterkonfigurationen dieser Distribution 
-      MOA_ID_AUTH_INST/conf/moa-spss/SampleMOASPSSConfiguration.xml).
-
-13.Update der Trust-Profile. Achten sie bei Case-sensitiven Betriebssystemen auf 
-   die Profilbezeichnungen. Aus trustprofiles wurde trustProfiles.  
-   Wenn Sie Ihre alten Trust-Profile durch die neuen ersetzen wollen, dann gehen  
-   Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile beibehalten 
-   wollen, dann gehen Sie vor, wie in Punkt b).
-
-   a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
-
-    1)  Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
-    2)  Kopieren Sie das Verzeichnis 
-        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis 
-        CATALINA_HOME\conf\moa-spss.
-
-   b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie folgt
-      vor, um die Profile auf den aktuellen Stand zu bringen:
-
-    1)  Benennen Sie ein eventuell vorhandenes Verzeichnis trustprofiles in
-        trustProfiles um (vergessen Sie nicht, diese Änderung in Ihrer MOA-SP/SS
-        Konfigurationsdatei ebenfalls zu berücksichtigen und benennen Sie dort 
-        alle gleichartigen Vorkommen von trustprofiles in trustProfiles um)
-
-    2)  Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den 
-        entsprechenden Profilen im Verzeichnis 
-        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren 
-        Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt der 
-        einzelnen Profile aus der Distribution (
-        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden 
-        Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) 
-        kopieren und dabei die vorhandenen gleichnamigen Zertifikate 
-        überschreiben), also z.B: Kopieren des Inhalts von 
-        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
-        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach 
-        CATALINA_HOME\conf\moa-spss\trustProfiles\
-        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
-
-14.Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
-   Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
-
-...............................................................................
-B.4 Durchführung eines Updates von einer älteren Version
-...............................................................................
-
-Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen
-Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter 
-Zuhilfenahme Ihrer bisherigen Konfiguration an.
-
+===============================================================================
+MOA ID Version 1.4.7 - Wichtige Informationen zur Installation
+===============================================================================
+
+-------------------------------------------------------------------------------
+A. Neuerungen/Änderungen
+-------------------------------------------------------------------------------
+
+Mit MOA ID Version 1.4.7 wurden folgende Neuerungen eingeführt, die jetzt 
+erstmals in der Veröffentlichung enthalten sind (siehe auch history.txt im 
+gleichen Verzeichnis):
+
+- Anbindung an Stammzahlenregister-Gateway um ausländische Bürger zu integrieren (ERnP-Eintragung 
+  gemäß E-Government Gesetz §6(5))
+- Neuer AUTH-Block mit neuen Transformationen
+- Fixed Bug #485 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
+- Fixed Bug #540 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=540&group_id=6&atid=105)
+- IAIK Libraries aktualisiert:
+	iaik-moa:           Version 1.27
+
+-------------------------------------------------------------------------------
+B. Durchführung eines Updates
+-------------------------------------------------------------------------------
+
+Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch
+eine Aktualisierung bestehender Installationen möglich.
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 1.4.5 oder 1.4.6
+...............................................................................
+
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.7.zip) in
+   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
+   bezeichnet.
+   Für MOA ID Proxy:
+   Entpacken Sie die Distribution von MOA ID Proxy (moa-id-proxy-1.4.7.zip) in
+   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_PROXY_INST 
+   bezeichnet.    
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
+   auch das komplette Verzeichnis moa-id-auth.
+   Für MOA ID Proxy:
+   Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Proxy
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-proxy.war als 
+   auch das komplette Verzeichnis moa-id-proxy.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+   CATALINA_HOME_ID/webapps.
+   Für MOA ID Proxy:
+   Kopieren Sie die Datei MOA_ID_PROXY_INST/moa-id-proxy.war nach
+   CATALINA_HOME_ID/webapps.
+   
+5. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+   JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach.
+
+6. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\ext in das 
+   Verzeichnis JAVA_HOME\jre\lib\ext.
+   
+7. Kopieren Sie die zwei Dateien aus dem Verzeichnis  
+   MOA_ID_AUTH_INST/conf/moa-id/transforms in das Verzeichnis transforms Ihres
+   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
+   davon ausgegangen).
+   Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
+      * Im Element MOA-IDConfiguration/AuthComponent/SecurityLayer fügen sie eine 
+        der folgende Zeilen	ein:
+      	<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+		<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+      	je nachdem ob sie einen englischen oder deutschen Text zur Anzeige beim
+      	Bürger wünschen.
+      	Alle weiteren TransformsInfo Elemente löschen Sie bitte.
+      * Im Element AuthComponent/MOA-SP/VerifyAuthBlock fügend Sie folgende Zeilen
+        ein:
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+		<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+      
+8. Kopieren Sie die zwei Dateien aus dem Verzeichnis 
+   MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
+   Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_SPSS/conf/moa-spss, wobei 
+   CATALINA_HOME_SPSS für das Basisverzeichnis der Tomcat-Installation 
+   für MOA SPSS steht; wenn Sie MOA SPSS nicht als eigenes Webservice 
+   betreiben, sondern es von MOA ID über die API-Schnittstelle angesprochen
+   wird, lautet dieses Stammverzeichnis für gewöhnlich
+   CATALINA_HOME_ID/conf/moa-spss.
+   Weiters editieren Sie ihre MOA SPSS Konfiguration wie folgt:
+      * Im Element MOAConfiguration/SignatureVerification fügen Sie folgende Zeilen 
+      	ein:
+      	<cfg:VerifyTransformsInfoProfile>
+			<cfg:Id>MOAIDTransformAuthBlockTable_DE</cfg:Id>
+			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE.xml</cfg:Location>
+		</cfg:VerifyTransformsInfoProfile>
+		<cfg:VerifyTransformsInfoProfile>
+			<cfg:Id>MOAIDTransformAuthBlockTable_EN</cfg:Id>
+			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_EN.xml</cfg:Location>
+		</cfg:VerifyTransformsInfoProfile>
+   
+9. Kopieren Sie die drei Dateien aus dem Verzeichnis  
+   MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs in das Verzeichnis certs/ca-certs Ihres
+   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
+   davon ausgegangen).
+   Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
+   	 * Im Element MOA-IDConfiguration/AuthComponent fügend Sie als letztes Kind-Element 
+   	   folgende Zeilen ein:   	 
+   	 <ForeignIdentities>
+	   <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+         <ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+	   </ConnectionParameter>
+     </ForeignIdentities>
+       
+       Anmerkung: Im ClientKeyStore Element geben Sie den Client Keystore für den Zugriff auf das 
+       Stammzahlenregister-Gateway an. Voraussetzung ist ein A-Trust Zertifikat mit 
+       Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie 
+       dieses hier angeben. 
+
+10. Update des Cert-Stores.
+   Kopieren Sie den Inhalt des Verzeichnisses
+   MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+   CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie 
+   vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann 
+   bejahen sie das.
+
+11. Update der Trust-Profile. Achten sie bei Case-sensitiven Betriebssystemen auf 
+   die Profilbezeichnungen. Aus trustprofiles wurde trustProfiles.  
+   Wenn Sie Ihre alten Trust-Profile durch die neuen ersetzen wollen, dann gehen  
+   Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile beibehalten 
+   wollen, dann gehen Sie vor, wie in Punkt b).
+
+   a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+    1)  Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+    2)  Kopieren Sie das Verzeichnis 
+        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis 
+        CATALINA_HOME\conf\moa-spss.
+
+   b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie folgt
+      vor, um die Profile auf den aktuellen Stand zu bringen:
+
+    1)  Benennen Sie ein eventuell vorhandenes Verzeichnis trustprofiles in
+        trustProfiles um (vergessen Sie nicht, diese Änderung in Ihrer MOA-SP/SS
+        Konfigurationsdatei ebenfalls zu berücksichtigen und benennen Sie dort 
+        alle gleichartigen Vorkommen von trustprofiles in trustProfiles um)
+
+    2)  Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den 
+        entsprechenden Profilen im Verzeichnis 
+        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren 
+        Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt der 
+        einzelnen Profile aus der Distribution (
+        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden 
+        Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) 
+        kopieren und dabei die vorhandenen gleichnamigen Zertifikate 
+        überschreiben), also z.B: Kopieren des Inhalts von 
+        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach 
+        CATALINA_HOME\conf\moa-spss\trustProfiles\
+        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+
+12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+   Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 1.4.3 oder 1.4.4 
+...............................................................................
+
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.7.zip) in
+   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
+   bezeichnet.   
+   Für MOA ID Proxy:
+   Entpacken Sie die Distribution von MOA ID Proxy (moa-id-proxy-1.4.7.zip) in
+   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_PROXY_INST 
+   bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
+   auch das komplette Verzeichnis moa-id-auth.
+   Für MOA ID Proxy:
+   Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Proxy
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-proxy.war als 
+   auch das komplette Verzeichnis moa-id-proxy.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+   CATALINA_HOME_ID/webapps.
+   Für MOA ID Proxy:
+   Kopieren Sie die Datei MOA_ID_PROXY_INST/moa-id-proxy.war nach
+   CATALINA_HOME_ID/webapps.
+      
+5. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+   JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach.
+
+6. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\ext in das 
+   Verzeichnis JAVA_HOME\jre\lib\ext.
+
+7. Kopieren Sie die zwei Dateien aus dem Verzeichnis  
+   MOA_ID_AUTH_INST/conf/moa-id/transforms in das Verzeichnis transforms Ihres
+   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
+   davon ausgegangen).
+   Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
+      * Im Element MOA-IDConfiguration/AuthComponent/SecurityLayer fügen sie eine 
+        der folgende Zeilen	ein:
+      	<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+		<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+      	je nachdem ob sie einen englischen oder deutschen Text zur Anzeige beim
+      	Bürger wünschen.
+      	Alle weiteren TransformsInfo Elemente löschen Sie bitte.
+      * Im Element AuthComponent/MOA-SP/VerifyAuthBlock fügend Sie folgende Zeilen
+        ein:
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+		<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+      
+8. Kopieren Sie die zwei Dateien aus dem Verzeichnis 
+   MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
+   Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_SPSS/conf/moa-spss, wobei 
+   CATALINA_HOME_SPSS für das Basisverzeichnis der Tomcat-Installation 
+   für MOA SPSS steht; wenn Sie MOA SPSS nicht als eigenes Webservice 
+   betreiben, sondern es von MOA ID über die API-Schnittstelle angesprochen
+   wird, lautet dieses Stammverzeichnis für gewöhnlich
+   CATALINA_HOME_ID/conf/moa-spss.
+   Weiters editieren Sie ihre MOA SPSS Konfiguration wie folgt:
+      * Im Element MOAConfiguration/SignatureVerification fügen Sie folgende Zeilen 
+      	ein:
+      	<cfg:VerifyTransformsInfoProfile>
+			<cfg:Id>MOAIDTransformAuthBlockTable_DE</cfg:Id>
+			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE.xml</cfg:Location>
+		</cfg:VerifyTransformsInfoProfile>
+		<cfg:VerifyTransformsInfoProfile>
+			<cfg:Id>MOAIDTransformAuthBlockTable_EN</cfg:Id>
+			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_EN.xml</cfg:Location>
+		</cfg:VerifyTransformsInfoProfile>
+   
+9. Kopieren Sie die drei Dateien aus dem Verzeichnis  
+   MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs in das Verzeichnis certs/ca-certs Ihres
+   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
+   davon ausgegangen).
+   Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
+   	 * Im Element MOA-IDConfiguration/AuthComponent fügend Sie als letztes Kind-Element 
+   	   folgende Zeilen ein:   	 
+   	 <ForeignIdentities>
+	   <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+         <ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+	   </ConnectionParameter>
+     </ForeignIdentities>
+       
+       Anmerkung: Im ClientKeyStore Element geben Sie den Client Keystore für den Zugriff auf das 
+       Stammzahlenregister-Gateway an. Voraussetzung ist ein A-Trust Zertifikat mit 
+       Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie 
+       dieses hier angeben. 
+
+
+10. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+   Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
+    
+...............................................................................
+B.2 Durchführung eines Updates von Version 1.4.1 oder 1.4.2 (incl. beta 1)
+...............................................................................
+
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.7.zip) in
+   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
+   bezeichnet.   
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
+   auch das komplette Verzeichnis moa-id-auth.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+   CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die zwei Dateien aus dem Verzeichnis  
+   MOA_ID_AUTH_INST/conf/moa-id/transforms in das Verzeichnis transforms Ihres
+   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
+   davon ausgegangen).
+   Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
+      * Im Element MOA-IDConfiguration/AuthComponent/SecurityLayer fügen sie eine 
+        der folgende Zeilen	ein:
+      	<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+		<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+      	je nachdem ob sie einen englischen oder deutschen Text zur Anzeige beim
+      	Bürger wünschen.
+      	Alle weiteren TransformsInfo Elemente löschen Sie bitte.
+      * Im Element AuthComponent/MOA-SP/VerifyAuthBlock fügend Sie folgende Zeilen
+        ein:
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+		<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+      
+6. Kopieren Sie die zwei Dateien aus dem Verzeichnis 
+   MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
+   Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_SPSS/conf/moa-spss, wobei 
+   CATALINA_HOME_SPSS für das Basisverzeichnis der Tomcat-Installation 
+   für MOA SPSS steht; wenn Sie MOA SPSS nicht als eigenes Webservice 
+   betreiben, sondern es von MOA ID über die API-Schnittstelle angesprochen
+   wird, lautet dieses Stammverzeichnis für gewöhnlich
+   CATALINA_HOME_ID/conf/moa-spss.
+   Weiters editieren Sie ihre MOA SPSS Konfiguration wie folgt:
+      * Im Element MOAConfiguration/SignatureVerification fügen Sie folgende Zeilen 
+      	ein:
+      	<cfg:VerifyTransformsInfoProfile>
+			<cfg:Id>MOAIDTransformAuthBlockTable_DE</cfg:Id>
+			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE.xml</cfg:Location>
+		</cfg:VerifyTransformsInfoProfile>
+		<cfg:VerifyTransformsInfoProfile>
+			<cfg:Id>MOAIDTransformAuthBlockTable_EN</cfg:Id>
+			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_EN.xml</cfg:Location>
+		</cfg:VerifyTransformsInfoProfile>
+   
+7. Kopieren Sie die drei Dateien aus dem Verzeichnis  
+   MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs in das Verzeichnis certs/ca-certs Ihres
+   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
+   davon ausgegangen).
+   Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
+   	 * Im Element MOA-IDConfiguration/AuthComponent fügend Sie als letztes Kind-Element 
+   	   folgende Zeilen ein:   	 
+   	 <ForeignIdentities>
+	   <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+         <ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+	   </ConnectionParameter>
+     </ForeignIdentities>
+       
+       Anmerkung: Im ClientKeyStore Element geben Sie den Client Keystore für den Zugriff auf das 
+       Stammzahlenregister-Gateway an. Voraussetzung ist ein A-Trust Zertifikat mit 
+       Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie 
+       dieses hier angeben. 
+
+
+
+8. Sichern Sie ihre MOA-ID Konfigurationsdatei. Kopieren Sie die 
+   Beispielkonfigurationsdateien aus dem Verzeichnis
+   MOA_ID_AUTH_INST/conf/moa-id/SampleMOA*.xml nach 
+   CATALINA_HOME_ID/conf/moa-id. 
+   Verwenden Sie in Ihrer Installation bereits die Vollmachtenprüfung, so 
+   verschieben Sie bitte in der MOA-ID Installationsdatei das Element 
+   <CompatibilityMode> innerhalb des Konfigurationsteiles für die berufliche 
+   Parteienvertreung (ParepSpecificParameters) unter das Element 
+   ApplicationSpecificParameters.
+
+9. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+   Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
+
+...............................................................................
+B.3 Durchführung eines Updates von Version 1.3.1, 1.3.2 oder 1.3.3
+...............................................................................
+
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+   
+2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.7.zip) in
+   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
+   bezeichnet.
+
+3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+   JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach.
+
+4. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\ext in das 
+   Verzeichnis JAVA_HOME\jre\lib\ext.
+
+5. Erstellen Sie eine Sicherungskopie aller Dateien im Verzeichnis 
+   CATALINA_HOME\common\endorsed und löschen Sie die dort eventuell vorhandene 
+   Dateien xmlParserAPIs.jar
+
+6. Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\endorsed
+   in das Verzeichnis CATALINA_HOME\common\endorsed. Überschreiben Sie dabei
+   etwaige gleichnamige Dateien.
+
+7. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
+   auch das komplette Verzeichnis moa-id-auth.
+
+8. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+   CATALINA_HOME_ID/webapps.
+
+9. Kopieren Sie die zwei Dateien aus dem Verzeichnis  
+   MOA_ID_AUTH_INST/conf/moa-id/transforms in das Verzeichnis transforms Ihres
+   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
+   davon ausgegangen).
+   Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
+      * Im Element MOA-IDConfiguration/AuthComponent/SecurityLayer fügen sie eine 
+        der folgende Zeilen	ein:
+      	<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+		<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+      	je nachdem ob sie einen englischen oder deutschen Text zur Anzeige beim
+      	Bürger wünschen.
+      	Alle weiteren TransformsInfo Elemente löschen Sie bitte.
+      * Im Element AuthComponent/MOA-SP/VerifyAuthBlock fügend Sie folgende Zeilen
+        ein:
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+		<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+      
+10. Kopieren Sie die zwei Dateien aus dem Verzeichnis 
+   MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
+   Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_SPSS/conf/moa-spss, wobei 
+   CATALINA_HOME_SPSS für das Basisverzeichnis der Tomcat-Installation 
+   für MOA SPSS steht; wenn Sie MOA SPSS nicht als eigenes Webservice 
+   betreiben, sondern es von MOA ID über die API-Schnittstelle angesprochen
+   wird, lautet dieses Stammverzeichnis für gewöhnlich
+   CATALINA_HOME_ID/conf/moa-spss.
+   Weiters editieren Sie ihre MOA SPSS Konfiguration wie folgt:
+      * Im Element MOAConfiguration/SignatureVerification fügen Sie folgende Zeilen 
+      	ein:
+      	<cfg:VerifyTransformsInfoProfile>
+			<cfg:Id>MOAIDTransformAuthBlockTable_DE</cfg:Id>
+			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE.xml</cfg:Location>
+		</cfg:VerifyTransformsInfoProfile>
+		<cfg:VerifyTransformsInfoProfile>
+			<cfg:Id>MOAIDTransformAuthBlockTable_EN</cfg:Id>
+			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_EN.xml</cfg:Location>
+		</cfg:VerifyTransformsInfoProfile>
+   
+11. Kopieren Sie die drei Dateien aus dem Verzeichnis  
+   MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs in das Verzeichnis certs/ca-certs Ihres
+   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
+   davon ausgegangen).
+   Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
+   	 * Im Element MOA-IDConfiguration/AuthComponent fügend Sie als letztes Kind-Element 
+   	   folgende Zeilen ein:   	 
+   	 <ForeignIdentities>
+	   <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+         <ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+	   </ConnectionParameter>
+     </ForeignIdentities>
+       
+       Anmerkung: Im ClientKeyStore Element geben Sie den Client Keystore für den Zugriff auf das 
+       Stammzahlenregister-Gateway an. Voraussetzung ist ein A-Trust Zertifikat mit 
+       Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie 
+       dieses hier angeben. 
+
+
+12.Update des Cert-Stores.
+   Kopieren Sie den Inhalt des Verzeichnisses
+   MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+   CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie 
+   vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann 
+   bejahen sie das.
+
+13.Sollen zusätzliche Templates für ältere Bürgerkartenumgebungen aktiviert
+   werden, öffnen Sie die XML-Konfiguration von MOA ID (für gewöhnlich finden 
+   Sie diese XML-Datei direkt im Stammverzeichnis für die MOA ID Konfiguration, 
+   z.B. CATALINA_HOME_ID/conf/moa-id/SampleMOAIDConfiguration.xml); führen Sie 
+   folgende Modifikationen an der XML-Konfiguration durch:
+   
+   a. Ändern Sie die applikationsübergreifende Konfiguration der AuthBlock
+      Transformationen. Sie finden diese Konfiguration im XML-Element
+      /MOA-IDConfiguration/AuthComponent/SecurityLayer. Fügen Sie zusätzlich zum
+      bisherigen Inhalt dieses Elements (für gewöhnlich ein Element
+      TransformsInfo, dessen Attribut filname den Wert
+      transforms/TransformsInfoAuthBlockText.xml aufweist) ein Element 
+      TransformsInfo an, dessen Attribut filename auf die Datei für ältere BKU 
+      zeigt. Sie können auch auf die vordefinierten Elemente aus den 
+      Musterkonfigurationen dieser Distribution (
+      MOA_ID_AUTH_INST/conf/moa-id/SampleMOAIDConfiguration.xml) zurückgreifen.
+
+   b. Fügen Sie Profilbezeichner für die Transformationsprofile in der
+      Konfiguration für MOA SP an. Sie finden diesen Bezeichner im XML-
+      Element /MOA-IDConfiguration/AuthComponent/MOA-SP/VerifyAuthBlock.
+      Hängen Sie ein Element VerifyTransformsInfoProfileID an, das für die Über-
+      prüfung der Transformation älterer BKU vorgesehen ist.
+      Siehe auch Inhalt des Elements VerifyAuthBlock aus der Musterkonfiguration 
+      dieser Distribution (
+      MOA_ID_AUTH_INST/conf/moa-id/SampleMOAIDConfiguration.xml).
+
+   c. Ändern Sie gegebenenfalls die applikationsspezifische Konfiguration
+      der Authblock-Tranformationen. Führen Sie dazu die folgende Tätigkeit
+      für jedes XML-Element /MOA-IDConfiguration/OnlineApplicaton/AuthComponent
+      durch: Fügen Sie zusätzlich zu einem bestehenden Element TransformsInfo 
+      ein Elemnet TransformsInfo an, das die Transformation für ältere BKU 
+      enthält - gleich wie dies bereits in Schritt a. durchgeführt wurde (wenn 
+      Sie dieses Element nicht vorfinden, oder es auskommentiert ist, muss 
+      Schritt c. nicht durchgeführt werden).
+
+   Öffnen Sie die XML-Konfiguration von MOA SPSS (für gewöhnlich finden Sie 
+   XML-Datei direkt im Stammverzeichnisses für die MOA SPSS Konfiguration, z.B.
+   CATALINA_HOME_ID/conf/moa-spss/SampleMOASPSSConfiguration.xml); führen Sie 
+   folgende Modifikationen an der XML-Konfiguration durch:
+
+   a. Ändern Sie die konfigurierten Profile für die zulässigen Transformationen
+      über die signierten Daten. Sie finden diese Profile am Ende der XML-Konfi-
+      guration von MOA SPSS (Elemente des Namens 
+      cfg:VerifyTransformsInfoProfile). Fügen Sie zusätzlich zu den vorkommenden 
+      Elementen dieses Namens (für gewöhnlich zwei Elemente) zwei weitere 
+      Elemente dieses Namens hinzu, die die Profile für die älteren Bürger-
+      kartenumgebungen aufnehmen - diese sind durch den Namensteil "_deprecated" 
+      gekennzeichnet (siehe auch Musterkonfigurationen dieser Distribution 
+      MOA_ID_AUTH_INST/conf/moa-spss/SampleMOASPSSConfiguration.xml).
+
+14.Update der Trust-Profile. Achten sie bei Case-sensitiven Betriebssystemen auf 
+   die Profilbezeichnungen. Aus trustprofiles wurde trustProfiles.  
+   Wenn Sie Ihre alten Trust-Profile durch die neuen ersetzen wollen, dann gehen  
+   Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile beibehalten 
+   wollen, dann gehen Sie vor, wie in Punkt b).
+
+   a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+    1)  Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+    2)  Kopieren Sie das Verzeichnis 
+        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis 
+        CATALINA_HOME\conf\moa-spss.
+
+   b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie folgt
+      vor, um die Profile auf den aktuellen Stand zu bringen:
+
+    1)  Benennen Sie ein eventuell vorhandenes Verzeichnis trustprofiles in
+        trustProfiles um (vergessen Sie nicht, diese Änderung in Ihrer MOA-SP/SS
+        Konfigurationsdatei ebenfalls zu berücksichtigen und benennen Sie dort 
+        alle gleichartigen Vorkommen von trustprofiles in trustProfiles um)
+
+    2)  Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den 
+        entsprechenden Profilen im Verzeichnis 
+        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren 
+        Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt der 
+        einzelnen Profile aus der Distribution (
+        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden 
+        Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) 
+        kopieren und dabei die vorhandenen gleichnamigen Zertifikate 
+        überschreiben), also z.B: Kopieren des Inhalts von 
+        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach 
+        CATALINA_HOME\conf\moa-spss\trustProfiles\
+        MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+15.Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+   Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
+
+...............................................................................
+B.4 Durchführung eines Updates von einer älteren Version
+...............................................................................
+
+Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen
+Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter 
+Zuhilfenahme Ihrer bisherigen Konfiguration an.
+
diff --git a/id/server/auth/src/main/webapp/css/index.css b/id/server/auth/src/main/webapp/css/index.css
index 8abeb7a5f..3dea4d7ff 100644
--- a/id/server/auth/src/main/webapp/css/index.css
+++ b/id/server/auth/src/main/webapp/css/index.css
@@ -204,12 +204,12 @@ p {
 
 /* [OPTIONAL] Geben Sie hier die Farbe fuer den hellen Hintergrund an */
 .hell {
-	background-color : #FFBBCB;
+	background-color : #DDDDDD;	
 }
 
 /* [OPTIONAL] Geben Sie hier die Farbe fuer den dunklen Hintergrund an */
 .dunkel {
-	background-color: #993366;
+	background-color: #A02D2D;
 }
 
 /* [OPTIONAL] Geben Sie hier die Farbe fuer Links an */
diff --git a/id/server/auth/src/main/webapp/template_handyBKU.html b/id/server/auth/src/main/webapp/template_handyBKU.html
index a89377153..4ae6c2231 100644
--- a/id/server/auth/src/main/webapp/template_handyBKU.html
+++ b/id/server/auth/src/main/webapp/template_handyBKU.html
@@ -22,7 +22,7 @@
 			<input type="hidden" name="appletHeight" value="149">
 			
 			<!-- [OPTIONAL] Aendern Sie hier die Hintergrundfarbe der Handy-BKU -->
-			<input type="hidden" name="backgroundColor" value="#FFBBCB "> 
+			<input type="hidden" name="backgroundColor" value="#DDDDDD"> 
             
 			<input type="hidden" name="redirecttarget" value="_parent">
 		</form>
diff --git a/id/server/auth/src/main/webapp/template_onlineBKU.html b/id/server/auth/src/main/webapp/template_onlineBKU.html
index f4dda9830..28207e9e2 100644
--- a/id/server/auth/src/main/webapp/template_onlineBKU.html
+++ b/id/server/auth/src/main/webapp/template_onlineBKU.html
@@ -22,7 +22,7 @@
 			<input type="hidden" name="appletHeight" value="130">
 			
 			<!-- [OPTIONAL] Aendern Sie hier die Hintergrundfarbe der Online-BKU -->
-	      <input type="hidden" name="appletBackgroundColor" value="#FFBBCB">
+	      <input type="hidden" name="appletBackgroundColor" value="#DDDDDD">
 		</form>
 		
 		<form name="CustomizedInfoForm" action="<BKU>" method="post">
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
deleted file mode 100644
index 240126693..000000000
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
+++ /dev/null
@@ -1,161 +0,0 @@
-<sl10:TransformsInfo>
-	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
-				<xsl:output method="xml" xml:space="default"/>
-				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
-					<html>
-						<head>
-							<title>Signatur der Anmeldedaten</title>
-							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
-							.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: x-small; } 
-							.h4style{ font-family: Verdana; }
-              table.parameters { font-size: x-small; }                                                                        
-              </style>
-						</head>
-						<body>																					
-							<h4 class="h4style">Anmeldedaten:</h4>																					
-							
-							<p class="titlestyle">Daten zur Person</p>																					
-							<table class="parameters">                		    						
-								<xsl:if test="normalize-space(//@Issuer)">
-			      						<tr>
-			      							<td class="italicstyle">Name:</td>
-			      							<td>
-			      								<xsl:value-of select="//@Issuer"/>
-			      							</td>
-			      						</tr>
-		      						</xsl:if>
-			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
-			      						<tr>
-			      							<td class="italicstyle">Geburtsdatum:</td>
-			      							<td>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
-			      							</td>
-			      						</tr>
-			      					</xsl:if>
-			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">Rolle:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
-			      						</tr>
-			      					</xsl:if>
-							</table>
-							
-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-								<hr/>								
-									<xsl:text>Ich bin weiters ermächtigt als </xsl:text> 
-									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-									<xsl:text> von </xsl:text>
-									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-										<xsl:text>, geboren am </xsl:text> 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-										<xsl:text>, </xsl:text>
-										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>
-									<xsl:text>, in deren Auftrag zu handeln.</xsl:text>																
-								<p/>
-							</xsl:if>
-														                
-              <p class="titlestyle">Daten zur Anwendung</p>     																												
-							<table class="parameters">							  
-                <tr>
-		      							<td class="italicstyle">Name:</td>
-		      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
-								</tr>								
-		    						<tr>
-		      							<td class="italicstyle">Staat:</td>
-		      							<td>Österreich</td>
-		    						</tr>        																
-							</table>													
-														
-							<p class="titlestyle">Technische Parameter</p>     	
-							<table class="parameters">														 
-								<tr>
-		    							<td class="italicstyle">URL:</td>
-		    							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
-								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
-			      						<tr>
-			      							<td class="italicstyle">Bereich:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
-			      						</tr>
-      								</xsl:if>
-      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
-			      						<tr>
-			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
-			      						</tr>
-      								</xsl:if>    
-		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifikator:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							</td>			      															
-			      						</tr>
-		    						</xsl:if>  
-		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifikator des Vollmachtgebers:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
-			      							</td>			      															
-			      						</tr>
-		    						</xsl:if>		    						
-                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">OID:</td>
-			      							<td>
-			      								<xsl:value-of
-			      									select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>			      								
-			      							</td>
-			      						</tr>
-			      					</xsl:if> 
-								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-			      						<tr>
-			      							<td class="italicstyle">HPI:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
-			      						</tr>
-								</xsl:if>     
-								<tr>
-		    							<td class="italicstyle">Datum:</td>
-		    							<td>
-		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
-		    							</td>
-		    						</tr>
-		    						<tr>
-		    							<td class="italicstyle">Uhrzeit:</td>
-		    							<td>
-		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
-		    							</td>
-    								</tr>
-							</table>																																			
-						</body>
-					</html>
-				</xsl:template>
-			</xsl:stylesheet>
-		</dsig:Transform>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
-	</dsig:Transforms>
-	<sl10:FinalDataMetaInfo>
-		<sl10:MimeType>application/xhtml+xml</sl10:MimeType>
-	</sl10:FinalDataMetaInfo>
-</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml.old b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml.old
new file mode 100644
index 000000000..240126693
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml.old
@@ -0,0 +1,161 @@
+<sl10:TransformsInfo>
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+				<xsl:output method="xml" xml:space="default"/>
+				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+					<html>
+						<head>
+							<title>Signatur der Anmeldedaten</title>
+							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
+							.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: x-small; } 
+							.h4style{ font-family: Verdana; }
+              table.parameters { font-size: x-small; }                                                                        
+              </style>
+						</head>
+						<body>																					
+							<h4 class="h4style">Anmeldedaten:</h4>																					
+							
+							<p class="titlestyle">Daten zur Person</p>																					
+							<table class="parameters">                		    						
+								<xsl:if test="normalize-space(//@Issuer)">
+			      						<tr>
+			      							<td class="italicstyle">Name:</td>
+			      							<td>
+			      								<xsl:value-of select="//@Issuer"/>
+			      							</td>
+			      						</tr>
+		      						</xsl:if>
+			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+			      						<tr>
+			      							<td class="italicstyle">Geburtsdatum:</td>
+			      							<td>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+			      							</td>
+			      						</tr>
+			      					</xsl:if>
+			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">Rolle:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
+			      						</tr>
+			      					</xsl:if>
+							</table>
+							
+							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+								<hr/>								
+									<xsl:text>Ich bin weiters ermächtigt als </xsl:text> 
+									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+									<xsl:text> von </xsl:text>
+									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+										<xsl:text>, geboren am </xsl:text> 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+										<xsl:text>, </xsl:text>
+										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+									</xsl:if>
+									<xsl:text>, in deren Auftrag zu handeln.</xsl:text>																
+								<p/>
+							</xsl:if>
+														                
+              <p class="titlestyle">Daten zur Anwendung</p>     																												
+							<table class="parameters">							  
+                <tr>
+		      							<td class="italicstyle">Name:</td>
+		      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
+								</tr>								
+		    						<tr>
+		      							<td class="italicstyle">Staat:</td>
+		      							<td>Österreich</td>
+		    						</tr>        																
+							</table>													
+														
+							<p class="titlestyle">Technische Parameter</p>     	
+							<table class="parameters">														 
+								<tr>
+		    							<td class="italicstyle">URL:</td>
+		    							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+			      						<tr>
+			      							<td class="italicstyle">Bereich:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
+			      						</tr>
+      								</xsl:if>
+      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+			      						<tr>
+			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
+			      						</tr>
+      								</xsl:if>    
+		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifikator:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							</td>			      															
+			      						</tr>
+		    						</xsl:if>  
+		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifikator des Vollmachtgebers:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+			      							</td>			      															
+			      						</tr>
+		    						</xsl:if>		    						
+                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">OID:</td>
+			      							<td>
+			      								<xsl:value-of
+			      									select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>			      								
+			      							</td>
+			      						</tr>
+			      					</xsl:if> 
+								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+			      						<tr>
+			      							<td class="italicstyle">HPI:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
+			      						</tr>
+								</xsl:if>     
+								<tr>
+		    							<td class="italicstyle">Datum:</td>
+		    							<td>
+		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+		    							</td>
+		    						</tr>
+		    						<tr>
+		    							<td class="italicstyle">Uhrzeit:</td>
+		    							<td>
+		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+		    							</td>
+    								</tr>
+							</table>																																			
+						</body>
+					</html>
+				</xsl:template>
+			</xsl:stylesheet>
+		</dsig:Transform>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+	</dsig:Transforms>
+	<sl10:FinalDataMetaInfo>
+		<sl10:MimeType>application/xhtml+xml</sl10:MimeType>
+	</sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
deleted file mode 100644
index 1f8085aa3..000000000
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
+++ /dev/null
@@ -1,161 +0,0 @@
-<sl10:TransformsInfo>
-	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
-				<xsl:output method="xml" xml:space="default"/>
-				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
-					<html>
-						<head>
-							<title>Signing the authentication data</title>
-							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
-							.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: x-small; } 
-							.h4style{ font-family: Verdana; }
-              table.parameters { font-size: x-small; }                                                                        
-              </style>
-						</head>
-						<body>																					
-							<h4 class="h4style">Authentication Data:</h4>																					
-							
-							<p class="titlestyle">Personal Data</p>																					
-							<table class="parameters">                		    						
-								<xsl:if test="normalize-space(//@Issuer)">
-			      						<tr>
-			      							<td class="italicstyle">Name:</td>
-			      							<td>
-			      								<xsl:value-of select="//@Issuer"/>
-			      							</td>
-			      						</tr>
-		      						</xsl:if>
-			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
-			      						<tr>
-			      							<td class="italicstyle">Date of Birth:</td>
-			      							<td>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
-			      							</td>
-			      						</tr>
-			      					</xsl:if>
-			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">Role:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
-			      						</tr>
-			      					</xsl:if>
-							</table>
-							
-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-								<hr/>								
-									<xsl:text>I am also authorized as </xsl:text> 
-									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-									<xsl:text> of </xsl:text>
-									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-										<xsl:text>, born on </xsl:text> 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-										<xsl:text>, </xsl:text>
-										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>
-									<xsl:text>, to act on their behalf.</xsl:text>																
-								<p/>
-							</xsl:if>
-														                
-              <p class="titlestyle">Application Data</p>     																												
-							<table class="parameters">							  
-                <tr>
-		      							<td class="italicstyle">Name:</td>
-		      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
-								</tr>								
-		    						<tr>
-		      							<td class="italicstyle">Country:</td>
-		      							<td>Austria</td>
-		    						</tr>        																
-							</table>													
-														
-							<p class="titlestyle">Technical Parameters</p>     	
-							<table class="parameters">														 
-								<tr>
-		    							<td class="italicstyle">URL:</td>
-		    							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
-								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
-			      						<tr>
-			      							<td class="italicstyle">Sector:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
-			      						</tr>
-      								</xsl:if>
-      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
-			      						<tr>
-			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
-			      						</tr>
-      								</xsl:if>    
-		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifier:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							</td>			      															
-			      						</tr>
-		    						</xsl:if>  
-		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifier of the principal:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
-			      							</td>			      															
-			      						</tr>
-		    						</xsl:if>		    						
-                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">OID:</td>
-			      							<td>
-			      								<xsl:value-of
-			      									select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>			      								
-			      							</td>
-			      						</tr>
-			      					</xsl:if> 
-								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-			      						<tr>
-			      							<td class="italicstyle">HPI:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
-			      						</tr>
-								</xsl:if>     
-								<tr>
-		    							<td class="italicstyle">Date:</td>
-		    							<td>
-		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
-		    							</td>
-		    						</tr>
-		    						<tr>
-		    							<td class="italicstyle">Time:</td>
-		    							<td>
-		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
-		    							</td>
-    								</tr>
-							</table>																																			
-						</body>
-					</html>
-				</xsl:template>
-			</xsl:stylesheet>
-		</dsig:Transform>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
-	</dsig:Transforms>
-	<sl10:FinalDataMetaInfo>
-		<sl10:MimeType>application/xhtml+xml</sl10:MimeType>
-	</sl10:FinalDataMetaInfo>
-</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml.old b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml.old
new file mode 100644
index 000000000..1f8085aa3
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml.old
@@ -0,0 +1,161 @@
+<sl10:TransformsInfo>
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+				<xsl:output method="xml" xml:space="default"/>
+				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+					<html>
+						<head>
+							<title>Signing the authentication data</title>
+							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
+							.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: x-small; } 
+							.h4style{ font-family: Verdana; }
+              table.parameters { font-size: x-small; }                                                                        
+              </style>
+						</head>
+						<body>																					
+							<h4 class="h4style">Authentication Data:</h4>																					
+							
+							<p class="titlestyle">Personal Data</p>																					
+							<table class="parameters">                		    						
+								<xsl:if test="normalize-space(//@Issuer)">
+			      						<tr>
+			      							<td class="italicstyle">Name:</td>
+			      							<td>
+			      								<xsl:value-of select="//@Issuer"/>
+			      							</td>
+			      						</tr>
+		      						</xsl:if>
+			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+			      						<tr>
+			      							<td class="italicstyle">Date of Birth:</td>
+			      							<td>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+			      							</td>
+			      						</tr>
+			      					</xsl:if>
+			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">Role:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
+			      						</tr>
+			      					</xsl:if>
+							</table>
+							
+							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+								<hr/>								
+									<xsl:text>I am also authorized as </xsl:text> 
+									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+									<xsl:text> of </xsl:text>
+									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+										<xsl:text>, born on </xsl:text> 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+										<xsl:text>, </xsl:text>
+										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+									</xsl:if>
+									<xsl:text>, to act on their behalf.</xsl:text>																
+								<p/>
+							</xsl:if>
+														                
+              <p class="titlestyle">Application Data</p>     																												
+							<table class="parameters">							  
+                <tr>
+		      							<td class="italicstyle">Name:</td>
+		      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
+								</tr>								
+		    						<tr>
+		      							<td class="italicstyle">Country:</td>
+		      							<td>Austria</td>
+		    						</tr>        																
+							</table>													
+														
+							<p class="titlestyle">Technical Parameters</p>     	
+							<table class="parameters">														 
+								<tr>
+		    							<td class="italicstyle">URL:</td>
+		    							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+			      						<tr>
+			      							<td class="italicstyle">Sector:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
+			      						</tr>
+      								</xsl:if>
+      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+			      						<tr>
+			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
+			      						</tr>
+      								</xsl:if>    
+		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifier:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							</td>			      															
+			      						</tr>
+		    						</xsl:if>  
+		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifier of the principal:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+			      							</td>			      															
+			      						</tr>
+		    						</xsl:if>		    						
+                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">OID:</td>
+			      							<td>
+			      								<xsl:value-of
+			      									select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>			      								
+			      							</td>
+			      						</tr>
+			      					</xsl:if> 
+								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+			      						<tr>
+			      							<td class="italicstyle">HPI:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
+			      						</tr>
+								</xsl:if>     
+								<tr>
+		    							<td class="italicstyle">Date:</td>
+		    							<td>
+		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+		    							</td>
+		    						</tr>
+		    						<tr>
+		    							<td class="italicstyle">Time:</td>
+		    							<td>
+		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+		    							</td>
+    								</tr>
+							</table>																																			
+						</body>
+					</html>
+				</xsl:template>
+			</xsl:stylesheet>
+		</dsig:Transform>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+	</dsig:Transforms>
+	<sl10:FinalDataMetaInfo>
+		<sl10:MimeType>application/xhtml+xml</sl10:MimeType>
+	</sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
deleted file mode 100644
index 5640412da..000000000
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
+++ /dev/null
@@ -1,159 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
-	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
-				<xsl:output method="xml" xml:space="default"/>
-				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
-					<html>
-						<head>
-							<title>Signatur der Anmeldedaten</title>
-							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
-							.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: x-small; } 
-							.h4style{ font-family: Verdana; }
-              table.parameters { font-size: x-small; }                                                                        
-              </style>
-						</head>
-						<body>																					
-							<h4 class="h4style">Anmeldedaten:</h4>																					
-							
-							<p class="titlestyle">Daten zur Person</p>																					
-							<table class="parameters">                		    						
-								<xsl:if test="normalize-space(//@Issuer)">
-			      						<tr>
-			      							<td class="italicstyle">Name:</td>
-			      							<td>
-			      								<xsl:value-of select="//@Issuer"/>
-			      							</td>
-			      						</tr>
-		      						</xsl:if>
-			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
-			      						<tr>
-			      							<td class="italicstyle">Geburtsdatum:</td>
-			      							<td>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
-			      							</td>
-			      						</tr>
-			      					</xsl:if>
-			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">Rolle:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
-			      						</tr>
-			      					</xsl:if>
-							</table>
-							
-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-								<hr/>								
-									<xsl:text>Ich bin weiters ermächtigt als </xsl:text> 
-									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-									<xsl:text> von </xsl:text>
-									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-										<xsl:text>, geboren am </xsl:text> 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-										<xsl:text>, </xsl:text>
-										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>
-									<xsl:text>, in deren Auftrag zu handeln.</xsl:text>																
-								<p/>
-							</xsl:if>
-														                
-              <p class="titlestyle">Daten zur Anwendung</p>     																												
-							<table class="parameters">							  
-                <tr>
-		      							<td class="italicstyle">Name:</td>
-		      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
-								</tr>								
-		    						<tr>
-		      							<td class="italicstyle">Staat:</td>
-		      							<td>Österreich</td>
-		    						</tr>        																
-							</table>													
-														
-							<p class="titlestyle">Technische Parameter</p>     	
-							<table class="parameters">														 
-								<tr>
-		    							<td class="italicstyle">URL:</td>
-		    							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
-								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
-			      						<tr>
-			      							<td class="italicstyle">Bereich:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
-			      						</tr>
-      								</xsl:if>
-      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
-			      						<tr>
-			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
-			      						</tr>
-      								</xsl:if>    
-		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifikator:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							</td>			      															
-			      						</tr>
-		    						</xsl:if>  
-		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifikator des Vollmachtgebers:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
-			      							</td>			      															
-			      						</tr>
-		    						</xsl:if>		    						
-                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">OID:</td>
-			      							<td>
-			      								<xsl:value-of
-			      									select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>			      								
-			      							</td>
-			      						</tr>
-			      					</xsl:if> 
-								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-			      						<tr>
-			      							<td class="italicstyle">HPI:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
-			      						</tr>
-								</xsl:if>     
-								<tr>
-		    							<td class="italicstyle">Datum:</td>
-		    							<td>
-		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
-		    							</td>
-		    						</tr>
-		    						<tr>
-		    							<td class="italicstyle">Uhrzeit:</td>
-		    							<td>
-		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
-		    							</td>
-    								</tr>
-							</table>																																			
-						</body>
-					</html>
-				</xsl:template>
-			</xsl:stylesheet>
-		</dsig:Transform>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
-	</dsig:Transforms>
-</VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml.old b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml.old
new file mode 100644
index 000000000..5640412da
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml.old
@@ -0,0 +1,159 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+				<xsl:output method="xml" xml:space="default"/>
+				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+					<html>
+						<head>
+							<title>Signatur der Anmeldedaten</title>
+							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
+							.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: x-small; } 
+							.h4style{ font-family: Verdana; }
+              table.parameters { font-size: x-small; }                                                                        
+              </style>
+						</head>
+						<body>																					
+							<h4 class="h4style">Anmeldedaten:</h4>																					
+							
+							<p class="titlestyle">Daten zur Person</p>																					
+							<table class="parameters">                		    						
+								<xsl:if test="normalize-space(//@Issuer)">
+			      						<tr>
+			      							<td class="italicstyle">Name:</td>
+			      							<td>
+			      								<xsl:value-of select="//@Issuer"/>
+			      							</td>
+			      						</tr>
+		      						</xsl:if>
+			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+			      						<tr>
+			      							<td class="italicstyle">Geburtsdatum:</td>
+			      							<td>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+			      							</td>
+			      						</tr>
+			      					</xsl:if>
+			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">Rolle:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
+			      						</tr>
+			      					</xsl:if>
+							</table>
+							
+							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+								<hr/>								
+									<xsl:text>Ich bin weiters ermächtigt als </xsl:text> 
+									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+									<xsl:text> von </xsl:text>
+									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+										<xsl:text>, geboren am </xsl:text> 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+										<xsl:text>, </xsl:text>
+										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+									</xsl:if>
+									<xsl:text>, in deren Auftrag zu handeln.</xsl:text>																
+								<p/>
+							</xsl:if>
+														                
+              <p class="titlestyle">Daten zur Anwendung</p>     																												
+							<table class="parameters">							  
+                <tr>
+		      							<td class="italicstyle">Name:</td>
+		      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
+								</tr>								
+		    						<tr>
+		      							<td class="italicstyle">Staat:</td>
+		      							<td>Österreich</td>
+		    						</tr>        																
+							</table>													
+														
+							<p class="titlestyle">Technische Parameter</p>     	
+							<table class="parameters">														 
+								<tr>
+		    							<td class="italicstyle">URL:</td>
+		    							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+			      						<tr>
+			      							<td class="italicstyle">Bereich:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
+			      						</tr>
+      								</xsl:if>
+      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+			      						<tr>
+			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
+			      						</tr>
+      								</xsl:if>    
+		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifikator:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							</td>			      															
+			      						</tr>
+		    						</xsl:if>  
+		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifikator des Vollmachtgebers:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+			      							</td>			      															
+			      						</tr>
+		    						</xsl:if>		    						
+                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">OID:</td>
+			      							<td>
+			      								<xsl:value-of
+			      									select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>			      								
+			      							</td>
+			      						</tr>
+			      					</xsl:if> 
+								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+			      						<tr>
+			      							<td class="italicstyle">HPI:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
+			      						</tr>
+								</xsl:if>     
+								<tr>
+		    							<td class="italicstyle">Datum:</td>
+		    							<td>
+		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+		    							</td>
+		    						</tr>
+		    						<tr>
+		    							<td class="italicstyle">Uhrzeit:</td>
+		    							<td>
+		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+		    							</td>
+    								</tr>
+							</table>																																			
+						</body>
+					</html>
+				</xsl:template>
+			</xsl:stylesheet>
+		</dsig:Transform>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+	</dsig:Transforms>
+</VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
deleted file mode 100644
index 9a067b0ba..000000000
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
+++ /dev/null
@@ -1,159 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
-	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
-				<xsl:output method="xml" xml:space="default"/>
-				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
-					<html>
-						<head>
-							<title>Signing the authentication data</title>
-							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
-							.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: x-small; } 
-							.h4style{ font-family: Verdana; }
-              table.parameters { font-size: x-small; }                                                                        
-              </style>
-						</head>
-						<body>																					
-							<h4 class="h4style">Authentication Data:</h4>																					
-							
-							<p class="titlestyle">Personal Data</p>																					
-							<table class="parameters">                		    						
-								<xsl:if test="normalize-space(//@Issuer)">
-			      						<tr>
-			      							<td class="italicstyle">Name:</td>
-			      							<td>
-			      								<xsl:value-of select="//@Issuer"/>
-			      							</td>
-			      						</tr>
-		      						</xsl:if>
-			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
-			      						<tr>
-			      							<td class="italicstyle">Date of Birth:</td>
-			      							<td>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
-			      							</td>
-			      						</tr>
-			      					</xsl:if>
-			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">Role:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
-			      						</tr>
-			      					</xsl:if>
-							</table>
-							
-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-								<hr/>								
-									<xsl:text>I am also authorized as </xsl:text> 
-									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-									<xsl:text> of </xsl:text>
-									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-										<xsl:text>, born on </xsl:text> 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-										<xsl:text>, </xsl:text>
-										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>
-									<xsl:text>, to act on their behalf.</xsl:text>																
-								<p/>
-							</xsl:if>
-														                
-              <p class="titlestyle">Application Data</p>     																												
-							<table class="parameters">							  
-                <tr>
-		      							<td class="italicstyle">Name:</td>
-		      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
-								</tr>								
-		    						<tr>
-		      							<td class="italicstyle">Country:</td>
-		      							<td>Austria</td>
-		    						</tr>        																
-							</table>													
-														
-							<p class="titlestyle">Technical Parameters</p>     	
-							<table class="parameters">														 
-								<tr>
-		    							<td class="italicstyle">URL:</td>
-		    							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
-								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
-			      						<tr>
-			      							<td class="italicstyle">Sector:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
-			      						</tr>
-      								</xsl:if>
-      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
-			      						<tr>
-			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
-			      						</tr>
-      								</xsl:if>    
-		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifier:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							</td>			      															
-			      						</tr>
-		    						</xsl:if>  
-		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifier of the principal:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
-			      							</td>			      															
-			      						</tr>
-		    						</xsl:if>		    						
-                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">OID:</td>
-			      							<td>
-			      								<xsl:value-of
-			      									select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>			      								
-			      							</td>
-			      						</tr>
-			      					</xsl:if> 
-								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-			      						<tr>
-			      							<td class="italicstyle">HPI:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
-			      						</tr>
-								</xsl:if>     
-								<tr>
-		    							<td class="italicstyle">Date:</td>
-		    							<td>
-		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
-		    							</td>
-		    						</tr>
-		    						<tr>
-		    							<td class="italicstyle">Time:</td>
-		    							<td>
-		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
-		    							</td>
-    								</tr>
-							</table>																																			
-						</body>
-					</html>
-				</xsl:template>
-			</xsl:stylesheet>
-		</dsig:Transform>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
-	</dsig:Transforms>
-</VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml.old b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml.old
new file mode 100644
index 000000000..9a067b0ba
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml.old
@@ -0,0 +1,159 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+				<xsl:output method="xml" xml:space="default"/>
+				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+					<html>
+						<head>
+							<title>Signing the authentication data</title>
+							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
+							.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: x-small; } 
+							.h4style{ font-family: Verdana; }
+              table.parameters { font-size: x-small; }                                                                        
+              </style>
+						</head>
+						<body>																					
+							<h4 class="h4style">Authentication Data:</h4>																					
+							
+							<p class="titlestyle">Personal Data</p>																					
+							<table class="parameters">                		    						
+								<xsl:if test="normalize-space(//@Issuer)">
+			      						<tr>
+			      							<td class="italicstyle">Name:</td>
+			      							<td>
+			      								<xsl:value-of select="//@Issuer"/>
+			      							</td>
+			      						</tr>
+		      						</xsl:if>
+			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+			      						<tr>
+			      							<td class="italicstyle">Date of Birth:</td>
+			      							<td>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+			      							</td>
+			      						</tr>
+			      					</xsl:if>
+			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">Role:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
+			      						</tr>
+			      					</xsl:if>
+							</table>
+							
+							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+								<hr/>								
+									<xsl:text>I am also authorized as </xsl:text> 
+									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+									<xsl:text> of </xsl:text>
+									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+										<xsl:text>, born on </xsl:text> 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+										<xsl:text>, </xsl:text>
+										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+									</xsl:if>
+									<xsl:text>, to act on their behalf.</xsl:text>																
+								<p/>
+							</xsl:if>
+														                
+              <p class="titlestyle">Application Data</p>     																												
+							<table class="parameters">							  
+                <tr>
+		      							<td class="italicstyle">Name:</td>
+		      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
+								</tr>								
+		    						<tr>
+		      							<td class="italicstyle">Country:</td>
+		      							<td>Austria</td>
+		    						</tr>        																
+							</table>													
+														
+							<p class="titlestyle">Technical Parameters</p>     	
+							<table class="parameters">														 
+								<tr>
+		    							<td class="italicstyle">URL:</td>
+		    							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+			      						<tr>
+			      							<td class="italicstyle">Sector:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
+			      						</tr>
+      								</xsl:if>
+      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+			      						<tr>
+			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
+			      						</tr>
+      								</xsl:if>    
+		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifier:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							</td>			      															
+			      						</tr>
+		    						</xsl:if>  
+		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifier of the principal:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+			      							</td>			      															
+			      						</tr>
+		    						</xsl:if>		    						
+                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">OID:</td>
+			      							<td>
+			      								<xsl:value-of
+			      									select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>			      								
+			      							</td>
+			      						</tr>
+			      					</xsl:if> 
+								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+			      						<tr>
+			      							<td class="italicstyle">HPI:</td>
+			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
+			      						</tr>
+								</xsl:if>     
+								<tr>
+		    							<td class="italicstyle">Date:</td>
+		    							<td>
+		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+		    							</td>
+		    						</tr>
+		    						<tr>
+		    							<td class="italicstyle">Time:</td>
+		    							<td>
+		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+		    							</td>
+    								</tr>
+							</table>																																			
+						</body>
+					</html>
+				</xsl:template>
+			</xsl:stylesheet>
+		</dsig:Transform>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+	</dsig:Transforms>
+</VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..ab9e0cd7d
Binary files /dev/null and b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer differ
diff --git "a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer" "b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer"
deleted file mode 100644
index ab9e0cd7d..000000000
Binary files "a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer" and /dev/null differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..ab9e0cd7d
Binary files /dev/null and b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer differ
diff --git "a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer" "b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer"
deleted file mode 100644
index ab9e0cd7d..000000000
Binary files "a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer" and /dev/null differ
diff --git a/id/server/doc/MOA_ID_1.4_Anhang.pdf b/id/server/doc/MOA_ID_1.4_Anhang.pdf
new file mode 100644
index 000000000..0c923666f
Binary files /dev/null and b/id/server/doc/MOA_ID_1.4_Anhang.pdf differ
diff --git a/id/server/doc/moa_id/id-admin_1.htm b/id/server/doc/moa_id/id-admin_1.htm
index a695d73b0..bcb67e0fd 100644
--- a/id/server/doc/moa_id/id-admin_1.htm
+++ b/id/server/doc/moa_id/id-admin_1.htm
@@ -407,7 +407,7 @@ zur Verf&uuml;gung. Der WebService ist unter
 http(s)://host:port/moa-id-auth/services/GetAuthenticationData
 </pre>
 <p>erreichbar. Die Verf&uuml;gbarkeit der Anwendung kann &uuml;berpr&uuml;ft werden, indem die URLs mit einem Web-Browser aufgerufen werden.</p>
-<p><strong>Musterseite</strong><br />
+<p><strong>Musterseite (MOA-Template zur B&uuml;rgerkartenauswahl)</strong><br />
 Nach dem erfolgreichen Starten von Tomcat steht eine Musterseite unter der URL</p>
 <pre>
 http(s)://host:port/moa-id-auth/index.html</pre>
diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm
index 73569b39d..27d89b5dd 100644
--- a/id/server/doc/moa_id/id-admin_2.htm
+++ b/id/server/doc/moa_id/id-admin_2.htm
@@ -529,7 +529,8 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                       <br />
                   </p>
                     <p><b>AuthComponent/ForeignIdentities</b> <br />
-Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;ndischen Karten. Hierf&uuml;r ist ein Stammzahlenregister-Gateway n&ouml;tig, dass einen entsprechenden Zugang zum Stammzahlenregister bereitstellt. Es ist hierzu ein ensprechenden <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> zu definieren, der die Zugangsdaten zum Gateway bereith&auml;lt (siehe <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>). In der Default-Konfiguration ist der Zugang zum Stammzahlenregister-Gateway bereits aktiviert. Es muss nur noch das Client-Zertifikat f&uuml;r die SSL-Verbinung zum Gateway angegeben werden. Voraussetzung daf&uuml;r ist ein Zertifikat von A-Trust mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erf&uuml;llt, k&ouml;nnen Sie dieses hier angeben.<br /></p>
+Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;ndischen Karten. Hierf&uuml;r ist ein Stammzahlenregister-Gateway n&ouml;tig, dass einen entsprechenden Zugang zum Stammzahlenregister bereitstellt. Es ist hierzu ein ensprechenden <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> zu definieren, der die Zugangsdaten zum Gateway bereith&auml;lt (siehe <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>). In der Default-Konfiguration ist der Zugang zum Stammzahlenregister-Gateway bereits aktiviert. Es muss nur noch das Client-Zertifikat f&uuml;r die SSL-Verbinung zum Gateway angegeben werden. Voraussetzung daf&uuml;r ist ein Zertifikat von A-Trust bzw. A-CERT mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erf&uuml;llt, k&ouml;nnen Sie dieses hier angeben.<br />
+                    </p>
 <p id="block"> <b>ProxyComponent</b> <br />
                           <tt>ProxyComponent</tt> enth&auml;lt Parameter, die
                           nur die MOA-ID Proxykomponente betreffen. Das Element
diff --git a/id/server/doc/moa_id/moa.htm b/id/server/doc/moa_id/moa.htm
index bf5d3611d..92e2dfd81 100644
--- a/id/server/doc/moa_id/moa.htm
+++ b/id/server/doc/moa_id/moa.htm
@@ -230,7 +230,7 @@ an den Benutzer weitergeleitet und die Anfragen des Benutzers an die OA weiterge
 <div id="subtitel">Erg&auml;nzung f&uuml;r ausl&auml;ndische B&uuml;rger</div>
 <div id="block">
   <p>Ab der MOA Release 1.4.7 ist es m&ouml;glich, dass sich auch ausl&auml;ndische B&uuml;rger mittels MOA-ID einloggen k&ouml;nnen. Hierzu wird eine Verbindung zu einem sogenannten Stammzahlenregister-Gateway aufgebaut, dass basierend auf den Zertifikatsdaten des ausl&auml;ndischen B&uuml;rgers eine Eintragung im Erg&auml;nzungsregister f&uuml;r nat&uuml;rliche Personen gem&auml;&szlig; E-Government Gesetz &sect;6(5) vornimmt. Somit ist es m&ouml;glich, dass eine Personenbindung ausgestellt werden kann, die in weitere Folge an MOA-ID weitergeleitet wird. </p>
-  <p>Der Zugang zu diesem Stammzahlenregister-Gateways ist &uuml;ber eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firma A-Trust, die mit der Verwaltungseigenschaft versehene sind, akzeptiert. </p>
+  <p>Der Zugang zu diesem Stammzahlenregister-Gateways ist &uuml;ber eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungseigenschaft versehen sind, akzeptiert. </p>
   </div>
 </td></tr></table>
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index 4ef8dc359..c61e2dd84 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -138,12 +138,18 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
 		request += "<html xmlns=\"http://www.w3.org/1999/xhtml\">";
 		request += "<head>";
 		request += "<title>Signatur der Anmeldedaten</title>";
-		request += "<style type=\"text/css\" media=\"screen\">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}";
-		request += ".titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: x-small; }"; 
-		request += ".ernpstyle { font-size: x-small; }";
-		request += ".h4style{ font-family: Verdana; }";
-		request += "table.parameters { font-size: x-small; }";                                                                        
+		request += "<style type=\"text/css\" media=\"screen\">";
+		request += ".normalstyle { font-size: medium; }"; 
+		request += ".italicstyle { font-size: medium; font-style: italic; }";
+		request += ".titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: medium; }"; 
+		request += ".h4style{ font-size: large; font-family: Verdana; }";
 		request += "</style>";
+		
+//		request += "<style type=\"text/css\" media=\"screen\">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}";
+//		request += ".titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: x-small; }"; 
+//		request += ".h4style{ font-family: Verdana; }";
+//		request += "table.parameters { font-size: x-small; }";                                                                        
+//		request += "</style>";
 		request += "</head>";
 		request += "<body>";
 		request += "<h4 class=\"h4style\">Authentication Data:</h4>";
@@ -151,7 +157,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
 		request += "<table class=\"parameters\">";
 		request += "<tr>";
 		request += "<td class=\"italicstyle\">Name:</td>";
-		request += "<td>";
+		request += "<td class=\"normalstyle\">";
 		request += subject;
 		request += "</td>";
 		request += "</tr>";
@@ -160,21 +166,21 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
 		request += "<table class=\"parameters\">";
 		request += "<tr>";
 		request += "<td class=\"italicstyle\">Name:</td>";
-		request += "<td>";
+		request += "<td class=\"normalstyle\">";
 		// friendlyname from OA
 		request += StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName();
 		request += "</td>";
 		request += "</tr>";
 		request += "<tr>";
 		request += "<td class=\"italicstyle\">Country:</td>";
-		request += "<td>Austria</td>";
+		request += "<td class=\"normalstyle\">Austria</td>";
 		request += "</tr>";
 		request += "</table>";
 		request += "<p class=\"titlestyle\">Technical Parameters</p>";
 		request += "<table class=\"parameters\">";
 		request += "<tr>";
 		request += "<td class=\"italicstyle\">URL:</td>";
-		request += "<td>";
+		request += "<td class=\"normalstyle\">";
 		//public URL prefix from OA
 		request += oaParam.getPublicURLPrefix();
 		request += "</td>";
@@ -188,7 +194,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
 			request += "<td class=\"italicstyle\">";
 			request += identifierType + ":";
 			request += "</td>";
-			request += "<td>";
+			request += "<td class=\"normalstyle\">";
 			request += identifier;
 			request += "</td>";
 			request += "</tr>";			
@@ -198,7 +204,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
 			request += "<tr>";
 			request += "<td class=\"italicstyle\">";
 			request += "Sector:</td>";
-			request += "<td>";
+			request += "<td class=\"normalstyle\">";
 			request += target + " (" + sectorName + ")";
 			request += "</td>";
 			request += "</tr>";
@@ -207,19 +213,19 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
 		
 		request += "<tr>";
 		request += "<td class=\"italicstyle\">Date:</td>";
-		request += "<td>";   
+		request += "<td class=\"normalstyle\">";   
 		request += date;
 		request += "</td>";
 		request += "</tr>";
 		request += "<tr>";
 		request += "<td class=\"italicstyle\">Time:</td>";
-		request += "<td>";
+		request += "<td class=\"normalstyle\">";
 		request += time;
 		request += "</td>";
 		request += "</tr>";
 		request += "</table>";
 		
-		request += "<p class=\"ernpstyle\">I hereby request to access this e-government application by using my " +
+		request += "<p class=\"normalstyle\">I hereby request to access this e-government application by using my " +
 			"domestic electronic identity. <br/>" +
 			"I further affirm that I am not yet registered with the Austrian Central " + 
 			"Residents Registry and that I am not obliged to register with the Austrian " + 
diff --git a/spss/server/history.txt b/spss/server/history.txt
index d6249e8cd..5e2df26d8 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -3,7 +3,7 @@
 ##############
 
 - Update Konfiguration:
-	Im Element ServiceOrder unter dem Element RevocationChecking kann nur auch nur ein
+	Im Element ServiceOrder unter dem Element RevocationChecking kann nun auch nur ein
 	Service eingetragen werden (bspw. nur CRL)
 - IAIK Libraries aktualisiert:
 	iaik-moa:           Version 1.27
-- 
cgit v1.2.3


From 66a1e0545eca48d90b29b2c35c82be8dccb28bfa Mon Sep 17 00:00:00 2001
From: kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Tue, 27 Jul 2010 09:51:55 +0000
Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1176
 d688527b-c9ab-4aba-bd8d-4036d912da1d

---
 id/server/auth/src/main/webapp/index.html          |   2 +-
 .../transforms/TransformsInfoAuthBlockTable_DE.xml | 158 +++++++++++++++++++++
 .../transforms/TransformsInfoAuthBlockTable_EN.xml | 158 +++++++++++++++++++++
 .../profiles/MOAIDTransformAuthBlockTable_DE.xml   | 156 ++++++++++++++++++++
 .../profiles/MOAIDTransformAuthBlockTable_EN.xml   | 156 ++++++++++++++++++++
 ...\207\303\20403e694(SecureSignatureKeypair).cer" | Bin 975 -> 0 bytes
 ...\207\303\20403e694(SecureSignatureKeypair).cer" | Bin 975 -> 0 bytes
 ...-20180425.SerNoe694(SecureSignatureKeypair).cer | Bin 0 -> 975 bytes
 ...-20180425.SerNoe694(SecureSignatureKeypair).cer | Bin 0 -> 975 bytes
 ...-20180425.SerNoe694(SecureSignatureKeypair).cer | Bin 0 -> 975 bytes
 10 files changed, 629 insertions(+), 1 deletion(-)
 create mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
 create mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
 create mode 100644 id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
 create mode 100644 id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
 delete mode 100644 "spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer"
 delete mode 100644 "spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer"
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/secureSignature-qual-only/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
 create mode 100644 spss/handbook/conf/moa-spss/trustProfiles/secureSignature/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
index 46ac4dd86..1cb5030a6 100644
--- a/id/server/auth/src/main/webapp/index.html
+++ b/id/server/auth/src/main/webapp/index.html
@@ -24,7 +24,7 @@
 		 		var iframe = document.createElement("iframe");
 		        iframe.setAttribute("src", "iframeOnlineBKU.html");
 		        iframe.setAttribute("width", "210");
-		        iframe.setAttribute("height", "150");
+		        iframe.setAttribute("height", "155");
 		        iframe.setAttribute("frameborder", "0");
 		        iframe.setAttribute("scrolling", "no");
 		        iframe.setAttribute("title", "Login");
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
new file mode 100644
index 000000000..fd6004811
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
@@ -0,0 +1,158 @@
+<sl10:TransformsInfo>
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+				<xsl:output method="xml" xml:space="default"/>
+				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+					<html>
+						<head>
+							<title>Signatur der Anmeldedaten</title>
+							<style type="text/css" media="screen">
+              					.normalstyle { font-size: medium; } 
+              					.italicstyle { font-size: medium; font-style: italic; }
+								.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: medium; } 
+								.h4style{ font-size: large; font-family: Verdana; }                                                                                      
+              				</style>
+              			</head>
+						<body>																					
+							<h4 class="h4style">Anmeldedaten:</h4>																					
+							
+							<p class="titlestyle">Daten zur Person</p>																					
+							<table class="parameters">                		    						
+								<xsl:if test="normalize-space(//@Issuer)">
+			      						<tr>
+			      							<td class="italicstyle">Name:</td>
+			      							<td class="normalstyle">
+			      								<xsl:value-of select="//@Issuer"/>
+			      							</td>
+			      						</tr>
+		      						</xsl:if>
+			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+			      						<tr>
+			      							<td class="italicstyle">Geburtsdatum:</td>
+			      							<td class="normalstyle">
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+			      							</td>
+			      						</tr>
+			      					</xsl:if>
+			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">Rolle:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
+			      						</tr>
+			      					</xsl:if>
+							</table>
+							
+							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+								<hr/>								
+									<xsl:text>Ich bin weiters ermächtigt als </xsl:text> 
+									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+									<xsl:text> von </xsl:text>
+									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+										<xsl:text>, geboren am </xsl:text> 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+										<xsl:text>, </xsl:text>
+										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+									</xsl:if>
+									<xsl:text>, in deren Auftrag zu handeln.</xsl:text>																
+								<p/>
+							</xsl:if>
+														                
+              <p class="titlestyle">Daten zur Anwendung</p>     																												
+							<table class="parameters">							  
+                <tr>
+		      							<td class="italicstyle">Name:</td>
+		      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
+								</tr>								
+		    						<tr>
+		      							<td class="italicstyle">Staat:</td>
+		      							<td class="normalstyle">Österreich</td>
+		    						</tr>        																
+							</table>													
+														
+							<p class="titlestyle">Technische Parameter</p>     	
+							<table class="parameters">														 
+								<tr>
+		    							<td class="italicstyle">URL:</td>
+		    							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+			      						<tr>
+			      							<td class="italicstyle">Bereich:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
+			      						</tr>
+      								</xsl:if>
+      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+			      						<tr>
+			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
+			      						</tr>
+      								</xsl:if>    
+		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifikator:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							</td>			      															
+			      						</tr>
+		    						</xsl:if>  
+		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifikator des Vollmachtgebers:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></td>			      															
+			      						</tr>
+		    						</xsl:if>		    						
+                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">OID:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td>
+			      						</tr>
+			      					</xsl:if> 
+								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+			      						<tr>
+			      							<td class="italicstyle">HPI:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
+			      						</tr>
+								</xsl:if>     
+								<tr>
+		    							<td class="italicstyle">Datum:</td>
+		    							<td class="normalstyle">
+		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+		    							</td>
+		    						</tr>
+		    						<tr>
+		    							<td class="italicstyle">Uhrzeit:</td>
+		    							<td class="normalstyle">
+		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+		    							</td>
+    								</tr>
+							</table>																																			
+						</body>
+					</html>
+				</xsl:template>
+			</xsl:stylesheet>
+		</dsig:Transform>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+	</dsig:Transforms>
+	<sl10:FinalDataMetaInfo>
+		<sl10:MimeType>application/xhtml+xml</sl10:MimeType>
+	</sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
new file mode 100644
index 000000000..4e2b9444c
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
@@ -0,0 +1,158 @@
+<sl10:TransformsInfo>
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+				<xsl:output method="xml" xml:space="default"/>
+				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+					<html>
+						<head>
+							<title>Signing the authentication data</title>
+							<style type="text/css" media="screen">
+              					.normalstyle { font-size: medium; } 
+              					.italicstyle { font-size: medium; font-style: italic; }
+								.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: medium; } 
+								.h4style{ font-size: large; font-family: Verdana; }                                                                                      
+              				</style>
+						</head>
+						<body>																					
+							<h4 class="h4style">Authentication Data:</h4>																					
+							
+							<p class="titlestyle">Personal Data</p>																					
+							<table class="parameters">                		    						
+								<xsl:if test="normalize-space(//@Issuer)">
+			      						<tr>
+			      							<td class="italicstyle">Name:</td>
+			      							<td class="normalstyle">
+			      								<xsl:value-of select="//@Issuer"/>
+			      							</td>
+			      						</tr>
+		      						</xsl:if>
+			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+			      						<tr>
+			      							<td class="italicstyle">Date of Birth:</td>
+			      							<td class="normalstyle">
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+			      							</td>
+			      						</tr>
+			      					</xsl:if>
+			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">Role:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
+			      						</tr>
+			      					</xsl:if>
+							</table>
+							
+							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+								<hr/>								
+									<xsl:text>I am also authorized as </xsl:text> 
+									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+									<xsl:text> of </xsl:text>
+									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+										<xsl:text>, born on </xsl:text> 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+										<xsl:text>, </xsl:text>
+										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+									</xsl:if>
+									<xsl:text>, to act on their behalf.</xsl:text>																
+								<p/>
+							</xsl:if>
+														                
+              <p class="titlestyle">Application Data</p>     																												
+							<table class="parameters">							  
+                <tr>
+		      							<td class="italicstyle">Name:</td>
+		      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
+								</tr>								
+		    						<tr>
+		      							<td class="italicstyle">Country:</td>
+		      							<td class="normalstyle">Austria</td>
+		    						</tr>        																
+							</table>													
+														
+							<p class="titlestyle">Technical Parameters</p>     	
+							<table class="parameters">														 
+								<tr>
+		    							<td class="italicstyle">URL:</td>
+		    							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+			      						<tr>
+			      							<td class="italicstyle">Sector:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
+			      						</tr>
+      								</xsl:if>
+      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+			      						<tr>
+			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
+			      						</tr>
+      								</xsl:if>    
+		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifier:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							</td>			      															
+			      						</tr>
+		    						</xsl:if>  
+		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifier of the principal:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></td>			      															
+			      						</tr>
+		    						</xsl:if>		    						
+                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">OID:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td>
+			      						</tr>
+			      					</xsl:if> 
+								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+			      						<tr>
+			      							<td class="italicstyle">HPI:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
+			      						</tr>
+								</xsl:if>     
+								<tr>
+		    							<td class="italicstyle">Date:</td>
+		    							<td class="normalstyle">
+		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+		    							</td>
+		    						</tr>
+		    						<tr>
+		    							<td class="italicstyle">Time:</td>
+		    							<td class="normalstyle">
+		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+		    							</td>
+    								</tr>
+							</table>																																			
+						</body>
+					</html>
+				</xsl:template>
+			</xsl:stylesheet>
+		</dsig:Transform>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+	</dsig:Transforms>
+	<sl10:FinalDataMetaInfo>
+		<sl10:MimeType>application/xhtml+xml</sl10:MimeType>
+	</sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
new file mode 100644
index 000000000..db638d545
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
@@ -0,0 +1,156 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+				<xsl:output method="xml" xml:space="default"/>
+				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+					<html>
+						<head>
+							<title>Signatur der Anmeldedaten</title>
+							<style type="text/css" media="screen">
+              					.normalstyle { font-size: medium; } 
+              					.italicstyle { font-size: medium; font-style: italic; }
+								.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: medium; } 
+								.h4style{ font-size: large; font-family: Verdana; }                                                                                      
+              				</style>
+              			</head>
+						<body>																					
+							<h4 class="h4style">Anmeldedaten:</h4>																					
+							
+							<p class="titlestyle">Daten zur Person</p>																					
+							<table class="parameters">                		    						
+								<xsl:if test="normalize-space(//@Issuer)">
+			      						<tr>
+			      							<td class="italicstyle">Name:</td>
+			      							<td class="normalstyle">
+			      								<xsl:value-of select="//@Issuer"/>
+			      							</td>
+			      						</tr>
+		      						</xsl:if>
+			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+			      						<tr>
+			      							<td class="italicstyle">Geburtsdatum:</td>
+			      							<td class="normalstyle">
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+			      							</td>
+			      						</tr>
+			      					</xsl:if>
+			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">Rolle:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
+			      						</tr>
+			      					</xsl:if>
+							</table>
+							
+							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+								<hr/>								
+									<xsl:text>Ich bin weiters ermächtigt als </xsl:text> 
+									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+									<xsl:text> von </xsl:text>
+									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+										<xsl:text>, geboren am </xsl:text> 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+										<xsl:text>, </xsl:text>
+										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+									</xsl:if>
+									<xsl:text>, in deren Auftrag zu handeln.</xsl:text>																
+								<p/>
+							</xsl:if>
+														                
+              <p class="titlestyle">Daten zur Anwendung</p>     																												
+							<table class="parameters">							  
+                <tr>
+		      							<td class="italicstyle">Name:</td>
+		      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
+								</tr>								
+		    						<tr>
+		      							<td class="italicstyle">Staat:</td>
+		      							<td class="normalstyle">Österreich</td>
+		    						</tr>        																
+							</table>													
+														
+							<p class="titlestyle">Technische Parameter</p>     	
+							<table class="parameters">														 
+								<tr>
+		    							<td class="italicstyle">URL:</td>
+		    							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+			      						<tr>
+			      							<td class="italicstyle">Bereich:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
+			      						</tr>
+      								</xsl:if>
+      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+			      						<tr>
+			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
+			      						</tr>
+      								</xsl:if>    
+		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifikator:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							</td>			      															
+			      						</tr>
+		    						</xsl:if>  
+		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifikator des Vollmachtgebers:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></td>			      															
+			      						</tr>
+		    						</xsl:if>		    						
+                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">OID:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td>
+			      						</tr>
+			      					</xsl:if> 
+								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+			      						<tr>
+			      							<td class="italicstyle">HPI:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
+			      						</tr>
+								</xsl:if>     
+								<tr>
+		    							<td class="italicstyle">Datum:</td>
+		    							<td class="normalstyle">
+		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+		    							</td>
+		    						</tr>
+		    						<tr>
+		    							<td class="italicstyle">Uhrzeit:</td>
+		    							<td class="normalstyle">
+		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+		    							</td>
+    								</tr>
+							</table>																																			
+						</body>
+					</html>
+				</xsl:template>
+			</xsl:stylesheet>
+		</dsig:Transform>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+	</dsig:Transforms>
+	</VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
new file mode 100644
index 000000000..6db367871
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
@@ -0,0 +1,156 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+				<xsl:output method="xml" xml:space="default"/>
+				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+					<html>
+						<head>
+							<title>Signing the authentication data</title>
+							<style type="text/css" media="screen">
+              					.normalstyle { font-size: medium; } 
+              					.italicstyle { font-size: medium; font-style: italic; }
+								.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: medium; } 
+								.h4style{ font-size: large; font-family: Verdana; }                                                                                      
+              				</style>
+						</head>
+						<body>																					
+							<h4 class="h4style">Authentication Data:</h4>																					
+							
+							<p class="titlestyle">Personal Data</p>																					
+							<table class="parameters">                		    						
+								<xsl:if test="normalize-space(//@Issuer)">
+			      						<tr>
+			      							<td class="italicstyle">Name:</td>
+			      							<td class="normalstyle">
+			      								<xsl:value-of select="//@Issuer"/>
+			      							</td>
+			      						</tr>
+		      						</xsl:if>
+			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+			      						<tr>
+			      							<td class="italicstyle">Date of Birth:</td>
+			      							<td class="normalstyle">
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+			      								<xsl:text>.</xsl:text>
+			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+			      							</td>
+			      						</tr>
+			      					</xsl:if>
+			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">Role:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
+			      						</tr>
+			      					</xsl:if>
+							</table>
+							
+							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+								<hr/>								
+									<xsl:text>I am also authorized as </xsl:text> 
+									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+									<xsl:text> of </xsl:text>
+									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+										<xsl:text>, born on </xsl:text> 
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+									</xsl:if>
+									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+										<xsl:text>, </xsl:text>
+										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+									</xsl:if>
+									<xsl:text>, to act on their behalf.</xsl:text>																
+								<p/>
+							</xsl:if>
+														                
+              <p class="titlestyle">Application Data</p>     																												
+							<table class="parameters">							  
+                <tr>
+		      							<td class="italicstyle">Name:</td>
+		      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
+								</tr>								
+		    						<tr>
+		      							<td class="italicstyle">Country:</td>
+		      							<td class="normalstyle">Austria</td>
+		    						</tr>        																
+							</table>													
+														
+							<p class="titlestyle">Technical Parameters</p>     	
+							<table class="parameters">														 
+								<tr>
+		    							<td class="italicstyle">URL:</td>
+		    							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+								</tr>
+								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+			      						<tr>
+			      							<td class="italicstyle">Sector:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
+			      						</tr>
+      								</xsl:if>
+      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+			      						<tr>
+			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
+			      						</tr>
+      								</xsl:if>    
+		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifier:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+			      							</td>			      															
+			      						</tr>
+		    						</xsl:if>  
+		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+			      						<tr>    						
+			      							<td class="italicstyle">Identifier of the principal:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></td>			      															
+			      						</tr>
+		    						</xsl:if>		    						
+                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+			      						<tr>
+			      							<td class="italicstyle">OID:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td>
+			      						</tr>
+			      					</xsl:if> 
+								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
+			      						<tr>
+			      							<td class="italicstyle">HPI:</td>
+			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
+			      						</tr>
+								</xsl:if>     
+								<tr>
+		    							<td class="italicstyle">Date:</td>
+		    							<td class="normalstyle">
+		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+		    								<xsl:text>.</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+		    							</td>
+		    						</tr>
+		    						<tr>
+		    							<td class="italicstyle">Time:</td>
+		    							<td class="normalstyle">
+		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+		    								<xsl:text>:</xsl:text>
+		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+		    							</td>
+    								</tr>
+							</table>																																			
+						</body>
+					</html>
+				</xsl:template>
+			</xsl:stylesheet>
+		</dsig:Transform>
+		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+	</dsig:Transforms>
+	</VerifyTransformsInfoProfile>
diff --git "a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer" "b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer"
deleted file mode 100644
index ab9e0cd7d..000000000
Binary files "a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer" and /dev/null differ
diff --git "a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer" "b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer"
deleted file mode 100644
index ab9e0cd7d..000000000
Binary files "a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature/A-Trust-Qual-03.20080425-20180425.SerNo\303\224\303\207\303\20403e694(SecureSignatureKeypair).cer" and /dev/null differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..ab9e0cd7d
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature-qual-only/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature-qual-only/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..ab9e0cd7d
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature-qual-only/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..ab9e0cd7d
Binary files /dev/null and b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer differ
-- 
cgit v1.2.3


From 7848a953758fe645da5abc16eb8abff1fdc11da8 Mon Sep 17 00:00:00 2001
From: kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Tue, 27 Jul 2010 20:15:31 +0000
Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1177
 d688527b-c9ab-4aba-bd8d-4036d912da1d

---
 .../java/at/gv/egovernment/moa/util/DOMUtils.java  |  18 ++++++++
 id/readme_1.4.7.txt                                |  46 ++++++++++++---------
 id/server/auth/src/main/webapp/img/logo.jpg        | Bin 18014 -> 18260 bytes
 .../conf/moa-id/SampleMOAIDConfiguration.xml       |   6 ++-
 .../conf/moa-id/SampleMOAIDConfigurationProxy.xml  |   6 ++-
 .../SampleMOAIDConfiguration_withTestBKs.xml       |   6 ++-
 .../SampleMOAIDConfiguration_withTestBKsProxy.xml  |   6 ++-
 .../conf/moa-id/SampleMOAWIDConfiguration.xml      |   6 ++-
 .../conf/moa-id/SampleMOAWIDConfigurationProxy.xml |   6 ++-
 .../SampleMOAWIDConfiguration_withTestBKs.xml      |   6 ++-
 .../SampleMOAWIDConfiguration_withTestBKsProxy.xml |   6 ++-
 .../moa/id/auth/AuthenticationServer.java          |  34 ++++++++++++++-
 .../moa/id/auth/MOAIDAuthConstants.java            |   5 ++-
 .../builder/VerifyXMLSignatureRequestBuilder.java  |   1 +
 .../id/auth/servlet/VerifyIdentityLinkServlet.java |   2 +
 .../id/auth/validator/IdentityLinkValidator.java   |   3 ++
 .../VerifyXMLSignatureResponseValidator.java       |   1 +
 17 files changed, 120 insertions(+), 38 deletions(-)

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
index b403961d8..39cdf4e87 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
@@ -378,6 +378,24 @@ public class DOMUtils {
       .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null)
       .getDocumentElement();
   }
+  
+  /**
+   * A convenience method to parse an XML document non validating.
+   * 
+   * @param inputStream The <code>InputStream</code> containing the XML
+   * document.
+   * @return The root element of the parsed XML document.
+   * @throws SAXException An error occurred parsing the document.
+   * @throws IOException An error occurred reading the document.
+   * @throws ParserConfigurationException An error occurred configuring the XML
+   * parser.
+   */
+  public static Element parseXmlNonValidating(InputStream inputStream)
+    throws ParserConfigurationException, SAXException, IOException {
+    return DOMUtils
+      .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null)
+      .getDocumentElement();
+  }
 
   /**
    * Schema validate a given DOM element.
diff --git a/id/readme_1.4.7.txt b/id/readme_1.4.7.txt
index 3f04b9e3c..3fc743521 100644
--- a/id/readme_1.4.7.txt
+++ b/id/readme_1.4.7.txt
@@ -91,17 +91,21 @@ B.1 Durchf
    betreiben, sondern es von MOA ID über die API-Schnittstelle angesprochen
    wird, lautet dieses Stammverzeichnis für gewöhnlich
    CATALINA_HOME_ID/conf/moa-spss.
-   Weiters editieren Sie ihre MOA SPSS Konfiguration wie folgt:
-      * Im Element MOAConfiguration/SignatureVerification fügen Sie folgende Zeilen 
-      	ein:
-      	<cfg:VerifyTransformsInfoProfile>
-			<cfg:Id>MOAIDTransformAuthBlockTable_DE</cfg:Id>
-			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE.xml</cfg:Location>
-		</cfg:VerifyTransformsInfoProfile>
-		<cfg:VerifyTransformsInfoProfile>
-			<cfg:Id>MOAIDTransformAuthBlockTable_EN</cfg:Id>
-			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_EN.xml</cfg:Location>
-		</cfg:VerifyTransformsInfoProfile>
+   Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
+      * Im Element MOA-IDConfiguration/AuthComponent/SecurityLayer fügen Sie eine 
+        der folgende Zeilen	ein:
+      	<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+		<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
+      	je nachdem ob sie einen englischen oder deutschen Text zur Anzeige beim
+      	Bürger wünschen.
+      	Alle weiteren TransformsInfo Elemente löschen Sie bitte.
+      * Im Element AuthComponent/MOA-SP/VerifyAuthBlock fügend Sie eine der folgende 
+        Zeilen ein:
+        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+		<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+        je nachdem ob sie einen englischen oder deutschen Text zur Anzeige beim
+      	Bürger ausgewählt haben.
+      	Alle weiteren VerifyTransformsInfoProfileID Elemente löschen Sie bitte.
    
 9. Kopieren Sie die drei Dateien aus dem Verzeichnis  
    MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs in das Verzeichnis certs/ca-certs Ihres
@@ -213,18 +217,20 @@ B.1 Durchf
    dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
    davon ausgegangen).
    Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
-      * Im Element MOA-IDConfiguration/AuthComponent/SecurityLayer fügen sie eine 
+      * Im Element MOA-IDConfiguration/AuthComponent/SecurityLayer fügen Sie eine 
         der folgende Zeilen	ein:
       	<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
 		<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
       	je nachdem ob sie einen englischen oder deutschen Text zur Anzeige beim
       	Bürger wünschen.
       	Alle weiteren TransformsInfo Elemente löschen Sie bitte.
-      * Im Element AuthComponent/MOA-SP/VerifyAuthBlock fügend Sie folgende Zeilen
-        ein:
+      * Im Element AuthComponent/MOA-SP/VerifyAuthBlock fügend Sie eine der folgende 
+        Zeilen ein:
         <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
 		<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
-      
+        je nachdem ob sie einen englischen oder deutschen Text zur Anzeige beim
+      	Bürger ausgewählt haben.
+      	Alle weiteren VerifyTransformsInfoProfileID Elemente löschen Sie bitte.
 8. Kopieren Sie die zwei Dateien aus dem Verzeichnis 
    MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
    Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet
@@ -295,17 +301,20 @@ B.2 Durchf
    dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
    davon ausgegangen).
    Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
-      * Im Element MOA-IDConfiguration/AuthComponent/SecurityLayer fügen sie eine 
+      * Im Element MOA-IDConfiguration/AuthComponent/SecurityLayer fügen Sie eine 
         der folgende Zeilen	ein:
       	<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
 		<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
       	je nachdem ob sie einen englischen oder deutschen Text zur Anzeige beim
       	Bürger wünschen.
       	Alle weiteren TransformsInfo Elemente löschen Sie bitte.
-      * Im Element AuthComponent/MOA-SP/VerifyAuthBlock fügend Sie folgende Zeilen
-        ein:
+      * Im Element AuthComponent/MOA-SP/VerifyAuthBlock fügend Sie eine der folgende 
+        Zeilen ein:
         <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
 		<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+        je nachdem ob sie einen englischen oder deutschen Text zur Anzeige beim
+      	Bürger ausgewählt haben.
+      	Alle weiteren VerifyTransformsInfoProfileID Elemente löschen Sie bitte.
       
 6. Kopieren Sie die zwei Dateien aus dem Verzeichnis 
    MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
@@ -348,7 +357,6 @@ B.2 Durchf
        dieses hier angeben. 
 
 
-
 8. Sichern Sie ihre MOA-ID Konfigurationsdatei. Kopieren Sie die 
    Beispielkonfigurationsdateien aus dem Verzeichnis
    MOA_ID_AUTH_INST/conf/moa-id/SampleMOA*.xml nach 
diff --git a/id/server/auth/src/main/webapp/img/logo.jpg b/id/server/auth/src/main/webapp/img/logo.jpg
index 6bfc6a1e9..bafbccc84 100644
Binary files a/id/server/auth/src/main/webapp/img/logo.jpg and b/id/server/auth/src/main/webapp/img/logo.jpg differ
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index 8c5cf90d3..e59925057 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -18,8 +18,9 @@
 		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
+		<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
 			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>-->
 		</SecurityLayer>
 		<MOA-SP>
 			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
@@ -37,8 +38,9 @@
 			<VerifyAuthBlock>
 				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
 				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<!-- Wählen Sie hier entsprechende der Sprachauswahl im Element <SecurityLayer><TransformsInfo> das deutsche oder englische Profil -->
 				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
 		<VerifyInfoboxes>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index a04adaf51..a8a6e34e5 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -18,8 +18,9 @@
 		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
+		<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
 			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+			<!--  <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>-->
 		</SecurityLayer>
 		<MOA-SP>
 			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
@@ -37,8 +38,9 @@
 			<VerifyAuthBlock>
 				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
 				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<!-- Wählen Sie hier entsprechende der Sprachauswahl im Element <SecurityLayer><TransformsInfo> das deutsche oder englische Profil -->
 				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
 		<VerifyInfoboxes>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 1a7005eee..54a2d5ce6 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -18,8 +18,9 @@
 		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
+			<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
 			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>-->
 		</SecurityLayer>
 		<MOA-SP>
 			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
@@ -38,8 +39,9 @@
 				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
 				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
 				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<!-- Wählen Sie hier entsprechende der Sprachauswahl im Element <SecurityLayer><TransformsInfo> das deutsche oder englische Profil -->
 				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
 		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index 2070c52a6..9b4918475 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -18,8 +18,9 @@
 		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
+		<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
 			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>-->
 		</SecurityLayer>
 		<MOA-SP>
 			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
@@ -38,8 +39,9 @@
 				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
 				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
 				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<!-- Wählen Sie hier entsprechende der Sprachauswahl im Element <SecurityLayer><TransformsInfo> das deutsche oder englische Profil -->
 				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
 		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index 79fb7cba1..4f7711574 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -18,8 +18,9 @@
 		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
+		<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
 			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>-->
 		</SecurityLayer>
 		<MOA-SP>
 			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
@@ -37,8 +38,9 @@
 			<VerifyAuthBlock>
 				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
 				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<!-- Wählen Sie hier entsprechende der Sprachauswahl im Element <SecurityLayer><TransformsInfo> das deutsche oder englische Profil -->
 				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
 		<VerifyInfoboxes>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index af92e8b67..c5350de66 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -18,8 +18,9 @@
 		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
+		<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
 			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>-->
 		</SecurityLayer>
 		<MOA-SP>
 			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
@@ -37,8 +38,9 @@
 			<VerifyAuthBlock>
 				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
 				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<!-- Wählen Sie hier entsprechende der Sprachauswahl im Element <SecurityLayer><TransformsInfo> das deutsche oder englische Profil -->
 				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
 		<VerifyInfoboxes>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index ed2cdd07c..184ad442d 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -18,8 +18,9 @@
 		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
+		<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
 			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>-->
 		</SecurityLayer>
 		<MOA-SP>
 			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
@@ -38,8 +39,9 @@
 				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
 				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
 				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<!-- Wählen Sie hier entsprechende der Sprachauswahl im Element <SecurityLayer><TransformsInfo> das deutsche oder englische Profil -->
 				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
 		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index f7ed53249..41b03ad58 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -18,8 +18,9 @@
 		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
+		<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
 			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
+			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>-->
 		</SecurityLayer>
 		<MOA-SP>
 			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
@@ -38,8 +39,9 @@
 				<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
 				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
 				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+				<!-- Wählen Sie hier entsprechende der Sprachauswahl im Element <SecurityLayer><TransformsInfo> das deutsche oder englische Profil -->
 				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
 		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 01c6a512f..103274c29 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -15,10 +15,14 @@
 */
 package at.gv.egovernment.moa.id.auth;
 
+import iaik.ixsil.exceptions.UtilsException;
+import iaik.ixsil.util.Utils;
 import iaik.pki.PKIException;
 import iaik.x509.X509Certificate;
 
 import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.security.Principal;
@@ -32,10 +36,13 @@ import java.util.Map;
 import java.util.Set;
 import java.util.Vector;
 
+import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.TransformerException;
 
 import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
 
+import HTTPClient.Util;
 import at.gv.egovernment.moa.id.AuthenticationException;
 import at.gv.egovernment.moa.id.BuildException;
 import at.gv.egovernment.moa.id.ParseException;
@@ -431,6 +438,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID});
        
     String xmlInfoboxReadResponse = (String)infoboxReadResponseParameters.get(PARAM_XMLRESPONSE);
+   
     if (isEmpty(xmlInfoboxReadResponse))
       throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE});
     
@@ -455,8 +463,30 @@ public class AuthenticationServer implements MOAIDAuthConstants {
        Logger.info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als ausländische eID.");
       return null;
     }
-        
-    // parses the <InfoboxReadResponse>
+       
+    // for testing new identity link certificate
+//    xmlInfoboxReadResponse = null;
+//    try {
+//    File file = new File("c:/temp/xxxMuster-new-cert_infobox.xml");
+//    FileInputStream fis;
+//	
+//		fis = new FileInputStream(file);
+//		byte[] array = Utils.readFromInputStream(fis);
+//    
+//    xmlInfoboxReadResponse = new String(array);
+//    System.out.println(xmlInfoboxReadResponse);
+//    
+//    } catch (FileNotFoundException e) {
+//		// TODO Auto-generated catch block
+//		e.printStackTrace();
+//	} catch (UtilsException e) {
+//		// TODO Auto-generated catch block
+//		e.printStackTrace();
+//	}
+    
+	
+    
+ // parses the <InfoboxReadResponse>
     IdentityLink identityLink =
       new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink();
     // validates the identity link
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 88859dc3f..84f8f6985 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -86,7 +86,10 @@ public interface MOAIDAuthConstants {
    */ 
   public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID = 
     new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission",
-                  "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"};  
+                  "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission",
+    			  "EMAIL=dsk@dsk.gv.at,serialNumber=325928323998,CN=Signaturservice Datenschutzkommission,OU=Stammzahlregisterbehoerde,O=Datenschutzkommission,C=AT"};
+                  //"E=dsk@dsk.gv.at,SERIALNUMBER=325928323998,CN=Signaturservice Datenschutzkommission,OU=Stammzahlregisterbehoerde,O=Datenschutzkommission,C=AT"};
+  				   
   /** the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" */
   public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1";
   /** 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index a14d0325f..2c97f01ae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -131,6 +131,7 @@ public class VerifyXMLSignatureRequestBuilder {
       Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
       signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
       Element[] dsigTransforms = identityLink.getDsigReferenceTransforms();
+      
       for (int i = 0; i < dsigTransforms.length; i++) {        
         Element verifyTransformsInfoProfileElem = 
           requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 1fc5013f3..ba3e2141b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -106,6 +106,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
        
     	AuthenticationSession session = AuthenticationServer.getSession(sessionID);  
     	String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters);
+
+    	Logger.debug(createXMLSignatureRequestOrRedirect);
     	
     	if (createXMLSignatureRequestOrRedirect == null) {
     	   // no identity link found
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
index 1c9b66124..baaa21db2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
@@ -155,6 +155,9 @@ public class IdentityLinkValidator implements Constants {
            if (attributeValue==null) 
              attributeValue = 
                (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue");
+           if (attributeValue==null) 
+               attributeValue = 
+                 (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + DSIG + "DSAKeyValue");
            if (attributeValue == null)
             throw new ValidateException("validator.02", null);
                       
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index bc7db72f4..affa95c2b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -124,6 +124,7 @@ public class VerifyXMLSignatureResponseValidator {
       catch (RFC2253NameParserException e) {
         throw new ValidateException("validator.17", null);
       }
+      System.out.println("subjectDN: " + subjectDN);
       // check the authorisation to sign the identity link
       if (!identityLinkSignersSubjectDNNames.contains(subjectDN)) {
         // subject DN check failed, try OID check:
-- 
cgit v1.2.3


From cb0ebde35990eb8fedd2eb4a0b72efdb7f26f961 Mon Sep 17 00:00:00 2001
From: kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Wed, 28 Jul 2010 07:47:06 +0000
Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1179
 d688527b-c9ab-4aba-bd8d-4036d912da1d

---
 id/history.txt                                     |   5 +-
 id/readme_1.4.7.txt                                | 459 ++++++---------------
 .../TransformsInfoAuthBlockTable_DE.xml.old        | 161 --------
 .../TransformsInfoAuthBlockTable_EN.xml.old        | 161 --------
 .../MOAIDTransformAuthBlockTable_DE.xml.old        | 159 -------
 .../MOAIDTransformAuthBlockTable_EN.xml.old        | 159 -------
 6 files changed, 120 insertions(+), 984 deletions(-)
 delete mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml.old
 delete mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml.old
 delete mode 100644 id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml.old
 delete mode 100644 id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml.old

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/history.txt b/id/history.txt
index 92b4dce01..e4148783a 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -6,8 +6,9 @@ History MOA-ID:
 Version MOA-ID 1.4.7: Änderungen seit Version MOA-ID 1.4.6:
 
 - Anbindung an Stammzahlenregister-Gateway um ausländische Bürger zu integrieren (ERnP-Eintragung 
-  gemäß)
-- Neuer AUTH-Block mit neuen Transformationen
+  gemäß E-Government Gesetz §6(5))
+- Neuer Anmeldetext mit neuen Transformationen
+- Striktere Parameterüberprüfung
 - Fixed Bug #485 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
 - Fixed Bug #540 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=540&group_id=6&atid=105)
 - IAIK Libraries aktualisiert:
diff --git a/id/readme_1.4.7.txt b/id/readme_1.4.7.txt
index 3fc743521..363e2bc53 100644
--- a/id/readme_1.4.7.txt
+++ b/id/readme_1.4.7.txt
@@ -12,7 +12,8 @@ gleichen Verzeichnis):
 
 - Anbindung an Stammzahlenregister-Gateway um ausländische Bürger zu integrieren (ERnP-Eintragung 
   gemäß E-Government Gesetz §6(5))
-- Neuer AUTH-Block mit neuen Transformationen
+- Neuer Anmeldetext mit neuen Transformationen
+- Striktere Parameterüberprüfung
 - Fixed Bug #485 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
 - Fixed Bug #540 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=540&group_id=6&atid=105)
 - IAIK Libraries aktualisiert:
@@ -26,7 +27,8 @@ Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch
 eine Aktualisierung bestehender Installationen möglich.
 
 ...............................................................................
-B.1 Durchführung eines Updates von Version 1.4.5 oder 1.4.6
+B.1 Durchführung eines Updates von Version 1.4.5 oder 1.4.6 oder 1.4.3 oder 
+    1.4.4
 ...............................................................................
 
 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
@@ -47,8 +49,8 @@ B.1 Durchf
    auch das komplette Verzeichnis moa-id-auth.
    Für MOA ID Proxy:
    Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Proxy
-   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
-   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/
+   webappsProxy, wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
    für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-proxy.war als 
    auch das komplette Verzeichnis moa-id-proxy.
 
@@ -56,7 +58,7 @@ B.1 Durchf
    CATALINA_HOME_ID/webapps.
    Für MOA ID Proxy:
    Kopieren Sie die Datei MOA_ID_PROXY_INST/moa-id-proxy.war nach
-   CATALINA_HOME_ID/webapps.
+   CATALINA_HOME_ID/webappsProxy.
    
 5. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
    JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach.
@@ -67,21 +69,24 @@ B.1 Durchf
 7. Kopieren Sie die zwei Dateien aus dem Verzeichnis  
    MOA_ID_AUTH_INST/conf/moa-id/transforms in das Verzeichnis transforms Ihres
    Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
-   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
-   davon ausgegangen).
+   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge 
+   wird davon ausgegangen).
    Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
-      * Im Element MOA-IDConfiguration/AuthComponent/SecurityLayer fügen sie eine 
-        der folgende Zeilen	ein:
+      * Im Element MOA-IDConfiguration/AuthComponent/SecurityLayer fügen 
+        Sie eine der folgende Zeilen ein:
       	<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
 		<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-      	je nachdem ob sie einen englischen oder deutschen Text zur Anzeige beim
-      	Bürger wünschen.
+      	je nachdem ob sie einen englischen oder deutschen Text zur 
+      	Anzeige	wünschen.
       	Alle weiteren TransformsInfo Elemente löschen Sie bitte.
-      * Im Element AuthComponent/MOA-SP/VerifyAuthBlock fügend Sie folgende Zeilen
-        ein:
+      * Im Element AuthComponent/MOA-SP/VerifyAuthBlock fügen Sie eine
+        der folgende Zeilen ein:
         <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
 		<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
-      
+        je nachdem ob sie einen englischen oder deutschen Text zur 
+        Anzeige ausgewählt haben.
+      	Alle weiteren VerifyTransformsInfoProfileID Elemente löschen 
+      	Sie bitte.
 8. Kopieren Sie die zwei Dateien aus dem Verzeichnis 
    MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
    Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet
@@ -91,40 +96,37 @@ B.1 Durchf
    betreiben, sondern es von MOA ID über die API-Schnittstelle angesprochen
    wird, lautet dieses Stammverzeichnis für gewöhnlich
    CATALINA_HOME_ID/conf/moa-spss.
-   Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
-      * Im Element MOA-IDConfiguration/AuthComponent/SecurityLayer fügen Sie eine 
-        der folgende Zeilen	ein:
-      	<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
-		<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-      	je nachdem ob sie einen englischen oder deutschen Text zur Anzeige beim
-      	Bürger wünschen.
-      	Alle weiteren TransformsInfo Elemente löschen Sie bitte.
-      * Im Element AuthComponent/MOA-SP/VerifyAuthBlock fügend Sie eine der folgende 
+   Weiters editieren Sie ihre MOA SPSS Konfiguration wie folgt:
+      * Im Element MOAConfiguration/SignatureVerification fügen Sie folgende 
         Zeilen ein:
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-		<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
-        je nachdem ob sie einen englischen oder deutschen Text zur Anzeige beim
-      	Bürger ausgewählt haben.
-      	Alle weiteren VerifyTransformsInfoProfileID Elemente löschen Sie bitte.
-   
+      	<cfg:VerifyTransformsInfoProfile>
+			<cfg:Id>MOAIDTransformAuthBlockTable_DE</cfg:Id>
+			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE.xml</cfg:Location>
+		</cfg:VerifyTransformsInfoProfile>
+		<cfg:VerifyTransformsInfoProfile>
+			<cfg:Id>MOAIDTransformAuthBlockTable_EN</cfg:Id>
+			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_EN.xml</cfg:Location>
+		</cfg:VerifyTransformsInfoProfile>
+
 9. Kopieren Sie die drei Dateien aus dem Verzeichnis  
-   MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs in das Verzeichnis certs/ca-certs Ihres
-   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
-   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
-   davon ausgegangen).
+   MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs in das Verzeichnis 
+   certs/ca-certs Ihres Stammverzeichnisses für die MOA ID Konfiguration 
+   (für gewöhnlich lautet dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; 
+   in weiterer Folge wird davon ausgegangen).
    Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
-   	 * Im Element MOA-IDConfiguration/AuthComponent fügend Sie als letztes Kind-Element 
-   	   folgende Zeilen ein:   	 
+   	 * Im Element MOA-IDConfiguration/AuthComponent fügend Sie als letztes 
+   	   Kind-Element folgende Zeilen ein:   	 
    	 <ForeignIdentities>
 	   <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
          <ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 	   </ConnectionParameter>
      </ForeignIdentities>
        
-       Anmerkung: Im ClientKeyStore Element geben Sie den Client Keystore für den Zugriff auf das 
-       Stammzahlenregister-Gateway an. Voraussetzung ist ein A-Trust Zertifikat mit 
-       Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie 
-       dieses hier angeben. 
+       Anmerkung: Im ClientKeyStore Element geben Sie den Client Keystore für 
+       den Zugriff auf das Stammzahlenregister-Gateway an. Voraussetzung ist 
+       ein A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft. Wenn 
+       ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses 
+       hier angeben. 
 
 10. Update des Cert-Stores.
    Kopieren Sie den Inhalt des Verzeichnisses
@@ -133,11 +135,11 @@ B.1 Durchf
    vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann 
    bejahen sie das.
 
-11. Update der Trust-Profile. Achten sie bei Case-sensitiven Betriebssystemen auf 
-   die Profilbezeichnungen. Aus trustprofiles wurde trustProfiles.  
-   Wenn Sie Ihre alten Trust-Profile durch die neuen ersetzen wollen, dann gehen  
-   Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile beibehalten 
-   wollen, dann gehen Sie vor, wie in Punkt b).
+11. Update der Trust-Profile. Achten sie bei Case-sensitiven Betriebssystemen 
+   auf die Profilbezeichnungen. Aus trustprofiles wurde trustProfiles.  
+   Wenn Sie Ihre alten Trust-Profile durch die neuen ersetzen wollen, dann 
+   gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile 
+   beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
 
    a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
 
@@ -146,20 +148,21 @@ B.1 Durchf
         MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis 
         CATALINA_HOME\conf\moa-spss.
 
-   b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie folgt
-      vor, um die Profile auf den aktuellen Stand zu bringen:
+   b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie 
+      folgt vor, um die Profile auf den aktuellen Stand zu bringen:
 
     1)  Benennen Sie ein eventuell vorhandenes Verzeichnis trustprofiles in
-        trustProfiles um (vergessen Sie nicht, diese Änderung in Ihrer MOA-SP/SS
-        Konfigurationsdatei ebenfalls zu berücksichtigen und benennen Sie dort 
-        alle gleichartigen Vorkommen von trustprofiles in trustProfiles um)
+        trustProfiles um (vergessen Sie nicht, diese Änderung in Ihrer 
+        MOA-SP/SS Konfigurationsdatei ebenfalls zu berücksichtigen und 
+        benennen Sie dort alle gleichartigen Vorkommen von trustprofiles 
+        in trustProfiles um)
 
     2)  Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den 
         entsprechenden Profilen im Verzeichnis 
         MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren 
-        Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt der 
-        einzelnen Profile aus der Distribution (
-        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden 
+        Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt 
+        der einzelnen Profile aus der Distribution 
+        (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden 
         Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) 
         kopieren und dabei die vorhandenen gleichnamigen Zertifikate 
         überschreiben), also z.B: Kopieren des Inhalts von 
@@ -173,7 +176,7 @@ B.1 Durchf
    Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
 
 ...............................................................................
-B.1 Durchführung eines Updates von Version 1.4.3 oder 1.4.4 
+B.2 Durchführung eines Updates von Version 1.4.1 oder 1.4.2 (incl. beta 1)
 ...............................................................................
 
 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
@@ -181,11 +184,11 @@ B.1 Durchf
 
 2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.7.zip) in
    ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
-   bezeichnet.   
+   bezeichnet.
    Für MOA ID Proxy:
    Entpacken Sie die Distribution von MOA ID Proxy (moa-id-proxy-1.4.7.zip) in
    ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_PROXY_INST 
-   bezeichnet.
+   bezeichnet.    
 
 3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
    beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
@@ -194,8 +197,8 @@ B.1 Durchf
    auch das komplette Verzeichnis moa-id-auth.
    Für MOA ID Proxy:
    Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Proxy
-   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
-   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
+   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/
+   webappsProxy, wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
    für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-proxy.war als 
    auch das komplette Verzeichnis moa-id-proxy.
 
@@ -203,34 +206,35 @@ B.1 Durchf
    CATALINA_HOME_ID/webapps.
    Für MOA ID Proxy:
    Kopieren Sie die Datei MOA_ID_PROXY_INST/moa-id-proxy.war nach
-   CATALINA_HOME_ID/webapps.
-      
+   CATALINA_HOME_ID/webappsProxy.
+   
 5. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
    JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach.
 
 6. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\ext in das 
    Verzeichnis JAVA_HOME\jre\lib\ext.
-
+   
 7. Kopieren Sie die zwei Dateien aus dem Verzeichnis  
    MOA_ID_AUTH_INST/conf/moa-id/transforms in das Verzeichnis transforms Ihres
    Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
-   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
-   davon ausgegangen).
+   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge 
+   wird davon ausgegangen).
    Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
-      * Im Element MOA-IDConfiguration/AuthComponent/SecurityLayer fügen Sie eine 
-        der folgende Zeilen	ein:
+      * Im Element MOA-IDConfiguration/AuthComponent/SecurityLayer fügen 
+        Sie eine der folgende Zeilen ein:
       	<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
 		<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-      	je nachdem ob sie einen englischen oder deutschen Text zur Anzeige beim
-      	Bürger wünschen.
+      	je nachdem ob sie einen englischen oder deutschen Text zur 
+      	Anzeige	wünschen.
       	Alle weiteren TransformsInfo Elemente löschen Sie bitte.
-      * Im Element AuthComponent/MOA-SP/VerifyAuthBlock fügend Sie eine der folgende 
-        Zeilen ein:
+      * Im Element AuthComponent/MOA-SP/VerifyAuthBlock fügen Sie eine
+        der folgende Zeilen ein:
         <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
 		<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
-        je nachdem ob sie einen englischen oder deutschen Text zur Anzeige beim
-      	Bürger ausgewählt haben.
-      	Alle weiteren VerifyTransformsInfoProfileID Elemente löschen Sie bitte.
+        je nachdem ob sie einen englischen oder deutschen Text zur 
+        Anzeige ausgewählt haben.
+      	Alle weiteren VerifyTransformsInfoProfileID Elemente löschen 
+      	Sie bitte.
 8. Kopieren Sie die zwei Dateien aus dem Verzeichnis 
    MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
    Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet
@@ -241,93 +245,8 @@ B.1 Durchf
    wird, lautet dieses Stammverzeichnis für gewöhnlich
    CATALINA_HOME_ID/conf/moa-spss.
    Weiters editieren Sie ihre MOA SPSS Konfiguration wie folgt:
-      * Im Element MOAConfiguration/SignatureVerification fügen Sie folgende Zeilen 
-      	ein:
-      	<cfg:VerifyTransformsInfoProfile>
-			<cfg:Id>MOAIDTransformAuthBlockTable_DE</cfg:Id>
-			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE.xml</cfg:Location>
-		</cfg:VerifyTransformsInfoProfile>
-		<cfg:VerifyTransformsInfoProfile>
-			<cfg:Id>MOAIDTransformAuthBlockTable_EN</cfg:Id>
-			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_EN.xml</cfg:Location>
-		</cfg:VerifyTransformsInfoProfile>
-   
-9. Kopieren Sie die drei Dateien aus dem Verzeichnis  
-   MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs in das Verzeichnis certs/ca-certs Ihres
-   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
-   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
-   davon ausgegangen).
-   Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
-   	 * Im Element MOA-IDConfiguration/AuthComponent fügend Sie als letztes Kind-Element 
-   	   folgende Zeilen ein:   	 
-   	 <ForeignIdentities>
-	   <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
-         <ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
-	   </ConnectionParameter>
-     </ForeignIdentities>
-       
-       Anmerkung: Im ClientKeyStore Element geben Sie den Client Keystore für den Zugriff auf das 
-       Stammzahlenregister-Gateway an. Voraussetzung ist ein A-Trust Zertifikat mit 
-       Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie 
-       dieses hier angeben. 
-
-
-10. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
-   Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
-    
-...............................................................................
-B.2 Durchführung eines Updates von Version 1.4.1 oder 1.4.2 (incl. beta 1)
-...............................................................................
-
-1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
-   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
-
-2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.7.zip) in
-   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
-   bezeichnet.   
-
-3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
-   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
-   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
-   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
-   auch das komplette Verzeichnis moa-id-auth.
-
-4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
-   CATALINA_HOME_ID/webapps.
-
-5. Kopieren Sie die zwei Dateien aus dem Verzeichnis  
-   MOA_ID_AUTH_INST/conf/moa-id/transforms in das Verzeichnis transforms Ihres
-   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
-   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
-   davon ausgegangen).
-   Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
-      * Im Element MOA-IDConfiguration/AuthComponent/SecurityLayer fügen Sie eine 
-        der folgende Zeilen	ein:
-      	<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
-		<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-      	je nachdem ob sie einen englischen oder deutschen Text zur Anzeige beim
-      	Bürger wünschen.
-      	Alle weiteren TransformsInfo Elemente löschen Sie bitte.
-      * Im Element AuthComponent/MOA-SP/VerifyAuthBlock fügend Sie eine der folgende 
+      * Im Element MOAConfiguration/SignatureVerification fügen Sie folgende 
         Zeilen ein:
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-		<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
-        je nachdem ob sie einen englischen oder deutschen Text zur Anzeige beim
-      	Bürger ausgewählt haben.
-      	Alle weiteren VerifyTransformsInfoProfileID Elemente löschen Sie bitte.
-      
-6. Kopieren Sie die zwei Dateien aus dem Verzeichnis 
-   MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
-   Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet
-   dieses Stammverzeichnis CATALINA_HOME_SPSS/conf/moa-spss, wobei 
-   CATALINA_HOME_SPSS für das Basisverzeichnis der Tomcat-Installation 
-   für MOA SPSS steht; wenn Sie MOA SPSS nicht als eigenes Webservice 
-   betreiben, sondern es von MOA ID über die API-Schnittstelle angesprochen
-   wird, lautet dieses Stammverzeichnis für gewöhnlich
-   CATALINA_HOME_ID/conf/moa-spss.
-   Weiters editieren Sie ihre MOA SPSS Konfiguration wie folgt:
-      * Im Element MOAConfiguration/SignatureVerification fügen Sie folgende Zeilen 
-      	ein:
       	<cfg:VerifyTransformsInfoProfile>
 			<cfg:Id>MOAIDTransformAuthBlockTable_DE</cfg:Id>
 			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE.xml</cfg:Location>
@@ -336,195 +255,39 @@ B.2 Durchf
 			<cfg:Id>MOAIDTransformAuthBlockTable_EN</cfg:Id>
 			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_EN.xml</cfg:Location>
 		</cfg:VerifyTransformsInfoProfile>
-   
-7. Kopieren Sie die drei Dateien aus dem Verzeichnis  
-   MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs in das Verzeichnis certs/ca-certs Ihres
-   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
-   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
-   davon ausgegangen).
-   Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
-   	 * Im Element MOA-IDConfiguration/AuthComponent fügend Sie als letztes Kind-Element 
-   	   folgende Zeilen ein:   	 
-   	 <ForeignIdentities>
-	   <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
-         <ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
-	   </ConnectionParameter>
-     </ForeignIdentities>
-       
-       Anmerkung: Im ClientKeyStore Element geben Sie den Client Keystore für den Zugriff auf das 
-       Stammzahlenregister-Gateway an. Voraussetzung ist ein A-Trust Zertifikat mit 
-       Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie 
-       dieses hier angeben. 
-
-
-8. Sichern Sie ihre MOA-ID Konfigurationsdatei. Kopieren Sie die 
-   Beispielkonfigurationsdateien aus dem Verzeichnis
-   MOA_ID_AUTH_INST/conf/moa-id/SampleMOA*.xml nach 
-   CATALINA_HOME_ID/conf/moa-id. 
-   Verwenden Sie in Ihrer Installation bereits die Vollmachtenprüfung, so 
-   verschieben Sie bitte in der MOA-ID Installationsdatei das Element 
-   <CompatibilityMode> innerhalb des Konfigurationsteiles für die berufliche 
-   Parteienvertreung (ParepSpecificParameters) unter das Element 
-   ApplicationSpecificParameters.
-
-9. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
-   Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
-
-...............................................................................
-B.3 Durchführung eines Updates von Version 1.3.1, 1.3.2 oder 1.3.3
-...............................................................................
-
-1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
-   Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
-   
-2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.7.zip) in
-   ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
-   bezeichnet.
-
-3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
-   JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach.
-
-4. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\ext in das 
-   Verzeichnis JAVA_HOME\jre\lib\ext.
-
-5. Erstellen Sie eine Sicherungskopie aller Dateien im Verzeichnis 
-   CATALINA_HOME\common\endorsed und löschen Sie die dort eventuell vorhandene 
-   Dateien xmlParserAPIs.jar
-
-6. Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\endorsed
-   in das Verzeichnis CATALINA_HOME\common\endorsed. Überschreiben Sie dabei
-   etwaige gleichnamige Dateien.
-
-7. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
-   beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
-   wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation 
-   für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als 
-   auch das komplette Verzeichnis moa-id-auth.
-
-8. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
-   CATALINA_HOME_ID/webapps.
 
-9. Kopieren Sie die zwei Dateien aus dem Verzeichnis  
-   MOA_ID_AUTH_INST/conf/moa-id/transforms in das Verzeichnis transforms Ihres
-   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
-   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
-   davon ausgegangen).
-   Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
-      * Im Element MOA-IDConfiguration/AuthComponent/SecurityLayer fügen sie eine 
-        der folgende Zeilen	ein:
-      	<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>
-		<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
-      	je nachdem ob sie einen englischen oder deutschen Text zur Anzeige beim
-      	Bürger wünschen.
-      	Alle weiteren TransformsInfo Elemente löschen Sie bitte.
-      * Im Element AuthComponent/MOA-SP/VerifyAuthBlock fügend Sie folgende Zeilen
-        ein:
-        <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-		<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
-      
-10. Kopieren Sie die zwei Dateien aus dem Verzeichnis 
-   MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
-   Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet
-   dieses Stammverzeichnis CATALINA_HOME_SPSS/conf/moa-spss, wobei 
-   CATALINA_HOME_SPSS für das Basisverzeichnis der Tomcat-Installation 
-   für MOA SPSS steht; wenn Sie MOA SPSS nicht als eigenes Webservice 
-   betreiben, sondern es von MOA ID über die API-Schnittstelle angesprochen
-   wird, lautet dieses Stammverzeichnis für gewöhnlich
-   CATALINA_HOME_ID/conf/moa-spss.
-   Weiters editieren Sie ihre MOA SPSS Konfiguration wie folgt:
-      * Im Element MOAConfiguration/SignatureVerification fügen Sie folgende Zeilen 
-      	ein:
-      	<cfg:VerifyTransformsInfoProfile>
-			<cfg:Id>MOAIDTransformAuthBlockTable_DE</cfg:Id>
-			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE.xml</cfg:Location>
-		</cfg:VerifyTransformsInfoProfile>
-		<cfg:VerifyTransformsInfoProfile>
-			<cfg:Id>MOAIDTransformAuthBlockTable_EN</cfg:Id>
-			<cfg:Location>profiles/MOAIDTransformAuthBlockTable_EN.xml</cfg:Location>
-		</cfg:VerifyTransformsInfoProfile>
-   
-11. Kopieren Sie die drei Dateien aus dem Verzeichnis  
-   MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs in das Verzeichnis certs/ca-certs Ihres
-   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
-   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge wird
-   davon ausgegangen).
+9. Kopieren Sie die drei Dateien aus dem Verzeichnis  
+   MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs in das Verzeichnis 
+   certs/ca-certs Ihres Stammverzeichnisses für die MOA ID Konfiguration 
+   (für gewöhnlich lautet dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; 
+   in weiterer Folge wird davon ausgegangen).
    Weiters editieren Sie ihre MOA ID Konfiguration wie folgt:
-   	 * Im Element MOA-IDConfiguration/AuthComponent fügend Sie als letztes Kind-Element 
-   	   folgende Zeilen ein:   	 
+   	 * Im Element MOA-IDConfiguration/AuthComponent fügend Sie als letztes 
+   	   Kind-Element folgende Zeilen ein:   	 
    	 <ForeignIdentities>
 	   <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
          <ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 	   </ConnectionParameter>
      </ForeignIdentities>
        
-       Anmerkung: Im ClientKeyStore Element geben Sie den Client Keystore für den Zugriff auf das 
-       Stammzahlenregister-Gateway an. Voraussetzung ist ein A-Trust Zertifikat mit 
-       Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie 
-       dieses hier angeben. 
-
+       Anmerkung: Im ClientKeyStore Element geben Sie den Client Keystore für 
+       den Zugriff auf das Stammzahlenregister-Gateway an. Voraussetzung ist 
+       ein A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft. Wenn 
+       ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses 
+       hier angeben. 
 
-12.Update des Cert-Stores.
+10. Update des Cert-Stores.
    Kopieren Sie den Inhalt des Verzeichnisses
    MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
    CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie 
    vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann 
    bejahen sie das.
 
-13.Sollen zusätzliche Templates für ältere Bürgerkartenumgebungen aktiviert
-   werden, öffnen Sie die XML-Konfiguration von MOA ID (für gewöhnlich finden 
-   Sie diese XML-Datei direkt im Stammverzeichnis für die MOA ID Konfiguration, 
-   z.B. CATALINA_HOME_ID/conf/moa-id/SampleMOAIDConfiguration.xml); führen Sie 
-   folgende Modifikationen an der XML-Konfiguration durch:
-   
-   a. Ändern Sie die applikationsübergreifende Konfiguration der AuthBlock
-      Transformationen. Sie finden diese Konfiguration im XML-Element
-      /MOA-IDConfiguration/AuthComponent/SecurityLayer. Fügen Sie zusätzlich zum
-      bisherigen Inhalt dieses Elements (für gewöhnlich ein Element
-      TransformsInfo, dessen Attribut filname den Wert
-      transforms/TransformsInfoAuthBlockText.xml aufweist) ein Element 
-      TransformsInfo an, dessen Attribut filename auf die Datei für ältere BKU 
-      zeigt. Sie können auch auf die vordefinierten Elemente aus den 
-      Musterkonfigurationen dieser Distribution (
-      MOA_ID_AUTH_INST/conf/moa-id/SampleMOAIDConfiguration.xml) zurückgreifen.
-
-   b. Fügen Sie Profilbezeichner für die Transformationsprofile in der
-      Konfiguration für MOA SP an. Sie finden diesen Bezeichner im XML-
-      Element /MOA-IDConfiguration/AuthComponent/MOA-SP/VerifyAuthBlock.
-      Hängen Sie ein Element VerifyTransformsInfoProfileID an, das für die Über-
-      prüfung der Transformation älterer BKU vorgesehen ist.
-      Siehe auch Inhalt des Elements VerifyAuthBlock aus der Musterkonfiguration 
-      dieser Distribution (
-      MOA_ID_AUTH_INST/conf/moa-id/SampleMOAIDConfiguration.xml).
-
-   c. Ändern Sie gegebenenfalls die applikationsspezifische Konfiguration
-      der Authblock-Tranformationen. Führen Sie dazu die folgende Tätigkeit
-      für jedes XML-Element /MOA-IDConfiguration/OnlineApplicaton/AuthComponent
-      durch: Fügen Sie zusätzlich zu einem bestehenden Element TransformsInfo 
-      ein Elemnet TransformsInfo an, das die Transformation für ältere BKU 
-      enthält - gleich wie dies bereits in Schritt a. durchgeführt wurde (wenn 
-      Sie dieses Element nicht vorfinden, oder es auskommentiert ist, muss 
-      Schritt c. nicht durchgeführt werden).
-
-   Öffnen Sie die XML-Konfiguration von MOA SPSS (für gewöhnlich finden Sie 
-   XML-Datei direkt im Stammverzeichnisses für die MOA SPSS Konfiguration, z.B.
-   CATALINA_HOME_ID/conf/moa-spss/SampleMOASPSSConfiguration.xml); führen Sie 
-   folgende Modifikationen an der XML-Konfiguration durch:
-
-   a. Ändern Sie die konfigurierten Profile für die zulässigen Transformationen
-      über die signierten Daten. Sie finden diese Profile am Ende der XML-Konfi-
-      guration von MOA SPSS (Elemente des Namens 
-      cfg:VerifyTransformsInfoProfile). Fügen Sie zusätzlich zu den vorkommenden 
-      Elementen dieses Namens (für gewöhnlich zwei Elemente) zwei weitere 
-      Elemente dieses Namens hinzu, die die Profile für die älteren Bürger-
-      kartenumgebungen aufnehmen - diese sind durch den Namensteil "_deprecated" 
-      gekennzeichnet (siehe auch Musterkonfigurationen dieser Distribution 
-      MOA_ID_AUTH_INST/conf/moa-spss/SampleMOASPSSConfiguration.xml).
-
-14.Update der Trust-Profile. Achten sie bei Case-sensitiven Betriebssystemen auf 
-   die Profilbezeichnungen. Aus trustprofiles wurde trustProfiles.  
-   Wenn Sie Ihre alten Trust-Profile durch die neuen ersetzen wollen, dann gehen  
-   Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile beibehalten 
-   wollen, dann gehen Sie vor, wie in Punkt b).
+11. Update der Trust-Profile. Achten sie bei Case-sensitiven Betriebssystemen 
+   auf die Profilbezeichnungen. Aus trustprofiles wurde trustProfiles.  
+   Wenn Sie Ihre alten Trust-Profile durch die neuen ersetzen wollen, dann 
+   gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile 
+   beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
 
    a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
 
@@ -533,20 +296,21 @@ B.3 Durchf
         MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis 
         CATALINA_HOME\conf\moa-spss.
 
-   b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie folgt
-      vor, um die Profile auf den aktuellen Stand zu bringen:
+   b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie 
+      folgt vor, um die Profile auf den aktuellen Stand zu bringen:
 
     1)  Benennen Sie ein eventuell vorhandenes Verzeichnis trustprofiles in
-        trustProfiles um (vergessen Sie nicht, diese Änderung in Ihrer MOA-SP/SS
-        Konfigurationsdatei ebenfalls zu berücksichtigen und benennen Sie dort 
-        alle gleichartigen Vorkommen von trustprofiles in trustProfiles um)
+        trustProfiles um (vergessen Sie nicht, diese Änderung in Ihrer 
+        MOA-SP/SS Konfigurationsdatei ebenfalls zu berücksichtigen und 
+        benennen Sie dort alle gleichartigen Vorkommen von trustprofiles 
+        in trustProfiles um)
 
     2)  Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den 
         entsprechenden Profilen im Verzeichnis 
         MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren 
-        Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt der 
-        einzelnen Profile aus der Distribution (
-        MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden 
+        Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt 
+        der einzelnen Profile aus der Distribution 
+        (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden 
         Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles) 
         kopieren und dabei die vorhandenen gleichnamigen Zertifikate 
         überschreiben), also z.B: Kopieren des Inhalts von 
@@ -555,11 +319,22 @@ B.3 Durchf
         CATALINA_HOME\conf\moa-spss\trustProfiles\
         MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
 
-15.Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
-   Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
+13. Sichern Sie ihre MOA-ID Konfigurationsdatei. Kopieren Sie die 
+   Beispielkonfigurationsdateien aus dem Verzeichnis
+   MOA_ID_AUTH_INST/conf/moa-id/SampleMOA*.xml nach 
+   CATALINA_HOME_ID/conf/moa-id. 
+   Verwenden Sie in Ihrer Installation bereits die Vollmachtenprüfung, so 
+   verschieben Sie bitte in der MOA-ID Installationsdatei das Element 
+   <CompatibilityMode> innerhalb des Konfigurationsteiles für die berufliche 
+   Parteienvertreung (ParepSpecificParameters) unter das Element 
+   ApplicationSpecificParameters.
+
 
+14. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+   Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
+   
 ...............................................................................
-B.4 Durchführung eines Updates von einer älteren Version
+B.3 Durchführung eines Updates von einer älteren Version
 ...............................................................................
 
 Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml.old b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml.old
deleted file mode 100644
index 240126693..000000000
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml.old
+++ /dev/null
@@ -1,161 +0,0 @@
-<sl10:TransformsInfo>
-	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
-				<xsl:output method="xml" xml:space="default"/>
-				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
-					<html>
-						<head>
-							<title>Signatur der Anmeldedaten</title>
-							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
-							.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: x-small; } 
-							.h4style{ font-family: Verdana; }
-              table.parameters { font-size: x-small; }                                                                        
-              </style>
-						</head>
-						<body>																					
-							<h4 class="h4style">Anmeldedaten:</h4>																					
-							
-							<p class="titlestyle">Daten zur Person</p>																					
-							<table class="parameters">                		    						
-								<xsl:if test="normalize-space(//@Issuer)">
-			      						<tr>
-			      							<td class="italicstyle">Name:</td>
-			      							<td>
-			      								<xsl:value-of select="//@Issuer"/>
-			      							</td>
-			      						</tr>
-		      						</xsl:if>
-			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
-			      						<tr>
-			      							<td class="italicstyle">Geburtsdatum:</td>
-			      							<td>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
-			      							</td>
-			      						</tr>
-			      					</xsl:if>
-			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">Rolle:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
-			      						</tr>
-			      					</xsl:if>
-							</table>
-							
-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-								<hr/>								
-									<xsl:text>Ich bin weiters ermächtigt als </xsl:text> 
-									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-									<xsl:text> von </xsl:text>
-									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-										<xsl:text>, geboren am </xsl:text> 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-										<xsl:text>, </xsl:text>
-										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>
-									<xsl:text>, in deren Auftrag zu handeln.</xsl:text>																
-								<p/>
-							</xsl:if>
-														                
-              <p class="titlestyle">Daten zur Anwendung</p>     																												
-							<table class="parameters">							  
-                <tr>
-		      							<td class="italicstyle">Name:</td>
-		      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
-								</tr>								
-		    						<tr>
-		      							<td class="italicstyle">Staat:</td>
-		      							<td>Österreich</td>
-		    						</tr>        																
-							</table>													
-														
-							<p class="titlestyle">Technische Parameter</p>     	
-							<table class="parameters">														 
-								<tr>
-		    							<td class="italicstyle">URL:</td>
-		    							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
-								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
-			      						<tr>
-			      							<td class="italicstyle">Bereich:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
-			      						</tr>
-      								</xsl:if>
-      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
-			      						<tr>
-			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
-			      						</tr>
-      								</xsl:if>    
-		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifikator:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							</td>			      															
-			      						</tr>
-		    						</xsl:if>  
-		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifikator des Vollmachtgebers:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
-			      							</td>			      															
-			      						</tr>
-		    						</xsl:if>		    						
-                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">OID:</td>
-			      							<td>
-			      								<xsl:value-of
-			      									select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>			      								
-			      							</td>
-			      						</tr>
-			      					</xsl:if> 
-								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-			      						<tr>
-			      							<td class="italicstyle">HPI:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
-			      						</tr>
-								</xsl:if>     
-								<tr>
-		    							<td class="italicstyle">Datum:</td>
-		    							<td>
-		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
-		    							</td>
-		    						</tr>
-		    						<tr>
-		    							<td class="italicstyle">Uhrzeit:</td>
-		    							<td>
-		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
-		    							</td>
-    								</tr>
-							</table>																																			
-						</body>
-					</html>
-				</xsl:template>
-			</xsl:stylesheet>
-		</dsig:Transform>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
-	</dsig:Transforms>
-	<sl10:FinalDataMetaInfo>
-		<sl10:MimeType>application/xhtml+xml</sl10:MimeType>
-	</sl10:FinalDataMetaInfo>
-</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml.old b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml.old
deleted file mode 100644
index 1f8085aa3..000000000
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml.old
+++ /dev/null
@@ -1,161 +0,0 @@
-<sl10:TransformsInfo>
-	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
-				<xsl:output method="xml" xml:space="default"/>
-				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
-					<html>
-						<head>
-							<title>Signing the authentication data</title>
-							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
-							.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: x-small; } 
-							.h4style{ font-family: Verdana; }
-              table.parameters { font-size: x-small; }                                                                        
-              </style>
-						</head>
-						<body>																					
-							<h4 class="h4style">Authentication Data:</h4>																					
-							
-							<p class="titlestyle">Personal Data</p>																					
-							<table class="parameters">                		    						
-								<xsl:if test="normalize-space(//@Issuer)">
-			      						<tr>
-			      							<td class="italicstyle">Name:</td>
-			      							<td>
-			      								<xsl:value-of select="//@Issuer"/>
-			      							</td>
-			      						</tr>
-		      						</xsl:if>
-			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
-			      						<tr>
-			      							<td class="italicstyle">Date of Birth:</td>
-			      							<td>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
-			      							</td>
-			      						</tr>
-			      					</xsl:if>
-			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">Role:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
-			      						</tr>
-			      					</xsl:if>
-							</table>
-							
-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-								<hr/>								
-									<xsl:text>I am also authorized as </xsl:text> 
-									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-									<xsl:text> of </xsl:text>
-									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-										<xsl:text>, born on </xsl:text> 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-										<xsl:text>, </xsl:text>
-										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>
-									<xsl:text>, to act on their behalf.</xsl:text>																
-								<p/>
-							</xsl:if>
-														                
-              <p class="titlestyle">Application Data</p>     																												
-							<table class="parameters">							  
-                <tr>
-		      							<td class="italicstyle">Name:</td>
-		      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
-								</tr>								
-		    						<tr>
-		      							<td class="italicstyle">Country:</td>
-		      							<td>Austria</td>
-		    						</tr>        																
-							</table>													
-														
-							<p class="titlestyle">Technical Parameters</p>     	
-							<table class="parameters">														 
-								<tr>
-		    							<td class="italicstyle">URL:</td>
-		    							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
-								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
-			      						<tr>
-			      							<td class="italicstyle">Sector:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
-			      						</tr>
-      								</xsl:if>
-      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
-			      						<tr>
-			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
-			      						</tr>
-      								</xsl:if>    
-		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifier:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							</td>			      															
-			      						</tr>
-		    						</xsl:if>  
-		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifier of the principal:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
-			      							</td>			      															
-			      						</tr>
-		    						</xsl:if>		    						
-                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">OID:</td>
-			      							<td>
-			      								<xsl:value-of
-			      									select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>			      								
-			      							</td>
-			      						</tr>
-			      					</xsl:if> 
-								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-			      						<tr>
-			      							<td class="italicstyle">HPI:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
-			      						</tr>
-								</xsl:if>     
-								<tr>
-		    							<td class="italicstyle">Date:</td>
-		    							<td>
-		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
-		    							</td>
-		    						</tr>
-		    						<tr>
-		    							<td class="italicstyle">Time:</td>
-		    							<td>
-		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
-		    							</td>
-    								</tr>
-							</table>																																			
-						</body>
-					</html>
-				</xsl:template>
-			</xsl:stylesheet>
-		</dsig:Transform>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
-	</dsig:Transforms>
-	<sl10:FinalDataMetaInfo>
-		<sl10:MimeType>application/xhtml+xml</sl10:MimeType>
-	</sl10:FinalDataMetaInfo>
-</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml.old b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml.old
deleted file mode 100644
index 5640412da..000000000
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml.old
+++ /dev/null
@@ -1,159 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
-	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
-				<xsl:output method="xml" xml:space="default"/>
-				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
-					<html>
-						<head>
-							<title>Signatur der Anmeldedaten</title>
-							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
-							.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: x-small; } 
-							.h4style{ font-family: Verdana; }
-              table.parameters { font-size: x-small; }                                                                        
-              </style>
-						</head>
-						<body>																					
-							<h4 class="h4style">Anmeldedaten:</h4>																					
-							
-							<p class="titlestyle">Daten zur Person</p>																					
-							<table class="parameters">                		    						
-								<xsl:if test="normalize-space(//@Issuer)">
-			      						<tr>
-			      							<td class="italicstyle">Name:</td>
-			      							<td>
-			      								<xsl:value-of select="//@Issuer"/>
-			      							</td>
-			      						</tr>
-		      						</xsl:if>
-			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
-			      						<tr>
-			      							<td class="italicstyle">Geburtsdatum:</td>
-			      							<td>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
-			      							</td>
-			      						</tr>
-			      					</xsl:if>
-			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">Rolle:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
-			      						</tr>
-			      					</xsl:if>
-							</table>
-							
-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-								<hr/>								
-									<xsl:text>Ich bin weiters ermächtigt als </xsl:text> 
-									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-									<xsl:text> von </xsl:text>
-									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-										<xsl:text>, geboren am </xsl:text> 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-										<xsl:text>, </xsl:text>
-										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>
-									<xsl:text>, in deren Auftrag zu handeln.</xsl:text>																
-								<p/>
-							</xsl:if>
-														                
-              <p class="titlestyle">Daten zur Anwendung</p>     																												
-							<table class="parameters">							  
-                <tr>
-		      							<td class="italicstyle">Name:</td>
-		      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
-								</tr>								
-		    						<tr>
-		      							<td class="italicstyle">Staat:</td>
-		      							<td>Österreich</td>
-		    						</tr>        																
-							</table>													
-														
-							<p class="titlestyle">Technische Parameter</p>     	
-							<table class="parameters">														 
-								<tr>
-		    							<td class="italicstyle">URL:</td>
-		    							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
-								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
-			      						<tr>
-			      							<td class="italicstyle">Bereich:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
-			      						</tr>
-      								</xsl:if>
-      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
-			      						<tr>
-			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
-			      						</tr>
-      								</xsl:if>    
-		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifikator:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							</td>			      															
-			      						</tr>
-		    						</xsl:if>  
-		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifikator des Vollmachtgebers:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
-			      							</td>			      															
-			      						</tr>
-		    						</xsl:if>		    						
-                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">OID:</td>
-			      							<td>
-			      								<xsl:value-of
-			      									select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>			      								
-			      							</td>
-			      						</tr>
-			      					</xsl:if> 
-								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-			      						<tr>
-			      							<td class="italicstyle">HPI:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
-			      						</tr>
-								</xsl:if>     
-								<tr>
-		    							<td class="italicstyle">Datum:</td>
-		    							<td>
-		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
-		    							</td>
-		    						</tr>
-		    						<tr>
-		    							<td class="italicstyle">Uhrzeit:</td>
-		    							<td>
-		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
-		    							</td>
-    								</tr>
-							</table>																																			
-						</body>
-					</html>
-				</xsl:template>
-			</xsl:stylesheet>
-		</dsig:Transform>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
-	</dsig:Transforms>
-</VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml.old b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml.old
deleted file mode 100644
index 9a067b0ba..000000000
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml.old
+++ /dev/null
@@ -1,159 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
-	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
-				<xsl:output method="xml" xml:space="default"/>
-				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
-					<html>
-						<head>
-							<title>Signing the authentication data</title>
-							<style type="text/css" media="screen">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; } .graybground {background-color: #E0E0E0;}
-							.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: x-small; } 
-							.h4style{ font-family: Verdana; }
-              table.parameters { font-size: x-small; }                                                                        
-              </style>
-						</head>
-						<body>																					
-							<h4 class="h4style">Authentication Data:</h4>																					
-							
-							<p class="titlestyle">Personal Data</p>																					
-							<table class="parameters">                		    						
-								<xsl:if test="normalize-space(//@Issuer)">
-			      						<tr>
-			      							<td class="italicstyle">Name:</td>
-			      							<td>
-			      								<xsl:value-of select="//@Issuer"/>
-			      							</td>
-			      						</tr>
-		      						</xsl:if>
-			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
-			      						<tr>
-			      							<td class="italicstyle">Date of Birth:</td>
-			      							<td>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
-			      							</td>
-			      						</tr>
-			      					</xsl:if>
-			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">Role:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
-			      						</tr>
-			      					</xsl:if>
-							</table>
-							
-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-								<hr/>								
-									<xsl:text>I am also authorized as </xsl:text> 
-									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-									<xsl:text> of </xsl:text>
-									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-										<xsl:text>, born on </xsl:text> 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-										<xsl:text>, </xsl:text>
-										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>
-									<xsl:text>, to act on their behalf.</xsl:text>																
-								<p/>
-							</xsl:if>
-														                
-              <p class="titlestyle">Application Data</p>     																												
-							<table class="parameters">							  
-                <tr>
-		      							<td class="italicstyle">Name:</td>
-		      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
-								</tr>								
-		    						<tr>
-		      							<td class="italicstyle">Country:</td>
-		      							<td>Austria</td>
-		    						</tr>        																
-							</table>													
-														
-							<p class="titlestyle">Technical Parameters</p>     	
-							<table class="parameters">														 
-								<tr>
-		    							<td class="italicstyle">URL:</td>
-		    							<td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
-								</tr>
-								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
-			      						<tr>
-			      							<td class="italicstyle">Sector:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
-			      						</tr>
-      								</xsl:if>
-      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
-			      						<tr>
-			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
-			      						</tr>
-      								</xsl:if>    
-		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifier:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							</td>			      															
-			      						</tr>
-		    						</xsl:if>  
-		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifier of the principal:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
-			      							</td>			      															
-			      						</tr>
-		    						</xsl:if>		    						
-                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">OID:</td>
-			      							<td>
-			      								<xsl:value-of
-			      									select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>			      								
-			      							</td>
-			      						</tr>
-			      					</xsl:if> 
-								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-			      						<tr>
-			      							<td class="italicstyle">HPI:</td>
-			      							<td><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
-			      						</tr>
-								</xsl:if>     
-								<tr>
-		    							<td class="italicstyle">Date:</td>
-		    							<td>
-		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
-		    							</td>
-		    						</tr>
-		    						<tr>
-		    							<td class="italicstyle">Time:</td>
-		    							<td>
-		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
-		    							</td>
-    								</tr>
-							</table>																																			
-						</body>
-					</html>
-				</xsl:template>
-			</xsl:stylesheet>
-		</dsig:Transform>
-		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
-	</dsig:Transforms>
-</VerifyTransformsInfoProfile>
-- 
cgit v1.2.3


From 63994a018a74808e6124e45e32a970c9a24410ee Mon Sep 17 00:00:00 2001
From: kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Thu, 26 Aug 2010 13:49:48 +0000
Subject: git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1186
 d688527b-c9ab-4aba-bd8d-4036d912da1d

---
 common/pom.xml                                               |  4 ++--
 id/history.txt                                               |  9 +++++++++
 id/pom.xml                                                   |  4 ++--
 id/server/auth/pom.xml                                       |  4 ++--
 .../data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml     |  4 ++++
 .../deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml     |  4 ++++
 .../conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml     |  6 +++++-
 .../moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml     |  4 ++++
 .../data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml    |  4 ++++
 .../deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml    |  4 ++++
 .../conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml    |  4 ++++
 .../moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml    |  4 ++++
 id/server/idserverlib/pom.xml                                |  4 ++--
 .../at/gv/egovernment/moa/id/auth/AuthenticationServer.java  | 12 ++++++------
 .../gv/egovernment/moa/id/auth/WrongParametersException.java |  2 +-
 .../main/java/at/gv/egovernment/moa/id/util/SSLUtils.java    |  7 ++++---
 id/server/pom.xml                                            |  4 ++--
 id/server/proxy/pom.xml                                      |  4 ++--
 id/templates/pom.xml                                         |  2 +-
 pom.xml                                                      | 10 +++++-----
 spss/handbook/handbook/config/config.html                    |  2 +-
 spss/handbook/handbook/faq/faq.html                          |  2 +-
 spss/handbook/handbook/index.html                            |  2 +-
 spss/handbook/handbook/install/install.html                  |  2 +-
 spss/handbook/handbook/intro/intro.html                      |  2 +-
 spss/handbook/handbook/usage/usage.html                      |  2 +-
 spss/pom.xml                                                 |  2 +-
 spss/server/history.txt                                      |  7 +++++++
 spss/server/readme.update.txt                                |  8 ++++----
 spss/server/serverlib/pom.xml                                |  2 +-
 spss/server/serverws/pom.xml                                 |  2 +-
 31 files changed, 91 insertions(+), 42 deletions(-)

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/common/pom.xml b/common/pom.xml
index 93a4cb259..ff0eec8d3 100644
--- a/common/pom.xml
+++ b/common/pom.xml
@@ -2,12 +2,12 @@
   <parent>
     <groupId>MOA</groupId>
     <artifactId>MOA</artifactId>
-    <version>1.4.7</version>
+    <version>1.4.8</version>
   </parent>
   <modelVersion>4.0.0</modelVersion>
   <groupId>MOA</groupId>
   <artifactId>moa-common</artifactId>
-  <version>1.4.7</version>
+  <version>1.4.8</version>
   <packaging>jar</packaging>
   <name>MOA common library</name>
 
diff --git a/id/history.txt b/id/history.txt
index e4148783a..03d1029fc 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -3,6 +3,15 @@ von MOA-ID auf.
 
 History MOA-ID:
 =====
+
+Version MOA-ID 1.4.8: Änderungen seit Version MOA-ID 1.4.7:
+
+- Fixed Bug #546 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=546&group_id=6&atid=105)
+- IAIK Libraries aktualisiert:
+	iaik-moa:           Version 1.29
+
+=====
+	
 Version MOA-ID 1.4.7: Änderungen seit Version MOA-ID 1.4.6:
 
 - Anbindung an Stammzahlenregister-Gateway um ausländische Bürger zu integrieren (ERnP-Eintragung 
diff --git a/id/pom.xml b/id/pom.xml
index acb29f9e6..c6b0c1606 100644
--- a/id/pom.xml
+++ b/id/pom.xml
@@ -3,14 +3,14 @@
     <parent>
         <groupId>MOA</groupId>
         <artifactId>MOA</artifactId>
-        <version>1.4.7</version>
+        <version>1.4.8</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>MOA</groupId>
     <artifactId>id</artifactId>
     <packaging>pom</packaging>
-    <version>1.4.7</version>
+    <version>1.4.8</version>
     <name>MOA ID</name>
 
     <modules>
diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml
index ed9e68aa7..7904ca02d 100644
--- a/id/server/auth/pom.xml
+++ b/id/server/auth/pom.xml
@@ -2,14 +2,14 @@
 	<parent>
 		<groupId>MOA.id</groupId>
 		<artifactId>moa-id</artifactId>
-		<version>1.4.7</version>
+		<version>1.4.8</version>
 	</parent>
 	
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>MOA.id.server</groupId>
 	<artifactId>moa-id-auth</artifactId>
 	<packaging>war</packaging>
-	<version>1.4.7</version>
+	<version>1.4.8</version>
 	<name>MOA ID-Auth WebService</name>
 	
 	<properties>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index e59925057..338137236 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -98,7 +98,11 @@
 		</VerifyInfoboxes>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
+			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+			<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
+			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
+						
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
 				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
 				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index a8a6e34e5..b0869df9e 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -98,7 +98,11 @@
 		</VerifyInfoboxes>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
+			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+			<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
+			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
+						
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
 				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
 				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 54a2d5ce6..37b6921fe 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -104,9 +104,13 @@
 		</VerifyInfoboxes>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
+			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+			<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
+			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
+				
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
-				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
+				<!-- Voraussetzung: A-Trust bzw. A-CERT Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
 				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index 9b4918475..d6340e5a5 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -104,7 +104,11 @@
 		</VerifyInfoboxes>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
+			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+			<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
+			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
+			
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
 				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
 				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index 4f7711574..179394085 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -96,7 +96,11 @@
 		</VerifyInfoboxes>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
+			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+			<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
+			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
+			
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
 				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
 				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index c5350de66..ff38ec973 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -96,7 +96,11 @@
 		</VerifyInfoboxes>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
+			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+			<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
+			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
+			
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
 				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
 				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index 184ad442d..c7802635b 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -102,7 +102,11 @@
 		</VerifyInfoboxes>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
+			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+			<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
+			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
+			
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
 				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
 				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 41b03ad58..98d2741f7 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -102,7 +102,11 @@
 		</VerifyInfoboxes>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
+			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
+			<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
+			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
+			
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
 				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
 				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 45b46242e..863ff13bc 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -2,14 +2,14 @@
 	<parent>
 		<groupId>MOA.id</groupId>
 		<artifactId>moa-id</artifactId>
-		<version>1.4.7</version>
+		<version>1.4.8</version>
 	</parent>
 
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>MOA.id.server</groupId>
 	<artifactId>moa-id-lib</artifactId>
 	<packaging>jar</packaging>
-	<version>1.4.7</version>
+	<version>1.4.8</version>
 	<name>MOA ID API</name>
 
 	<properties>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 6b6f48646..8de82a8d6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -181,9 +181,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr)))
       throw new AuthenticationException("auth.07", new Object[] { authURL + "*" });
     if (isEmpty(authURL))
-      throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.5");
+      throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.05");
     if (isEmpty(oaURL))
-      throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.5");
+      throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.05");
 
     ConnectionParameter bkuConnParam =
       AuthConfigurationProvider.getInstance().getBKUConnectionParameter();
@@ -198,7 +198,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     
     if (!oaParam.getBusinessService()) {
       if (isEmpty(target))
-        throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.5");
+        throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05");
     } else {
       if (!isEmpty(target)) {
         Logger.info("Ignoring target parameter thus application type is \"businessService\"");
@@ -307,7 +307,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 
     if (isEmpty(sessionID)) {
       if (isEmpty(authURL))
-        throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.5");
+        throw new WrongParametersException("StartAuthentication", "AuthURL", "auth.05");
 
       //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
       String boolStr =
@@ -316,7 +316,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr)))
         throw new AuthenticationException("auth.07", new Object[] { authURL + "*" });
       if (isEmpty(oaURL))
-        throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.5");
+        throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.05");
     }
     AuthenticationSession session;
     OAAuthParameter oaParam;
@@ -332,7 +332,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
         throw new AuthenticationException("auth.00", new Object[] { oaURL });
       if (!oaParam.getBusinessService()) {
         if (isEmpty(target))
-          throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.5");
+          throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05");
       } else {
         target = null;
       }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java
index f4827c189..720bb9bb0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java
@@ -31,7 +31,7 @@ public class WrongParametersException extends MOAIDException {
    */
   public WrongParametersException(String call, String parameter, String errorID) {
      super(errorID, new Object[] {call, parameter});
-        //super("auth.5", new Object[] {call, parameter});
+        //super("auth.05", new Object[] {call, parameter});
              //super("auth.12", new Object[] {call, parameter});
   }
   
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index a50a366a5..c40c07b38 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -20,6 +20,7 @@ import iaik.pki.PKIException;
 import iaik.pki.PKIFactory;
 import iaik.pki.PKIProfile;
 import iaik.pki.jsse.IAIKX509TrustManager;
+import iaik.security.provider.IAIK;
 
 import java.io.BufferedInputStream;
 import java.io.BufferedReader;
@@ -70,9 +71,9 @@ public class SSLUtils {
   public static void initialize() {
     sslSocketFactories = new HashMap();
     // JSSE Abhängigkeit
-    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
-    //Security.addProvider(new IAIK());
-    System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+    //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+    Security.addProvider(new IAIK());
+    //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
     
     
   }
diff --git a/id/server/pom.xml b/id/server/pom.xml
index 01432ce11..d7ae4c779 100644
--- a/id/server/pom.xml
+++ b/id/server/pom.xml
@@ -4,14 +4,14 @@
     <parent>
         <groupId>MOA</groupId>
         <artifactId>id</artifactId>
-        <version>1.4.7</version>
+        <version>1.4.8</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>MOA.id</groupId>
     <artifactId>moa-id</artifactId>
     <packaging>pom</packaging>
-    <version>1.4.7</version>
+    <version>1.4.8</version>
     <name>MOA ID Server</name>
 
     <modules>
diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml
index 754381607..739424fc4 100644
--- a/id/server/proxy/pom.xml
+++ b/id/server/proxy/pom.xml
@@ -2,7 +2,7 @@
 	<parent>
 		<groupId>MOA.id</groupId>
 		<artifactId>moa-id</artifactId>
-		<version>1.4.7</version>
+		<version>1.4.8</version>
 	</parent>
 	
 	<properties>
@@ -13,7 +13,7 @@
 	<groupId>MOA.id.server</groupId>
 	<artifactId>moa-id-proxy</artifactId>
 	<packaging>war</packaging>
-	<version>1.4.7</version>
+	<version>1.4.8</version>
 	<name>MOA ID-Proxy WebService</name>
 	
 	<build>
diff --git a/id/templates/pom.xml b/id/templates/pom.xml
index f011940f8..c7ac886fc 100644
--- a/id/templates/pom.xml
+++ b/id/templates/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <groupId>MOA</groupId>
         <artifactId>id</artifactId>
-        <version>1.4.7</version>
+        <version>1.4.8</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/pom.xml b/pom.xml
index aa5a1da57..7fca58c38 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
     <groupId>MOA</groupId>
     <artifactId>MOA</artifactId>
     <packaging>pom</packaging>
-    <version>1.4.7</version>
+    <version>1.4.8</version>
     <name>MOA</name>
 
     <properties>
@@ -180,25 +180,25 @@
             <dependency>
                 <groupId>MOA</groupId>
                 <artifactId>moa-common</artifactId>
-                <version>1.4.7</version>
+                <version>1.4.8</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
                 <groupId>MOA.id.server</groupId>
                 <artifactId>moa-id-lib</artifactId>
-                <version>1.4.7</version>
+                <version>1.4.8</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
                 <groupId>MOA.spss.server</groupId>
                 <artifactId>moa-spss-lib</artifactId>
-                <version>1.4.7</version>
+                <version>1.4.8</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
                 <groupId>MOA</groupId>
                 <artifactId>moa-common</artifactId>
-                <version>1.4.7</version>
+                <version>1.4.8</version>
                 <type>test-jar</type>
                 <scope>test</scope>
             </dependency>
diff --git a/spss/handbook/handbook/config/config.html b/spss/handbook/handbook/config/config.html
index ec9b30d7b..16c40a74c 100644
--- a/spss/handbook/handbook/config/config.html
+++ b/spss/handbook/handbook/config/config.html
@@ -15,7 +15,7 @@
     </tr>
   </table>
   <hr/> 
-  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.7</a></p> 
+  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.8</a></p> 
   <p class="subtitle">Konfiguration</p> 
   <hr/>
   <h1>Inhalt</h1>
diff --git a/spss/handbook/handbook/faq/faq.html b/spss/handbook/handbook/faq/faq.html
index 0cf712c63..f2063bdc2 100644
--- a/spss/handbook/handbook/faq/faq.html
+++ b/spss/handbook/handbook/faq/faq.html
@@ -15,7 +15,7 @@
     </tr>
   </table>
   <hr/> 
-  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.7</a></p>
+  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.8</a></p>
   <p class="subtitle">FAQ</p> 
   <hr/>
   <h1>Inhalt</h1>
diff --git a/spss/handbook/handbook/index.html b/spss/handbook/handbook/index.html
index b817c893d..9757832e2 100644
--- a/spss/handbook/handbook/index.html
+++ b/spss/handbook/handbook/index.html
@@ -16,7 +16,7 @@
   </table>
   <hr/> 
   <p class="title">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP) </p> 
-  <p class="subtitle">&Uuml;bersicht zur Dokumentation der Version 1.4.7 </p> 
+  <p class="subtitle">&Uuml;bersicht zur Dokumentation der Version 1.4.8 </p> 
   <hr/>
   <dl>
     <dt><a href="./intro/intro.html">Einf&uuml;hrung</a></dt>
diff --git a/spss/handbook/handbook/install/install.html b/spss/handbook/handbook/install/install.html
index 768f6f045..6eb65f3b9 100644
--- a/spss/handbook/handbook/install/install.html
+++ b/spss/handbook/handbook/install/install.html
@@ -15,7 +15,7 @@
     </tr>
   </table>
   <hr/> 
-  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.7</a></p> 
+  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.8</a></p> 
   <p class="subtitle">Installation</p> 
   <hr/>
   <h1>Inhalt</h1>
diff --git a/spss/handbook/handbook/intro/intro.html b/spss/handbook/handbook/intro/intro.html
index 339528911..73188bee7 100644
--- a/spss/handbook/handbook/intro/intro.html
+++ b/spss/handbook/handbook/intro/intro.html
@@ -15,7 +15,7 @@
     </tr>
   </table>
   <hr/> 
-  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.7</a></p> 
+  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.8</a></p> 
   <p class="subtitle">Einf&uuml;hrung</p> 
   <hr/>
   <h1>Inhalt</h1>
diff --git a/spss/handbook/handbook/usage/usage.html b/spss/handbook/handbook/usage/usage.html
index a3c411a1d..385362e37 100644
--- a/spss/handbook/handbook/usage/usage.html
+++ b/spss/handbook/handbook/usage/usage.html
@@ -15,7 +15,7 @@
     </tr>
   </table>
   <hr/>
-  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.7</a></p>
+  <p class="title"><a href="../index.html">MOA: Serversignatur (SS) und Signaturpr&uuml;fung (SP), V 1.4.8</a></p>
   <p class="subtitle">Anwendung</p>
   <hr/>
   <h1>Inhalt</h1>
diff --git a/spss/pom.xml b/spss/pom.xml
index d0ea8fd65..78ff52f3f 100644
--- a/spss/pom.xml
+++ b/spss/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <groupId>MOA</groupId>
         <artifactId>MOA</artifactId>
-        <version>1.4.7</version>
+        <version>1.4.8</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
diff --git a/spss/server/history.txt b/spss/server/history.txt
index 5e2df26d8..b00df6bd1 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -1,3 +1,10 @@
+##############
+1.4.8
+##############
+
+- IAIK Libraries aktualisiert:
+	iaik-moa:           Version 1.29 (Unterstützung XAdES Versionen)
+	
 ##############
 1.4.7
 ##############
diff --git a/spss/server/readme.update.txt b/spss/server/readme.update.txt
index cabee33b6..56015c35d 100644
--- a/spss/server/readme.update.txt
+++ b/spss/server/readme.update.txt
@@ -1,11 +1,11 @@
 
 ======================================================================
-  Update einer bestehenden MOA-SPSS-Installation auf Version 1.4.7
+  Update einer bestehenden MOA-SPSS-Installation auf Version 1.4.8
 ======================================================================
 
 Es gibt zwei Möglichkeiten (im Folgenden als "Update Variante A" und 
 "Update Variante B" bezeichnet), das Update von MOA-SPSS auf Version
-1.4.7 durchzuführen. Update Variante A geht dabei den Weg über eine 
+1.4.8 durchzuführen. Update Variante A geht dabei den Weg über eine 
 vorangestellte Neuinstallation, während Variante B direkt eine  
 bestehende Installation aktualisiert.
 
@@ -16,7 +16,7 @@ JAVA_HOME bezeichnet das Wurzelverzeichnis der JDK-Installation
 CATALINA_HOME bezeichnet das Wurzelverzeichnis der Tomcat-Installation
 
 MOA_SPSS_INST bezeichnet das Verzeichnis, in das Sie die Datei
-moa-spss-1.4.7.zip entpackt haben.
+moa-spss-1.4.8.zip entpackt haben.
 
 =================
 Update Variante A 
@@ -53,7 +53,7 @@ Update Variante B
 1.)	Erstellen Sie eine Sicherungskopie des kompletten Tomcat-Verzeichnisses
 	Ihrer MOA-SPSS-Installation.
 	
-2.)	Entpacken Sie die Datei "moa-spss-1.4.7.zip" in das Verzeichnis MOA_SPSS_INST.
+2.)	Entpacken Sie die Datei "moa-spss-1.4.8.zip" in das Verzeichnis MOA_SPSS_INST.
 
 3.)	Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
 	JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach.
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml
index 4ee7075e3..a95d341be 100644
--- a/spss/server/serverlib/pom.xml
+++ b/spss/server/serverlib/pom.xml
@@ -9,7 +9,7 @@
 	<groupId>MOA.spss.server</groupId>
 	<artifactId>moa-spss-lib</artifactId>
 	<packaging>jar</packaging>
-	<version>1.4.7</version>
+	<version>1.4.8</version>
 	<name>MOA SP/SS API</name>
 
 	<properties>
diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml
index 479124a9e..a4d3cba10 100644
--- a/spss/server/serverws/pom.xml
+++ b/spss/server/serverws/pom.xml
@@ -10,7 +10,7 @@
     <groupId>MOA.spss.server</groupId>
     <artifactId>moa-spss-ws</artifactId>
     <packaging>war</packaging>
-    <version>1.4.7</version>
+    <version>1.4.8</version>
     <name>MOA SP/SS WebService</name>
 
     <properties>
-- 
cgit v1.2.3


From ab7c7b6a64edca60b78a89b18a1972ad5e38586e Mon Sep 17 00:00:00 2001
From: kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Fri, 1 Apr 2011 08:03:14 +0000
Subject: - Update Parameterüberprüfung - Update MOA-Template zur
 Bürgerkartenauswahl - Änderung der Konfiguration für: 	- Angabe einer Liste
 von vertrauenswürdigen BKUs (aufgrund Parameterprüfung) - Fixed Bug #552
 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=552&group_id=6&atid=105)
 - Fixed Bug #551
 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=551&group_id=6&atid=105)
 - Fixed Bug #550
 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=550&group_id=6&atid=105)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1198 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../java/at/gv/egovernment/moa/util/Constants.java |   2 +-
 .../schemas/MOA-ID-Configuration-1.5.0.xsd         | 631 +++++++++++++++++++++
 id/history.txt                                     |  17 +
 .../main/webapp/BKAuswahl-MOA-Template-Howto.pdf   | Bin 190907 -> 175414 bytes
 id/server/auth/src/main/webapp/css/index.css       |  32 +-
 id/server/auth/src/main/webapp/iframeHandyBKU.html |  41 +-
 .../auth/src/main/webapp/iframeOnlineBKU.html      |  48 +-
 id/server/auth/src/main/webapp/index.html          |  78 ++-
 .../auth/src/main/webapp/template_handyBKU.html    |   4 +-
 .../auth/src/main/webapp/template_onlineBKU.html   |   4 +-
 .../conf/moa-id/SampleMOAIDConfiguration.xml       |   3 +
 .../conf/moa-id/SampleMOAIDConfigurationProxy.xml  |   3 +
 .../SampleMOAIDConfiguration_withTestBKs.xml       |   4 +
 .../SampleMOAIDConfiguration_withTestBKsProxy.xml  |   3 +
 .../conf/moa-id/SampleMOAWIDConfiguration.xml      |   3 +
 .../conf/moa-id/SampleMOAWIDConfigurationProxy.xml |   3 +
 .../SampleMOAWIDConfiguration_withTestBKs.xml      |   3 +
 .../SampleMOAWIDConfiguration_withTestBKsProxy.xml |   3 +
 id/server/doc/MOA ID 1.x.wsdl                      |   2 +-
 id/server/doc/MOA-ID-Configuration-1.4.7.xsd       | 624 --------------------
 id/server/doc/MOA-ID-Configuration-1.5.0.xsd       | 631 +++++++++++++++++++++
 id/server/doc/moa_id/id-admin_2.htm                |  12 +-
 id/server/idserverlib/pom.xml                      |   5 +
 .../moa/id/auth/AuthenticationServer.java          |   8 +-
 .../moa/id/auth/MOAIDAuthConstants.java            |   2 +
 .../moa/id/auth/servlet/AuthServlet.java           |  16 +-
 .../moa/id/auth/servlet/ConfigurationServlet.java  |   7 +
 .../moa/id/auth/servlet/GetForeignIDServlet.java   |  24 +-
 .../auth/servlet/ProcessValidatorInputServlet.java |  63 +-
 .../moa/id/auth/servlet/SelectBKUServlet.java      |  27 +-
 .../auth/servlet/StartAuthenticationServlet.java   |  24 +-
 .../servlet/VerifyAuthenticationBlockServlet.java  |  20 +
 .../id/auth/servlet/VerifyCertificateServlet.java  |  16 +-
 .../id/auth/servlet/VerifyIdentityLinkServlet.java |  18 +-
 .../moa/id/config/ConfigurationBuilder.java        |  20 +
 .../id/config/auth/AuthConfigurationProvider.java  |  17 +-
 .../moa/id/util/ParamValidatorUtils.java           | 465 ++++++++++++---
 .../java/at/gv/egovernment/moa/id/util/Random.java |  15 +-
 spss/server/history.txt                            |   9 +
 39 files changed, 2133 insertions(+), 774 deletions(-)
 create mode 100644 common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd
 delete mode 100644 id/server/doc/MOA-ID-Configuration-1.4.7.xsd
 create mode 100644 id/server/doc/MOA-ID-Configuration-1.5.0.xsd

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
index cfc4a762f..cf7824562 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -96,7 +96,7 @@ public interface Constants {
 
   /** Local location of the MOA ID configuration XML schema definition. */
   public static final String MOA_ID_CONFIG_SCHEMA_LOCATION =
-    SCHEMA_ROOT + "MOA-ID-Configuration-1.4.7.xsd";
+    SCHEMA_ROOT + "MOA-ID-Configuration-1.5.0.xsd";
 
   /** URI of the Security Layer 1.0 namespace. */
   public static final String SL10_NS_URI =
diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd
new file mode 100644
index 000000000..9078bab98
--- /dev/null
+++ b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd
@@ -0,0 +1,631 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
+	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
+	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
+	<xsd:element name="Configuration">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="LoginType" type="LoginType" default="stateful"/>
+				<xsd:element name="Binding" minOccurs="0">
+					<xsd:simpleType>
+						<xsd:restriction base="xsd:string">
+							<xsd:enumeration value="full"/>
+							<xsd:enumeration value="userName"/>
+							<xsd:enumeration value="none"/>
+						</xsd:restriction>
+					</xsd:simpleType>
+				</xsd:element>
+				<xsd:choice>
+					<xsd:element ref="ParamAuth"/>
+					<xsd:element ref="BasicAuth"/>
+					<xsd:element ref="HeaderAuth"/>
+				</xsd:choice>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:simpleType name="LoginType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="stateless"/>
+			<xsd:enumeration value="stateful"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:element name="ParamAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="Parameter" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Parameter">
+		<xsd:complexType>
+			<xsd:attribute name="Name" type="xsd:token" use="required"/>
+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="BasicAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="UserID" type="MOAAuthDataType"/>
+				<xsd:element name="Password" type="MOAAuthDataType"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="HeaderAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="Header" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Header">
+		<xsd:complexType>
+			<xsd:attribute name="Name" type="xsd:token" use="required"/>
+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:simpleType name="MOAAuthDataType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="MOAGivenName"/>
+			<xsd:enumeration value="MOAFamilyName"/>
+			<xsd:enumeration value="MOADateOfBirth"/>
+			<xsd:enumeration value="MOABPK"/>
+			<xsd:enumeration value="MOAWBPK"/>
+			<xsd:enumeration value="MOAPublicAuthority"/>
+			<xsd:enumeration value="MOABKZ"/>
+			<xsd:enumeration value="MOAQualifiedCertificate"/>
+			<xsd:enumeration value="MOAStammzahl"/>
+			<xsd:enumeration value="MOAIdentificationValueType"/>
+			<xsd:enumeration value="MOAIPAddress"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="MOAKeyBoxSelector">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="SecureSignatureKeypair"/>
+			<xsd:enumeration value="CertifiedKeypair"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
+	<xsd:element name="MOA-IDConfiguration">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+				<xsd:element name="ProxyComponent" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>enthält Konfigurationsparameter der Proxy-Komponente</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:sequence>
+							<xsd:element name="AuthComponent">
+								<xsd:annotation>
+									<xsd:documentation>enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente</xsd:documentation>
+								</xsd:annotation>
+								<xsd:complexType>
+									<xsd:sequence>
+										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+											<xsd:annotation>
+												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
+											</xsd:annotation>
+										</xsd:element>
+									</xsd:sequence>
+								</xsd:complexType>
+							</xsd:element>
+						</xsd:sequence>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="OnlineApplication" maxOccurs="unbounded">
+					<xsd:annotation>
+						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:complexContent>
+							<xsd:extension base="OnlineApplicationType">
+								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
+								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
+								<xsd:attribute name="type" use="optional" default="publicService">
+									<xsd:simpleType>
+										<xsd:restriction base="xsd:NMTOKEN">
+											<xsd:enumeration value="businessService"/>
+											<xsd:enumeration value="publicService"/>
+										</xsd:restriction>
+									</xsd:simpleType>
+								</xsd:attribute>
+								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
+								<xsd:attribute name="friendlyName" type="xsd:string" use="optional"/>
+							</xsd:extension>
+						</xsd:complexContent>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="ChainingModes" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>spezifiziert den Algorithmus (&quot;pkix&quot; oder &quot;chaining&quot;) für die Zertifikatspfadvalidierung</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:sequence minOccurs="0" maxOccurs="unbounded">
+							<xsd:element name="TrustAnchor">
+								<xsd:annotation>
+									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden</xsd:documentation>
+								</xsd:annotation>
+								<xsd:complexType>
+									<xsd:complexContent>
+										<xsd:extension base="dsig:X509IssuerSerialType">
+											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>
+										</xsd:extension>
+									</xsd:complexContent>
+								</xsd:complexType>
+							</xsd:element>
+						</xsd:sequence>
+						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
+					<xsd:complexType>
+						<xsd:attribute name="name" use="required">
+							<xsd:simpleType>
+								<xsd:restriction base="xsd:string">
+									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
+									<xsd:enumeration value="AuthenticationSession.TimeOut"/>
+									<xsd:enumeration value="AuthenticationData.TimeOut"/>
+									<xsd:enumeration value="TrustManager.RevocationChecking"/>
+									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
+									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
+									<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>
+									<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>
+									<xsd:enumeration value="AuthenticationServer.SourceID"/>
+								</xsd:restriction>
+							</xsd:simpleType>
+						</xsd:attribute>
+						<xsd:attribute name="value" type="xsd:string" use="required"/>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="TrustedBKUs" minOccurs="0">
+					<xsd:complexType>
+						<xsd:sequence>
+							<xsd:element name="BKUURL" maxOccurs="unbounded" type="xsd:anyURI"/>
+						</xsd:sequence>
+					</xsd:complexType>
+				</xsd:element>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="AuthComponentType">
+		<xsd:sequence>
+			<xsd:element name="BKUSelection" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
+					</xsd:sequence>
+					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+			<xsd:element name="SecurityLayer">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter für die Kommunikation mit dem Security-Layer</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="MOA-SP">
+				<xsd:annotation>
+					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema &quot;https&quot; verwendet müssen die Kind-Elemente angegeben werden; wird das Schema &quot;http&quot; verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+						<xsd:element name="VerifyIdentityLink">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die Überprüfung der Personenbindung</xsd:documentation>
+							</xsd:annotation>
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="TrustProfileID"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="VerifyAuthBlock">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die Überprüfung des AUTH-Blocks</xsd:documentation>
+							</xsd:annotation>
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="TrustProfileID"/>
+									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="IdentityLinkSigners" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Informationen über akzeptierte Signers des IdentityLinks</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
+							<xsd:annotation>
+								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="ForeignIdentities" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+							<xsd:annotation>
+								<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="TransformsInfoType">
+		<xsd:annotation>
+			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert</xsd:documentation>
+		</xsd:annotation>
+		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="TemplatesType">
+		<xsd:sequence>
+			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
+			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>
+			<xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="TemplateType">
+		<xsd:annotation>
+			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
+		</xsd:annotation>
+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="VerifyInfoboxesType">
+		<xsd:annotation>
+			<xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="DefaultTrustProfile" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="TrustProfileID"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="Infobox" type="InfoboxType" minOccurs="0" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="InfoboxType">
+		<xsd:annotation>
+			<xsd:documentation>Parameter zur Überprüfung einzelner Infoboxen</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: &quot;Stellvertretungen&quot; für &quot;Mandates&quot;; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>TrustProfil, das für die Überprüfung der Infobox verwendet werden soll</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
+			<xsd:element name="ApplicationSpecificParameters" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ParepSpecificParameters" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="EnableInfoboxValidator" minOccurs="0">
+							<xsd:annotation>
+								<xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox &quot;mandates&quot; abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox &quot;mandates&quot; relevant.</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+						<xsd:element name="PartyRepresentation" type="PartyRepresentationType">
+							<xsd:annotation>
+								<xsd:documentation>Eigentlicher Konfigurationsteil für berufliche Parteienvertretung</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+		<xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
+		<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+		<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+	</xsd:complexType>
+	<xsd:complexType name="SchemaLocationType">
+		<xsd:annotation>
+			<xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="Schema" maxOccurs="unbounded">
+				<xsd:complexType>
+					<xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
+					<xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ProxyComponentType"/>
+	<xsd:complexType name="OnlineApplicationType">
+		<xsd:sequence>
+			<xsd:element name="AuthComponent" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<!--xsd:element name="IdentificationNumber" minOccurs="0">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="pr:AbstractSimpleIdentification"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element-->
+						<xsd:element name="IdentificationNumber" minOccurs="0">
+							<xsd:complexType>
+								<xsd:choice>
+									<xsd:element ref="pr:Firmenbuchnummer"/>
+									<xsd:element ref="pr:ZMRzahl"/>
+									<xsd:element ref="pr:Vereinsnummer"/>
+									<xsd:element ref="pr:ERJPZahl"/>
+									<xsd:element name="AnyNumber">
+										<xsd:complexType>
+											<xsd:simpleContent>
+												<xsd:extension base="xsd:string">
+													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+												</xsd:extension>
+											</xsd:simpleContent>
+										</xsd:complexType>
+									</xsd:element>
+								</xsd:choice>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
+						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
+					</xsd:sequence>
+					<xsd:attribute name="slVersion" use="optional" default="1.1">
+						<xsd:simpleType>
+							<xsd:restriction base="xsd:string">
+								<xsd:enumeration value="1.1"/>
+								<xsd:enumeration value="1.2"/>
+							</xsd:restriction>
+						</xsd:simpleType>
+					</xsd:attribute>
+					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
+					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ProxyComponent" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
+					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
+					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
+					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
+					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
+				</xsd:complexType>
+			</xsd:element>
+			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ConnectionParameterServerAuthType">
+		<xsd:sequence>
+			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="ConnectionParameterClientAuthType">
+		<xsd:complexContent>
+			<xsd:extension base="ConnectionParameterServerAuthType">
+				<xsd:sequence>
+					<xsd:element name="ClientKeyStore" minOccurs="0">
+						<xsd:annotation>
+							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält</xsd:documentation>
+						</xsd:annotation>
+						<xsd:complexType>
+							<xsd:simpleContent>
+								<xsd:extension base="xsd:anyURI">
+									<xsd:attribute name="password" type="xsd:string" use="optional"/>
+								</xsd:extension>
+							</xsd:simpleContent>
+						</xsd:complexType>
+					</xsd:element>
+				</xsd:sequence>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:element name="TrustProfileID" type="xsd:string"/>
+	<xsd:simpleType name="ChainingModeType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="chaining"/>
+			<xsd:enumeration value="pkix"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="BKUSelectionType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="HTMLComplete"/>
+			<xsd:enumeration value="HTMLSelect"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:element name="CompatibilityMode" default="false">
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:element name="EnableInfoboxValidator" default="true">
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:element name="AlwaysShowForm" default="false">
+		<xsd:annotation>
+			<xsd:documentation>Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
+		</xsd:annotation>
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:complexType name="InputProcessorType">
+		<xsd:simpleContent>
+			<xsd:extension base="xsd:string">
+				<xsd:attribute name="template" type="xsd:anyURI" use="optional">
+					<xsd:annotation>
+						<xsd:documentation>Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll</xsd:documentation>
+					</xsd:annotation>
+				</xsd:attribute>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:complexType name="PartyRepresentationType">
+		<xsd:sequence>
+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="AlwaysShowForm" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID=&quot;*&quot; akzeptiert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="PartyRepresentativeType">
+		<xsd:sequence>
+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="AlwaysShowForm" minOccurs="0"/>
+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Optionale Verbindungsparameter zu speziellem (SZR-)Gateway</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="oid" use="required">
+			<xsd:annotation>
+				<xsd:documentation>OID der Parteienvertretung lt. &quot;Object Identifier der öffentlichen Verwaltung&quot; - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID &quot;*&quot; muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>
+			</xsd:annotation>
+			<!--xsd:simpleType>
+				<xsd:restriction/>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="1.2.40.0.10.3.1"/>
+					<xsd:enumeration value="1.2.40.0.10.3.2"/>
+					<xsd:enumeration value="1.2.40.0.10.3.3"/>
+					<xsd:enumeration value="1.2.40.0.10.3.10"/>
+					<xsd:enumeration value="1.2.40.0.10.3.10.IdentifiedVoiceChannel"/>
+				</xsd:restriction>
+			</xsd:simpleType-->
+		</xsd:attribute>
+		<xsd:attribute name="representPhysicalParty" use="optional" default="false">
+			<xsd:annotation>
+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist</xsd:documentation>
+			</xsd:annotation>
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:boolean"/>
+			</xsd:simpleType>
+		</xsd:attribute>
+		<xsd:attribute name="representCorporateParty" use="optional" default="false">
+			<xsd:annotation>
+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)</xsd:documentation>
+			</xsd:annotation>
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:boolean"/>
+			</xsd:simpleType>
+		</xsd:attribute>
+		<xsd:attribute name="representationText" use="optional">
+			<xsd:annotation>
+				<xsd:documentation>Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird</xsd:documentation>
+			</xsd:annotation>
+			<!--xsd:simpleType>
+				<xsd:restriction/>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"/>
+					<xsd:enumeration value="Organwalter"/>
+					<xsd:enumeration value="Parteienvertreter(in) über einen identifizierten Sprachkanal"/>
+				</xsd:restriction>
+			</xsd:simpleType-->
+		</xsd:attribute>
+	</xsd:complexType>
+</xsd:schema>
diff --git a/id/history.txt b/id/history.txt
index aed8592a7..e7ccdc38f 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -2,6 +2,23 @@ Dieses Dokument zeigt die Ver
 von MOA-ID auf.
 
 History MOA-ID:
+
+=====
+
+Version MOA-ID 1.5.0: Änderungen seit Version MOA-ID 1.4.8:
+
+- Fixed Bug #552 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=552&group_id=6&atid=105)
+- Fixed Bug #551 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=551&group_id=6&atid=105)
+- Fixed Bug #550 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=550&group_id=6&atid=105)
+- IAIK Libraries aktualisiert:
+	iaik-moa:           TODO
+- Update Parameterüberprüfung
+- Einbindung von Online-Vollmachten
+- Update MOA-Template zur Bürgerkartenauswahl
+- Änderung der Konfiguration für:
+	- Angabe einer Liste von vertrauenswürdigen BKUs (aufgrund Parameterprüfung)
+	- Online-Vollmachten
+	
 =====
 
 Version MOA-ID 1.4.8: Änderungen seit Version MOA-ID 1.4.7:
diff --git a/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf b/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf
index 021e15b94..b68d247cb 100644
Binary files a/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf and b/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf differ
diff --git a/id/server/auth/src/main/webapp/css/index.css b/id/server/auth/src/main/webapp/css/index.css
index 3dea4d7ff..39b715a6e 100644
--- a/id/server/auth/src/main/webapp/css/index.css
+++ b/id/server/auth/src/main/webapp/css/index.css
@@ -82,7 +82,7 @@ p#skiplinks  a:active {
 
 #leftcontent {
 	float:left;
-	width:210px;		
+	width:220px;		
 }
 
 h2#tabheader, h2#contentheader {
@@ -94,7 +94,7 @@ h2#tabheader, h2#contentheader {
 
 #bkulogin {
 	overflow:hidden;	
-	width:210px;
+	width:220px;
 }
 
 #bkukarte {
@@ -113,6 +113,12 @@ h2#tabheader, h2#contentheader {
 	width:40%;
 }
 
+#mandate{
+	text-align:center;
+	padding : 5px 5px 5px 5px;
+}
+
+
 button {
 	background: #efefef;
 	border:1px solid #000;
@@ -161,19 +167,19 @@ button {
 }
 
 iframe {
-	width:210px;
+	width:220px;
 }
 
 /* right */
 
 #rightcontent {
 	float:right;
-	width:210px;
+	width:220px;
 }
 
 #centercontent {
 	width:auto;
-	margin: 0 220px;
+	margin: 0 230px;
 }
 
 /* center */
@@ -202,6 +208,22 @@ p {
 }
 
 
+#mandateLogin {
+	vertical-align: middle;
+}
+
+.infobutton {
+	background-color: #005a00;
+	color: white;
+	font-family: serif;
+	text-decoration: none;
+	padding-top: 2px;
+	padding-right: 4px;
+	padding-bottom: 2px;
+	padding-left: 4px;
+	font-weight: bold;
+}
+
 /* [OPTIONAL] Geben Sie hier die Farbe fuer den hellen Hintergrund an */
 .hell {
 	background-color : #DDDDDD;	
diff --git a/id/server/auth/src/main/webapp/iframeHandyBKU.html b/id/server/auth/src/main/webapp/iframeHandyBKU.html
index 24a2d80f9..06639c7e5 100644
--- a/id/server/auth/src/main/webapp/iframeHandyBKU.html
+++ b/id/server/auth/src/main/webapp/iframeHandyBKU.html
@@ -7,22 +7,47 @@
     	<meta http-equiv="PRAGMA" content="NO-CACHE">
     	<script type="text/javascript">
 			window.onload=function() {
+				var Template = get_url_param("Template", "startAuth");
+				var startAuth = get_url_param("startAuth", "useMandate");
+				var useMandate = get_url_param("useMandate", "");
+			
+				document.moaidform.useMandate.value = useMandate;
+				document.moaidform.action = startAuth;
+				document.moaidform.Template.value = Template;
+				
       			document.moaidform.submit();
       			return;
       		}
+			
+			function get_url_param(name, follower) {
+
+				var url = window.location.href;
+				var i = url.indexOf(name);
+				url = url.substring(i + name.length+1, url.length);				
+				if (follower.length != 0) {
+					i = url.indexOf(follower);
+					url = url.substring(0, i-1);
+				}
+			
+				
+				// alert (name + ": " + url);
+				
+				return url;
+				
+			}
 		</script>
 	</head>
 	<body>
 		Bitte warten...
+
+		<form method="POST" name="moaidform">
+			<input type="hidden" name="Template">
+            <input type="hidden" name="bkuURI" value="https://www.a-trust.at/mobile/https-security-layer-request/default.aspx">		
+            <input type="hidden" name="useMandate">
+    	</form>		
 		
-		<!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an -->
-		<!-- z.B.: action="https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at" -->
-		<FORM  name="moaidform" action="[MOA_ID_STARTAUTHENTICATION]" method="post">
-    	<!-- [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Handy BKU an -->
-			<!-- z.B.: value="https://yoururl.at/moa-id-auth/template_handyBKU.html"-->
-			<input type="hidden" name="Template" value="[URL_TO_HANDYBKU_TEMPLATE]">
-			<input type="hidden" name="bkuURI" value="https://www.a-trust.at/mobile/https-security-layer-request/default.aspx">
-		</FORM>
+        
+        
 		
 		<hr>
 	</body>
diff --git a/id/server/auth/src/main/webapp/iframeOnlineBKU.html b/id/server/auth/src/main/webapp/iframeOnlineBKU.html
index e92420e7a..b0f6b8bb0 100644
--- a/id/server/auth/src/main/webapp/iframeOnlineBKU.html
+++ b/id/server/auth/src/main/webapp/iframeOnlineBKU.html
@@ -7,23 +7,49 @@
     	<meta http-equiv="PRAGMA" content="NO-CACHE">
 	    <script type="text/javascript">
 			window.onload=function() {
-    		  	document.moaidform.submit();
+				
+				var bkuURI = get_url_param("bkuURI", "Template");
+				var Template = get_url_param("Template", "startAuth");
+				var startAuth = get_url_param("startAuth", "useMandate");
+				var useMandate = get_url_param("useMandate", "");
+			
+				document.moaidform.useMandate.value = useMandate;
+				document.moaidform.action = startAuth;
+				document.moaidform.Template.value = Template;
+				document.moaidform.bkuURI.value = bkuURI;
+
+				document.moaidform.submit();
+				
       			return;
       		}
+
+			function get_url_param(name, follower) {
+
+				var url = window.location.href;
+				var i = url.indexOf(name);
+				url = url.substring(i + name.length+1, url.length);				
+				if (follower.length != 0) {
+					i = url.indexOf(follower);
+					url = url.substring(0, i-1);
+				}
+			
+				
+				// alert (name + ": " + url);
+				
+				return url;
+				
+			}
+			
+
 		</script>
 	</head>
 	<body>
 		Bitte warten...
-		
-        <!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an -->
-		<!-- z.B.: action="https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at" -->
-		<form method="POST" name="moaidform" id="moa" action="[MOA_ID_STARTAUTHENTICATION]">
-			<!-- [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Online BKU an -->
-			<!-- z.B.: value="https://yoururl.at/moa-id-auth/template_onlineBKU.html"-->
-			<input type="hidden" name="Template" value="[URL_TO_ONLINEBKU_TEMPLATE]">
-            <!-- [MUSS] Geben Sie hier die URL zur Online BKU an -->
-			<!-- z.B.: value="https://yoururl.at/bkuonline/https-security-layer-request"-->
-            <input type="hidden" name="bkuURI" value="[URL_TO_ONLINEBKU]">
+        
+		<form method="POST" name="moaidform">
+			<input type="hidden" name="Template">
+            <input type="hidden" name="bkuURI">		
+            <input type="hidden" name="useMandate">
     	</form>
 	
 		<hr>
diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
index a49d8c6bc..0e12035e9 100644
--- a/id/server/auth/src/main/webapp/index.html
+++ b/id/server/auth/src/main/webapp/index.html
@@ -9,22 +9,64 @@
         <meta http-equiv="Content-Style-Type" content="text/css">
         <link rel="stylesheet" type="text/css" href="css/index.css">
         <script type="text/javascript">
+			
+			// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
+            // z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
+			var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
+			
+			// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die lokale BKU an
+            // z.B.: https://yoururl.at/moa-id-auth/template_localBKU.html
+			var URL_TO_LOKALBKU_TEMPLATE = "[URL_TO_LOKALBKU_TEMPLATE]";
+			
+			// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Online BKU an
+			// z.B.: "https://yoururl.at/moa-id-auth/template_onlineBKU.html"
+			var URL_TO_ONLINEBKU_TEMPLATE = "[URL_TO_ONLINEBKU_TEMPLATE]";
+			
+			// [MUSS] Geben Sie hier die URL zur Online BKU an
+			// z.B.: value="https://yoururl.at/bkuonline/https-security-layer-request"
+			var URL_TO_ONLINEBKU = "[URL_TO_ONLINEBKU]";
+			
+			// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Handy Signatur an -->
+			<!-- z.B.: value="https://yoururl.at/moa-id-auth/template_handyBKU.html"-->
+			var URL_TO_HANDYSIGNATUR_TEMPLATE = "[URL_TO_HANDYSIGNATUR_TEMPLATE]";
+			
+			
 			window.onload=function() {
 				document.getElementById("localBKU").style.display="none";
+				
 				return;
         	}
+			
 
 	        function bkuOnlineClicked() {
 				<!-- [OPTIONAL] Um die lokale BKU auszublenden, ersetzen Sie in der folgenden Zeile "block" durch "none" -->
 				document.getElementById("localBKU").style.display="block"; 
+				
+				// set values for local BKU
+				document.getElementById("form_local_bku").action = MOA_ID_STARTAUTHENTICATION;
+				document.getElementById("input_localBKU_template").value = URL_TO_LOKALBKU_TEMPLATE;
+				if (document.getElementById("mandateCheckBox").checked) {
+					document.getElementById("useMandate").value = "true";
+				}
+				else {
+					document.getElementById("useMandate").value = "false";
+				}
 
+				// set values for online BKU
 		        var el = document.getElementById("bkulogin");
         		var parent = el.parentNode;
 				
+				var checkBox = document.getElementById("mandateCheckBox");				
+				var iFrameURL = "iframeOnlineBKU.html" + "?";
+				iFrameURL += "bkuURI=" + URL_TO_ONLINEBKU + "&";
+				iFrameURL += "Template=" + URL_TO_ONLINEBKU_TEMPLATE + "&";
+				iFrameURL += "startAuth=" + MOA_ID_STARTAUTHENTICATION + "&";
+				iFrameURL += "useMandate=" + checkBox.checked ;
+			
 		 		var iframe = document.createElement("iframe");
-		        iframe.setAttribute("src", "iframeOnlineBKU.html");
-		        iframe.setAttribute("width", "210");
-		        iframe.setAttribute("height", "155");
+		        iframe.setAttribute("src", iFrameURL);
+		        iframe.setAttribute("width", "220");  
+		        iframe.setAttribute("height", "165");
 		        iframe.setAttribute("frameborder", "0");
 		        iframe.setAttribute("scrolling", "no");
 		        iframe.setAttribute("title", "Login");
@@ -36,13 +78,21 @@
         	function bkuHandyClicked() {
 	        	document.getElementById("localBKU").style.display="none";
     	    	
+				// set values for Handy Signatur
 		        var el = document.getElementById("bkulogin");
 	    	    var parent = el.parentNode;
+
+				var checkBox = document.getElementById("mandateCheckBox");				
+				var iFrameURL = "iframeHandyBKU.html" + "?";
+				iFrameURL += "Template=" + URL_TO_HANDYSIGNATUR_TEMPLATE + "&";
+				iFrameURL += "startAuth=" + MOA_ID_STARTAUTHENTICATION + "&";
+				iFrameURL += "useMandate=" + checkBox.checked ;
+
 		         
 	        	var iframe = document.createElement("iframe");
-		        iframe.setAttribute("src", "iframeHandyBKU.html");
-	    	    iframe.setAttribute("width", "210");
-	        	iframe.setAttribute("height", "149");
+		        iframe.setAttribute("src", iFrameURL);
+	    	    iframe.setAttribute("width", "220"); 
+	        	iframe.setAttribute("height", "159");
 		        iframe.setAttribute("frameborder", "0");
 	        	iframe.setAttribute("scrolling", "no");
 	    	    iframe.setAttribute("title", "Login");
@@ -86,19 +136,25 @@
                         <div id="bkuhandy" class="hell">
                             <button name="bkuButton" type="button" onClick="bkuHandyClicked();">HANDY</button>
                         </div> 
+                        <div id="mandate">
+                    		<input type="checkbox" name="Mandate" style="vertical-align: middle; margin-right: 5px;" id="mandateCheckBox"><label>in Vertretung anmelden</label>
+                        </div>
                     </div>
+                    
+					
+
+
 
                     <div id="localBKU" style="display:none" class="hell">
                         <hr>
-                        <!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an -->
-                        <!-- z.B.: action="https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at"-->
-                        <form method="post" action="[MOA_ID_STARTAUTHENTICATION]">
+                        <form id="form_local_bku" method="post">
                             <input type="hidden" name="show" value="false"> 
 							<!-- [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die lokale BKU an -->
                             <!-- z.B.: value="https://yoururl.at/moa-id-auth/template_localBKU.html"-->
-                            <input type="hidden" name="Template" value="[URL_TO_LOKALBKU_TEMPLATE]">
+                            <input type="hidden" name="Template" id="input_localBKU_template" >
                             <input type="hidden" name="bkuURI" value="https://localhost:3496/https-security-layer-request"> 
-                            <input type="submit" size="400" value="Lokale BKU">
+                            <input type="hidden" name="useMandate" id="useMandate">
+                            <input type="submit" size="400" value="Lokale BKU">                            
                         </form>
                         <p>
                             <small>Alternativ k&ouml;nnen Sie eine lokal installierte BKU verwenden.</small>                        
diff --git a/id/server/auth/src/main/webapp/template_handyBKU.html b/id/server/auth/src/main/webapp/template_handyBKU.html
index 4ae6c2231..6ccd295b2 100644
--- a/id/server/auth/src/main/webapp/template_handyBKU.html
+++ b/id/server/auth/src/main/webapp/template_handyBKU.html
@@ -18,8 +18,8 @@
 			<input type="hidden" name="PushInfobox" value="<PushInfobox>">
 			
 			<!-- Angabe der Parameter für die Handy-BKU -->
-			<input type="hidden" name="appletWidth" value="210">
-			<input type="hidden" name="appletHeight" value="149">
+			<input type="hidden" name="appletWidth" value="220">
+			<input type="hidden" name="appletHeight" value="159">
 			
 			<!-- [OPTIONAL] Aendern Sie hier die Hintergrundfarbe der Handy-BKU -->
 			<input type="hidden" name="backgroundColor" value="#DDDDDD"> 
diff --git a/id/server/auth/src/main/webapp/template_onlineBKU.html b/id/server/auth/src/main/webapp/template_onlineBKU.html
index 28207e9e2..1bb2ac236 100644
--- a/id/server/auth/src/main/webapp/template_onlineBKU.html
+++ b/id/server/auth/src/main/webapp/template_onlineBKU.html
@@ -18,8 +18,8 @@
 			<input type="hidden" name="PushInfobox" value="<PushInfobox>">
 		
 			<!-- Angabe der Parameter fuer die Online-BKU -->
-			<input type="hidden" name="appletWidth" value="210">
-			<input type="hidden" name="appletHeight" value="130">
+			<input type="hidden" name="appletWidth" value="220">
+			<input type="hidden" name="appletHeight" value="140">
 			
 			<!-- [OPTIONAL] Aendern Sie hier die Hintergrundfarbe der Online-BKU -->
 	      <input type="hidden" name="appletBackgroundColor" value="#DDDDDD">
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index 338137236..b1418fb0b 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -151,4 +151,7 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<TrustedBKUs>
+		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+	</TrustedBKUs>
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index b0869df9e..0f09ff7d5 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -171,4 +171,7 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<TrustedBKUs>
+		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+	</TrustedBKUs>
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 37b6921fe..fd565b538 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -157,4 +157,8 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<!-- Vertrauenswürdige Bürgerkartenumgebungen -->
+	<TrustedBKUs>
+		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+	</TrustedBKUs>
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index d6340e5a5..b3c655155 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -177,4 +177,7 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<TrustedBKUs>
+		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+	</TrustedBKUs>
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index 179394085..3f1d95562 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -154,4 +154,7 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<TrustedBKUs>
+		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+	</TrustedBKUs>
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index ff38ec973..e381d9bda 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -174,4 +174,7 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<TrustedBKUs>
+		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+	</TrustedBKUs>
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index c7802635b..f1202a542 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -160,4 +160,7 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<TrustedBKUs>
+		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+	</TrustedBKUs>
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 98d2741f7..068ab90b1 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -180,4 +180,7 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<TrustedBKUs>
+		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+	</TrustedBKUs>
 </MOA-IDConfiguration>
diff --git a/id/server/doc/MOA ID 1.x.wsdl b/id/server/doc/MOA ID 1.x.wsdl
index 06daae8f1..86c08226a 100644
--- a/id/server/doc/MOA ID 1.x.wsdl	
+++ b/id/server/doc/MOA ID 1.x.wsdl	
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- edited with XML Spy v4.4 U (http://www.xmlspy.com) by patrick peck (anecon) -->
 <definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/ http://schemas.xmlsoap.org/wsdl/">
-	<import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="MOA-20020812.xsd"/>
+	<import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="MOA-SPSS-1.2.xsd"/>
 	<message name="GetAuthenticationDataInput">
 		<part name="body" element="samlp:Request"/>
 	</message>
diff --git a/id/server/doc/MOA-ID-Configuration-1.4.7.xsd b/id/server/doc/MOA-ID-Configuration-1.4.7.xsd
deleted file mode 100644
index 28e0b947d..000000000
--- a/id/server/doc/MOA-ID-Configuration-1.4.7.xsd
+++ /dev/null
@@ -1,624 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- edited with XMLSpy v2010 (http://www.altova.com) by ks (ks) -->
-<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
-	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
-	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
-	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
-	<xsd:element name="Configuration">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="LoginType" type="LoginType" default="stateful"/>
-				<xsd:element name="Binding" minOccurs="0">
-					<xsd:simpleType>
-						<xsd:restriction base="xsd:string">
-							<xsd:enumeration value="full"/>
-							<xsd:enumeration value="userName"/>
-							<xsd:enumeration value="none"/>
-						</xsd:restriction>
-					</xsd:simpleType>
-				</xsd:element>
-				<xsd:choice>
-					<xsd:element ref="ParamAuth"/>
-					<xsd:element ref="BasicAuth"/>
-					<xsd:element ref="HeaderAuth"/>
-				</xsd:choice>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:simpleType name="LoginType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="stateless"/>
-			<xsd:enumeration value="stateful"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:element name="ParamAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element ref="Parameter" maxOccurs="unbounded"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="Parameter">
-		<xsd:complexType>
-			<xsd:attribute name="Name" type="xsd:token" use="required"/>
-			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="BasicAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="UserID" type="MOAAuthDataType"/>
-				<xsd:element name="Password" type="MOAAuthDataType"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="HeaderAuth">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element ref="Header" maxOccurs="unbounded"/>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:element name="Header">
-		<xsd:complexType>
-			<xsd:attribute name="Name" type="xsd:token" use="required"/>
-			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:simpleType name="MOAAuthDataType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="MOAGivenName"/>
-			<xsd:enumeration value="MOAFamilyName"/>
-			<xsd:enumeration value="MOADateOfBirth"/>
-			<xsd:enumeration value="MOABPK"/>
-			<xsd:enumeration value="MOAWBPK"/>
-			<xsd:enumeration value="MOAPublicAuthority"/>
-			<xsd:enumeration value="MOABKZ"/>
-			<xsd:enumeration value="MOAQualifiedCertificate"/>
-			<xsd:enumeration value="MOAStammzahl"/>
-			<xsd:enumeration value="MOAIdentificationValueType"/>
-			<xsd:enumeration value="MOAIPAddress"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:simpleType name="MOAKeyBoxSelector">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="SecureSignatureKeypair"/>
-			<xsd:enumeration value="CertifiedKeypair"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
-	<xsd:element name="MOA-IDConfiguration">
-		<xsd:complexType>
-			<xsd:sequence>
-				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
-					</xsd:annotation>
-				</xsd:element>
-				<xsd:element name="ProxyComponent" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>enthält Konfigurationsparameter der Proxy-Komponente</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:sequence>
-							<xsd:element name="AuthComponent">
-								<xsd:annotation>
-									<xsd:documentation>enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente</xsd:documentation>
-								</xsd:annotation>
-								<xsd:complexType>
-									<xsd:sequence>
-										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-											<xsd:annotation>
-												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
-											</xsd:annotation>
-										</xsd:element>
-									</xsd:sequence>
-								</xsd:complexType>
-							</xsd:element>
-						</xsd:sequence>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="OnlineApplication" maxOccurs="unbounded">
-					<xsd:annotation>
-						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:complexContent>
-							<xsd:extension base="OnlineApplicationType">
-								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
-								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
-								<xsd:attribute name="type" use="optional" default="publicService">
-									<xsd:simpleType>
-										<xsd:restriction base="xsd:NMTOKEN">
-											<xsd:enumeration value="businessService"/>
-											<xsd:enumeration value="publicService"/>
-										</xsd:restriction>
-									</xsd:simpleType>
-								</xsd:attribute>
-								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
-							</xsd:extension>
-						</xsd:complexContent>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="ChainingModes" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>spezifiziert den Algorithmus (&quot;pkix&quot; oder &quot;chaining&quot;) für die Zertifikatspfadvalidierung</xsd:documentation>
-					</xsd:annotation>
-					<xsd:complexType>
-						<xsd:sequence minOccurs="0" maxOccurs="unbounded">
-							<xsd:element name="TrustAnchor">
-								<xsd:annotation>
-									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden</xsd:documentation>
-								</xsd:annotation>
-								<xsd:complexType>
-									<xsd:complexContent>
-										<xsd:extension base="dsig:X509IssuerSerialType">
-											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>
-										</xsd:extension>
-									</xsd:complexContent>
-								</xsd:complexType>
-							</xsd:element>
-						</xsd:sequence>
-						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
-					</xsd:complexType>
-				</xsd:element>
-				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
-					<xsd:annotation>
-						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
-					</xsd:annotation>
-				</xsd:element>
-				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
-					<xsd:complexType>
-						<xsd:attribute name="name" use="required">
-							<xsd:simpleType>
-								<xsd:restriction base="xsd:string">
-									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
-									<xsd:enumeration value="AuthenticationSession.TimeOut"/>
-									<xsd:enumeration value="AuthenticationData.TimeOut"/>
-									<xsd:enumeration value="TrustManager.RevocationChecking"/>
-									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
-									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
-									<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>
-									<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>
-									<xsd:enumeration value="AuthenticationServer.SourceID"/>
-								</xsd:restriction>
-							</xsd:simpleType>
-						</xsd:attribute>
-						<xsd:attribute name="value" type="xsd:string" use="required"/>
-					</xsd:complexType>
-				</xsd:element>
-			</xsd:sequence>
-		</xsd:complexType>
-	</xsd:element>
-	<xsd:complexType name="AuthComponentType">
-		<xsd:sequence>
-			<xsd:element name="BKUSelection" minOccurs="0">
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
-					</xsd:sequence>
-					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
-			<xsd:element name="SecurityLayer">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter für die Kommunikation mit dem Security-Layer</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="MOA-SP">
-				<xsd:annotation>
-					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema &quot;https&quot; verwendet müssen die Kind-Elemente angegeben werden; wird das Schema &quot;http&quot; verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-						<xsd:element name="VerifyIdentityLink">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die Überprüfung der Personenbindung</xsd:documentation>
-							</xsd:annotation>
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="TrustProfileID"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element>
-						<xsd:element name="VerifyAuthBlock">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter für die Überprüfung des AUTH-Blocks</xsd:documentation>
-							</xsd:annotation>
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="TrustProfileID"/>
-									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="IdentityLinkSigners" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Informationen über akzeptierte Signers des IdentityLinks</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
-							<xsd:annotation>
-								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="ForeignIdentities" minOccurs="0">
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
-							<xsd:annotation>
-								<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="TransformsInfoType">
-		<xsd:annotation>
-			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert</xsd:documentation>
-		</xsd:annotation>
-		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="TemplatesType">
-		<xsd:sequence>
-			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
-			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>
-			<xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="TemplateType">
-		<xsd:annotation>
-			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
-		</xsd:annotation>
-		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="VerifyInfoboxesType">
-		<xsd:annotation>
-			<xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
-		</xsd:annotation>
-		<xsd:sequence>
-			<xsd:element name="DefaultTrustProfile" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element ref="TrustProfileID"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="Infobox" type="InfoboxType" minOccurs="0" maxOccurs="unbounded">
-				<xsd:annotation>
-					<xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="InfoboxType">
-		<xsd:annotation>
-			<xsd:documentation>Parameter zur Überprüfung einzelner Infoboxen</xsd:documentation>
-		</xsd:annotation>
-		<xsd:sequence>
-			<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: &quot;Stellvertretungen&quot; für &quot;Mandates&quot;; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>TrustProfil, das für die Überprüfung der Infobox verwendet werden soll</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
-			<xsd:element name="ApplicationSpecificParameters" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="ParepSpecificParameters" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element ref="EnableInfoboxValidator" minOccurs="0">
-							<xsd:annotation>
-								<xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox &quot;mandates&quot; abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox &quot;mandates&quot; relevant.</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-						<xsd:element name="PartyRepresentation" type="PartyRepresentationType">
-							<xsd:annotation>
-								<xsd:documentation>Eigentlicher Konfigurationsteil für berufliche Parteienvertretung</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
-		<xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
-		<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
-		<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
-	</xsd:complexType>
-	<xsd:complexType name="SchemaLocationType">
-		<xsd:annotation>
-			<xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
-		</xsd:annotation>
-		<xsd:sequence>
-			<xsd:element name="Schema" maxOccurs="unbounded">
-				<xsd:complexType>
-					<xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
-					<xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
-				</xsd:complexType>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="ProxyComponentType"/>
-	<xsd:complexType name="OnlineApplicationType">
-		<xsd:sequence>
-			<xsd:element name="AuthComponent" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<!--xsd:element name="IdentificationNumber" minOccurs="0">
-							<xsd:complexType>
-								<xsd:sequence>
-									<xsd:element ref="pr:AbstractSimpleIdentification"/>
-								</xsd:sequence>
-							</xsd:complexType>
-						</xsd:element-->
-						<xsd:element name="IdentificationNumber" minOccurs="0">
-							<xsd:complexType>
-								<xsd:choice>
-									<xsd:element ref="pr:Firmenbuchnummer"/>
-									<xsd:element ref="pr:ZMRzahl"/>
-									<xsd:element ref="pr:Vereinsnummer"/>
-									<xsd:element ref="pr:ERJPZahl"/>
-									<xsd:element name="AnyNumber">
-										<xsd:complexType>
-											<xsd:simpleContent>
-												<xsd:extension base="xsd:string">
-													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
-												</xsd:extension>
-											</xsd:simpleContent>
-										</xsd:complexType>
-									</xsd:element>
-								</xsd:choice>
-							</xsd:complexType>
-						</xsd:element>
-						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
-						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
-						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
-					</xsd:sequence>
-					<xsd:attribute name="slVersion" use="optional" default="1.1">
-						<xsd:simpleType>
-							<xsd:restriction base="xsd:string">
-								<xsd:enumeration value="1.1"/>
-								<xsd:enumeration value="1.2"/>
-							</xsd:restriction>
-						</xsd:simpleType>
-					</xsd:attribute>
-					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
-					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
-					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="ProxyComponent" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
-				</xsd:annotation>
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
-							<xsd:annotation>
-								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
-							</xsd:annotation>
-						</xsd:element>
-					</xsd:sequence>
-					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
-					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
-					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
-					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
-					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
-				</xsd:complexType>
-			</xsd:element>
-			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="ConnectionParameterServerAuthType">
-		<xsd:sequence>
-			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
-	</xsd:complexType>
-	<xsd:complexType name="ConnectionParameterClientAuthType">
-		<xsd:complexContent>
-			<xsd:extension base="ConnectionParameterServerAuthType">
-				<xsd:sequence>
-					<xsd:element name="ClientKeyStore" minOccurs="0">
-						<xsd:annotation>
-							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält</xsd:documentation>
-						</xsd:annotation>
-						<xsd:complexType>
-							<xsd:simpleContent>
-								<xsd:extension base="xsd:anyURI">
-									<xsd:attribute name="password" type="xsd:string" use="optional"/>
-								</xsd:extension>
-							</xsd:simpleContent>
-						</xsd:complexType>
-					</xsd:element>
-				</xsd:sequence>
-			</xsd:extension>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:element name="TrustProfileID" type="xsd:string"/>
-	<xsd:simpleType name="ChainingModeType">
-		<xsd:restriction base="xsd:string">
-			<xsd:enumeration value="chaining"/>
-			<xsd:enumeration value="pkix"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:simpleType name="BKUSelectionType">
-		<xsd:restriction base="xsd:token">
-			<xsd:enumeration value="HTMLComplete"/>
-			<xsd:enumeration value="HTMLSelect"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:element name="CompatibilityMode" default="false">
-		<xsd:simpleType>
-			<xsd:restriction base="xsd:boolean"/>
-		</xsd:simpleType>
-	</xsd:element>
-	<xsd:element name="EnableInfoboxValidator" default="true">
-		<xsd:simpleType>
-			<xsd:restriction base="xsd:boolean"/>
-		</xsd:simpleType>
-	</xsd:element>
-	<xsd:element name="AlwaysShowForm" default="false">
-		<xsd:annotation>
-			<xsd:documentation>Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
-		</xsd:annotation>
-		<xsd:simpleType>
-			<xsd:restriction base="xsd:boolean"/>
-		</xsd:simpleType>
-	</xsd:element>
-	<xsd:complexType name="InputProcessorType">
-		<xsd:simpleContent>
-			<xsd:extension base="xsd:string">
-				<xsd:attribute name="template" type="xsd:anyURI" use="optional">
-					<xsd:annotation>
-						<xsd:documentation>Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll</xsd:documentation>
-					</xsd:annotation>
-				</xsd:attribute>
-			</xsd:extension>
-		</xsd:simpleContent>
-	</xsd:complexType>
-	<xsd:complexType name="PartyRepresentationType">
-		<xsd:sequence>
-			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element ref="AlwaysShowForm" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">
-				<xsd:annotation>
-					<xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID=&quot;*&quot; akzeptiert</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="PartyRepresentativeType">
-		<xsd:sequence>
-			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-			<xsd:element ref="AlwaysShowForm" minOccurs="0"/>
-			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
-				<xsd:annotation>
-					<xsd:documentation>Optionale Verbindungsparameter zu speziellem (SZR-)Gateway</xsd:documentation>
-				</xsd:annotation>
-			</xsd:element>
-		</xsd:sequence>
-		<xsd:attribute name="oid" use="required">
-			<xsd:annotation>
-				<xsd:documentation>OID der Parteienvertretung lt. &quot;Object Identifier der öffentlichen Verwaltung&quot; - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID &quot;*&quot; muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>
-			</xsd:annotation>
-			<!--xsd:simpleType>
-				<xsd:restriction/>
-				<xsd:restriction base="xsd:string">
-					<xsd:enumeration value="1.2.40.0.10.3.1"/>
-					<xsd:enumeration value="1.2.40.0.10.3.2"/>
-					<xsd:enumeration value="1.2.40.0.10.3.3"/>
-					<xsd:enumeration value="1.2.40.0.10.3.10"/>
-					<xsd:enumeration value="1.2.40.0.10.3.10.IdentifiedVoiceChannel"/>
-				</xsd:restriction>
-			</xsd:simpleType-->
-		</xsd:attribute>
-		<xsd:attribute name="representPhysicalParty" use="optional" default="false">
-			<xsd:annotation>
-				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist</xsd:documentation>
-			</xsd:annotation>
-			<xsd:simpleType>
-				<xsd:restriction base="xsd:boolean"/>
-			</xsd:simpleType>
-		</xsd:attribute>
-		<xsd:attribute name="representCorporateParty" use="optional" default="false">
-			<xsd:annotation>
-				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)</xsd:documentation>
-			</xsd:annotation>
-			<xsd:simpleType>
-				<xsd:restriction base="xsd:boolean"/>
-			</xsd:simpleType>
-		</xsd:attribute>
-		<xsd:attribute name="representationText" use="optional">
-			<xsd:annotation>
-				<xsd:documentation>Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird</xsd:documentation>
-			</xsd:annotation>
-			<!--xsd:simpleType>
-				<xsd:restriction/>
-				<xsd:restriction base="xsd:string">
-					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"/>
-					<xsd:enumeration value="Organwalter"/>
-					<xsd:enumeration value="Parteienvertreter(in) über einen identifizierten Sprachkanal"/>
-				</xsd:restriction>
-			</xsd:simpleType-->
-		</xsd:attribute>
-	</xsd:complexType>
-</xsd:schema>
diff --git a/id/server/doc/MOA-ID-Configuration-1.5.0.xsd b/id/server/doc/MOA-ID-Configuration-1.5.0.xsd
new file mode 100644
index 000000000..9078bab98
--- /dev/null
+++ b/id/server/doc/MOA-ID-Configuration-1.5.0.xsd
@@ -0,0 +1,631 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
+	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
+	<xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
+	<xsd:element name="Configuration">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="LoginType" type="LoginType" default="stateful"/>
+				<xsd:element name="Binding" minOccurs="0">
+					<xsd:simpleType>
+						<xsd:restriction base="xsd:string">
+							<xsd:enumeration value="full"/>
+							<xsd:enumeration value="userName"/>
+							<xsd:enumeration value="none"/>
+						</xsd:restriction>
+					</xsd:simpleType>
+				</xsd:element>
+				<xsd:choice>
+					<xsd:element ref="ParamAuth"/>
+					<xsd:element ref="BasicAuth"/>
+					<xsd:element ref="HeaderAuth"/>
+				</xsd:choice>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:simpleType name="LoginType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="stateless"/>
+			<xsd:enumeration value="stateful"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:element name="ParamAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="Parameter" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Parameter">
+		<xsd:complexType>
+			<xsd:attribute name="Name" type="xsd:token" use="required"/>
+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="BasicAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="UserID" type="MOAAuthDataType"/>
+				<xsd:element name="Password" type="MOAAuthDataType"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="HeaderAuth">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="Header" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Header">
+		<xsd:complexType>
+			<xsd:attribute name="Name" type="xsd:token" use="required"/>
+			<xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:simpleType name="MOAAuthDataType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="MOAGivenName"/>
+			<xsd:enumeration value="MOAFamilyName"/>
+			<xsd:enumeration value="MOADateOfBirth"/>
+			<xsd:enumeration value="MOABPK"/>
+			<xsd:enumeration value="MOAWBPK"/>
+			<xsd:enumeration value="MOAPublicAuthority"/>
+			<xsd:enumeration value="MOABKZ"/>
+			<xsd:enumeration value="MOAQualifiedCertificate"/>
+			<xsd:enumeration value="MOAStammzahl"/>
+			<xsd:enumeration value="MOAIdentificationValueType"/>
+			<xsd:enumeration value="MOAIPAddress"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="MOAKeyBoxSelector">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="SecureSignatureKeypair"/>
+			<xsd:enumeration value="CertifiedKeypair"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
+	<xsd:element name="MOA-IDConfiguration">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+				<xsd:element name="ProxyComponent" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>enthält Konfigurationsparameter der Proxy-Komponente</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:sequence>
+							<xsd:element name="AuthComponent">
+								<xsd:annotation>
+									<xsd:documentation>enthält Parameter für die Kommunikation zw. Proxykomponente und Authenttisierungskomponente</xsd:documentation>
+								</xsd:annotation>
+								<xsd:complexType>
+									<xsd:sequence>
+										<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+											<xsd:annotation>
+												<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der Proxy-Komponente zur Auth-Komponente (vgl. AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
+											</xsd:annotation>
+										</xsd:element>
+									</xsd:sequence>
+								</xsd:complexType>
+							</xsd:element>
+						</xsd:sequence>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="OnlineApplication" maxOccurs="unbounded">
+					<xsd:annotation>
+						<xsd:documentation>enthält Parameter für die OA</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:complexContent>
+							<xsd:extension base="OnlineApplicationType">
+								<xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
+								<xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
+								<xsd:attribute name="type" use="optional" default="publicService">
+									<xsd:simpleType>
+										<xsd:restriction base="xsd:NMTOKEN">
+											<xsd:enumeration value="businessService"/>
+											<xsd:enumeration value="publicService"/>
+										</xsd:restriction>
+									</xsd:simpleType>
+								</xsd:attribute>
+								<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
+								<xsd:attribute name="friendlyName" type="xsd:string" use="optional"/>
+							</xsd:extension>
+						</xsd:complexContent>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="ChainingModes" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>spezifiziert den Algorithmus (&quot;pkix&quot; oder &quot;chaining&quot;) für die Zertifikatspfadvalidierung</xsd:documentation>
+					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:sequence minOccurs="0" maxOccurs="unbounded">
+							<xsd:element name="TrustAnchor">
+								<xsd:annotation>
+									<xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann für jeden TrustAnchor gesetzt werden</xsd:documentation>
+								</xsd:annotation>
+								<xsd:complexType>
+									<xsd:complexContent>
+										<xsd:extension base="dsig:X509IssuerSerialType">
+											<xsd:attribute name="mode" type="ChainingModeType" use="required"/>
+										</xsd:extension>
+									</xsd:complexContent>
+								</xsd:complexType>
+							</xsd:element>
+						</xsd:sequence>
+						<xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
+					<xsd:annotation>
+						<xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+				<xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
+					<xsd:complexType>
+						<xsd:attribute name="name" use="required">
+							<xsd:simpleType>
+								<xsd:restriction base="xsd:string">
+									<xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
+									<xsd:enumeration value="AuthenticationSession.TimeOut"/>
+									<xsd:enumeration value="AuthenticationData.TimeOut"/>
+									<xsd:enumeration value="TrustManager.RevocationChecking"/>
+									<xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
+									<xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
+									<xsd:enumeration value="AuthenticationServer.KeepAssertion"/>
+									<xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/>
+									<xsd:enumeration value="AuthenticationServer.SourceID"/>
+								</xsd:restriction>
+							</xsd:simpleType>
+						</xsd:attribute>
+						<xsd:attribute name="value" type="xsd:string" use="required"/>
+					</xsd:complexType>
+				</xsd:element>
+				<xsd:element name="TrustedBKUs" minOccurs="0">
+					<xsd:complexType>
+						<xsd:sequence>
+							<xsd:element name="BKUURL" maxOccurs="unbounded" type="xsd:anyURI"/>
+						</xsd:sequence>
+					</xsd:complexType>
+				</xsd:element>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="AuthComponentType">
+		<xsd:sequence>
+			<xsd:element name="BKUSelection" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
+					</xsd:sequence>
+					<xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+			<xsd:element name="SecurityLayer">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter für die Kommunikation mit dem Security-Layer</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="MOA-SP">
+				<xsd:annotation>
+					<xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA SP Modul</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die SOAP-Verbindung von der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server; wird das Schema &quot;https&quot; verwendet müssen die Kind-Elemente angegeben werden; wird das Schema &quot;http&quot; verwendet dürfen keine Kind-Elemente angegeben werden; wird das Element nicht verwendet dann wird MOA-SP über das API aufgerufen</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+						<xsd:element name="VerifyIdentityLink">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die Überprüfung der Personenbindung</xsd:documentation>
+							</xsd:annotation>
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="TrustProfileID"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="VerifyAuthBlock">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter für die Überprüfung des AUTH-Blocks</xsd:documentation>
+							</xsd:annotation>
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="TrustProfileID"/>
+									<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="IdentityLinkSigners" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Informationen über akzeptierte Signers des IdentityLinks</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
+							<xsd:annotation>
+								<xsd:documentation>akzeptierte Signer des IdentityLinks werden per X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="ForeignIdentities" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+							<xsd:annotation>
+								<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="TransformsInfoType">
+		<xsd:annotation>
+			<xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks inkludiert</xsd:documentation>
+		</xsd:annotation>
+		<xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="TemplatesType">
+		<xsd:sequence>
+			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
+			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>
+			<xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="TemplateType">
+		<xsd:annotation>
+			<xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
+		</xsd:annotation>
+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="VerifyInfoboxesType">
+		<xsd:annotation>
+			<xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="DefaultTrustProfile" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="TrustProfileID"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="Infobox" type="InfoboxType" minOccurs="0" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="InfoboxType">
+		<xsd:annotation>
+			<xsd:documentation>Parameter zur Überprüfung einzelner Infoboxen</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll; z.B.: &quot;Stellvertretungen&quot; für &quot;Mandates&quot;; fehlt dieser Parameter, dann wird das Identifier-Attribut verwendet</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>TrustProfil, das für die Überprüfung der Infobox verwendet werden soll</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Validatorklasse, die für die Prüfung der Infobox verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname vom Default Package- und Klassennamen abweichen</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
+			<xsd:element name="ApplicationSpecificParameters" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation übergeben werden</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ParepSpecificParameters" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Infobox spezifische Parameter, die der Prüfapplikation für berufliche Parteienvertretung übergeben werden. Dies ist logisch Teil der ApplicationSpecificParameters, kann jedoch aufgrund der Strukturierung validierend geparst werden und dadurch wird eine funktionierende Konfiguration bei Programmstart garantiert.</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="EnableInfoboxValidator" minOccurs="0">
+							<xsd:annotation>
+								<xsd:documentation>Falls Infoboxinhalte für die berufliche Parteienvertretung in der Vollmachten Infobox &quot;mandates&quot; abgelegt werden und Vertretung für berufliche Parteienvertreter aktiviert ist, so kann mit diesem Schalter die Vollmachtsprüfung für normale Vollmachten deaktiviert werden. Damit wird erreicht, dass mittels der Vollmachten Infobox ausschließlich berufliche Parteienvertretung aktiviert ist. Dieser Schalter ist nur für die Vollmachten Infobox &quot;mandates&quot; relevant.</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+						<xsd:element name="PartyRepresentation" type="PartyRepresentationType">
+							<xsd:annotation>
+								<xsd:documentation>Eigentlicher Konfigurationsteil für berufliche Parteienvertretung</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+		<xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
+		<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+		<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+	</xsd:complexType>
+	<xsd:complexType name="SchemaLocationType">
+		<xsd:annotation>
+			<xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="Schema" maxOccurs="unbounded">
+				<xsd:complexType>
+					<xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
+					<xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ProxyComponentType"/>
+	<xsd:complexType name="OnlineApplicationType">
+		<xsd:sequence>
+			<xsd:element name="AuthComponent" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter über die OA, die die Authentisierungs-Komponente betreffen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<!--xsd:element name="IdentificationNumber" minOccurs="0">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element ref="pr:AbstractSimpleIdentification"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element-->
+						<xsd:element name="IdentificationNumber" minOccurs="0">
+							<xsd:complexType>
+								<xsd:choice>
+									<xsd:element ref="pr:Firmenbuchnummer"/>
+									<xsd:element ref="pr:ZMRzahl"/>
+									<xsd:element ref="pr:Vereinsnummer"/>
+									<xsd:element ref="pr:ERJPZahl"/>
+									<xsd:element name="AnyNumber">
+										<xsd:complexType>
+											<xsd:simpleContent>
+												<xsd:extension base="xsd:string">
+													<xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+												</xsd:extension>
+											</xsd:simpleContent>
+										</xsd:complexType>
+									</xsd:element>
+								</xsd:choice>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
+						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
+					</xsd:sequence>
+					<xsd:attribute name="slVersion" use="optional" default="1.1">
+						<xsd:simpleType>
+							<xsd:restriction base="xsd:string">
+								<xsd:enumeration value="1.1"/>
+								<xsd:enumeration value="1.2"/>
+							</xsd:restriction>
+						</xsd:simpleType>
+					</xsd:attribute>
+					<xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
+					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ProxyComponent" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+							<xsd:annotation>
+								<xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente betreffen</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
+					<xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
+					<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
+					<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
+					<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
+				</xsd:complexType>
+			</xsd:element>
+			<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ConnectionParameterServerAuthType">
+		<xsd:sequence>
+			<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:complexType name="ConnectionParameterClientAuthType">
+		<xsd:complexContent>
+			<xsd:extension base="ConnectionParameterServerAuthType">
+				<xsd:sequence>
+					<xsd:element name="ClientKeyStore" minOccurs="0">
+						<xsd:annotation>
+							<xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für die TLS-Client-Authentisierung verwendet wird, enthält</xsd:documentation>
+						</xsd:annotation>
+						<xsd:complexType>
+							<xsd:simpleContent>
+								<xsd:extension base="xsd:anyURI">
+									<xsd:attribute name="password" type="xsd:string" use="optional"/>
+								</xsd:extension>
+							</xsd:simpleContent>
+						</xsd:complexType>
+					</xsd:element>
+				</xsd:sequence>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:element name="TrustProfileID" type="xsd:string"/>
+	<xsd:simpleType name="ChainingModeType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="chaining"/>
+			<xsd:enumeration value="pkix"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="BKUSelectionType">
+		<xsd:restriction base="xsd:token">
+			<xsd:enumeration value="HTMLComplete"/>
+			<xsd:enumeration value="HTMLSelect"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:element name="CompatibilityMode" default="false">
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:element name="EnableInfoboxValidator" default="true">
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:element name="AlwaysShowForm" default="false">
+		<xsd:annotation>
+			<xsd:documentation>Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
+		</xsd:annotation>
+		<xsd:simpleType>
+			<xsd:restriction base="xsd:boolean"/>
+		</xsd:simpleType>
+	</xsd:element>
+	<xsd:complexType name="InputProcessorType">
+		<xsd:simpleContent>
+			<xsd:extension base="xsd:string">
+				<xsd:attribute name="template" type="xsd:anyURI" use="optional">
+					<xsd:annotation>
+						<xsd:documentation>Das Attribut spezifiziert die Lage des Templates, welches der InputProcessor zur Darstellung des Eingabeformulars nutzen soll</xsd:documentation>
+					</xsd:annotation>
+				</xsd:attribute>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:complexType name="PartyRepresentationType">
+		<xsd:sequence>
+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default InputProcessor. Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="AlwaysShowForm" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default Wert für Formularanzeige. Soll nicht nur bei leerer oder standardisierter Vollmacht mit unvollständigen Daten, sondern beispielsweise zu Kontrollzwecken das Eingabeformular zur vervollständigung der Vertretenendaten immer angezeigt werden, wenn ein Einschreiten durch berufliche Parteienvertretung geschieht so kann dies mittels dieses Schalters veranlasst werden</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (für den EGIZ-Demonstrator im internen Netzwerk: https://129.27.142.5:8443/szr-gateway/services/MandateCreation)</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Falls keine speziellen beruflichen ParteienvertreterInnen definiert sind (Element kommt nicht vor), werden ausschließlich standardisierte Vollmachten mit einer MandateID=&quot;*&quot; akzeptiert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="PartyRepresentativeType">
+		<xsd:sequence>
+			<xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Konfiguration eines vom Standardprozess abweichenden Verarbeitungsvorgangs bei der beruflichen Parteienvertretung. Der Wert dieses Elements ist der vollständige Klassenname des InputProzessors</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="AlwaysShowForm" minOccurs="0"/>
+			<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+				<xsd:annotation>
+					<xsd:documentation>Optionale Verbindungsparameter zu speziellem (SZR-)Gateway</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="oid" use="required">
+			<xsd:annotation>
+				<xsd:documentation>OID der Parteienvertretung lt. &quot;Object Identifier der öffentlichen Verwaltung&quot; - Konvention, Empfehlung. Diese ID muss mit der MandateID der übermittelten standardisierten Vollmacht übereinstimmen. Eine Parteienvertretung für standardisierte Vollmachten mit der MandateID &quot;*&quot; muss nicht definiert werden und erlaubt eine allgemeine berufliche Parteienvertretung mit Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels dieses Attributs zu definieren</xsd:documentation>
+			</xsd:annotation>
+			<!--xsd:simpleType>
+				<xsd:restriction/>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="1.2.40.0.10.3.1"/>
+					<xsd:enumeration value="1.2.40.0.10.3.2"/>
+					<xsd:enumeration value="1.2.40.0.10.3.3"/>
+					<xsd:enumeration value="1.2.40.0.10.3.10"/>
+					<xsd:enumeration value="1.2.40.0.10.3.10.IdentifiedVoiceChannel"/>
+				</xsd:restriction>
+			</xsd:simpleType-->
+		</xsd:attribute>
+		<xsd:attribute name="representPhysicalParty" use="optional" default="false">
+			<xsd:annotation>
+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für natürliche Personen erlaubt ist</xsd:documentation>
+			</xsd:annotation>
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:boolean"/>
+			</xsd:simpleType>
+		</xsd:attribute>
+		<xsd:attribute name="representCorporateParty" use="optional" default="false">
+			<xsd:annotation>
+				<xsd:documentation>Legt fest, ob berufliche Parteienvertretung für juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht vertreten darf und dieser Wert aus diesem Grund dort false sein muss)</xsd:documentation>
+			</xsd:annotation>
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:boolean"/>
+			</xsd:simpleType>
+		</xsd:attribute>
+		<xsd:attribute name="representationText" use="optional">
+			<xsd:annotation>
+				<xsd:documentation>Beschreibender Text, der an Stelle des Standardtexts bei der Signatur der Anmeldedaten im Falle einer vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt wird</xsd:documentation>
+			</xsd:annotation>
+			<!--xsd:simpleType>
+				<xsd:restriction/>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
+					<xsd:enumeration value="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)"/>
+					<xsd:enumeration value="Organwalter"/>
+					<xsd:enumeration value="Parteienvertreter(in) über einen identifizierten Sprachkanal"/>
+				</xsd:restriction>
+			</xsd:simpleType-->
+		</xsd:attribute>
+	</xsd:complexType>
+</xsd:schema>
diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm
index 9668dd908..4268565c0 100644
--- a/id/server/doc/moa_id/id-admin_2.htm
+++ b/id/server/doc/moa_id/id-admin_2.htm
@@ -87,6 +87,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
 <a href="#ChainingModes">ChainingModes</a><br />
 <a href="#TrustedCACertificates">TrustedCACertificates</a><br />
 <a href="#GenericConfiguration">GenericConfiguration</a><br />
+<a href="#TrustedBKUs">TrustedBKUs</a><br />
 <br />
 <a href="#oa-config"><b>Konfiguration<br />der Online-Applikation</b></a><br />
 <br />
@@ -121,10 +122,10 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
           <p id="subtitel">Konfiguration von MOA ID v.1.5</p>
           <p id="block"> Die Konfiguration von MOA ID wird mittels einer XML-basierten
             Konfigurationsdatei, die dem Schema
-            <a href="../MOA-ID-Configuration-1.4.7.xsd" target="_new">MOA-ID-Configuration-1.4.7.xsd</a> entspricht, durchgef&uuml;hrt.
+            <a href="../MOA-ID-Configuration-1.5.0.xsd" target="_new">MOA-ID-Configuration-1.5.0.xsd</a> entspricht, durchgef&uuml;hrt.
         <p /> Der Ort der Konfigurationsdatei wird im Abschnitt <a href="id-admin_1.htm#deployment">Deployment
             der Web-Applikation in Tomcat</a> beschrieben.
-          <p /> Die folgenden Abschnitte erl&auml;utern das Format der Konfigurationsdatei.
+          <p /> @TODO Die folgenden Abschnitte erl&auml;utern das Format der Konfigurationsdatei.
             <a href="examples/conf/MOA-ID-Configuration.xml" target="_new">MOA-ID-Configuration.xml</a>
             zeigt ein Beispiel f&uuml;r eine umfassende Konfigurationsdatei. </p>
           <p>Enth&auml;lt die Konfigurationsdatei relative Pfadangaben, werden
@@ -1154,6 +1155,13 @@ Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;nd
                                       </tr>
                                     </table>
                                   </div>
+                                                                    <div id="TrustedBKUs" />
+                                    <p id="block"> <b>TrustedBKUs</b><br />
+                                      Das Element <tt>TrustedBKUs</tt>
+                                      erm&ouml;glicht das Setzen von vertrauensw&uuml;rdigen B&uuml;rgerkartenumgebungen.
+                                      In den <tt>BKUURL</tt> Unterelement werden die vertrauensw&uuml;rdigen URLs eingetragen. Diese Liste an URL wird mit dem Parameter bkuURI abgeglichen. Lokale B&uuml;rgerkartenumgebungn m&uuml;ssen nicht eingetragen werden - diesen wird automatisch vertraut.
+</p>
+</div>
                                 </div>
                               </div>
                             </div>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 6849b92a4..6553182b4 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -126,6 +126,11 @@
 			<artifactId>mandate-validate</artifactId>
 			<version>1.1</version>
 		</dependency>
+		<dependency>
+    	  <groupId>commons-lang</groupId>
+	      <artifactId>commons-lang</artifactId>
+	      <version>2.6</version>
+    	</dependency>
 	</dependencies>
 
 	<build>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 8de82a8d6..64eaf30cd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -800,9 +800,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     OAAuthParameter oaParam = 
       authConfigurationProvider.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
     VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters();
+    session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML Attributes
+    session.setExtendedSAMLAttributesOA(new Vector());
+    
     if (verifyInfoboxParameters != null) {
-      session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML Attributes
-      session.setExtendedSAMLAttributesOA(new Vector());
+      
       infoboxParameters = verifyInfoboxParameters.getInfoboxParameters();     
       // get the list of infobox identifiers
       List identifiers = verifyInfoboxParameters.getIdentifiers();
@@ -1556,7 +1558,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
    *             already for the given session ID
    */
   private static AuthenticationSession newSession() throws AuthenticationException {
-    String sessionID = Random.nextRandom();
+    String sessionID = Random.nextRandom();    
     AuthenticationSession newSession = new AuthenticationSession(sessionID);
     synchronized (sessionStore) {
       AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 0e361ee57..259b21db7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -28,6 +28,8 @@ public interface MOAIDAuthConstants {
 
   /** servlet parameter &quot;Target&quot; */
   public static final String PARAM_TARGET = "Target";
+  /** servlet parameter &quot;useMandate&quot; */
+  public static final String PARAM_USEMANDATE = "useMandate";
   /** servlet parameter &quot;OA&quot; */
   public static final String PARAM_OA = "OA";
   /** servlet parameter &quot;bkuURI&quot; */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index bff0a3fca..109d17d11 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -53,7 +53,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
 
 
   /**
-   * Handles an error. <br>
+   * Handles an error. <br>>
    * <ul>
    * <li>Logs the error</li>
    * <li>Places error message and exception thrown into the request 
@@ -89,7 +89,13 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
 		//forward this to errorpage-auth.jsp where the HTML error page is generated
 		ServletContext context = getServletContext();
 		RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
-		try {
+		try		{
+			
+			 resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+				resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+				resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+				resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+			
       dispatcher.forward(req, resp);
     } catch (ServletException e) {
       Logger.error(e);
@@ -111,6 +117,11 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
     ServletContext context = getServletContext();
     RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
     try {
+    	resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+		
       dispatcher.forward(req, resp);
     } catch (ServletException e) {
       Logger.error(e);
@@ -123,7 +134,6 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
    * Logs all servlet parameters for debugging purposes.
    */
   protected void logParameters(HttpServletRequest req) {
-   //@TODO Parameter?
     for (Enumeration params = req.getParameterNames(); params.hasMoreElements(); ) {
       String parname = (String)params.nextElement();
       Logger.debug("Parameter " + parname + req.getParameter(parname));    
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
index be8b5e272..a9082dd8e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
@@ -26,6 +26,7 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
 import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
@@ -48,6 +49,12 @@ public class ConfigurationServlet extends HttpServlet {
   public void doGet(HttpServletRequest request, HttpServletResponse response)
     throws ServletException, IOException {
 
+	  	  
+	  response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+	  response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+	  response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+	  response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+	  
     MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance();
 
     try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index 23d4eab20..c83650587 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -12,11 +12,13 @@ import javax.servlet.http.HttpServletResponse;
 import javax.xml.transform.TransformerException;
 
 import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -61,7 +63,12 @@ public class GetForeignIDServlet extends AuthServlet {
     throws ServletException, IOException { 
     	
 		Logger.debug("GET GetForeignIDServlet");
-		
+
+		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
 		
   }
 
@@ -87,6 +94,11 @@ public class GetForeignIDServlet extends AuthServlet {
 
 		Logger.debug("POST GetForeignIDServlet");
 		
+		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+		
 		Map parameters;
 	    try 
 	    {
@@ -97,16 +109,24 @@ public class GetForeignIDServlet extends AuthServlet {
 	      throw new IOException(e.getMessage());
 	     	}
 	    String sessionID = req.getParameter(PARAM_SESSIONID);
+	    
+	    // escape parameter strings
+	    sessionID = StringEscapeUtils.escapeHtml(sessionID);
+	    
 	    String redirectURL = null;
 	    AuthenticationSession session = null;
 	    try {
+	    	String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
+	    	
           // check parameter
           if (!ParamValidatorUtils.isValidSessionID(sessionID))
              throw new WrongParametersException("GetForeignID", PARAM_SESSIONID, "auth.12");
+          if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse))
+              throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12");
 
 	    	session = AuthenticationServer.getSession(sessionID);
 	    	
-	    	String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
+	    	
 	    	
 	    	Logger.debug(xmlCreateXMLSignatureResponse);
 	    	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
index 317af3e06..54d08c59e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
@@ -24,10 +24,13 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
 
 import at.gv.egovernment.moa.id.AuthenticationException;
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.builder.GetVerifyAuthBlockFormBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -36,6 +39,7 @@ import at.gv.egovernment.moa.id.auth.validator.ValidateException;
 import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.FileUtils;
 
@@ -66,7 +70,12 @@ public class ProcessValidatorInputServlet extends AuthServlet {
   protected void doGet(HttpServletRequest req, HttpServletResponse resp)
     throws ServletException, IOException { 
 
-    Logger.debug("GET ProcessInput");
+    Logger.debug("GET ProcessInput");
+    resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+	resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+	resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+	resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+	  
     Map parameters;
     try {
       parameters = getParameters(req);
@@ -78,8 +87,15 @@ public class ProcessValidatorInputServlet extends AuthServlet {
     if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
     if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
     if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_");
+    
+    // escape parameter strings
+    sessionID = StringEscapeUtils.escapeHtml(sessionID);
     
-    try {
+    try {
+    	
+    	if (!ParamValidatorUtils.isValidSessionID(sessionID))
+            throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12");
+    	
       AuthenticationSession session = AuthenticationServer.getSession(sessionID);
       InfoboxValidator infoboxvalidator = session.getFirstPendingValidator();
       String outputStream;
@@ -103,7 +119,10 @@ public class ProcessValidatorInputServlet extends AuthServlet {
       out.flush();
       out.close();
       Logger.debug("Finished GET ProcessInput");
-    }
+    }
+    catch (WrongParametersException ex) {
+        handleWrongParameters(ex, req, resp);
+      }
     catch (MOAIDException ex) {
       handleError(null, ex, req, resp);
     }
@@ -117,7 +136,13 @@ public class ProcessValidatorInputServlet extends AuthServlet {
   protected void doPost(HttpServletRequest req, HttpServletResponse resp)
     throws ServletException, IOException {
 
-		Logger.debug("POST ProcessInput");
+		Logger.debug("POST ProcessInput");
+		
+		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+		
     Map parameters;
     try {
       parameters = getParameters(req);
@@ -125,13 +150,20 @@ public class ProcessValidatorInputServlet extends AuthServlet {
       Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
       throw new IOException(e.getMessage());
     }
-  //@TODO Parameter
+
     String sessionID = req.getParameter(PARAM_SESSIONID);
     if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
     if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
     if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_");
+        
+    // escape parameter strings
+    sessionID = StringEscapeUtils.escapeHtml(sessionID);
     
-    try {
+    try {
+    	
+    	if (!ParamValidatorUtils.isValidSessionID(sessionID))
+            throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12");
+		    
       AuthenticationSession session = AuthenticationServer.getSession(sessionID);
       AuthenticationServer.processInput(session, parameters);
       String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
@@ -143,16 +175,22 @@ public class ProcessValidatorInputServlet extends AuthServlet {
         String htmlForm = null;
         
         boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed 
-      //@TODO Parameter
+
         String inputProcessorSignForm = req.getParameter("Sign_Form");
         if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");
         if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");
-        if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_");
+        if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_");
+        // escape parameter strings
+        inputProcessorSignForm = StringEscapeUtils.escapeHtml(inputProcessorSignForm);
         if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");
         if (doInputProcessorSign) {
           // Test if we have a user input form sign template
-         //@TODO Parameter
-          String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
+         
+          String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
+          
+          if (!ParamValidatorUtils.isValidSignUrl(inputProcessorSignTemplateURL))
+              throw new WrongParametersException("ProcessInput", PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE, "auth.12");
+          
           String inputProcessorSignTemplate = null;
           OAAuthParameter oaParam =
             AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
@@ -199,7 +237,10 @@ public class ProcessValidatorInputServlet extends AuthServlet {
         resp.addHeader("Location", redirectURL);
         Logger.debug("REDIRECT TO: " + redirectURL);
       }
-    }
+    }
+    catch (WrongParametersException ex) {
+        handleWrongParameters(ex, req, resp);
+      }
     catch (MOAIDException ex) {
       handleError(null, ex, req, resp);
     }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
index 09b3ae15f..6e285a2c0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
@@ -24,7 +24,10 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang.StringEscapeUtils;
+
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -70,6 +73,12 @@ public class SelectBKUServlet extends AuthServlet {
     throws ServletException, IOException {
 
     Logger.debug("GET SelectBKU");
+    
+    resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+    resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+	resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+	resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+    
     String authURL = req.getScheme() + "://" + req.getServerName();
     if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { 
       authURL = authURL.concat(":" + req.getServerPort());
@@ -80,6 +89,14 @@ public class SelectBKUServlet extends AuthServlet {
     String oaURL = req.getParameter(PARAM_OA);
     String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE);
     String templateURL = req.getParameter(PARAM_TEMPLATE);
+    
+    // escape parameter strings
+    target = StringEscapeUtils.escapeHtml(target);
+    oaURL = StringEscapeUtils.escapeHtml(oaURL);    
+    templateURL = StringEscapeUtils.escapeHtml(templateURL);
+    bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL);
+    
+    
     resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
     resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
     resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
@@ -89,11 +106,13 @@ public class SelectBKUServlet extends AuthServlet {
        
        // check parameter
        if (!ParamValidatorUtils.isValidTarget(target))
-          throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+          throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12");
        if (!ParamValidatorUtils.isValidOA(oaURL))
-          throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
-       if (!ParamValidatorUtils.isValidTemplate(templateURL))
-          throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+          throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12");
+       if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
+          throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
+       if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL))
+           throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
 
        
       String returnValue = AuthenticationServer.getInstance().selectBKU(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index 2430095b2..10b4041df 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -17,12 +17,16 @@ package at.gv.egovernment.moa.id.auth.servlet;
 
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.io.Reader;
+import java.io.StringReader;
 
 import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang.StringEscapeUtils;
+
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
@@ -64,16 +68,27 @@ public class StartAuthenticationServlet extends AuthServlet {
     authURL = authURL.concat(req.getContextPath() + "/");
 
     String target = req.getParameter(PARAM_TARGET);
-	 String oaURL = req.getParameter(PARAM_OA);
+    String oaURL = req.getParameter(PARAM_OA);
     String bkuURL = req.getParameter(PARAM_BKU);
     String templateURL = req.getParameter(PARAM_TEMPLATE);
     String sessionID = req.getParameter(PARAM_SESSIONID);
+    String useMandate = req.getParameter(PARAM_USEMANDATE);
+    
     
+    // escape parameter strings
+    target = StringEscapeUtils.escapeHtml(target);
+    oaURL = StringEscapeUtils.escapeHtml(oaURL);
+    bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
+    templateURL = StringEscapeUtils.escapeHtml(templateURL);
+    sessionID = StringEscapeUtils.escapeHtml(sessionID);
+    useMandate = StringEscapeUtils.escapeHtml(useMandate);
+       
     resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
     resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
     resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
     resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
     
+    //System.out.println("useMandate: " + useMandate);
     
     	try {
 		      // check parameter
@@ -83,10 +98,14 @@ public class StartAuthenticationServlet extends AuthServlet {
              throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
 		    if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
 		       throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
-		    if (!ParamValidatorUtils.isValidTemplate(templateURL))
+		    if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
 		       throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
 		    if (!ParamValidatorUtils.isValidSessionID(sessionID))
              throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
+		    if (!ParamValidatorUtils.isValidUseMandate(useMandate))
+	             throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+		    
+		    
 		    
 		    
 			String getIdentityLinkForm =
@@ -97,6 +116,7 @@ public class StartAuthenticationServlet extends AuthServlet {
 			out.print(getIdentityLinkForm);
 			out.flush();
 			Logger.debug("Finished GET StartAuthentication");
+		
 		}
     catch (WrongParametersException ex) {
       handleWrongParameters(ex, req, resp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 8ae951dda..ad01de6c8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -23,9 +23,11 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
 
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -60,6 +62,12 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
     throws ServletException, IOException { 
     
 		Logger.debug("GET VerifyAuthenticationBlock");
+		
+		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+		
   }
 
   /**
@@ -87,6 +95,12 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
     throws ServletException, IOException {
 
 		Logger.debug("POST VerifyAuthenticationBlock");
+		
+		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+		  
     Map parameters;
     try 
     {
@@ -98,11 +112,17 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
     }
 		String sessionID = req.getParameter(PARAM_SESSIONID);
 		String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
+
+		// escape parameter strings
+		sessionID = StringEscapeUtils.escapeHtml(sessionID);
+
 		String redirectURL = null;
 		try {
          // check parameter
          if (!ParamValidatorUtils.isValidSessionID(sessionID))
             throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+         if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse))
+            throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
 
          
 			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index 1b96ce8a4..76c5476ae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -17,12 +17,14 @@ import javax.xml.parsers.ParserConfigurationException;
 
 import org.apache.axis.encoding.Base64;
 import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Text;
 
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -64,7 +66,10 @@ public class VerifyCertificateServlet extends AuthServlet {
     	
 		Logger.debug("GET VerifyCertificateServlet");
 		
-		
+		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
   }
 
   /**
@@ -84,6 +89,11 @@ public class VerifyCertificateServlet extends AuthServlet {
 
 		Logger.debug("POST VerifyCertificateServlet");
 		
+		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+		
 		Map parameters;
 	    try 
 	    {
@@ -94,6 +104,10 @@ public class VerifyCertificateServlet extends AuthServlet {
 	      throw new IOException(e.getMessage());
 	     	}
 	    String sessionID = req.getParameter(PARAM_SESSIONID);
+	    
+	    // escape parameter strings
+		sessionID = StringEscapeUtils.escapeHtml(sessionID);
+		
 	    AuthenticationSession session = null;
 	    try {
 	       // check parameter
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index ba3e2141b..dff366829 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -23,10 +23,12 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
 
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.ParseException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
@@ -61,6 +63,11 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
     throws ServletException, IOException { 
     	
 		Logger.debug("GET VerifyIdentityLink");
+		
+		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
   }
 
   /**
@@ -85,6 +92,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
     throws ServletException, IOException {
 
 		Logger.debug("POST VerifyIdentityLink");
+		  
     Map parameters;
     try 
     {
@@ -95,10 +103,16 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
       throw new IOException(e.getMessage());
     }
     String sessionID = req.getParameter(PARAM_SESSIONID);
-    
-    
 
+    // escape parameter strings
+	sessionID = StringEscapeUtils.escapeHtml(sessionID);
     
+    resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+	resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+	resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+	resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+	
     try {
     // check parameter
        if (!ParamValidatorUtils.isValidSessionID(sessionID))
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index 7cc33ca52..dbfbda535 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -161,6 +161,10 @@ public class ConfigurationBuilder {
   protected static final String GENERIC_CONFIGURATION_XPATH =
     ROOT + CONF + "GenericConfiguration";
   
+  /** an XPATH-Expression */ 
+  protected static final String TRUSTED_BKUS =
+    ROOT + CONF + "TrustedBKUs/" + CONF + "BKUURL";
+  
   /** an XPATH-Expression */ 
   protected static final String CHAINING_MODES_XPATH =
     ROOT + CONF + "ChainingModes";
@@ -372,6 +376,22 @@ public class ConfigurationBuilder {
     return result;
   }
 
+  public List getTrustedBKUs() {
+	  
+	  List trustedBKUs = new ArrayList();
+	    
+	      NodeIterator bkuIter = XPathUtils.selectNodeIterator(configElem_, TRUSTED_BKUS);
+	      
+	      Element vtElem;
+
+	      while ((vtElem = (Element) bkuIter.nextNode()) != null) {
+		      	String bkuURL = DOMUtils.getText(vtElem);
+		      	trustedBKUs.add(bkuURL);
+	      }
+	      
+	      return trustedBKUs;
+	  
+  }
 
   /**
    * Returns a list containing all X509 Subject Names 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index a25bc1af5..6e296b4f4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -164,6 +164,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
    */
   private ConnectionParameter foreignIDConnectionParameter;
   
+  /**
+   * Parameter for trusted BKUs
+   */
+  private List trustedBKUs;
+  
  /**
    * Return the single instance of configuration data.
    * 
@@ -271,7 +276,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
     	defaultChainingMode = builder.getDefaultChainingMode();
     	chainingModes = builder.buildChainingModes();  
     	trustedCACertificates = builder.getTrustedCACertificates();
-    	trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);     
+    	trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);
+    	trustedBKUs = builder.getTrustedBKUs();
 
     } catch (Throwable t) {
       throw new ConfigurationException("config.02", null, t);
@@ -411,6 +417,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
   public List getIdentityLinkX509SubjectNames() {
     return identityLinkX509SubjectNames;
   }
+  
+  /**
+   * Returns the trustBKUs.
+   * @return List
+   */
+  public List getTrustedBKUs() {
+    return this.trustedBKUs;
+  }
+
 
   /**
    * Returns the bKUConnectionParameter.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 684291c59..79db9907b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -1,14 +1,25 @@
 package at.gv.egovernment.moa.id.util;
 
-import java.io.BufferedReader;
 import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
+import java.io.StringReader;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
 
 public class ParamValidatorUtils {
    
@@ -19,52 +30,266 @@ public class ParamValidatorUtils {
     */
    public static boolean isValidTarget(String target) {
    
+	   Logger.debug("Überprüfe Parameter Target");
+	   
       // if non parameter is given return true
-      if (target == null)
-         return true;
+      if (target == null) {
+    	  Logger.debug("Parameter Target ist null");
+    	  return true;
+      }
+         
       
       Pattern pattern = Pattern.compile("[a-zA-Z-]{1,5}");
       Matcher matcher = pattern.matcher(target);
-      return matcher.matches();     
+      boolean b = matcher.matches();
+      if (b) {
+    	Logger.debug("Parameter Target erfolgreich überprüft");
+    	return true;
+      }
+      else {
+    	  Logger.error("Fehler Überprüfung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)");
+    	  return false;  
+      }
+            
    }
    
    /**
-    * Checks if the given bkuURI is valid
+    * Checks if the given useMandate is valid
     * @param target HTTP parameter from request
     * @return 
     */
-   public static boolean isValidBKUURI(String bkuURI) {
+   public static boolean isValidUseMandate(String usemandate) {
    
+	   Logger.debug("Überprüfe Parameter useMandate");
+	   
       // if non parameter is given return true
-      if (bkuURI == null)
-         return true;
+      if (usemandate== null) {
+    	  Logger.debug("Parameter useMandate ist null");
+    	  return true;
+      }
+         
       
-      // check if bkuURI is a valid URL
-      try {
-         new URL(bkuURI);
-         return true;
-      } catch (MalformedURLException e) {
-         return false;
+      if (usemandate.compareToIgnoreCase("true") == 0 || usemandate.compareToIgnoreCase("false") == 0) {
+    	  Logger.debug("Parameter useMandate erfolgreich überprüft");
+    	  return true;
       }
+      else {
+    	  Logger.error("Fehler Überprüfung Parameter useMandate. useMandate ist weder 'true' noch 'false')");
+    	  return false;
+      }
+    	  
+      
+    	  
+    	
+            
    }
    
    /**
-    * Checks if the given template is valid
+    * Checks if the given bkuURI is valid
     * @param target HTTP parameter from request
     * @return 
     */
-   public static boolean isValidTemplate(String template) {
+   public static boolean isValidBKUURI(String bkuURI) {
+	   Logger.debug("Überprüfe Parameter bkuURI");
+	   // if non parameter is given return true
+	      if (bkuURI == null) {
+	    	 Logger.debug("Parameter bkuURI ist null");
+	         return true;
+	      }
+	      
+	      // check if template is a valid URL
+	      try {	    	  
+	    	  // check if bku url starts with http or https 
+	    	  if (bkuURI.startsWith("http") || bkuURI.startsWith("https")) {
+	    		  URL url =new URL(bkuURI);
+	    		  
+	    		  // check if bkuURI is a local BKU
+	    		  if (bkuURI.compareToIgnoreCase("https://localhost:3496/https-security-layer-request") == 0 || 
+	    			  bkuURI.compareToIgnoreCase("http://localhost:3495/http-security-layer-request") == 0) {
+	    			  Logger.debug("Parameter bkuURI erfolgreich überprüft");
+	    			  return true;
+	    		  }
+	    		  else {
+	    			  Logger.debug("Parameter bkuURI ist keine lokale BKU. Überprüfe Liste der vertrauenswürdigen BKUs.");
+	    			  AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+		    		  List trustedBKUs = authConf.getTrustedBKUs();
+		    		  boolean b = trustedBKUs.contains(bkuURI);
+		    		  if (b) {
+		    			  Logger.debug("Parameter bkuURI erfolgreich überprüft");
+		    			  return true;
+		    		  }
+		    		  else {
+		    			  Logger.error("Fehler Überprüfung Parameter bkuURI. bkuURI ist nicht auf Liste der vertrauenswürdigen BKUs (Konfigurationselement: MOA-IDConfiguration/TrustedBKUs)");  
+		    			  return false;
+		    		  }  
+	    		  }
+	    		  
+	    			
+	    	  }
+	    	  else {
+	    		  Logger.error("Fehler Überprüfung Parameter bkuURI. bkuURI beginnt nicht mit http or https");
+	    		  return false;
+	    	  }
+	    	  
+	            
+	      } catch (MalformedURLException e) {
+	    	  Logger.error("Fehler Überprüfung Parameter bkuURI", e);
+	         return false;
+	      } catch (ConfigurationException e) {
+	    	  Logger.error("Fehler Überprüfung Parameter bkuURI", e);
+	    	  return false;
+		}
+   }
+   
+//   private static boolean testBKUConnection(URL url) {
+//	
+//	   // make NullOperationRequest
+//	   //String request = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sl:NullOperationRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\"/>";
+//	   String request = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sl:GetPropertiesRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\"/>";
+//	   	   
+//	   HttpURLConnection connection;
+//	   if (url != null) {
+//		   try {
+//			    if (url.toExternalForm().startsWith("https")) {
+//					connection = (HttpsURLConnection)url.openConnection();
+//				}
+//				else { 
+//					connection = (HttpURLConnection)url.openConnection();
+//				}
+//				
+//				connection.setRequestMethod("POST");
+//			    connection.setDoOutput(true);
+//			      
+//			    connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
+//			      
+//			    String toSend = URLEncoder.encode(request, "UTF-8");
+//			    toSend = "XMLRequest=" + toSend;
+//			    connection.setRequestProperty("Content-Length", String.valueOf(toSend.getBytes().length));
+//	
+//			    Logger.debug("Send NullOperationRequest to BKU.");
+//			    
+//			    OutputStream out = connection.getOutputStream();
+//			    out.write(toSend.getBytes());
+//			      
+//			    // get response
+//			    connection.connect();
+//			    int responseCode = connection.getResponseCode();
+//		      
+//			    if (responseCode != 200) {
+//			    	InputStream is = connection.getErrorStream();
+//			    	int ch;
+//			    	String ret = "";
+//			    	while ((ch = is.read()) != -1) 
+//			    		ret += (char)ch;
+//			    	
+//			    	is.close();
+//			    	
+//			    	System.out.println("ret: " + ret);
+//			    	
+//			    	Logger.error("Fehler Überprüfung Parameter bkuURI. Antwortcode von BKU ist nicht 200.");
+//			    	return false;
+//			    }
+//		      
+//			    DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();	
+//			    factory.setNamespaceAware(true);
+//			    DocumentBuilder builder = factory.newDocumentBuilder();
+//			    
+//			    //Document doc = builder.parse(connection.getInputStream());
+//			    
+//			    System.out.println(convertStreamToString(connection.getInputStream()));
+//			    
+////			    NodeList l = doc.getElementsByTagNameNS(Constants.SL12_NS_URI, "ErrorResponse");		    	
+////		    	if (l.getLength() != 0) {
+////		    		Logger.error("Fehler Überprüfung Parameter bkuURI. ErrorResponse von BKU empfangen.");
+////		    		return false;			    	
+////		    	}
+//		    	
+//		    	Logger.debug("Parameter Template bkuURI erfolgreich überprüft");
+//			    return true;
+//			    
+////		   } catch (SAXException e) {
+////				Logger.error("Fehler Überprüfung Parameter bkuURI.", e);
+////				return false;
+//			} catch (IOException e) {
+//				Logger.error("Fehler Überprüfung Parameter bkuURI.", e);
+//				return false;
+//			} catch (ParserConfigurationException e) {
+//				Logger.error("Fehler Überprüfung Parameter bkuURI.", e);
+//				return false;
+//			}
+//		}
+//	   else {
+//		   Logger.error("Fehler Überprüfung Parameter bkuURI. bkuURI ist null.");
+//		   return false;
+//	   }
+//		    
+//
+//   }
+   
+//   public static String convertStreamToString(InputStream is)  {
+//	   if (is != null) {
+//		   Writer writer = new StringWriter();
+//   
+//		   char[] buffer = new char[1024];
+//		   try {
+//			   Reader reader = new BufferedReader(new InputStreamReader(is, "UTF-8"));
+//			   int n;
+//			   while ((n = reader.read(buffer)) != -1) {
+//				   writer.write(buffer, 0, n);
+//			   }
+//		   } catch (IOException e) {			
+//			e.printStackTrace();
+//		} 
+//		   
+//		   	return writer.toString();
+//	   }	
+//	   else {       
+//		   return "";
+//	   }
+//   }
+   
+   /**
+    * Checks if the given template is valid
+    * @param req
+    * @param template
+    * @return
+    */
+   public static boolean isValidTemplate(HttpServletRequest req, String template) {
    
+	   Logger.debug("Überprüfe Parameter Template bzw. bkuSelectionTemplateURL");
+	   
       // if non parameter is given return true
-      if (template == null)
-         return true;
+      if (template == null) {
+    	  Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL ist null");
+    	  return true;
+      }
       
       // check if template is a valid URL
       try {
-         new URL(template);
-         return true;         
+    	  
+    	  // check if template url starts with http or https 
+    	  if (template.startsWith("http") || template.startsWith("https")) {
+    	
+    		  // check if template url is from same server
+    		  if (template.contains(req.getServerName())) {
+    			 new URL(template);
+    			 Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL erfolgreich überprüft");
+     	         return true;
+    		  }
+    		  else {
+    			  Logger.error("Fehler Überprüfung Parameter Template bzw. bkuSelectionTemplateURL. Parameter liegt nicht am gleichen Server wie die MOA-Instanz (" + req.getServerName() + ")");
+    			  return false;
+    		  }
+    		  
+    	  }
+    	  else {
+    		  Logger.error("Fehler Überprüfung Parameter Template bzw. bkuSelectionTemplateURL. Paramter beginnt nicht mit http oder https.");
+    		  return false;
+    	  }
+    	  
+            
       } catch (MalformedURLException e) {
-         e.printStackTrace();
+    	 Logger.error("Fehler Überprüfung Parameter Template bzw. bkuSelectionTemplateURL.", e);
          return false;
       }
    }
@@ -75,16 +300,31 @@ public class ParamValidatorUtils {
     * @return 
     */
    public static boolean isValidSessionID(String sessionID) {
-   
+	   Logger.debug("Überprüfe Parameter MOASessionId");
+	   
       // if non parameter is given return true
-      if (sessionID == null)
-         return true;
+      if (sessionID == null) {
+    	  Logger.debug("Parameter MOASessionId ist null");
+    	  return true; 
+      }
+         
 
       Pattern pattern = Pattern.compile("[0-9-]*");
       Matcher matcher = pattern.matcher(sessionID);
-      return matcher.matches();     
-
+      boolean b = matcher.matches();
+      if (b) {
+    	  Logger.debug("Parameter MOASessionId erfolgreich überprüft");
+    	  return true;
+      }
+      else {
+    	  Logger.error("Fehler Überprüfung Parameter MOASessionId. MOASessionId entspricht nicht den Kriterien (nur Zeichen 0-9 und -)");
+    	  return false;
+      }
 
+      
+  	  
+      
+      
    }
    
    /**
@@ -93,18 +333,68 @@ public class ParamValidatorUtils {
     * @return 
     */
    public static boolean isValidOA(String oa) {
+	   Logger.debug("Überprüfe Parameter oa");
+	   // if non parameter is given return true
+	   if (oa == null) {
+		   Logger.debug("Parameter oa ist null");
+		   return true;
+	   }
+	      
+      // check if template is a valid URL
+	   try {
+	    	  
+		   // check if template url starts with http or https 
+		   if (oa.startsWith("http") || oa.startsWith("https")) {
+			   new URL(oa);
+			   Logger.debug("Parameter oa erfolgreich überprüft");
+			   return true;	    		  
+	    	  }
+	    	  else  {
+	    		  Logger.error("Fehler Überprüfung Parameter oa. oa beginnt nicht mit http or https");
+	    		  return false;    	  
+	    	  }
+	            
+	      } catch (MalformedURLException e) {
+	    	  Logger.error("Fehler Überprüfung Parameter oa", e);
+	         return false;
+	      }
+	   
+   }
    
-      // if non parameter is given return true
-      if (oa == null)
-         return true;
-     
-      // check if oa is a valid URL
-      try {
-         new URL(oa);
-         return true;
-      } catch (MalformedURLException e) {
-         return false;
-      }
+   /**
+    * Checks if the given signurl is valid
+    * @param target HTTP parameter from request
+    * @return 
+    */
+   public static boolean isValidSignUrl(String signurl) {
+	   
+	   Logger.debug("Überprüfe Parameter signurl");
+   
+	   // if non parameter is given return true
+	   if (signurl == null) {
+		   Logger.debug("Parameter signurl ist null");
+		   return true;
+	   }
+	      
+      // check if template is a valid URL
+	   try {
+	    	  
+		   // check if signurl starts with http or https 
+		   if (signurl.startsWith("http") || signurl.startsWith("https")) {
+			   new URL(signurl);
+			   Logger.debug("Parameter signurl erfolgreich überprüft");
+			   return true;	    		  
+	    	  }
+	    	  else {
+	    		  Logger.error("Fehler Überprüfung Parameter signurl. signurl beginnt nicht mit http or https");
+	    		  return false;
+	    	  }	    	  
+	            
+	      } catch (MalformedURLException e) {
+	    	  Logger.error("Fehler Überprüfung Parameter signurl", e);
+	         return false;
+	      }
+	   
    }
    
    /**
@@ -115,44 +405,69 @@ public class ParamValidatorUtils {
     * @param data
     * @return
     */
-   private static boolean checkPlaceHolders(String data) {
-
-      boolean bku = data.contains("<BKU>");
-      boolean xmlrequest = data.contains("<XMLRequest>");
-      boolean dataurl = data.contains("<DataURL>");
-      boolean certinfoxmlrequest = data.contains("<CertInfoXMLRequest>");
-      boolean certinfodataurl = data.contains("<CertInfoDataURL>");
-      
-      System.out.println("Check Data: ");
-      System.out.println("bku: " + bku);
-      System.out.println("xmlrequest: " + xmlrequest);
-      System.out.println("dataurl: " + dataurl);
-      System.out.println("certinfoxmlrequest: " + certinfoxmlrequest);
-      System.out.println("certinfodataurl: " + certinfodataurl);
-
-      
-      //return bku && xmlrequest && dataurl && certinfoxmlrequest && certinfodataurl;
-      return true;
-      
-   }
+//   private static boolean checkPlaceHolders(String data) {
+//
+//      boolean bku = data.contains("<BKU>");
+//      boolean xmlrequest = data.contains("<XMLRequest>");
+//      boolean dataurl = data.contains("<DataURL>");
+//      boolean certinfoxmlrequest = data.contains("<CertInfoXMLRequest>");
+//      boolean certinfodataurl = data.contains("<CertInfoDataURL>");
+//      
+//      System.out.println("Check Data: ");
+//      System.out.println("bku: " + bku);
+//      System.out.println("xmlrequest: " + xmlrequest);
+//      System.out.println("dataurl: " + dataurl);
+//      System.out.println("certinfoxmlrequest: " + certinfoxmlrequest);
+//      System.out.println("certinfodataurl: " + certinfodataurl);
+//
+//      
+//      //return bku && xmlrequest && dataurl && certinfoxmlrequest && certinfodataurl;
+//      return true;
+//      
+//   }
    
 
-   /**
-    * Converts an input stream to a string
-    * @param is
-    * @return
-    * @throws Exception
-    */
-   private static String convertStreamToString(InputStream is) throws Exception {
-       BufferedReader reader = new BufferedReader(new InputStreamReader(is));
-       StringBuilder sb = new StringBuilder();
-       String line = null;
-       while ((line = reader.readLine()) != null) {
-         sb.append(line);
-       }
-       is.close();
-       return sb.toString();
-     }
+//   /**
+//    * Converts an input stream to a string
+//    * @param is
+//    * @return
+//    * @throws Exception
+//    */
+//   private static String convertStreamToString(InputStream is) throws Exception {
+//       BufferedReader reader = new BufferedReader(new InputStreamReader(is));
+//       StringBuilder sb = new StringBuilder();
+//       String line = null;
+//       while ((line = reader.readLine()) != null) {
+//         sb.append(line);
+//       }
+//       is.close();
+//       return sb.toString();
+//     }
+   
+   public static boolean isValidXMLDocument(String document) {
+	   
+	   Logger.debug("Überprüfe Parameter XMLDocument");
+	   try {   
+		   DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+		   DocumentBuilder builder = factory.newDocumentBuilder();
+		   InputSource is = new InputSource(new StringReader(document));
+		   builder.parse(is);
+		   
+		   Logger.debug("Parameter XMLDocument erfolgreich überprüft");
+		   return true;
+	   
+	   } catch (ParserConfigurationException e) {
+		   Logger.error("Fehler Überprüfung Parameter XMLDocument", e);
+		   return false;
+	   } catch (SAXException e) {
+		   Logger.error("Fehler Überprüfung Parameter XMLDocument", e);
+		   return false;
+	   } catch (IOException e) {
+		   Logger.error("Fehler Überprüfung Parameter XMLDocument", e);
+		   return false;
+	   }	
+	   
+   }
 
 }
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
index 225a5e246..450c002f9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
@@ -15,7 +15,8 @@
 */
 package at.gv.egovernment.moa.id.util;
 
-import java.util.Date;
+import java.nio.ByteBuffer;
+import java.security.SecureRandom;
 
 /**
  * Random number generator used to generate ID's
@@ -25,13 +26,21 @@ import java.util.Date;
 public class Random {
 
   /** random number generator used */
-  private static java.util.Random random = new java.util.Random(new Date().getTime());
+	private static SecureRandom random = new SecureRandom();
   /**
    * Creates a new random number, to be used as an ID.
    * 
    * @return random long as a String
    */
   public static String nextRandom() {
-  	return "" + random.nextLong();
+
+	  byte[] b = new byte[16]; // 16 bytes = 128 bits
+	  random.nextBytes(b);
+		 
+	  
+	  ByteBuffer bb = ByteBuffer.wrap(b);
+	  long l = bb.getLong();
+	  
+	  return "" + l;
   }
 }
diff --git a/spss/server/history.txt b/spss/server/history.txt
index 84a4e9df9..8230358e9 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -1,3 +1,12 @@
+##############
+1.5.0
+##############
+
+- Fixed Bug #548 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=548&group_id=6&atid=105)
+- IAIK Libraries aktualisiert:
+	iaik-moa:           @TODO
+
+
 ##############
 1.4.8
 ##############
-- 
cgit v1.2.3


From ac9a6c52e96f4c737de3392a7ba16b8fa8958b85 Mon Sep 17 00:00:00 2001
From: kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Wed, 6 Apr 2011 15:29:11 +0000
Subject: - IAIK Libraries (repository) aktualisiert: 	iaik-moa:          
 Version 1.29 	iaik_jce_full:		Version 4.0_MOA 	iaik_cms:
 		Version 4.1_MOA - Einbindung von Online-Vollmachten - Update
 MOA-Template zur Bürgerkartenauswahl - Update Doku - Update Transformationen
 (für Online-Vollmachten) - Änderung der Konfiguration für: 	-
 Online-Vollmachten
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1199 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../java/at/gv/egovernment/moa/util/DOMUtils.java  |  80 +++++-
 .../schemas/MOA-ID-Configuration-1.5.0.xsd         |  23 +-
 id/history.txt                                     |   5 +-
 id/readme_1.5.0.txt                                |  99 ++++++--
 .../main/webapp/BKAuswahl-MOA-Template-Howto.pdf   | Bin 175414 -> 175412 bytes
 id/server/auth/src/main/webapp/WEB-INF/web.xml     |  14 +-
 id/server/auth/src/main/webapp/css/index.css       |  14 +-
 id/server/auth/src/main/webapp/iframeHandyBKU.html |   5 +-
 id/server/auth/src/main/webapp/index.html          |  57 +++--
 .../conf/moa-id/SampleMOAIDConfiguration.xml       |  88 +++----
 .../conf/moa-id/SampleMOAIDConfigurationProxy.xml  |  86 +++----
 .../SampleMOAIDConfiguration_withTestBKs.xml       |  82 ++----
 .../SampleMOAIDConfiguration_withTestBKsProxy.xml  |  90 +++----
 .../conf/moa-id/SampleMOAWIDConfiguration.xml      |  63 +----
 .../conf/moa-id/SampleMOAWIDConfigurationProxy.xml |  53 +---
 .../SampleMOAWIDConfiguration_withTestBKs.xml      |  53 +---
 .../SampleMOAWIDConfiguration_withTestBKsProxy.xml |  58 +----
 .../transforms/TransformsInfoAuthBlockTable_DE.xml | 272 ++++++++++----------
 .../transforms/TransformsInfoAuthBlockTable_EN.xml | 270 ++++++++++----------
 .../profiles/MOAIDTransformAuthBlockTable_DE.xml   | 274 +++++++++++----------
 .../profiles/MOAIDTransformAuthBlockTable_EN.xml   | 272 ++++++++++----------
 id/server/doc/MOA-ID-Configuration-1.5.0.xsd       |  15 +-
 id/server/doc/moa_id/id-admin.htm                  |   7 +-
 id/server/doc/moa_id/id-admin_1.htm                |   5 +-
 id/server/doc/moa_id/id-admin_2.htm                |  29 ++-
 id/server/doc/moa_id/id-anwendung_1.htm            |  12 +-
 id/server/doc/moa_id/moa.htm                       |   8 +-
 id/server/idserverlib/pom.xml                      |   7 +-
 .../moa/id/auth/AuthenticationServer.java          | 240 +++++++++++++++++-
 .../moa/id/auth/MOAIDAuthConstants.java            |   2 +
 .../auth/builder/GetIdentityLinkFormBuilder.java   |  67 +++++
 .../builder/VerifyXMLSignatureRequestBuilder.java  |  79 ++++++
 .../moa/id/auth/data/AuthenticationSession.java    |  45 ++++
 .../moa/id/auth/servlet/GetForeignIDServlet.java   |   9 +-
 .../id/auth/servlet/GetMISSessionIDServlet.java    | 174 +++++++++++++
 .../auth/servlet/ProcessValidatorInputServlet.java |   4 +-
 .../auth/servlet/StartAuthenticationServlet.java   |  18 +-
 .../servlet/VerifyAuthenticationBlockServlet.java  |   2 +
 .../id/auth/servlet/VerifyCertificateServlet.java  | 214 ++++++++++------
 .../id/auth/servlet/VerifyIdentityLinkServlet.java |  37 ++-
 .../moa/id/auth/validator/parep/ParepUtils.java    |   9 +-
 .../id/auth/validator/parep/ParepValidator.java    |   6 +-
 .../moa/id/config/ConfigurationBuilder.java        |  32 ++-
 .../id/config/auth/AuthConfigurationProvider.java  |  15 ++
 .../moa/id/config/auth/OAAuthParameter.java        |  21 ++
 .../moa/id/proxy/servlet/ProxyServlet.java         |  12 +-
 .../moa/id/util/ParamValidatorUtils.java           |   3 +
 .../gv/egovernment/moa/id/util/ServletUtils.java   |   3 +-
 .../moa/id/util/client/mis/simple/MISMandate.java  |  48 ++++
 .../id/util/client/mis/simple/MISSessionId.java    |  22 ++
 .../id/util/client/mis/simple/MISSimpleClient.java | 261 ++++++++++++++++++++
 .../mis/simple/MISSimpleClientException.java       |  22 ++
 .../resources/properties/id_messages_de.properties |   4 +
 .../test/abnahme/A/Test100StartAuthentication.java |  16 +-
 .../test/java/test/abnahme/AbnahmeTestCase.java    |   1 +
 .../abnahme/P/Test100LoginParameterResolver.java   | 251 +++++++++----------
 .../moa/id/auth/AuthenticationServerTest.java      |   2 +-
 pom.xml                                            |   6 +-
 .../prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar     | Bin 0 -> 364606 bytes
 .../prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.pom     |   6 +
 repository/iaik/prod/iaik_cms/maven-metadata.xml   |   7 +-
 .../4.0_MOA/iaik_jce_full-4.0_MOA.jar              | Bin 0 -> 999669 bytes
 .../4.0_MOA/iaik_jce_full-4.0_MOA.pom              |   6 +
 .../prod/iaik_jce_full/maven-metadata-central.xml  |   5 +-
 .../iaik/prod/iaik_jce_full/maven-metadata.xml     |   7 +-
 .../iaik/prod/iaik_moa/1.29/iaik_moa-1.29.jar      | Bin 0 -> 711857 bytes
 .../iaik/prod/iaik_moa/1.29/iaik_moa-1.29.pom      |   6 +
 .../iaik/prod/iaik_moa/maven-metadata-MOA.xml      |   1 +
 .../iaik/prod/iaik_moa/maven-metadata-local.xml    |   4 +-
 spss/pom.xml                                       |   2 +-
 spss/server/history.txt                            |   4 +-
 spss/server/readme.update.txt                      |   8 +-
 .../moa/spss/server/invoke/DataObjectFactory.java  | 166 ++++++++-----
 73 files changed, 2518 insertions(+), 1370 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java
 create mode 100644 repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar
 create mode 100644 repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.pom
 create mode 100644 repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar
 create mode 100644 repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.pom
 create mode 100644 repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.jar
 create mode 100644 repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.pom

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
index 39cdf4e87..c5daacdc3 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
@@ -19,6 +19,7 @@ import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.StringWriter;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
@@ -31,20 +32,15 @@ import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
 import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
 import javax.xml.transform.TransformerException;
 import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.stream.StreamResult;
 
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.DocumentFragment;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
 import org.apache.xerces.parsers.DOMParser;
 import org.apache.xerces.parsers.SAXParser;
 import org.apache.xerces.parsers.XMLGrammarPreparser;
@@ -53,12 +49,18 @@ import org.apache.xerces.util.XMLGrammarPoolImpl;
 import org.apache.xerces.xni.grammars.XMLGrammarDescription;
 import org.apache.xerces.xni.grammars.XMLGrammarPool;
 import org.apache.xerces.xni.parser.XMLInputSource;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Document;
+import org.w3c.dom.DocumentFragment;
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
 import org.xml.sax.EntityResolver;
 import org.xml.sax.ErrorHandler;
 import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 
-
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -255,6 +257,48 @@ public class DOMUtils {
     return parser.getDocument();
   }
 
+  /**
+   * Parse an XML document from an <code>InputStream</code>.
+   * 
+   * @param inputStream The <code>InputStream</code> containing the XML
+   * document.
+   * @param validating If <code>true</code>, parse validating.
+   * @param externalSchemaLocations A <code>String</code> containing namespace
+   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
+   * schemaLocation</code> attribute. 
+   * @param externalNoNamespaceSchemaLocation The schema location of the
+   * schema for elements without a namespace, the same way it is accepted by the
+   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
+   * @param entityResolver An <code>EntityResolver</code> to resolve external
+   * entities (schemas and DTDs). If <code>null</code>, it will not be set.
+   * @param errorHandler An <code>ErrorHandler</code> to decide what to do
+   * with parsing errors. If <code>null</code>, it will not be set.
+   * @return The parsed XML document as a DOM tree.
+   * @throws SAXException An error occurred parsing the document.
+   * @throws IOException An error occurred reading the document.
+   * @throws ParserConfigurationException An error occurred configuring the XML
+   * parser.
+   */
+  public static Document parseDocumentSimple(InputStream inputStream)
+    throws  SAXException, IOException, ParserConfigurationException {
+
+    DOMParser parser;
+			
+    parser = new DOMParser();
+    // set parser features and properties
+    parser.setFeature(NAMESPACES_FEATURE, true);
+    parser.setFeature(VALIDATION_FEATURE, false);
+    parser.setFeature(SCHEMA_VALIDATION_FEATURE, false);
+    parser.setFeature(NORMALIZED_VALUE_FEATURE, false);
+    parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true);
+    parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false);
+		
+    parser.parse(new InputSource(inputStream));
+    
+    return parser.getDocument();
+  }
+
+  
   /**
    * Parse an XML document from an <code>InputStream</code>.
    * 
@@ -1000,5 +1044,23 @@ public class DOMUtils {
     }
     return v;
   }
+  
+  /**
+   * Returns a byte array from given node.
+   * @param node
+   * @return
+   * @throws TransformerException
+   */
+  public static byte[] nodeToByteArray(Node node) throws TransformerException {
+	  Source source = new DOMSource(node);
+	  ByteArrayOutputStream out = new ByteArrayOutputStream();
+	  //StringWriter stringWriter = new StringWriter();
+	  Result result = new StreamResult(out);
+	  TransformerFactory factory = TransformerFactory.newInstance();
+	  Transformer transformer = factory.newTransformer();
+	  transformer.transform(source, result);
+	  return out.toByteArray();
+  }
 
+ 
 }
diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd
index 9078bab98..2e4c33c03 100644
--- a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd
+++ b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd
@@ -1,4 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSpy v2006 sp2 U (http://www.altova.com) by Klaus Stranacher (Technische Universität Graz) -->
 <xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
 	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
 	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
@@ -190,7 +191,7 @@
 				<xsd:element name="TrustedBKUs" minOccurs="0">
 					<xsd:complexType>
 						<xsd:sequence>
-							<xsd:element name="BKUURL" maxOccurs="unbounded" type="xsd:anyURI"/>
+							<xsd:element name="BKUURL" type="xsd:anyURI" maxOccurs="unbounded"/>
 						</xsd:sequence>
 					</xsd:complexType>
 				</xsd:element>
@@ -277,7 +278,18 @@
 					<xsd:sequence>
 						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
 							<xsd:annotation>
-								<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>
+								<xsd:documentation>Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="OnlineMandates" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+							<xsd:annotation>
+								<xsd:documentation>Verbindungsparameter zum Online-Vollmachten-Service</xsd:documentation>
 							</xsd:annotation>
 						</xsd:element>
 					</xsd:sequence>
@@ -433,6 +445,13 @@
 						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
 						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
 						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
+						<xsd:element name="Mandates" minOccurs="0">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element name="Profiles" type="xsd:string"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
 					</xsd:sequence>
 					<xsd:attribute name="slVersion" use="optional" default="1.1">
 						<xsd:simpleType>
diff --git a/id/history.txt b/id/history.txt
index e7ccdc38f..4aa774480 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -11,10 +11,13 @@ Version MOA-ID 1.5.0: 
 - Fixed Bug #551 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=551&group_id=6&atid=105)
 - Fixed Bug #550 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=550&group_id=6&atid=105)
 - IAIK Libraries aktualisiert:
-	iaik-moa:           TODO
+	iaik-moa:           Version 1.29
+	iaik_jce_full:		Version 4.0_MOA
+	iaik_cms:			Version 4.1_MOA
 - Update Parameterüberprüfung
 - Einbindung von Online-Vollmachten
 - Update MOA-Template zur Bürgerkartenauswahl
+- Update Transformationen (für Online-Vollmachten)
 - Änderung der Konfiguration für:
 	- Angabe einer Liste von vertrauenswürdigen BKUs (aufgrund Parameterprüfung)
 	- Online-Vollmachten
diff --git a/id/readme_1.5.0.txt b/id/readme_1.5.0.txt
index 4815e86e1..56a08cc0c 100644
--- a/id/readme_1.5.0.txt
+++ b/id/readme_1.5.0.txt
@@ -10,26 +10,39 @@ Mit MOA ID Version 1.5.0 wurden folgende Neuerungen eingef
 erstmals in der Veröffentlichung enthalten sind (siehe auch history.txt im 
 gleichen Verzeichnis):
 
-TODO		
+- Fixed Bug #552 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=552&group_id=6&atid=105)
+- Fixed Bug #551 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=551&group_id=6&atid=105)
+- Fixed Bug #550 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=550&group_id=6&atid=105)
+- IAIK Libraries aktualisiert:
+	iaik-moa:           Version 1.29
+	iaik_jce_full:		Version 4.0_MOA
+	iaik_cms:			Version 4.1_MOA
+- Update Parameterüberprüfung
+- Einbindung von Online-Vollmachten
+- Update MOA-Template zur Bürgerkartenauswahl
+- Update Transformationen (für Online-Vollmachten)
+- Änderung der Konfiguration für:
+	- Angabe einer Liste von vertrauenswürdigen BKUs (aufgrund Parameterprüfung)
+	- Online-Vollmachten		
 -------------------------------------------------------------------------------
 B. Durchführung eines Updates
 -------------------------------------------------------------------------------
-TODO
+
 Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch
 eine Aktualisierung bestehender Installationen möglich.
 
 ...............................................................................
-B.1 Durchführung eines Updates von Version 1.4.7
+B.1 Durchführung eines Updates von Version 1.4.8
 ...............................................................................
 
 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
    Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
 
-2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.4.8.zip) in
+2. Entpacken Sie die Distribution von MOA ID Auth (moa-id-auth-1.5.0.zip) in
    ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST 
    bezeichnet.
    Für MOA ID Proxy:
-   Entpacken Sie die Distribution von MOA ID Proxy (moa-id-proxy-1.4.8.zip) in
+   Entpacken Sie die Distribution von MOA ID Proxy (moa-id-proxy-1.5.0.zip) in
    ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_PROXY_INST 
    bezeichnet.    
 
@@ -50,8 +63,42 @@ B.1 Durchf
    Für MOA ID Proxy:
    Kopieren Sie die Datei MOA_ID_PROXY_INST/moa-id-proxy.war nach
    CATALINA_HOME_ID/webappsProxy.
+   
+5. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+   JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach.
 
-5. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+6. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\ext in das 
+   Verzeichnis JAVA_HOME\jre\lib\ext.
+   
+7. Kopieren Sie die zwei Dateien aus dem Verzeichnis  
+   MOA_ID_AUTH_INST/conf/moa-id/transforms in das Verzeichnis transforms Ihres
+   Stammverzeichnisses für die MOA ID Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_ID/conf/moa-id; in weiterer Folge 
+   wird davon ausgegangen).
+   
+8. Kopieren Sie die zwei Dateien aus dem Verzeichnis 
+   MOA_ID_AUTH_INST/conf/moa-spss/profiles in das Verzeichnis profiles Ihres
+   Stammverzeichnisses für die MOA SPSS Konfiguration (für gewöhnlich lautet
+   dieses Stammverzeichnis CATALINA_HOME_SPSS/conf/moa-spss, wobei 
+   CATALINA_HOME_SPSS für das Basisverzeichnis der Tomcat-Installation 
+   für MOA SPSS steht; wenn Sie MOA SPSS nicht als eigenes Webservice 
+   betreiben, sondern es von MOA ID über die API-Schnittstelle angesprochen
+   wird, lautet dieses Stammverzeichnis für gewöhnlich
+   CATALINA_HOME_ID/conf/moa-spss.
+   
+9. Update der MOA-ID Konfiguration: Fügen sie als letztes Kindelement von 
+   MOA-IDConfiguration folgendes ein:
+   	<TrustedBKUs>
+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+	</TrustedBKUs>
+	Fügen Sie allfällige weitere URLs zu verwendeten BKUs hinzu (bspw. eine 
+	Online-BKU)
+	Ab Version 1.5.0 überprüft MOA-ID den Parameter bkuURI ob diese URI in der 
+	Konfiguration vorhanden ist. URIs für lokale BKUs müssen nicht 
+	angegeben werden.
+	
+10. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
    Logging von MOA ID beim Einlesen der Konfiguration.
 
 
@@ -200,8 +247,19 @@ B.2 Durchf
         CATALINA_HOME\conf\moa-spss\trustProfiles\
         MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
 
-
-12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+12. Update der MOA-ID Konfiguration: Fügen sie als letztes Kindelement von 
+   MOA-IDConfiguration folgendes ein:
+   	<TrustedBKUs>
+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+	</TrustedBKUs>
+	Fügen Sie allfällige weitere URLs zu verwendeten BKUs hinzu (bspw. eine 
+	Online-BKU)
+	Ab Version 1.5.0 überprüft MOA-ID den Parameter bkuURI ob diese URI in der 
+	Konfiguration vorhanden ist. URIs für lokale BKUs müssen nicht 
+	angegeben werden.
+
+13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
    Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
 
 ...............................................................................
@@ -348,18 +406,19 @@ B.3 Durchf
         CATALINA_HOME\conf\moa-spss\trustProfiles\
         MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
 
-13. Sichern Sie ihre MOA-ID Konfigurationsdatei. Kopieren Sie die 
-   Beispielkonfigurationsdateien aus dem Verzeichnis
-   MOA_ID_AUTH_INST/conf/moa-id/SampleMOA*.xml nach 
-   CATALINA_HOME_ID/conf/moa-id. 
-   Verwenden Sie in Ihrer Installation bereits die Vollmachtenprüfung, so 
-   verschieben Sie bitte in der MOA-ID Installationsdatei das Element 
-   <CompatibilityMode> innerhalb des Konfigurationsteiles für die berufliche 
-   Parteienvertreung (ParepSpecificParameters) unter das Element 
-   ApplicationSpecificParameters.
-
-
-14. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+12. Update der MOA-ID Konfiguration: Fügen sie als letztes Kindelement von 
+   MOA-IDConfiguration folgendes ein:
+   	<TrustedBKUs>
+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
+	</TrustedBKUs>
+	Fügen Sie allfällige weitere URLs zu verwendeten BKUs hinzu (bspw. eine 
+	Online-BKU)
+	Ab Version 1.5.0 überprüft MOA-ID den Parameter bkuURI ob diese URI in der 
+	Konfiguration vorhanden ist. URIs für lokale BKUs müssen nicht 
+	angegeben werden.
+	
+13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
    Logging von MOA ID beim Einlesen der erneuerten Konfiguration.
    
 ...............................................................................
diff --git a/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf b/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf
index b68d247cb..bb0e11a80 100644
Binary files a/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf and b/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf differ
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index e1261b819..ef75dff24 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -28,6 +28,13 @@
 		<description>Verify the certificate coming from security layer</description>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet</servlet-class>
 	</servlet>
+	<servlet>
+		<servlet-name>GetMISSessionID</servlet-name>
+		<display-name>GetMISSessionID</display-name>
+		<description>Get the MIS session ID coming from security layer</description>
+		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet</servlet-class>
+	</servlet>
+	
 	<servlet>
 		<servlet-name>GetForeignID</servlet-name>
 		<display-name>GetForeignID</display-name>
@@ -88,11 +95,14 @@
 		<servlet-name>VerifyIdentityLink</servlet-name>
 		<url-pattern>/VerifyIdentityLink</url-pattern>
 	</servlet-mapping>
-		<servlet-mapping>
+	<servlet-mapping>
 		<servlet-name>VerifyCertificate</servlet-name>
 		<url-pattern>/VerifyCertificate</url-pattern>
 	</servlet-mapping>
-	
+	<servlet-mapping>
+		<servlet-name>GetMISSessionID</servlet-name>
+		<url-pattern>/GetMISSessionID</url-pattern>
+	</servlet-mapping>
 	<servlet-mapping>
 		<servlet-name>GetForeignID</servlet-name>
 		<url-pattern>/GetForeignID</url-pattern>
diff --git a/id/server/auth/src/main/webapp/css/index.css b/id/server/auth/src/main/webapp/css/index.css
index 39b715a6e..28fea78e3 100644
--- a/id/server/auth/src/main/webapp/css/index.css
+++ b/id/server/auth/src/main/webapp/css/index.css
@@ -94,7 +94,7 @@ h2#tabheader, h2#contentheader {
 
 #bkulogin {
 	overflow:hidden;	
-	width:220px;
+	width:220px;	
 }
 
 #bkukarte {
@@ -212,18 +212,6 @@ p {
 	vertical-align: middle;
 }
 
-.infobutton {
-	background-color: #005a00;
-	color: white;
-	font-family: serif;
-	text-decoration: none;
-	padding-top: 2px;
-	padding-right: 4px;
-	padding-bottom: 2px;
-	padding-left: 4px;
-	font-weight: bold;
-}
-
 /* [OPTIONAL] Geben Sie hier die Farbe fuer den hellen Hintergrund an */
 .hell {
 	background-color : #DDDDDD;	
diff --git a/id/server/auth/src/main/webapp/iframeHandyBKU.html b/id/server/auth/src/main/webapp/iframeHandyBKU.html
index 06639c7e5..4661eea70 100644
--- a/id/server/auth/src/main/webapp/iframeHandyBKU.html
+++ b/id/server/auth/src/main/webapp/iframeHandyBKU.html
@@ -28,9 +28,6 @@
 					i = url.indexOf(follower);
 					url = url.substring(0, i-1);
 				}
-			
-				
-				// alert (name + ": " + url);
 				
 				return url;
 				
@@ -42,7 +39,7 @@
 
 		<form method="POST" name="moaidform">
 			<input type="hidden" name="Template">
-            <input type="hidden" name="bkuURI" value="https://www.a-trust.at/mobile/https-security-layer-request/default.aspx">		
+            <input type="hidden" name="bkuURI" value="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">		
             <input type="hidden" name="useMandate">
     	</form>		
 		
diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
index 0e12035e9..51bcc7156 100644
--- a/id/server/auth/src/main/webapp/index.html
+++ b/id/server/auth/src/main/webapp/index.html
@@ -12,25 +12,30 @@
 			
 			// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
             // z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
-			var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
+			// var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
+			var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=sss&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample";
 			
 			// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die lokale BKU an
             // z.B.: https://yoururl.at/moa-id-auth/template_localBKU.html
-			var URL_TO_LOKALBKU_TEMPLATE = "[URL_TO_LOKALBKU_TEMPLATE]";
+			//var URL_TO_LOKALBKU_TEMPLATE = "[URL_TO_LOKALBKU_TEMPLATE]";
+			var URL_TO_LOKALBKU_TEMPLATE = "https://localhost:8443/moa-id-auth/template_localBKU.html";
 			
 			// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Online BKU an
 			// z.B.: "https://yoururl.at/moa-id-auth/template_onlineBKU.html"
-			var URL_TO_ONLINEBKU_TEMPLATE = "[URL_TO_ONLINEBKU_TEMPLATE]";
+			//var URL_TO_ONLINEBKU_TEMPLATE = "[URL_TO_ONLINEBKU_TEMPLATE]";
+			var URL_TO_ONLINEBKU_TEMPLATE = "https://localhost:8443/moa-id-auth/template_onlineBKU.html";
 			
 			// [MUSS] Geben Sie hier die URL zur Online BKU an
 			// z.B.: value="https://yoururl.at/bkuonline/https-security-layer-request"
-			var URL_TO_ONLINEBKU = "[URL_TO_ONLINEBKU]";
-			
+			//var URL_TO_ONLINEBKU = "[URL_TO_ONLINEBKU]";
+			//var URL_TO_ONLINEBKU = "http://localhost:8082/bkuonline/http-security-layer-request";
+			var URL_TO_ONLINEBKU = "https://localhost:8444/bkuonline/https-security-layer-request";
+
 			// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Handy Signatur an -->
 			<!-- z.B.: value="https://yoururl.at/moa-id-auth/template_handyBKU.html"-->
-			var URL_TO_HANDYSIGNATUR_TEMPLATE = "[URL_TO_HANDYSIGNATUR_TEMPLATE]";
-			
-			
+			//var URL_TO_HANDYSIGNATUR_TEMPLATE = "[URL_TO_HANDYSIGNATUR_TEMPLATE]";
+			var URL_TO_HANDYSIGNATUR_TEMPLATE = "https://localhost:8443/moa-id-auth/template_handyBKU.html";
+		
 			window.onload=function() {
 				document.getElementById("localBKU").style.display="none";
 				
@@ -45,23 +50,23 @@
 				// set values for local BKU
 				document.getElementById("form_local_bku").action = MOA_ID_STARTAUTHENTICATION;
 				document.getElementById("input_localBKU_template").value = URL_TO_LOKALBKU_TEMPLATE;
-				if (document.getElementById("mandateCheckBox").checked) {
-					document.getElementById("useMandate").value = "true";
-				}
-				else {
-					document.getElementById("useMandate").value = "false";
+				document.getElementById("useMandate").value = "false";
+				var checkbox = document.getElementById("mandateCheckBox")
+				if (checkbox !=  null) {
+					if (document.getElementById("mandateCheckBox").checked) {
+						document.getElementById("useMandate").value = "true";
+					}
 				}
-
+				
 				// set values for online BKU
 		        var el = document.getElementById("bkulogin");
         		var parent = el.parentNode;
 				
-				var checkBox = document.getElementById("mandateCheckBox");				
 				var iFrameURL = "iframeOnlineBKU.html" + "?";
 				iFrameURL += "bkuURI=" + URL_TO_ONLINEBKU + "&";
 				iFrameURL += "Template=" + URL_TO_ONLINEBKU_TEMPLATE + "&";
 				iFrameURL += "startAuth=" + MOA_ID_STARTAUTHENTICATION + "&";
-				iFrameURL += "useMandate=" + checkBox.checked ;
+				iFrameURL += "useMandate=" + document.getElementById("useMandate").value;
 			
 		 		var iframe = document.createElement("iframe");
 		        iframe.setAttribute("src", iFrameURL);
@@ -78,17 +83,24 @@
         	function bkuHandyClicked() {
 	        	document.getElementById("localBKU").style.display="none";
     	    	
+				document.getElementById("useMandate").value = "false";
+				var checkbox = document.getElementById("mandateCheckBox")
+				if (checkbox !=  null) {
+					if (document.getElementById("mandateCheckBox").checked) {
+						document.getElementById("useMandate").value = "true";
+					}
+				}
+				
 				// set values for Handy Signatur
 		        var el = document.getElementById("bkulogin");
 	    	    var parent = el.parentNode;
 
-				var checkBox = document.getElementById("mandateCheckBox");				
+				
 				var iFrameURL = "iframeHandyBKU.html" + "?";
 				iFrameURL += "Template=" + URL_TO_HANDYSIGNATUR_TEMPLATE + "&";
 				iFrameURL += "startAuth=" + MOA_ID_STARTAUTHENTICATION + "&";
-				iFrameURL += "useMandate=" + checkBox.checked ;
+				iFrameURL += "useMandate=" + document.getElementById("useMandate").value;
 
-		         
 	        	var iframe = document.createElement("iframe");
 		        iframe.setAttribute("src", iFrameURL);
 	    	    iframe.setAttribute("width", "220"); 
@@ -136,9 +148,12 @@
                         <div id="bkuhandy" class="hell">
                             <button name="bkuButton" type="button" onClick="bkuHandyClicked();">HANDY</button>
                         </div> 
-                        <div id="mandate">
-                    		<input type="checkbox" name="Mandate" style="vertical-align: middle; margin-right: 5px;" id="mandateCheckBox"><label>in Vertretung anmelden</label>
+                        
+                        <!-- [OPTIONAL] Um die Anmeldung mit Vollmachten auszublenden, kommentieren Sie das folgende div (mandate) aus -->
+						<div id="mandate">
+	                   		<input type="checkbox" name="Mandate" style="vertical-align: middle; margin-right: 5px;" id="mandateCheckBox"><label>in Vertretung anmelden</label>
                         </div>
+
                     </div>
                     
 					
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index b1418fb0b..8dd49e2d7 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -39,63 +39,10 @@
 				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
 				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
 				<!-- Wählen Sie hier entsprechende der Sprachauswahl im Element <SecurityLayer><TransformsInfo> das deutsche oder englische Profil -->
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
-				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
+				<!--<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>-->
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
 			</VerifyAuthBlock>
 		</MOA-SP>
-		<VerifyInfoboxes>
-			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
-        <FriendlyName>Vollmachten</FriendlyName>
-        <!--
-        <ApplicationSpecificParameters>
-          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
-            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
-            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
-          </ConnectionParameter>
-          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-        </ApplicationSpecificParameters>
-        -->
-        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
-        <ParepSpecificParameters>
-          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
-          <EnableInfoboxValidator>false</EnableInfoboxValidator>
-          <PartyRepresentation>
-            <!-- Standardklasse, die Daten vervollstaendigt -->
-            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
-            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
-            <!--AlwaysShowForm>true</AlwaysShowForm-->
-            <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
-              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-            </ConnectionParameter>
-            <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-            <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-            <!-- Ziviltechniker -->
-            <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
-              <!- - Standardklasse, die Daten vervollstaendigt - ->
-              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
-              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
-              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
-                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-              </ConnectionParameter>
-            </PartyRepresentative>
-            -->
-            <!-- Organwalter -->
-            <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
-          </PartyRepresentation>
-        </ParepSpecificParameters>
-      </Infobox?>
-		</VerifyInfoboxes>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
@@ -104,11 +51,28 @@
 			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
 						
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
-				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
-				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
 		</ForeignIdentities>
+		
+		<!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service -->
+		<!-- <OnlineMandates> -->
+			<!-- Echtsystem -->
+			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">-->
+			<!-- Testsystem -->
+			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis-test/MandateIssueRequest">-->
+				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Online-Vollmachten System an -->
+				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+				<!-- <ClientKeyStore password="password">certs/clientcert.p12</ClientKeyStore>				-->
+			<!-- </ConnectionParameter> -->
+			<!-- Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben -->
+			<!-- (siehe Element OnlineMandates unter MOA-IDConfiguration/AuthComponent/OnlineMandates)-->
+		<!-- </OnlineMandates> -->
+
+		
 	</AuthComponent>
 	<!-- Eintragung fuer jede Online-Applikation -->
 	<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
@@ -132,6 +96,14 @@
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
 			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+			
+			<!-- Aktivieren von Vollmachten fuer diese Online-Applikation-->
+			<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
+			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
+			<!--<Mandates>-->
+				<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+<!--				<Profiles>Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
+<!--			</Mandates>-->
 		</AuthComponent>
 	</OnlineApplication>
 	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
@@ -151,7 +123,9 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
 	<TrustedBKUs>
+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 	</TrustedBKUs>
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index 0f09ff7d5..11b794888 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -43,60 +43,8 @@
 				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
-		<VerifyInfoboxes>
-			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
-        <FriendlyName>Vollmachten</FriendlyName>
-        <!--
-        <ApplicationSpecificParameters>
-          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
-            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
-            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
-          </ConnectionParameter>
-          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-        </ApplicationSpecificParameters>
-        -->
-        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
-        <ParepSpecificParameters>
-          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
-          <EnableInfoboxValidator>false</EnableInfoboxValidator>
-          <PartyRepresentation>
-            <!-- Standardklasse, die Daten vervollstaendigt -->
-            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
-            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
-            <!--AlwaysShowForm>true</AlwaysShowForm-->
-            <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
-              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-            </ConnectionParameter>
-            <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-            <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-            <!-- Ziviltechniker -->
-            <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
-              <!- - Standardklasse, die Daten vervollstaendigt - ->
-              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
-              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
-              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
-                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-              </ConnectionParameter>
-            </PartyRepresentative>
-            -->
-            <!-- Organwalter -->
-            <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
-          </PartyRepresentation>
-        </ParepSpecificParameters>
-      </Infobox?>
-		</VerifyInfoboxes>
-		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
+
+<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
@@ -104,11 +52,27 @@
 			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
 						
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
-				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
-				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
 		</ForeignIdentities>
+		
+		<!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service -->
+		<!-- <OnlineMandates> -->
+			<!-- Echtsystem -->
+			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">-->
+			<!-- Testsystem -->
+			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis-test/MandateIssueRequest">-->
+				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Online-Vollmachten System an -->
+				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+				<!-- <ClientKeyStore password="password">certs/clientcert.p12</ClientKeyStore>				-->
+			<!-- </ConnectionParameter> -->
+			<!-- Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben -->
+			<!-- (siehe Element OnlineMandates unter MOA-IDConfiguration/AuthComponent/OnlineMandates)-->
+		<!-- </OnlineMandates> -->
+
 	</AuthComponent>
 	<!-- Konfiguration fuer MOA-ID-PROXY -->
 	<ProxyComponent>
@@ -142,6 +106,13 @@
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
 			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+			<!-- Aktivieren von Vollmachten fuer diese Online-Applikation-->
+			<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
+			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
+			<!--<Mandates>-->
+				<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+<!--				<Profiles>Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
+<!--			</Mandates>-->
 		</AuthComponent>
 		<!-- fuer MOA-ID-PROXY -->
 		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
@@ -171,7 +142,10 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
 	<TrustedBKUs>
+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 	</TrustedBKUs>
+
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index fd565b538..80c7a8dfd 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -44,64 +44,6 @@
 				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
-		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
-		<!-- IdentityLinkSigners-->
-		<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-		<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
-		<!--/IdentityLinkSigners-->
-		<VerifyInfoboxes>
-			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
-        <FriendlyName>Vollmachten</FriendlyName>
-        <!--
-        <ApplicationSpecificParameters>
-          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
-            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
-            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
-          </ConnectionParameter>
-          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-        </ApplicationSpecificParameters>
-        -->
-        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
-        <ParepSpecificParameters>
-          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
-          <EnableInfoboxValidator>false</EnableInfoboxValidator>
-          <PartyRepresentation>
-            <!-- Standardklasse, die Daten vervollstaendigt -->
-            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
-            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
-            <!--AlwaysShowForm>true</AlwaysShowForm-->
-            <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
-              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-            </ConnectionParameter>
-            <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-            <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-            <!-- Ziviltechniker -->
-            <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
-              <!- - Standardklasse, die Daten vervollstaendigt - ->
-              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
-              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
-              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
-                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-              </ConnectionParameter>
-            </PartyRepresentative>
-            -->
-            <!-- Organwalter -->
-            <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
-          </PartyRepresentation>
-        </ParepSpecificParameters>
-      </Infobox?>
-		</VerifyInfoboxes>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
@@ -115,6 +57,22 @@
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
 		</ForeignIdentities>
+		
+		<!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service -->
+		<!-- <OnlineMandates> -->
+			<!-- Echtsystem -->
+			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">-->
+			<!-- Testsystem -->
+			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis-test/MandateIssueRequest">-->
+				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Online-Vollmachten System an -->
+				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+				<!-- <ClientKeyStore password="password">certs/clientcert.p12</ClientKeyStore>				-->
+			<!-- </ConnectionParameter> -->
+			<!-- Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben -->
+			<!-- (siehe Element OnlineMandates unter MOA-IDConfiguration/AuthComponent/OnlineMandates)-->
+		<!-- </OnlineMandates> -->
+		
 	</AuthComponent>
 	<!-- Eintragung fuer jede Online-Applikation -->
 	<!--  publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden  -->
@@ -138,6 +96,13 @@
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
 			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+						<!-- Aktivieren von Vollmachten fuer diese Online-Applikation-->
+			<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
+			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
+			<!-- <Mandates> -->
+				<!-- Liste der Vollmachten-Identifikatoren, die festlegt mit welchen Vollmachtstyp man sich bei der Online-Applikation anmelden kann-->
+				<!--<Profiles>Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
+			<!--</Mandates> -->
 		</AuthComponent>
 	</OnlineApplication>
 	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
@@ -159,6 +124,7 @@
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
 	<!-- Vertrauenswürdige Bürgerkartenumgebungen -->
 	<TrustedBKUs>
+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 	</TrustedBKUs>
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index b3c655155..dd207f76d 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -44,77 +44,36 @@
 				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
-		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
-		<!-- IdentityLinkSigners-->
-		<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-		<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
-		<!--/IdentityLinkSigners-->
-		<VerifyInfoboxes>
-			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
-        <FriendlyName>Vollmachten</FriendlyName>
-        <!--
-        <ApplicationSpecificParameters>
-          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
-            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
-            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
-          </ConnectionParameter>
-          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-        </ApplicationSpecificParameters>
-        -->
-        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
-        <ParepSpecificParameters>
-          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
-          <EnableInfoboxValidator>false</EnableInfoboxValidator>
-          <PartyRepresentation>
-            <!-- Standardklasse, die Daten vervollstaendigt -->
-            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
-            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
-            <!--AlwaysShowForm>true</AlwaysShowForm-->
-            <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
-              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-            </ConnectionParameter>
-            <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-            <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-            <!-- Ziviltechniker -->
-            <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
-              <!- - Standardklasse, die Daten vervollstaendigt - ->
-              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
-              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
-              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
-                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-              </ConnectionParameter>
-            </PartyRepresentative>
-            -->
-            <!-- Organwalter -->
-            <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/>
-          </PartyRepresentation>
-        </ParepSpecificParameters>
-      </Infobox?>
-		</VerifyInfoboxes>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
 			<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
 			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
-			
+						
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
-				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
-				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
 		</ForeignIdentities>
+		
+		<!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service -->
+		<!-- <OnlineMandates> -->
+			<!-- Echtsystem -->
+			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">-->
+			<!-- Testsystem -->
+			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis-test/MandateIssueRequest">-->
+				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Online-Vollmachten System an -->
+				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+				<!-- <ClientKeyStore password="password">certs/clientcert.p12</ClientKeyStore>				-->
+			<!-- </ConnectionParameter> -->
+			<!-- Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben -->
+			<!-- (siehe Element OnlineMandates unter MOA-IDConfiguration/AuthComponent/OnlineMandates)-->
+		<!-- </OnlineMandates> -->
+		
+		
 	</AuthComponent>
 	<!-- Konfiguration fuer MOA-ID-PROXY -->
 	<ProxyComponent>
@@ -148,6 +107,13 @@
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
 			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+			<!-- Aktivieren von Vollmachten fuer diese Online-Applikation-->
+			<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
+			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
+			<!--<Mandates>-->
+				<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+<!--				<Profiles>Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
+<!--			</Mandates>-->
 		</AuthComponent>
 		<!-- fuer MOA-ID-PROXY -->
 		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
@@ -177,7 +143,9 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
 	<TrustedBKUs>
+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 	</TrustedBKUs>
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index 3f1d95562..3d062900d 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -43,70 +43,20 @@
 				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
-		<VerifyInfoboxes>
-			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
-        <FriendlyName>Vollmachten</FriendlyName>
-        <!--
-        <ApplicationSpecificParameters>
-          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
-            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
-            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
-          </ConnectionParameter>
-          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-        </ApplicationSpecificParameters>
-        -->
-        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
-        <ParepSpecificParameters>
-          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
-          <EnableInfoboxValidator>false</EnableInfoboxValidator>
-          <PartyRepresentation>
-            <!-- Standardklasse, die Daten vervollstaendigt -->
-            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
-            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
-            <!--AlwaysShowForm>true</AlwaysShowForm-->
-            <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
-              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-            </ConnectionParameter>
-            <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-            <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-            <!-- Ziviltechniker -->
-            <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
-              <!- - Standardklasse, die Daten vervollstaendigt - ->
-              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
-              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
-              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
-                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-              </ConnectionParameter>
-            </PartyRepresentative>
-            -->
-          </PartyRepresentation>
-        </ParepSpecificParameters>
-      </Infobox?>
-		</VerifyInfoboxes>
-		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
+<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
 			<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
 			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
-			
+						
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
-				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
-				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
 				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
 			</ConnectionParameter>
 		</ForeignIdentities>
+		
 	</AuthComponent>
 	<!-- Eintragung fuer jede Online-Applikation -->
 	<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
@@ -154,7 +104,10 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+		<!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
 	<TrustedBKUs>
+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 	</TrustedBKUs>
+
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index e381d9bda..c8c88c22d 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -43,57 +43,6 @@
 				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
-		<VerifyInfoboxes>
-			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
-        <FriendlyName>Vollmachten</FriendlyName>
-        <!--
-        <ApplicationSpecificParameters>
-          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
-            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
-            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
-          </ConnectionParameter>
-          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-        </ApplicationSpecificParameters>
-        -->
-        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
-        <ParepSpecificParameters>
-          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
-          <EnableInfoboxValidator>false</EnableInfoboxValidator>
-          <PartyRepresentation>
-            <!-- Standardklasse, die Daten vervollstaendigt -->
-            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
-            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
-            <!--AlwaysShowForm>true</AlwaysShowForm-->
-            <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
-              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-            </ConnectionParameter>
-            <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-            <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-            <!-- Ziviltechniker -->
-            <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
-              <!- - Standardklasse, die Daten vervollstaendigt - ->
-              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
-              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
-              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
-                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-              </ConnectionParameter>
-            </PartyRepresentative>
-            -->
-          </PartyRepresentation>
-        </ParepSpecificParameters>
-      </Infobox?>
-		</VerifyInfoboxes>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
@@ -174,7 +123,9 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
 	<TrustedBKUs>
+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 	</TrustedBKUs>
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index f1202a542..225270f5b 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -49,57 +49,6 @@
 		<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
 		<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
 		<!--/IdentityLinkSigners-->
-		<VerifyInfoboxes>
-			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
-        <FriendlyName>Vollmachten</FriendlyName>
-        <!--
-        <ApplicationSpecificParameters>
-          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
-            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
-            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
-          </ConnectionParameter>
-          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-        </ApplicationSpecificParameters>
-        -->
-        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
-        <ParepSpecificParameters>
-          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
-          <EnableInfoboxValidator>false</EnableInfoboxValidator>
-          <PartyRepresentation>
-            <!-- Standardklasse, die Daten vervollstaendigt -->
-            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
-            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
-            <!--AlwaysShowForm>true</AlwaysShowForm-->
-            <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
-              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-            </ConnectionParameter>
-            <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-            <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-            <!-- Ziviltechniker -->
-            <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
-              <!- - Standardklasse, die Daten vervollstaendigt - ->
-              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
-              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
-              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
-                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-              </ConnectionParameter>
-            </PartyRepresentative>
-            -->
-          </PartyRepresentation>
-        </ParepSpecificParameters>
-      </Infobox?>
-		</VerifyInfoboxes>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
@@ -160,7 +109,9 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
 	<TrustedBKUs>
+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 	</TrustedBKUs>
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 068ab90b1..4f2a5977c 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -44,62 +44,6 @@
 				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
-		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
-		<!-- IdentityLinkSigners-->
-		<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-		<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
-		<!--/IdentityLinkSigners-->
-		<VerifyInfoboxes>
-			<!-- Zur Aktivierung der Vollmachten-Infobox Ueberpruefung ist das ? (Processing Instruction) im Element Infobox zu entfernen -->
-			<?Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true">
-        <FriendlyName>Vollmachten</FriendlyName>
-        <!--
-        <ApplicationSpecificParameters>
-          <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService">
-            <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
-            <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - ->
-          </ConnectionParameter>
-          <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/>
-          <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vertretene anmelden -->
-          <CompatibilityMode>false</CompatibilityMode>
-        </ApplicationSpecificParameters>
-        -->
-        <!-- Konfigurationsteil fuer berufliche Parteienvertretung -->
-        <ParepSpecificParameters>
-          <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> -->
-          <EnableInfoboxValidator>false</EnableInfoboxValidator>
-          <PartyRepresentation>
-            <!-- Standardklasse, die Daten vervollstaendigt -->
-            <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor-->
-            <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) -->
-            <!--AlwaysShowForm>true</AlwaysShowForm-->
-            <!-- Standard-Stammzahlenregister-Gateway -->
-            <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-              <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates-->
-              <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-            </ConnectionParameter>
-            <!-- Notare -->
-            <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"/>
-            <!-- Rechtsanwaelte -->
-            <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/>
-            <!-- Ziviltechniker -->
-            <!--
-            <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)">
-              <!- - Standardklasse, die Daten vervollstaendigt - ->
-              <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- ->
-              <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - ->
-              <!- - AlwaysShowForm>true</AlwaysShowForm- ->
-              <!- - Spezifisches-Stammzahlenregister-Gateway - ->
-              <ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/MandateCreation">
-                <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- ->
-                <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>
-              </ConnectionParameter>
-            </PartyRepresentative>
-            -->
-          </PartyRepresentation>
-        </ParepSpecificParameters>
-      </Infobox?>
-		</VerifyInfoboxes>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
@@ -180,7 +124,9 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+	<!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
 	<TrustedBKUs>
+		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 	</TrustedBKUs>
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
index fd6004811..7fae15b7c 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
@@ -1,6 +1,7 @@
 <sl10:TransformsInfo>
 	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
 				<xsl:output method="xml" xml:space="default"/>
 				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
 					<html>
@@ -12,139 +13,156 @@
 								.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: medium; } 
 								.h4style{ font-size: large; font-family: Verdana; }                                                                                      
               				</style>
-              			</head>
-						<body>																					
-							<h4 class="h4style">Anmeldedaten:</h4>																					
-							
-							<p class="titlestyle">Daten zur Person</p>																					
-							<table class="parameters">                		    						
+						</head>
+						<body>
+							<h4 class="h4style">Anmeldedaten:</h4>
+							<p class="titlestyle">Daten zur Person</p>
+							<table class="parameters">
 								<xsl:if test="normalize-space(//@Issuer)">
-			      						<tr>
-			      							<td class="italicstyle">Name:</td>
-			      							<td class="normalstyle">
-			      								<xsl:value-of select="//@Issuer"/>
-			      							</td>
-			      						</tr>
-		      						</xsl:if>
-			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
-			      						<tr>
-			      							<td class="italicstyle">Geburtsdatum:</td>
-			      							<td class="normalstyle">
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
-			      							</td>
-			      						</tr>
-			      					</xsl:if>
-			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">Rolle:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
-			      						</tr>
-			      					</xsl:if>
+									<tr>
+										<td class="italicstyle">Name:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//@Issuer"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+									<tr>
+										<td class="italicstyle">Geburtsdatum:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+											<xsl:text>.</xsl:text>
+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+											<xsl:text>.</xsl:text>
+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+									<tr>
+										<td class="italicstyle">Rolle:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+									<tr>
+										<td class="italicstyle">Vollmacht:</td>
+										<td class="normalstyle">
+											<xsl:text>Ich bin weiters ermächtigt als </xsl:text>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+											<xsl:text> von </xsl:text>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+												<xsl:text>, geboren am </xsl:text>
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+												<xsl:text>.</xsl:text>
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+												<xsl:text>.</xsl:text>
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+											</xsl:if>
+											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+												<xsl:text>, </xsl:text>
+												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+											</xsl:if>
+											<xsl:text>, in deren Auftrag zu handeln.</xsl:text>
+										</td>
+									</tr>
+								</xsl:if>
 							</table>
-							
-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-								<hr/>								
-									<xsl:text>Ich bin weiters ermächtigt als </xsl:text> 
-									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-									<xsl:text> von </xsl:text>
-									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-										<xsl:text>, geboren am </xsl:text> 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-										<xsl:text>, </xsl:text>
-										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>
-									<xsl:text>, in deren Auftrag zu handeln.</xsl:text>																
-								<p/>
-							</xsl:if>
-														                
-              <p class="titlestyle">Daten zur Anwendung</p>     																												
-							<table class="parameters">							  
-                <tr>
-		      							<td class="italicstyle">Name:</td>
-		      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
-								</tr>								
-		    						<tr>
-		      							<td class="italicstyle">Staat:</td>
-		      							<td class="normalstyle">Österreich</td>
-		    						</tr>        																
-							</table>													
-														
-							<p class="titlestyle">Technische Parameter</p>     	
-							<table class="parameters">														 
+							<p class="titlestyle">Daten zur Anwendung</p>
+							<table class="parameters">
+								<tr>
+									<td class="italicstyle">Name:</td>
+									<td class="normalstyle">
+										<xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/>
+									</td>
+								</tr>
+								<tr>
+									<td class="italicstyle">Staat:</td>
+									<td class="normalstyle">Österreich</td>
+								</tr>
+							</table>
+							<p class="titlestyle">Technische Parameter</p>
+							<table class="parameters">
 								<tr>
-		    							<td class="italicstyle">URL:</td>
-		    							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+									<td class="italicstyle">URL:</td>
+									<td class="normalstyle">
+										<xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+									</td>
 								</tr>
 								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
-			      						<tr>
-			      							<td class="italicstyle">Bereich:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
-			      						</tr>
-      								</xsl:if>
-      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
-			      						<tr>
-			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
-			      						</tr>
-      								</xsl:if>    
-		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifikator:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							</td>			      															
-			      						</tr>
-		    						</xsl:if>  
-		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifikator des Vollmachtgebers:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></td>			      															
-			      						</tr>
-		    						</xsl:if>		    						
-                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">OID:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td>
-			      						</tr>
-			      					</xsl:if> 
+									<tr>
+										<td class="italicstyle">Bereich:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+									<tr>
+										<td class="italicstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+									<tr>
+										<td class="italicstyle">Identifikator:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+									<tr>
+										<td class="italicstyle">Identifikator des Vollmachtgebers:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+									<tr>
+										<td class="italicstyle">OID:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
 								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-			      						<tr>
-			      							<td class="italicstyle">HPI:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
-			      						</tr>
-								</xsl:if>     
+									<tr>
+										<td class="italicstyle">HPI:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
 								<tr>
-		    							<td class="italicstyle">Datum:</td>
-		    							<td class="normalstyle">
-		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
-		    							</td>
-		    						</tr>
-		    						<tr>
-		    							<td class="italicstyle">Uhrzeit:</td>
-		    							<td class="normalstyle">
-		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
-		    							</td>
-    								</tr>
-							</table>																																			
+									<td class="italicstyle">Datum:</td>
+									<td class="normalstyle">
+										<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+									</td>
+								</tr>
+								<tr>
+									<td class="italicstyle">Uhrzeit:</td>
+									<td class="normalstyle">
+										<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+										<xsl:text>:</xsl:text>
+										<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+										<xsl:text>:</xsl:text>
+										<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+									</td>
+								</tr>
+							</table>
 						</body>
 					</html>
 				</xsl:template>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
index 4e2b9444c..17691ca8d 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
@@ -1,6 +1,7 @@
 <sl10:TransformsInfo>
 	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
 				<xsl:output method="xml" xml:space="default"/>
 				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
 					<html>
@@ -13,138 +14,155 @@
 								.h4style{ font-size: large; font-family: Verdana; }                                                                                      
               				</style>
 						</head>
-						<body>																					
-							<h4 class="h4style">Authentication Data:</h4>																					
-							
-							<p class="titlestyle">Personal Data</p>																					
-							<table class="parameters">                		    						
+						<body>
+							<h4 class="h4style">Authentication Data:</h4>
+							<p class="titlestyle">Personal Data</p>
+							<table class="parameters">
 								<xsl:if test="normalize-space(//@Issuer)">
-			      						<tr>
-			      							<td class="italicstyle">Name:</td>
-			      							<td class="normalstyle">
-			      								<xsl:value-of select="//@Issuer"/>
-			      							</td>
-			      						</tr>
-		      						</xsl:if>
-			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
-			      						<tr>
-			      							<td class="italicstyle">Date of Birth:</td>
-			      							<td class="normalstyle">
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
-			      							</td>
-			      						</tr>
-			      					</xsl:if>
-			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">Role:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
-			      						</tr>
-			      					</xsl:if>
+									<tr>
+										<td class="italicstyle">Name:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//@Issuer"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+									<tr>
+										<td class="italicstyle">Date of Birth:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+											<xsl:text>.</xsl:text>
+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+											<xsl:text>.</xsl:text>
+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+									<tr>
+										<td class="italicstyle">Role:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+									<tr>
+										<td class="italicstyle">Mandate:</td>
+										<td class="normalstyle">
+											<xsl:text>I am also authorized as </xsl:text>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+											<xsl:text> of </xsl:text>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+												<xsl:text>, born on </xsl:text>
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+												<xsl:text>.</xsl:text>
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+												<xsl:text>.</xsl:text>
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+											</xsl:if>
+											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+												<xsl:text>, </xsl:text>
+												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+											</xsl:if>
+											<xsl:text>, to act on their behalf.</xsl:text>
+										</td>
+									</tr>
+								</xsl:if>
 							</table>
-							
-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-								<hr/>								
-									<xsl:text>I am also authorized as </xsl:text> 
-									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-									<xsl:text> of </xsl:text>
-									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-										<xsl:text>, born on </xsl:text> 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-										<xsl:text>, </xsl:text>
-										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>
-									<xsl:text>, to act on their behalf.</xsl:text>																
-								<p/>
-							</xsl:if>
-														                
-              <p class="titlestyle">Application Data</p>     																												
-							<table class="parameters">							  
-                <tr>
-		      							<td class="italicstyle">Name:</td>
-		      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
-								</tr>								
-		    						<tr>
-		      							<td class="italicstyle">Country:</td>
-		      							<td class="normalstyle">Austria</td>
-		    						</tr>        																
-							</table>													
-														
-							<p class="titlestyle">Technical Parameters</p>     	
-							<table class="parameters">														 
+							<p class="titlestyle">Application Data</p>
+							<table class="parameters">
+								<tr>
+									<td class="italicstyle">Name:</td>
+									<td class="normalstyle">
+										<xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/>
+									</td>
+								</tr>
+								<tr>
+									<td class="italicstyle">Country:</td>
+									<td class="normalstyle">Austria</td>
+								</tr>
+							</table>
+							<p class="titlestyle">Technical Parameters</p>
+							<table class="parameters">
 								<tr>
-		    							<td class="italicstyle">URL:</td>
-		    							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+									<td class="italicstyle">URL:</td>
+									<td class="normalstyle">
+										<xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+									</td>
 								</tr>
 								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
-			      						<tr>
-			      							<td class="italicstyle">Sector:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
-			      						</tr>
-      								</xsl:if>
-      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
-			      						<tr>
-			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
-			      						</tr>
-      								</xsl:if>    
-		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifier:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							</td>			      															
-			      						</tr>
-		    						</xsl:if>  
-		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifier of the principal:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></td>			      															
-			      						</tr>
-		    						</xsl:if>		    						
-                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">OID:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td>
-			      						</tr>
-			      					</xsl:if> 
+									<tr>
+										<td class="italicstyle">Sector:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+									<tr>
+										<td class="italicstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+									<tr>
+										<td class="italicstyle">Identifier:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+									<tr>
+										<td class="italicstyle">Identifier of the principal:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+									<tr>
+										<td class="italicstyle">OID:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
 								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-			      						<tr>
-			      							<td class="italicstyle">HPI:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
-			      						</tr>
-								</xsl:if>     
+									<tr>
+										<td class="italicstyle">HPI:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
 								<tr>
-		    							<td class="italicstyle">Date:</td>
-		    							<td class="normalstyle">
-		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
-		    							</td>
-		    						</tr>
-		    						<tr>
-		    							<td class="italicstyle">Time:</td>
-		    							<td class="normalstyle">
-		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
-		    							</td>
-    								</tr>
-							</table>																																			
+									<td class="italicstyle">Date:</td>
+									<td class="normalstyle">
+										<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+									</td>
+								</tr>
+								<tr>
+									<td class="italicstyle">Time:</td>
+									<td class="normalstyle">
+										<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+										<xsl:text>:</xsl:text>
+										<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+										<xsl:text>:</xsl:text>
+										<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+									</td>
+								</tr>
+							</table>
 						</body>
 					</html>
 				</xsl:template>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
index db638d545..24b0bfc38 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
@@ -1,7 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
 	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
 				<xsl:output method="xml" xml:space="default"/>
 				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
 					<html>
@@ -13,139 +14,156 @@
 								.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: medium; } 
 								.h4style{ font-size: large; font-family: Verdana; }                                                                                      
               				</style>
-              			</head>
-						<body>																					
-							<h4 class="h4style">Anmeldedaten:</h4>																					
-							
-							<p class="titlestyle">Daten zur Person</p>																					
-							<table class="parameters">                		    						
+						</head>
+						<body>
+							<h4 class="h4style">Anmeldedaten:</h4>
+							<p class="titlestyle">Daten zur Person</p>
+							<table class="parameters">
 								<xsl:if test="normalize-space(//@Issuer)">
-			      						<tr>
-			      							<td class="italicstyle">Name:</td>
-			      							<td class="normalstyle">
-			      								<xsl:value-of select="//@Issuer"/>
-			      							</td>
-			      						</tr>
-		      						</xsl:if>
-			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
-			      						<tr>
-			      							<td class="italicstyle">Geburtsdatum:</td>
-			      							<td class="normalstyle">
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
-			      							</td>
-			      						</tr>
-			      					</xsl:if>
-			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">Rolle:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
-			      						</tr>
-			      					</xsl:if>
+									<tr>
+										<td class="italicstyle">Name:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//@Issuer"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+									<tr>
+										<td class="italicstyle">Geburtsdatum:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+											<xsl:text>.</xsl:text>
+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+											<xsl:text>.</xsl:text>
+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+									<tr>
+										<td class="italicstyle">Rolle:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+									<tr>
+										<td class="italicstyle">Vollmacht:</td>
+										<td class="normalstyle">
+											<xsl:text>Ich bin weiters ermächtigt als </xsl:text>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+											<xsl:text> von </xsl:text>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+												<xsl:text>, geboren am </xsl:text>
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+												<xsl:text>.</xsl:text>
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+												<xsl:text>.</xsl:text>
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+											</xsl:if>
+											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+												<xsl:text>, </xsl:text>
+												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+											</xsl:if>
+											<xsl:text>, in deren Auftrag zu handeln.</xsl:text>
+										</td>
+									</tr>
+								</xsl:if>
 							</table>
-							
-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-								<hr/>								
-									<xsl:text>Ich bin weiters ermächtigt als </xsl:text> 
-									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-									<xsl:text> von </xsl:text>
-									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-										<xsl:text>, geboren am </xsl:text> 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-										<xsl:text>, </xsl:text>
-										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>
-									<xsl:text>, in deren Auftrag zu handeln.</xsl:text>																
-								<p/>
-							</xsl:if>
-														                
-              <p class="titlestyle">Daten zur Anwendung</p>     																												
-							<table class="parameters">							  
-                <tr>
-		      							<td class="italicstyle">Name:</td>
-		      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
-								</tr>								
-		    						<tr>
-		      							<td class="italicstyle">Staat:</td>
-		      							<td class="normalstyle">Österreich</td>
-		    						</tr>        																
-							</table>													
-														
-							<p class="titlestyle">Technische Parameter</p>     	
-							<table class="parameters">														 
+							<p class="titlestyle">Daten zur Anwendung</p>
+							<table class="parameters">
+								<tr>
+									<td class="italicstyle">Name:</td>
+									<td class="normalstyle">
+										<xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/>
+									</td>
+								</tr>
+								<tr>
+									<td class="italicstyle">Staat:</td>
+									<td class="normalstyle">Österreich</td>
+								</tr>
+							</table>
+							<p class="titlestyle">Technische Parameter</p>
+							<table class="parameters">
 								<tr>
-		    							<td class="italicstyle">URL:</td>
-		    							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+									<td class="italicstyle">URL:</td>
+									<td class="normalstyle">
+										<xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+									</td>
 								</tr>
 								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
-			      						<tr>
-			      							<td class="italicstyle">Bereich:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
-			      						</tr>
-      								</xsl:if>
-      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
-			      						<tr>
-			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
-			      						</tr>
-      								</xsl:if>    
-		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifikator:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							</td>			      															
-			      						</tr>
-		    						</xsl:if>  
-		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifikator des Vollmachtgebers:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></td>			      															
-			      						</tr>
-		    						</xsl:if>		    						
-                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">OID:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td>
-			      						</tr>
-			      					</xsl:if> 
+									<tr>
+										<td class="italicstyle">Bereich:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+									<tr>
+										<td class="italicstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+									<tr>
+										<td class="italicstyle">Identifikator:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+									<tr>
+										<td class="italicstyle">Identifikator des Vollmachtgebers:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+									<tr>
+										<td class="italicstyle">OID:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
 								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-			      						<tr>
-			      							<td class="italicstyle">HPI:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
-			      						</tr>
-								</xsl:if>     
+									<tr>
+										<td class="italicstyle">HPI:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
 								<tr>
-		    							<td class="italicstyle">Datum:</td>
-		    							<td class="normalstyle">
-		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
-		    							</td>
-		    						</tr>
-		    						<tr>
-		    							<td class="italicstyle">Uhrzeit:</td>
-		    							<td class="normalstyle">
-		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
-		    							</td>
-    								</tr>
-							</table>																																			
+									<td class="italicstyle">Datum:</td>
+									<td class="normalstyle">
+										<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+									</td>
+								</tr>
+								<tr>
+									<td class="italicstyle">Uhrzeit:</td>
+									<td class="normalstyle">
+										<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+										<xsl:text>:</xsl:text>
+										<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+										<xsl:text>:</xsl:text>
+										<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+									</td>
+								</tr>
+							</table>
 						</body>
 					</html>
 				</xsl:template>
@@ -153,4 +171,4 @@
 		</dsig:Transform>
 		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
 	</dsig:Transforms>
-	</VerifyTransformsInfoProfile>
+</VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
index 6db367871..207296d52 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
@@ -1,7 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
 	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
-		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
+		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
 				<xsl:output method="xml" xml:space="default"/>
 				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
 					<html>
@@ -14,138 +15,155 @@
 								.h4style{ font-size: large; font-family: Verdana; }                                                                                      
               				</style>
 						</head>
-						<body>																					
-							<h4 class="h4style">Authentication Data:</h4>																					
-							
-							<p class="titlestyle">Personal Data</p>																					
-							<table class="parameters">                		    						
+						<body>
+							<h4 class="h4style">Authentication Data:</h4>
+							<p class="titlestyle">Personal Data</p>
+							<table class="parameters">
 								<xsl:if test="normalize-space(//@Issuer)">
-			      						<tr>
-			      							<td class="italicstyle">Name:</td>
-			      							<td class="normalstyle">
-			      								<xsl:value-of select="//@Issuer"/>
-			      							</td>
-			      						</tr>
-		      						</xsl:if>
-			      					<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
-			      						<tr>
-			      							<td class="italicstyle">Date of Birth:</td>
-			      							<td class="normalstyle">
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
-			      								<xsl:text>.</xsl:text>
-			      								<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
-			      							</td>
-			      						</tr>
-			      					</xsl:if>
-			      					<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">Role:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td>
-			      						</tr>
-			      					</xsl:if>
+									<tr>
+										<td class="italicstyle">Name:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//@Issuer"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
+									<tr>
+										<td class="italicstyle">Date of Birth:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
+											<xsl:text>.</xsl:text>
+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
+											<xsl:text>.</xsl:text>
+											<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+									<tr>
+										<td class="italicstyle">Role:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+									<tr>
+										<td class="italicstyle">Mandate:</td>
+										<td class="normalstyle">
+											<xsl:text>I am also authorized as </xsl:text>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
+											<xsl:text> of </xsl:text>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
+											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
+												<xsl:text>, born on </xsl:text>
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
+												<xsl:text>.</xsl:text>
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
+												<xsl:text>.</xsl:text>
+												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
+											</xsl:if>
+											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
+												<xsl:text>, </xsl:text>
+												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
+											</xsl:if>
+											<xsl:text>, to act on their behalf.</xsl:text>
+										</td>
+									</tr>
+								</xsl:if>
 							</table>
-							
-							<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
-								<hr/>								
-									<xsl:text>I am also authorized as </xsl:text> 
-									<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-									<xsl:text> of </xsl:text>
-									<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-										<xsl:text>, born on </xsl:text> 
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
-										<xsl:text>.</xsl:text>
-										<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-									</xsl:if>
-									<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-										<xsl:text>, </xsl:text>
-										<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-									</xsl:if>
-									<xsl:text>, to act on their behalf.</xsl:text>																
-								<p/>
-							</xsl:if>
-														                
-              <p class="titlestyle">Application Data</p>     																												
-							<table class="parameters">							  
-                <tr>
-		      							<td class="italicstyle">Name:</td>
-		      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td>
-								</tr>								
-		    						<tr>
-		      							<td class="italicstyle">Country:</td>
-		      							<td class="normalstyle">Austria</td>
-		    						</tr>        																
-							</table>													
-														
-							<p class="titlestyle">Technical Parameters</p>     	
-							<table class="parameters">														 
+							<p class="titlestyle">Application Data</p>
+							<table class="parameters">
+								<tr>
+									<td class="italicstyle">Name:</td>
+									<td class="normalstyle">
+										<xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/>
+									</td>
+								</tr>
+								<tr>
+									<td class="italicstyle">Country:</td>
+									<td class="normalstyle">Austria</td>
+								</tr>
+							</table>
+							<p class="titlestyle">Technical Parameters</p>
+							<table class="parameters">
 								<tr>
-		    							<td class="italicstyle">URL:</td>
-		    							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td>
+									<td class="italicstyle">URL:</td>
+									<td class="normalstyle">
+										<xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+									</td>
 								</tr>
 								<xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
-			      						<tr>
-			      							<td class="italicstyle">Sector:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td>
-			      						</tr>
-      								</xsl:if>
-      								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
-			      						<tr>
-			      							<td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td>
-			      						</tr>
-      								</xsl:if>    
-		    						<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifier:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							    <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
-			      							</td>			      															
-			      						</tr>
-		    						</xsl:if>  
-		    						<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-			      						<tr>    						
-			      							<td class="italicstyle">Identifier of the principal:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/></td>			      															
-			      						</tr>
-		    						</xsl:if>		    						
-                    <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
-			      						<tr>
-			      							<td class="italicstyle">OID:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td>
-			      						</tr>
-			      					</xsl:if> 
+									<tr>
+										<td class="italicstyle">Sector:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
+									<tr>
+										<td class="italicstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
+									<tr>
+										<td class="italicstyle">Identifier:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+											<xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
+									<tr>
+										<td class="italicstyle">Identifier of the principal:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
+										</td>
+									</tr>
+								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
+									<tr>
+										<td class="italicstyle">OID:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
 								<xsl:if test="//saml:Attribute[@AttributeName='HPI']">
-			      						<tr>
-			      							<td class="italicstyle">HPI:</td>
-			      							<td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td>
-			      						</tr>
-								</xsl:if>     
+									<tr>
+										<td class="italicstyle">HPI:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
+										</td>
+									</tr>
+								</xsl:if>
 								<tr>
-		    							<td class="italicstyle">Date:</td>
-		    							<td class="normalstyle">
-		    								<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
-		    								<xsl:text>.</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
-		    							</td>
-		    						</tr>
-		    						<tr>
-		    							<td class="italicstyle">Time:</td>
-		    							<td class="normalstyle">
-		    								<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
-		    								<xsl:text>:</xsl:text>
-		    								<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
-		    							</td>
-    								</tr>
-							</table>																																			
+									<td class="italicstyle">Date:</td>
+									<td class="normalstyle">
+										<xsl:value-of select="substring(//@IssueInstant,9,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//@IssueInstant,6,2)"/>
+										<xsl:text>.</xsl:text>
+										<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+									</td>
+								</tr>
+								<tr>
+									<td class="italicstyle">Time:</td>
+									<td class="normalstyle">
+										<xsl:value-of select="substring(//@IssueInstant,12,2)"/>
+										<xsl:text>:</xsl:text>
+										<xsl:value-of select="substring(//@IssueInstant,15,2)"/>
+										<xsl:text>:</xsl:text>
+										<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+									</td>
+								</tr>
+							</table>
 						</body>
 					</html>
 				</xsl:template>
@@ -153,4 +171,4 @@
 		</dsig:Transform>
 		<dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
 	</dsig:Transforms>
-	</VerifyTransformsInfoProfile>
+</VerifyTransformsInfoProfile>
diff --git a/id/server/doc/MOA-ID-Configuration-1.5.0.xsd b/id/server/doc/MOA-ID-Configuration-1.5.0.xsd
index 9078bab98..c5d6f0b07 100644
--- a/id/server/doc/MOA-ID-Configuration-1.5.0.xsd
+++ b/id/server/doc/MOA-ID-Configuration-1.5.0.xsd
@@ -190,7 +190,7 @@
 				<xsd:element name="TrustedBKUs" minOccurs="0">
 					<xsd:complexType>
 						<xsd:sequence>
-							<xsd:element name="BKUURL" maxOccurs="unbounded" type="xsd:anyURI"/>
+							<xsd:element name="BKUURL" type="xsd:anyURI" maxOccurs="unbounded"/>
 						</xsd:sequence>
 					</xsd:complexType>
 				</xsd:element>
@@ -277,7 +277,18 @@
 					<xsd:sequence>
 						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
 							<xsd:annotation>
-								<xsd:documentation>Default Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>
+								<xsd:documentation>Verbindungsparameter zum SZR-Gateway (GetIdentityLink)</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="OnlineMandates" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+							<xsd:annotation>
+								<xsd:documentation>Verbindungsparameter zum Online-Vollmachten-Service</xsd:documentation>
 							</xsd:annotation>
 						</xsd:element>
 					</xsd:sequence>
diff --git a/id/server/doc/moa_id/id-admin.htm b/id/server/doc/moa_id/id-admin.htm
index 31500f6f0..7192f02e2 100644
--- a/id/server/doc/moa_id/id-admin.htm
+++ b/id/server/doc/moa_id/id-admin.htm
@@ -239,14 +239,17 @@ Die Versionsangaben beziehen sich auf die Versionen, mit denen die MOA ID Webapp
                           <td width="59%"><b>JDK (SDK)</b> </td>
                           <td width="41%"><p>min. <a href="http://java.sun.com/j2se/1.4.0/download.html">1.4.0</a> bzw. <a href="http://java.sun.com/j2se/1.4.2/download.html"><br>
                           1.4.2</a><br/>
-						  <a href="http://java.sun.com/j2se/1.5.0/download.html">1.5.0</a></p>
+						  <a href="http://java.sun.com/j2se/1.5.0/download.html">1.5.0</a><br/>
+                          <a href="http://www.oracle.com/technetwork/java/javase/downloads/index.html">1.6.0</a>
+                          </p>
                           </td>
                         </tr>
                         <tr>
                           <td width="59%" height="21"><b>Tomcat</b></td>
                           <td width="41%" height="21">
                             <p><a href="http://archive.apache.org/dist/tomcat/tomcat-4/v4.1.31/bin/jakarta-tomcat-4.1.31.zip">4.1.31</a><br/>
-							<a href="http://gd.tuwien.ac.at/infosys/servers/http/apache/dist/tomcat/tomcat-5/v5.0.28/bin/jakarta-tomcat-5.0.28.zip">5.0.28</a></p>
+							<a href="http://tomcat.apache.org/download-55.cgi">5.5.x</a><br/>
+                            <a href="http://tomcat.apache.org/download-60.cgi">6.0.x</a></p>
                           </td>
                         </tr>
                         <tr>
diff --git a/id/server/doc/moa_id/id-admin_1.htm b/id/server/doc/moa_id/id-admin_1.htm
index 12e445fe2..2b3ade1ed 100644
--- a/id/server/doc/moa_id/id-admin_1.htm
+++ b/id/server/doc/moa_id/id-admin_1.htm
@@ -120,8 +120,9 @@ Unterschiede sind in der Installationsanweisung angef&uuml;hrt.
               der Download-Seite des jeweiligen JDK in der Sektion "Other
               Downloads". D.h. JDK <a href="http://java.sun.com/j2se/1.4.0/download.html">
               hier f&uuml;r 1.4.0</a>, das JDK <a href="http://java.sun.com/j2se/1.4.2/download.html">hier
-              f&uuml;r 1.4.2</a> bzw. das JDK <a href="http://java.sun.com/j2se/1.5.0/download.html">hier
-              f&uuml;r 1.5.0</a>.</p>
+              f&uuml;r 1.4.2</a>, das JDK <a href="http://java.sun.com/j2se/1.5.0/download.html">hier
+              f&uuml;r 1.5.0</a> bzw. das JDK <a href="http://www.oracle.com/technetwork/java/javase/downloads/index.html">hier
+              f&uuml;r 1.6.0</a></p>
       </div>
 
 </td></tr></table>
diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm
index 4268565c0..bc4709f02 100644
--- a/id/server/doc/moa_id/id-admin_2.htm
+++ b/id/server/doc/moa_id/id-admin_2.htm
@@ -80,6 +80,8 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
 <a href="#MOA-SP">&nbsp;&nbsp;MOA-SP</a><br />
 <a href="#IdentityLinkSigners">&nbsp;&nbsp;IdentityLinkSigners</a><br />
 <a href="#VerifyInfoboxesAuth">&nbsp;&nbsp;VerifyInfoboxes</a><br />
+<a href="#ForeignIdentitiesAuth">&nbsp;&nbsp;ForeignIdentities</a><br />
+<a href="#AuthComponent_OnlineMandates">&nbsp;&nbsp;OnlineMandates</a><br />
 <a href="#ProxyComponent">ProxyComponent</a><br />
 <a href="#OnlineApplication">OnlineApplication</a><br />
 <a href="#OnlineApplication/AuthComponent">&nbsp;&nbsp;AuthComponent</a><br />
@@ -125,9 +127,6 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
             <a href="../MOA-ID-Configuration-1.5.0.xsd" target="_new">MOA-ID-Configuration-1.5.0.xsd</a> entspricht, durchgef&uuml;hrt.
         <p /> Der Ort der Konfigurationsdatei wird im Abschnitt <a href="id-admin_1.htm#deployment">Deployment
             der Web-Applikation in Tomcat</a> beschrieben.
-          <p /> @TODO Die folgenden Abschnitte erl&auml;utern das Format der Konfigurationsdatei.
-            <a href="examples/conf/MOA-ID-Configuration.xml" target="_new">MOA-ID-Configuration.xml</a>
-            zeigt ein Beispiel f&uuml;r eine umfassende Konfigurationsdatei. </p>
           <p>Enth&auml;lt die Konfigurationsdatei relative Pfadangaben, werden
             diese relativ zum Verzeichnis, in dem sich die MOA-ID Konfigurationsdatei
             befindet, interpretiert.<br>
@@ -187,8 +186,9 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                 <li><tt>IdentityLinkSigners</tt></li>
                 <li><tt>VerifyInfoboxes</tt> (optional ab Version 1.4)</li>
                 <li><tt>ForeignIdentities</tt></li>
+                <li><tt>OnlineMandates</tt></li>
               </ul>
-      <p></p>
+<p></p>
               <div id="BKUSelection" />
                 <p id="block"> <b>AuthComponent/BKUSelection</b> <br />
                   Das optionale Element <tt>BKUSelection</tt> enth&auml;lt Parameter
@@ -529,9 +529,15 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                       <a href="#VerifyInfoboxesOA">OnlineApplication/AuthComponent/VerifyInfoboxes</a>.
                       <br />
                   </p>
+                                  <div id="ForeignIdentitiesAuth" />
                     <p><b>AuthComponent/ForeignIdentities</b> <br />
-Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;ndischen Karten. Hierf&uuml;r ist ein Stammzahlenregister-Gateway n&ouml;tig, dass einen entsprechenden Zugang zum Stammzahlenregister bereitstellt. Es ist hierzu ein ensprechenden <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> zu definieren, der die Zugangsdaten zum Gateway bereith&auml;lt (siehe <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>). In der Default-Konfiguration ist der Zugang zum Stammzahlenregister-Gateway bereits aktiviert. Es muss nur noch das Client-Zertifikat f&uuml;r die SSL-Verbinung zum Gateway angegeben werden. Voraussetzung daf&uuml;r ist ein Zertifikat von A-Trust bzw. A-CERT mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erf&uuml;llt, k&ouml;nnen Sie dieses hier angeben.<br />
+Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;ndischen Karten. Hierf&uuml;r ist ein Stammzahlenregister-Gateway n&ouml;tig, dass einen entsprechenden Zugang zum Stammzahlenregister bereitstellt. Es ist hierzu ein ensprechender <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> zu definieren, der die Zugangsdaten zum Gateway bereith&auml;lt (siehe <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>). In der Default-Konfiguration ist der Zugang zum Stammzahlenregister-Gateway bereits aktiviert. Es muss nur noch das Client-Zertifikat f&uuml;r die SSL-Verbinung zum Gateway angegeben werden. Voraussetzung daf&uuml;r ist ein Zertifikat von A-Trust bzw. A-CERT mit Verwaltungseigenschaft  oder Dienstleistereigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erf&uuml;llt, k&ouml;nnen Sie dieses hier angeben.<br />
                     </p>
+                    <p><b><div id="AuthComponent_OnlineMandates">AuthComponent/OnlineMandates</div></b> <br />
+Ab Version 1.5.0 bietet MOA-ID die M&ouml;glichkeit der Nutzung von Online-Vollmachten f&uuml;r Anwendungen aus dem &ouml;ffentlichen Bereich. Hierf&uuml;r ist ein Online-Vollmachten-Service n&ouml;tig. Es ist hierzu ein ensprechender <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a> zu definieren, der die Zugangsdaten zum Online-Vollmachten-Service bereith&auml;lt (siehe <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>). In der Default-Konfiguration ist der Zugang zum Online-Vollmachten-Service bereits aktiviert. Es muss nur noch das Client-Zertifikat f&uuml;r die SSL-Verbinung zum Service angegeben werden. Voraussetzung daf&uuml;r ist ein Zertifikat von A-Trust bzw. A-CERT mit Verwaltungseigenschaft oder Dienstleistereigenschaft. Wenn ihr MOA-ID Zertifikat diese Voraussetzung erf&uuml;llt, k&ouml;nnen Sie dieses hier angeben.<br />
+Hinweis: Um den Online-Vollmachten Modus f&uuml;r eine Online Applikation zu aktivieren, m&uuml;ssen Sie das Vollmachten Profil angeben - siehe <a href="#OnlineApplication/AuthComponent/Mandates">hier</a>.
+
+      </p>
 <p id="block"> <b>ProxyComponent</b> <br />
                           <tt>ProxyComponent</tt> enth&auml;lt Parameter, die
                           nur die MOA-ID Proxykomponente betreffen. Das Element
@@ -923,7 +929,16 @@ Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;nd
                             <br />
                           </p>
                         </div>
-                            </p>
+                        
+                        <div id="OnlineApplication/AuthComponent/Mandates" />
+                            <p id="block"> <b>OnlineApplication/AuthComponent/Mandates</b>
+                              <br />
+                              Mit Hilfe diese Elements werden die Online-Vollmachten f&uuml;r die Online-Applikation aktiviert. 
+                              Als Kindelement muss <tt>Profiles</tt> angegeben werden. Diese Element beinhaltet eine (Komma-separierte)
+                              Liste von Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstyp man sich bei der Online-Applikation anmelden kann.<br/>
+                              Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren - siehe <a href="#AuthComponent_OnlineMandates">hier</a>                              
+</p>                            
+                            
                             </div>
                             <div id="OnlineApplication/ProxyComponent" />
                               <p id="block"> <b>OnlineApplication/ProxyComponent</b>
@@ -1159,7 +1174,7 @@ Ab Version 1.4.7 bietet MOA-ID die M&ouml;glichkeit der Nutzung von ausl&auml;nd
                                     <p id="block"> <b>TrustedBKUs</b><br />
                                       Das Element <tt>TrustedBKUs</tt>
                                       erm&ouml;glicht das Setzen von vertrauensw&uuml;rdigen B&uuml;rgerkartenumgebungen.
-                                      In den <tt>BKUURL</tt> Unterelement werden die vertrauensw&uuml;rdigen URLs eingetragen. Diese Liste an URL wird mit dem Parameter bkuURI abgeglichen. Lokale B&uuml;rgerkartenumgebungn m&uuml;ssen nicht eingetragen werden - diesen wird automatisch vertraut.
+                                      In <tt>BKUURL</tt> Unterelementen werden die vertrauensw&uuml;rdigen URLs eingetragen. Diese Liste an URL wird mit dem Parameter bkuURI abgeglichen. Lokale B&uuml;rgerkartenumgebungn m&uuml;ssen nicht eingetragen werden - diesen wird automatisch vertraut.
 </p>
 </div>
                                 </div>
diff --git a/id/server/doc/moa_id/id-anwendung_1.htm b/id/server/doc/moa_id/id-anwendung_1.htm
index 637d28253..041cd437a 100644
--- a/id/server/doc/moa_id/id-anwendung_1.htm
+++ b/id/server/doc/moa_id/id-anwendung_1.htm
@@ -73,13 +73,14 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
 Der Aufruf erfolgt durch einen Verweis der Form: </div>
 <pre>&lt;a href=&quot;https://&lt;moa-id-server-und-pfad&gt;/
 StartAuthentication?Target=&lt;gesch&auml;ftsbereich&gt;
-&OA=&lt;oa-url&gt;&Template=&lt;template-url&gt;&quot;&gt;</pre>
+&OA=&lt;oa-url&gt;&Template=&lt;template-url&gt;&amp;useMandate=false&quot;&gt;</pre>
 <table border="1"><tbody valign="baseline">
 <tr>
 <td id="klein">&lt;moa-id-server-und-pfad&gt;</td><td id="klein">Server und Pfad, wo MOA-ID-AUTH installiert ist</td>
 </tr>
 <tr>
-<td id="klein">Target=&lt;gesch&auml;ftsbereich&gt;</td><td id="klein">Angabe, f&uuml;r welches Verfahren der Benutzer authentisiert werden soll (siehe TODO: Link auf Verzeichnis der Gesch&auml;ftsbereich)</td>
+<td id="klein">Target=&lt;gesch&auml;ftsbereich&gt;</td>
+<td id="klein">Angabe, f&uuml;r welches Verfahren der Benutzer authentisiert werden soll</td>
 </tr>
 <tr>
 <td id="klein">OA=&lt;oa-url&gt;</td><td id="klein">Webseite, auf die der Browser nach erfolgter Authentisierung weitergeleitet werden soll</td>
@@ -87,7 +88,12 @@ StartAuthentication?Target=&lt;gesch&auml;ftsbereich&gt;
 <tr>
 <td id="klein">Template=&lt;template-url&gt;</td><td id="klein">optional; HTML-Vorlage f&uuml;r der Anmeldeseite von MOA-ID-AUTH, &uuml;ber die der B&uuml;rger den Authentisierungsvorgang startet. &Uuml;ber diesen Parameter kann das Aussehen der Anmeldeseite an das Aussehen der Online-Applikation angepasst werden.</td>
 </tr>
-</tbody></table>
+<tr>
+  <td id="klein">useMandate=&lt;true/false&gt;</td>
+  <td id="klein">optional; Gibt an ob eine Anmeldung im Online-Vollmachten-Modus durchgef&uuml;hrt werden soll (=true) oder nicht (=false);</td>
+</tr>
+</tbody>
+</table>
 <br/><br/>
 
 <div id="block">
diff --git a/id/server/doc/moa_id/moa.htm b/id/server/doc/moa_id/moa.htm
index 3694bb0f3..e0da90e98 100644
--- a/id/server/doc/moa_id/moa.htm
+++ b/id/server/doc/moa_id/moa.htm
@@ -230,8 +230,14 @@ an den Benutzer weitergeleitet und die Anfragen des Benutzers an die OA weiterge
 <div id="subtitel">Erg&auml;nzung f&uuml;r ausl&auml;ndische B&uuml;rger</div>
 <div id="block">
   <p>Ab der MOA Release 1.4.7 ist es m&ouml;glich, dass sich auch ausl&auml;ndische B&uuml;rger mittels MOA-ID einloggen k&ouml;nnen. Hierzu wird eine Verbindung zu einem sogenannten Stammzahlenregister-Gateway aufgebaut, dass basierend auf den Zertifikatsdaten des ausl&auml;ndischen B&uuml;rgers eine Eintragung im Erg&auml;nzungsregister f&uuml;r nat&uuml;rliche Personen gem&auml;&szlig; E-Government Gesetz &sect;6(5) vornimmt. Somit ist es m&ouml;glich, dass eine Personenbindung ausgestellt werden kann, die in weitere Folge an MOA-ID weitergeleitet wird. </p>
-  <p>Der Zugang zu diesem Stammzahlenregister-Gateways ist &uuml;ber eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungseigenschaft versehen sind, akzeptiert. </p>
+  <p>Der Zugang zu diesem Stammzahlenregister-Gateways ist &uuml;ber eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungs- oder Dienstleistereigenschaft versehen sind, akzeptiert. </p>
   </div>
+  
+  <div id="subtitel">Online-Vollmachten</div>
+<div id="block">
+  <p>Ab der MOA Release 1.5.0 werden Online-Vollmachten (f&uuml;r Anwendungen aus dem &ouml;ffentlichen Bereich) unterst&uuml;tzt. Hierzu werden diese Vollmachten &uuml;ber eine Online-Vollmachten-Service ausgew&auml;hlt. Der Zugang zu diesem Online-Vollmachten Service ist &uuml;ber eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungs- oder Dienstleistereigenschaft versehen sind, akzeptiert. </p>
+</div>
+
 </td></tr></table>
 
 <br /><br />
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 6553182b4..eb21c2fd3 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -121,11 +121,11 @@
 			<groupId>commons-httpclient</groupId>
 			<artifactId>commons-httpclient</artifactId>
 		</dependency>-->
-		<dependency>
+		<!-- <dependency>
 			<groupId>at.gv.egovernment.moa.id</groupId>
 			<artifactId>mandate-validate</artifactId>
 			<version>1.1</version>
-		</dependency>
+		</dependency>-->
 		<dependency>
     	  <groupId>commons-lang</groupId>
 	      <artifactId>commons-lang</artifactId>
@@ -135,10 +135,11 @@
 
 	<build>
 		<plugins>
-			<plugin>
+					<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-jar-plugin</artifactId>
 				<configuration>
+				<skipTests>true</skipTests>
 					<archive>
 						<addMavenDescriptor>false</addMavenDescriptor>
 					</archive>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 64eaf30cd..a772e0457 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -15,14 +15,11 @@
 */
 package at.gv.egovernment.moa.id.auth;
 
-import iaik.ixsil.exceptions.UtilsException;
-import iaik.ixsil.util.Utils;
 import iaik.pki.PKIException;
 import iaik.x509.X509Certificate;
 
+import java.io.ByteArrayInputStream;
 import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.security.Principal;
@@ -39,10 +36,11 @@ import java.util.Vector;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.TransformerException;
 
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.xml.sax.SAXException;
 
-import HTTPClient.Util;
 import at.gv.egovernment.moa.id.AuthenticationException;
 import at.gv.egovernment.moa.id.BuildException;
 import at.gv.egovernment.moa.id.ParseException;
@@ -63,6 +61,7 @@ import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
 import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
@@ -81,6 +80,7 @@ import at.gv.egovernment.moa.id.auth.validator.ValidateException;
 import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
 import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
 import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
 import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.ConfigurationProvider;
@@ -94,6 +94,7 @@ import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
 import at.gv.egovernment.moa.logging.LogMsg;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
@@ -288,6 +289,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
    * @param oaURL online application URL requested
    * @param bkuURL URL of the "B&uuml;rgerkartenumgebung" to be used; 
    *                may be <code>null</code>; in this case, the default location will be used
+   * @param useMandate Indicates if mandate is used or not               
    * @param templateURL URL providing an HTML template for the HTML form generated
    * @param scheme determines the protocol used 
    * @return HTML form
@@ -301,6 +303,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     String oaURL,
     String templateURL,
     String bkuURL,
+    String useMandate,
     String sessionID,
     String scheme)
     throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
@@ -343,7 +346,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
       session.setAuthURL(authURL);
       session.setTemplateURL(templateURL);
-      session.setBusinessService(oaParam.getBusinessService());
+      session.setBusinessService(oaParam.getBusinessService());      
     }
     // BKU URL has not been set yet, even if session already exists
     if (bkuURL == null) {
@@ -357,8 +360,15 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
     String infoboxReadRequest = 
       new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(), 
-                                            oaParam.getBusinessService(), 
+                                            oaParam.getBusinessService(),     
                                             oaParam.getIdentityLinkDomainIdentifier());
+    
+    if ((useMandate != null) && (useMandate.compareTo("") != 0)) {
+    	session.setUseMandate(useMandate);
+    }
+    else {
+    	session.setUseMandate("false");
+    }
     String dataURL =
       new DataURLBuilder().buildDataURL(
         session.getAuthURL(),
@@ -529,6 +539,78 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
   }
   
+  
+  /**
+   * Processes an <code>Mandate</code> sent by the 
+   * MIS.<br>
+   * <ul>
+   * <li>Validates given <code>Mandate</code></li>
+   * <li>Verifies Mandate by calling the MOA SP component</li>
+   * <li>Creates an authentication block to be signed by the user</li>
+   * <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code> 
+   *      containg the authentication block, meant to be returned to the 
+   *      security layer implementation</li>
+   * </ul>
+   * 
+   * @param sessionID ID of associated authentication session data
+   * @param infoboxReadResponseParameters The parameters from the response returned from
+   *        the BKU including the <code>&lt;InfoboxReadResponse&gt;</code>
+   * @return String representation of the <code>&lt;CreateXMLSignatureRequest&gt;</code>
+   */
+  public String verifyMandate(String sessionID, MISMandate mandate)
+    throws
+      AuthenticationException,
+      BuildException,
+      ParseException,
+      ConfigurationException,
+      ValidateException,
+      ServiceException {
+
+    if (isEmpty(sessionID))
+      throw new AuthenticationException("auth.10", new Object[] { GET_MIS_SESSIONID, PARAM_SESSIONID});
+       
+    String sMandate = new String(mandate.getMandate());
+    if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) {
+    	Logger.error("Mandate is empty.");
+    	throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
+    }
+    
+    
+    AuthenticationSession session = getSession(sessionID);
+    AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+      
+    OAAuthParameter oaParam =
+      AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+        session.getPublicOAURLPrefix());
+    
+    try {
+    	// set extended SAML attributes
+		setExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService());
+	} catch (SAXException e) {
+		throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e);
+	} catch (IOException e) {
+		throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e);
+	} catch (ParserConfigurationException e) {
+		throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e);
+	} catch (TransformerException e) {
+		throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e);
+	}
+
+    
+    return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
+  }
+  
+  /**
+   * 
+   * @param session
+   * @param authConf
+   * @param oaParam
+   * @return
+   * @throws ConfigurationException
+   * @throws BuildException
+   * @throws ValidateException
+   */
   public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam)
     throws 
       ConfigurationException, 
@@ -571,6 +653,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     return createXMLSignatureRequest;
   }
   
+  
+  
   /**
    * Returns an CreateXMLSignatureRequest for signing the ERnP statement.<br>
    * <ul>
@@ -926,6 +1010,32 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     }
   }
   
+  /**
+   * Verifies the infoboxes (except of the  identity link infobox) returned by the BKU by 
+   * calling appropriate validator classes.
+   * 
+   * @param session The actual authentication session.
+   * @param mandate   The Mandate from the MIS
+   * 
+   * @throws AuthenticationException 
+   * @throws ConfigurationException  
+ * @throws TransformerException 
+ * @throws ParserConfigurationException 
+ * @throws IOException 
+ * @throws SAXException 
+   */
+  private void setExtendedSAMLAttributeForMandates(
+    AuthenticationSession session, MISMandate mandate, boolean business) 
+  throws ValidateException, ConfigurationException, SAXException, IOException, ParserConfigurationException, TransformerException
+  {
+    
+	  ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributes(mandate, business);
+	  
+	  
+	  AddAdditionalSAMLAttributes(session, extendedSamlAttributes, "MISService", "MISService");
+    
+  }
+  
   /**
    * Intermediate processing of the infoboxes. The first pending infobox 
    * validator may validate the provided input
@@ -985,7 +1095,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     int length = extendedSAMLAttributes.length; 
     for (int i=0; i<length; i++) {
       ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
+      
       Object value = verifySAMLAttribute(samlAttribute, i, identifier, friendlyName);
+      
       if ((value instanceof String) || (value instanceof Element)) {
         switch (samlAttribute.getAddToAUTHBlock()) {
           case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY:
@@ -1017,6 +1129,115 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     session.setExtendedSAMLAttributesOA(oaAttributes);
   }
 
+//  /**
+//   * Adds given SAML Attributes to the current session. They will be appended
+//   * to the final SAML Assertion or the AUTH block. If the attributes are 
+//   * already in the list, they will be replaced.
+//   * 
+//   * @param session The current session
+//   * @param extendedSAMLAttributes The SAML attributes to add
+//   * @param identifier The infobox identifier for debug purposes
+//   * @param friendlyNam The friendly name of the infobox for debug purposes
+//   */
+//  private static void AddAdditionalSAMLAttributes(AuthenticationSession session, MISMandate mandate) throws ValidateException
+//  {
+//	  
+//    List oaAttributes = session.getExtendedSAMLAttributesOA();
+//    if (oaAttributes==null) oaAttributes = new Vector();
+//    List authAttributes = session.getExtendedSAMLAttributesAUTH();
+//    if (authAttributes==null) authAttributes = new Vector();
+//    
+//    
+//    addExtendedSamlAttributes(authAttributes, mandate);
+//    
+//    session.setExtendedSAMLAttributesAUTH(authAttributes);
+//    session.setExtendedSAMLAttributesOA(oaAttributes);
+//  }
+  
+  /**
+   * Adds the AUTH block related SAML attributes to the validation result. 
+   * This is needed always before the AUTH block is to be signed, because the 
+   * name of the mandator has to be set
+ * @throws ParserConfigurationException 
+ * @throws IOException 
+ * @throws SAXException 
+ * @throws TransformerException 
+   */
+  private static ExtendedSAMLAttribute[] addExtendedSamlAttributes(MISMandate mandate, boolean business) throws SAXException, IOException, ParserConfigurationException, TransformerException {
+    
+	  Vector extendedSamlAttributes = new Vector(); 
+	  
+	  extendedSamlAttributes.clear();
+    
+	  //extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+	  // RepresentationType
+	  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTEXT, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+        
+	  // Name
+	  Element domMandate = mandateToElement(mandate);
+	  Element nameSpaceNode = domMandate.getOwnerDocument().createElement("NameSpaceNode");
+	  nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+	  nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+
+	  Element mandator = (Element) XPathAPI.selectSingleNode(domMandate, "//md:Mandate/md:Mandator", nameSpaceNode);
+    
+	  // first check if physical person
+	  Element name = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName", nameSpaceNode);
+	  String mandatorname = ParepUtils.extractMandatorName(mandator);
+	  
+	  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, mandatorname, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+	  // Geburtsdatum
+	  String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
+	  if (dob != null && !"".equals(dob)) {
+		  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));	  
+		  
+	  }
+	  
+	  // Mandate
+	  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, domMandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+	  
+	  // (w)bpk
+	  String wbpk = ParepUtils.extractMandatorWbpk(mandator);
+	  if (!ParepUtils.isEmpty(wbpk)) {
+		  if (!ParepUtils.isPhysicalPerson(mandator)){
+			  String idType = ParepUtils.extractMandatorIdentificationType(mandator);
+			  if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID)) {
+				  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+			  }
+		  } else 
+			  if (business) {
+				  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+			  }
+	  }
+	  
+	  String oid = mandate.getProfRep();
+	  if (oid != null) {
+		  String oidDescription = mandate.getTextualDescriptionOfOID();
+		  extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, oidDescription, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+	  }
+    	
+	  ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
+	  extendedSamlAttributes.copyInto(ret);
+	  Logger.debug("ExtendedSAML Attributes: " + ret.length);
+	  return ret;
+
+    
+    
+  	}
+  
+  /**
+   * 
+   * @param mandate
+   * @return
+ * @throws ParserConfigurationException 
+ * @throws IOException 
+ * @throws SAXException 
+   */
+  private static Element mandateToElement(MISMandate mandate) throws SAXException, IOException, ParserConfigurationException {
+	  ByteArrayInputStream bais = new ByteArrayInputStream(mandate.getMandate());
+	  Document doc = DOMUtils.parseDocumentSimple(bais);
+	  return doc.getDocumentElement();
+  }
   private static void replaceExtendedSAMLAttribute(List attributes, ExtendedSAMLAttribute samlAttribute) {
     if (null==attributes) {
       attributes = new Vector();
@@ -1651,6 +1872,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
   private static Object verifySAMLAttribute(ExtendedSAMLAttribute samlAttribute, int i, String identifier, String friendlyName) 
     throws ValidateException{
     String name = samlAttribute.getName();
+    
+    
     if (name == null) {
       Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + 
         identifier + "-infobox validator is null.");
@@ -1676,6 +1899,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       throw new ValidateException(
         "validator.45", new Object[] {friendlyName ,"Wert", String.valueOf((i+1)), "null"});
     }
-    return value;
+    
+        return value;
   }
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 259b21db7..35dddb476 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -60,6 +60,8 @@ public interface MOAIDAuthConstants {
   public static final String REQ_GET_FOREIGN_ID = "GetForeignID";
   /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet} is mapped to */
   public static final String REQ_VERIFY_CERTIFICATE = "VerifyCertificate";
+  /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet} is mapped to */
+  public static final String GET_MIS_SESSIONID = "GetMISSessionID";
   /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet} is mapped to */
   public static final String REQ_PROCESS_VALIDATOR_INPUT = "ProcessInput";
   /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index 2e1132d32..9bab8643f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -82,6 +82,50 @@ public class GetIdentityLinkFormBuilder extends Builder {
     "</form>" + nl +
     "</body>" + nl +
     "</html>";
+  
+  /** default HTML template */
+  private static final String DEFAULT_HTML_TEMPLATE_FOR_MANDATES = 
+    "<html>" + nl +
+    "<head>" + nl +
+    "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl +    
+    "<title>Vollmachten-Anmeldung</title>" + nl +
+    "<script type=\"text/javascript\">" + nl +
+	"window.onload=function() {" + nl +
+	"document.VollmachtenForm.submit();"  + nl +
+	"document.VollmachtenForm.Senden.disabled=true;" + nl +
+	"return;" + nl +
+	"}" + nl +
+	"</script>" + nl +
+    "</head>" + nl +
+    "<body>" + nl +
+    "<form name=\"VollmachtenForm\"" + nl +
+    "      action=\"" + BKU_TAG + "\"" + nl +
+    "      method=\"post\">" + nl +
+    "  <input type=\"hidden\" " + nl +
+    "         name=\"XMLRequest\"" + nl +
+    "         value=\"" + XMLREQUEST_TAG + "\"/>" + nl +
+    "  <input type=\"hidden\" " + nl +
+    "         name=\"DataURL\"" + nl +
+    "         value=\"" + DATAURL_TAG + "\"/>" + nl +
+    "  <input type=\"hidden\" " + nl +
+    "         name=\"PushInfobox\"" + nl +
+    "         value=\"" + PUSHINFOBOX_TAG + "\"/>" + nl +
+    "  <input type=\"submit\" value=\"Starte Signatur\" name=\"Senden\"/>" + nl +
+    "</form>" + nl +
+    "<form name=\"CertificateInfoForm\"" + nl +
+    "      action=\"" + BKU_TAG + "\"" + nl +
+    "      method=\"post\">" + nl +
+    "  <input type=\"hidden\" " + nl +
+    "         name=\"XMLRequest\"" + nl +
+    "         value=\"" + CERTINFO_XMLREQUEST_TAG + "\"/>" + nl +
+    "  <input type=\"hidden\" " + nl +
+    "         name=\"DataURL\"" + nl +
+    "         value=\"" + CERTINFO_DATAURL_TAG + "\"/>" + nl +
+//	"  <input type=\"submit\" value=\"Information zu Wurzelzertifikaten\"/>" + nl +    
+    "  <input type=\"hidden\" value=\"Information zu Wurzelzertifikaten\"/>" + nl +
+    "</form>" + nl +
+    "</body>" + nl +
+    "</html>";
 
   /**
    * Constructor for GetIdentityLinkFormBuilder.
@@ -119,6 +163,29 @@ public class GetIdentityLinkFormBuilder extends Builder {
     htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL);
   	return htmlForm;
   }
+  
+  /**
+   * Builds the HTML form, including XML Request and data URL as parameters.
+   * 
+   * @param htmlTemplate template to be used for the HTML form;
+   *         may be <code>null</code>, in this case a default layout will be produced
+   * @param xmlRequest XML Request to be sent as a parameter in the form
+   * @param bkuURL URL of the "B&uuml;rgerkartenumgebung" the form will be submitted to;
+   *         may be <code>null</code>, in this case the default URL will be used
+   * @param dataURL DataURL to be sent as a parameter in the form
+   */
+  public String buildCreateSignature(
+    String bkuURL, 
+    String xmlRequest, 
+    String dataURL)
+  throws BuildException 
+  {      
+  	String htmlForm = DEFAULT_HTML_TEMPLATE_FOR_MANDATES;
+    htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL);
+    htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL);
+    htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL);
+  	return htmlForm;
+  }
   /**
    * Encodes a string for inclusion as a parameter in the form.
    * Double quotes are substituted by <code>"&amp;quot;"</code>.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index 2c97f01ae..a6b61e747 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -152,6 +152,85 @@ public class VerifyXMLSignatureRequestBuilder {
     return requestElem_;
   }
   
+  /**
+   * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+   * from an IdentityLink with a known trustProfileID which 
+   * has to exist in MOA-SP
+   * @param identityLink - The IdentityLink
+   * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+   * 
+   * @return Element - The complete request as Dom-Element
+   * 
+   * @throws ParseException
+   */
+  public Element build(byte[]mandate, String trustProfileID)
+    throws ParseException 
+  { 
+    try {
+      // build the request
+//      Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime");
+//      requestElem_.appendChild(dateTimeElem);
+//      Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant());
+//      dateTimeElem.appendChild(dateTime);
+      Element verifiySignatureInfoElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+      requestElem_.appendChild(verifiySignatureInfoElem);
+      Element verifySignatureEnvironmentElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+      verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+      Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
+      verifySignatureEnvironmentElem.appendChild(base64ContentElem);
+      // insert the base64 encoded identity link SAML assertion
+      //String serializedAssertion = identityLink.getSerializedSamlAssertion();
+      //String base64EncodedAssertion = Base64Utils.encode(mandate.getBytes("UTF-8"));
+      String base64EncodedAssertion = Base64Utils.encode(mandate);
+      //replace all '\r' characters by no char.
+      StringBuffer replaced = new StringBuffer();
+      for (int i = 0; i < base64EncodedAssertion.length(); i ++) {
+        char c = base64EncodedAssertion.charAt(i);
+        if (c != '\r') {
+          replaced.append(c);
+        }
+      }
+      base64EncodedAssertion = replaced.toString();
+      Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion);
+      base64ContentElem.appendChild(base64Content);      
+      // specify the signature location
+      Element verifySignatureLocationElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+      verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+      Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
+      verifySignatureLocationElem.appendChild(signatureLocation);      
+      // signature manifest params
+      Element signatureManifestCheckParamsElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+      requestElem_.appendChild(signatureManifestCheckParamsElem);
+      signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
+//      // add the transforms
+//      Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
+//      signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
+//      Element[] dsigTransforms = identityLink.getDsigReferenceTransforms();
+//      
+//      for (int i = 0; i < dsigTransforms.length; i++) {        
+//        Element verifyTransformsInfoProfileElem = 
+//          requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile");
+//        referenceInfoElem.appendChild(verifyTransformsInfoProfileElem);
+//        verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true));        
+//      }
+      Element returnHashInputDataElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+      requestElem_.appendChild(returnHashInputDataElem);
+      Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+      trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+      requestElem_.appendChild(trustProfileIDElem);
+    } catch (Throwable t) {
+      throw new ParseException("builder.00", 
+        new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
+    }
+
+    return requestElem_;
+  }
+  
   
   /**
    * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index eca02a77b..554b5012e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -68,6 +68,16 @@ public class AuthenticationSession {
      * URL of the BKU
      */
     private String bkuURL;
+    
+    /**
+     * Use mandate
+     */
+    private boolean useMandate;
+    
+    /** 
+     * SessionID for MIS
+     */
+    private String misSessionID;
 	/**
 	 * identity link read from smartcard
 	 */
@@ -582,4 +592,39 @@ public class AuthenticationSession {
     this.pushInfobox = pushInfobox;
   }
   
+  /**
+   * 
+   * @param useMandate indicates if mandate is used or not
+   */
+  public void setUseMandate(String useMandate) {
+	  if (useMandate.compareToIgnoreCase("true") == 0)
+		  this.useMandate = true;
+	  else
+		  this.useMandate = false;
+	  
+  }
+  
+  /**
+   * Returns if mandate is used or not
+   * @return
+   */
+  public boolean getUseMandate() {
+	  return this.useMandate;
+  }
+  
+  /**
+   * 
+   * @param misSessionID indicates the MIS session ID
+   */
+  public void setMISSessionID(String misSessionID) {
+	  this.misSessionID = misSessionID;
+  }
+
+  /**
+   * Returns the MIS session ID
+   * @return
+   */
+  public String getMISSessionID() {
+	  return this.misSessionID;
+  }
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index c83650587..9a6670617 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -219,11 +219,14 @@ public class GetForeignIDServlet extends AuthServlet {
 	    		try {
 	    			client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
 	    		} catch (IOException e) {
-	    			throw new SZRGWClientException(e);
+	    			Logger.error("Could not initialize SSL Factory", e);
+	    			throw new SZRGWClientException("Could not initialize SSL Factory");
 	    		} catch (GeneralSecurityException e) {
-	    			throw new SZRGWClientException(e);
+	    			Logger.error("Could not initialize SSL Factory", e);
+	    			throw new SZRGWClientException("Could not initialize SSL Factory");
 	    		} catch (PKIException e) {
-	    			throw new SZRGWClientException(e);
+	    			Logger.error("Could not initialize SSL Factory", e);
+	    			throw new SZRGWClientException("Could not initialize SSL Factory");
 	    		} 
 	    	}
 	    	Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
new file mode 100644
index 000000000..4c0abdb0f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -0,0 +1,174 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import iaik.pki.PKIException;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.security.GeneralSecurityException;
+import java.util.List;
+import java.util.Map;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for getting the foreign eID
+ * provided by the security layer implementation.
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ */
+public class GetMISSessionIDServlet extends AuthServlet {
+
+  /**
+   * Constructor for GetMISSessionIDServlet.
+   */
+  public GetMISSessionIDServlet() {
+    super();
+  }
+
+  /**
+   * GET requested by security layer implementation to verify
+   * that data URL resource is available.
+   * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+   */
+  protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+    throws ServletException, IOException { 
+    	
+	  doPost(req, resp);
+	  
+//		Logger.debug("GET GetMISSessionIDServlet");
+//		
+//		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+//		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+//		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+//		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+  }
+
+  /**
+   * Gets the signer certificate from the InfoboxReadRequest and 
+   * responds with a new 
+   * <code>CreateXMLSignatureRequest</code>.
+   * <br>
+   * Request parameters:
+   * <ul>
+   * <li>MOASessionID: ID of associated authentication session</li>
+   * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
+   * </ul>
+   * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+   */
+  protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+    throws ServletException, IOException {
+
+		Logger.debug("POST GetMISSessionIDServlet");
+		
+		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+		
+//		Map parameters;
+//	    try 
+//	    {
+//	      parameters = getParameters(req);
+//	    } catch (FileUploadException e) 
+//	    {
+//	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+//	      throw new IOException(e.getMessage());
+//	     	}
+		
+	    String sessionID = req.getParameter(PARAM_SESSIONID);
+	    
+	    // escape parameter strings
+		sessionID = StringEscapeUtils.escapeHtml(sessionID);
+		
+	    AuthenticationSession session = null;
+	    try {
+	       // check parameter
+	       if (!ParamValidatorUtils.isValidSessionID(sessionID))
+	          throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
+	       
+	       session = AuthenticationServer.getSession(sessionID);
+	    	
+	    	String misSessionID = session.getMISSessionID();
+	    	
+	    	//System.out.println("MIS Session ID (GetMISServlet): " + misSessionID);
+	    	
+	    	AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
+	    	ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();	
+	    	SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
+
+	    	List list = MISSimpleClient.sendGetMandatesRequest(connectionParameters.getUrl(), misSessionID, sslFactory);
+	    	
+	    	if (list == null) {
+	    		Logger.error("Keine Vollmacht gefunden.");
+	    		throw new MISSimpleClientException("Keine Vollmacht gefunden");
+	    	}
+	    	if (list.size() == 0) {
+	    		Logger.error("Keine Vollmacht gefunden.");
+	    		throw new MISSimpleClientException("Keine Vollmacht gefunden");
+	    	}
+	    	
+	    	// for now: list contains only one element
+	    	MISMandate mandate = (MISMandate)list.get(0);	    	
+   	
+	    	// verify mandate signature
+	    	String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyMandate(sessionID, mandate);
+	    	
+	    	String dataurl =
+	             new DataURLBuilder().buildDataURL(
+	               session.getAuthURL(),
+	               REQ_VERIFY_AUTH_BLOCK,
+	               session.getSessionID());
+	    	
+	    	Logger.debug(createXMLSignatureRequestOrRedirect);
+	    	
+	    	String request = getHTMLForm(createXMLSignatureRequestOrRedirect, session.getBkuURL(), dataurl);
+
+	    	resp.setContentType("text/html;charset=UTF-8");
+			PrintWriter out = new PrintWriter(resp.getOutputStream());
+			out.print(request);
+			out.flush();
+	    	
+			    		      
+	    }
+	    catch (MOAIDException ex) {
+	      handleError(null, ex, req, resp);
+	    } catch (GeneralSecurityException ex) {
+	    	handleError(null, ex, req, resp);
+		} catch (PKIException e) {
+			handleError(null, e, req, resp);
+		} catch (MISSimpleClientException e) {
+			handleError(null, e, req, resp);
+		} 
+  }
+  
+  private static String getHTMLForm(String request, String bkuURI, String dataURL) throws BuildException {
+	  return new GetIdentityLinkFormBuilder().buildCreateSignature(bkuURI, request, dataURL);
+	  
+  }
+  
+  
+ 
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
index 54d08c59e..b50a1edde 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
@@ -68,8 +68,8 @@ public class ProcessValidatorInputServlet extends AuthServlet {
    * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
    */
   protected void doGet(HttpServletRequest req, HttpServletResponse resp)
-    throws ServletException, IOException { 
-
+    throws ServletException, IOException { 
+	  
     Logger.debug("GET ProcessInput");
     resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
 	resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index 10b4041df..2e7d59fde 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -15,11 +15,14 @@
 */
 package at.gv.egovernment.moa.id.auth.servlet;
 
+import iaik.pki.PKIException;
+
 import java.io.IOException;
 import java.io.PrintWriter;
-import java.io.Reader;
-import java.io.StringReader;
+import java.security.GeneralSecurityException;
+import java.util.List;
 
+import javax.net.ssl.SSLSocketFactory;
 import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -31,8 +34,14 @@ import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -88,8 +97,7 @@ public class StartAuthenticationServlet extends AuthServlet {
     resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
     resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
     
-    //System.out.println("useMandate: " + useMandate);
-    
+ 	
     	try {
 		      // check parameter
 		    if (!ParamValidatorUtils.isValidTarget(target))
@@ -109,7 +117,7 @@ public class StartAuthenticationServlet extends AuthServlet {
 		    
 		    
 			String getIdentityLinkForm =
-				AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme());
+				AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme());
 		
 			resp.setContentType("text/html;charset=UTF-8");
 			PrintWriter out = new PrintWriter(resp.getOutputStream());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index ad01de6c8..f1fb15be0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -61,6 +61,8 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
   protected void doGet(HttpServletRequest req, HttpServletResponse resp)
     throws ServletException, IOException { 
     
+	  //doPost(req, resp);
+	  
 		Logger.debug("GET VerifyAuthenticationBlock");
 		
 		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index 76c5476ae..d101df1fa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -8,12 +8,14 @@ import java.security.GeneralSecurityException;
 import java.security.cert.CertificateEncodingException;
 import java.util.Map;
 
+import javax.net.ssl.SSLSocketFactory;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
 
 import org.apache.axis.encoding.Base64;
 import org.apache.commons.fileupload.FileUploadException;
@@ -22,24 +24,25 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Text;
 
+import at.gv.egovernment.moa.id.AuthenticationException;
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
 
 /**
  * Servlet requested for getting the foreign eID
@@ -116,25 +119,96 @@ public class VerifyCertificateServlet extends AuthServlet {
 	       
 	    	session = AuthenticationServer.getSession(sessionID);
 	    	
-	    	X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
-	    		    	
-	    	String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert);
-	      // build dataurl (to the GetForeignIDSerlvet)
-	    	String dataurl =
-             new DataURLBuilder().buildDataURL(
-               session.getAuthURL(),
-               REQ_GET_FOREIGN_ID,
-               session.getSessionID());
-       
-	    	ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
 	    	
+    		X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
+    		if (cert == null) {
+    			Logger.error("Certificate could not be read.");
+    			throw new AuthenticationException("auth.14", null);    		
+    		}
+    		
+	    	boolean useMandate = session.getUseMandate();
+	    	if (useMandate) {
+	    		// Mandate Modus	    	
+	    		// make request to MIS
+	    		
+	    		AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
+    			ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();	
+    			SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
+    			
+    			// get identitity link as byte[]
+    			Element elem = session.getIdentityLink().getSamlAssertion();
+    			String s = DOMUtils.serializeNode(elem);
+//    			byte[] idl = DOMUtils.nodeToByteArray(elem);
+//    			String s = new String(idl);
+    			byte[] idl = s.getBytes();
+    			
+    			// redirect url
+    			// build redirect(to the GetMISSessionIdSerlvet)
+    	          String redirectURL =
+    	                new DataURLBuilder().buildDataURL(
+    	                  session.getAuthURL(),
+    	                  GET_MIS_SESSIONID,
+    	                  session.getSessionID());
+    			
+    	          String oaURL = session.getOAURLRequested();
+    	          OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
+    	          String profiles = oaParam.getMandateProfiles();
+
+    	          if (profiles == null) {
+    	        	  Logger.error("No Mandate/Profile for OA configured.");
+    	        	  throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
+    	          }
+    	          
+    	          String profilesArray[] = profiles.split(",");  	 		 
+    	          for(int i = 0; i < profilesArray.length; i++) {
+    	        	  profilesArray[i] = profilesArray[i].trim();
+    	          }
+    	          
+    	          MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), redirectURL, profilesArray, sslFactory);
+    	          String redirectMISGUI = misSessionID.getRedirectURL();
+    	          
+    	          if (misSessionID == null) {
+    	        	  Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
+    	        	  throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
+    	          }
+    	          
+    	          session.setMISSessionID(misSessionID.getSessiondId());
+    		
+    	          resp.setStatus(302);
+  		    	  resp.addHeader("Location", redirectMISGUI);
+  		    	  Logger.debug("REDIRECT TO: " + redirectURL);
+    	          
+	    	}
+	    	else {
+	    		// Foreign Identities Modus	
+		    	
+		    	String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert);
+		      // build dataurl (to the GetForeignIDSerlvet)
+		    	String dataurl =
+	             new DataURLBuilder().buildDataURL(
+	               session.getAuthURL(),
+	               REQ_GET_FOREIGN_ID,
+	               session.getSessionID());
+	       
+		    	ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
+		    	
+		    	
+		    	Logger.debug("Send CreateXMLSignatureRequest to BKU");
+	    	}
 	    	
-	    	Logger.debug("Send CreateXMLSignatureRequest to BKU");
 			    		      
 	    }
 	    catch (MOAIDException ex) {
 	      handleError(null, ex, req, resp);
-	    } 
+	    } catch (GeneralSecurityException ex) {
+	    	handleError(null, ex, req, resp);
+		} catch (PKIException e) {
+			handleError(null, e, req, resp);
+		} catch (MISSimpleClientException e) {
+			handleError(null, e, req, resp);
+		} catch (TransformerException e) {
+			handleError(null, e, req, resp);
+		} 
   }
     
   /**
@@ -161,58 +235,58 @@ public class VerifyCertificateServlet extends AuthServlet {
  * @throws SZRGWClientException 
    */
   /*private Element getIdentityLink(Element signature) throws SZRGWClientException {*/
-     private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException {
-
-    SZRGWClient client = new SZRGWClient();
-      
-    try {
-    	AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
-    	 ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
-     	//url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation";
-    	Logger.debug("Connection Parameters: " + connectionParameters);
-      client.setAddress(connectionParameters.getUrl());
-      if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
-         Logger.debug("Initialisiere SSL Verbindung");
-         try {
-            client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
-         } catch (IOException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
-         } catch (GeneralSecurityException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
-         } catch (PKIException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
-         }
-       }
-       
-       Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
-      
-   
-    }
-   catch (ConfigurationException e) {
-      Logger.warn(e);
-      Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
-
-    }
-    	// create request
-    	Document doc = buildGetIdentityLinkRequest(cert);
-    	Element request = doc.getDocumentElement();
-    	CreateIdentityLinkResponse response = null;
-   
-    //try {
-        response = client.createIdentityLinkResponse(request);
-    //} catch (SZRGWClientException e) {
-        // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
-      //  client = new SZRGWClient(url);
-      //  response = client.createIdentityLinkResponse(request);
-   // }
-   	 
-        
-	return response.getAssertion();
-	
-  }
+//     private Element getIdentityLink(X509Certificate cert) throws SZRGWClientException {
+//
+//    SZRGWClient client = new SZRGWClient();
+//      
+//    try {
+//    	AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+//    	 ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
+//     	//url = "http://localhost:8081/szr-gateway/services/IdentityLinkCreation";
+//    	Logger.debug("Connection Parameters: " + connectionParameters);
+//      client.setAddress(connectionParameters.getUrl());
+//      if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+//         Logger.debug("Initialisiere SSL Verbindung");
+//         try {
+//            client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+//         } catch (IOException e) {
+//            // TODO Auto-generated catch block
+//            e.printStackTrace();
+//         } catch (GeneralSecurityException e) {
+//            // TODO Auto-generated catch block
+//            e.printStackTrace();
+//         } catch (PKIException e) {
+//            // TODO Auto-generated catch block
+//            e.printStackTrace();
+//         }
+//       }
+//       
+//       Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
+//      
+//   
+//    }
+//   catch (ConfigurationException e) {
+//      Logger.warn(e);
+//      Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
+//
+//    }
+//    	// create request
+//    	Document doc = buildGetIdentityLinkRequest(cert);
+//    	Element request = doc.getDocumentElement();
+//    	CreateIdentityLinkResponse response = null;
+//   
+//    //try {
+//        response = client.createIdentityLinkResponse(request);
+//    //} catch (SZRGWClientException e) {
+//        // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+//      //  client = new SZRGWClient(url);
+//      //  response = client.createIdentityLinkResponse(request);
+//   // }
+//   	 
+//        
+//	return response.getAssertion();
+//	
+//  }
   
   /**
    * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index dff366829..23861d290 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -18,6 +18,7 @@ package at.gv.egovernment.moa.id.auth.servlet;
 import java.io.IOException;
 import java.util.Map;
 
+import javax.net.ssl.SSLSocketFactory;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -25,6 +26,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.fileupload.FileUploadException;
 import org.apache.commons.lang.StringEscapeUtils;
 
+import at.gv.egovernment.moa.id.AuthenticationException;
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.ParseException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
@@ -33,7 +35,10 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.id.util.ServletUtils;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -126,11 +131,17 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
     	if (createXMLSignatureRequestOrRedirect == null) {
     	   // no identity link found
     		
+    		boolean useMandate = session.getUseMandate();
+    		if (useMandate) {
+    			Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
+    			throw new AuthenticationException("auth.13", null);
+    		}
+    		
     		try {
     		
     		   Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
     		   
-    		// create the InfoboxReadRequest to get the certificate
+    		   // create the InfoboxReadRequest to get the certificate
     		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
 
     		   // build dataurl (to the GetForeignIDSerlvet)
@@ -142,6 +153,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
           
          
           ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+          
     	    	
     	    }
     	    catch(Exception e) {
@@ -150,7 +162,28 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
     	    
     	}
     	else {
-    		ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
+    		boolean useMandate = session.getUseMandate();
+    		if (useMandate) { // Mandate modus
+    			// read certificate and set dataurl to VerifyCertificateForMandatesServlet
+    			
+    			Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+    			
+     		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+
+     		   // build dataurl (to the GetForeignIDSerlvet)
+     		   String dataurl =
+                 new DataURLBuilder().buildDataURL(
+                   session.getAuthURL(),
+                   REQ_VERIFY_CERTIFICATE,
+                   session.getSessionID());
+           
+          
+     		   ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+    			
+    		}
+    		else {
+    			ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
+    		}
     	}
       
     }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index a8e22562a..51551834e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -43,6 +43,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.BoolUtils;
 import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 
 /**
@@ -245,9 +246,13 @@ public class ParepUtils {
     try {
       Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
       nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
-
+
+      String s = DOMUtils.serializeNode(mandator);
+      
       // check if physical person
-      Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode);
+      Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode);
+      
+      
       // Element physicalPerson = (Element)XPathAPI.selectSingleNode(mandator,
       // "descendant-or-self::pr:CorporateBody", nameSpaceNode);
       return physicalPerson != null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
index 2a0126b82..9d5c0f7cf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
@@ -95,7 +95,11 @@ public class ParepValidator implements InfoboxValidator {
   public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
   public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
   public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
-  public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
+  public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
+  public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription";
+  
+  /** */
+  public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
 
   /** register and register number for non physical persons - the domain identifier for business applications*/
   public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index dbfbda535..b5275cdd5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -125,6 +125,10 @@ public class ConfigurationBuilder {
   public static final String AUTH_FOREIGN_IDENTITIES_XPATH =
     ROOT + CONF + "AuthComponent/" + CONF + "ForeignIdentities";
   
+  /** an XPATH-Expression */ 
+  public static final String AUTH_ONLINEMANDATES_XPATH =
+    ROOT + CONF + "AuthComponent/" + CONF + "OnlineMandates";
+  
   
   
   /** an XPATH-Expression */ 
@@ -146,6 +150,8 @@ public class ConfigurationBuilder {
   /** an XPATH-Expression */ 
   protected static final String OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH = CONF + "VerifyInfoboxes";
   /** an XPATH-Expression */ 
+  protected static final String OA_AUTH_COMPONENT_MANDATES_PROFILES_XPATH = CONF + "Mandates" + "/" + CONF + "Profiles";
+  /** an XPATH-Expression */ 
   protected static final String CONNECTION_PARAMETER_URL_XPATH =
     CONF + "ConnectionParameter/@URL";
   /** an XPATH-Expression */ 
@@ -242,6 +248,18 @@ public class ConfigurationBuilder {
      return buildConnectionParameter(foreignid);
 
   }
+  
+  /**
+   * Build a ConnectionParameter containing all information
+   * of the OnlineMandates element in the authentication component
+   * @return ConnectionParameter of the authentication component OnlineMandates element
+   */
+  public ConnectionParameter buildOnlineMandatesConnectionParameter() {
+     Element onlinemandates = (Element)XPathUtils.selectSingleNode(configElem_, AUTH_ONLINEMANDATES_XPATH);
+     if (onlinemandates==null) return null;
+     return buildConnectionParameter(onlinemandates);
+
+  }
 
   /**
    * Method buildAuthBKUSelectionType.
@@ -529,7 +547,19 @@ public class ConfigurationBuilder {
         } 
         Node verifyInfoboxParamtersNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH);
         oap.setVerifyInfoboxParameters(buildVerifyInfoboxParameters(
-          verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID)); 
+          verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID));
+        
+        Node mandateProfilesNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_MANDATES_PROFILES_XPATH);
+        if (mandateProfilesNode != null) {
+        	if ("businessService".equalsIgnoreCase(oaType)) {        		
+        		Logger.error("No Online Mandate Modus for OA of type \"businessService\" allowed.");
+                throw new ConfigurationException("config.02", null);
+        	}
+        	else {
+        		String profiles = DOMUtils.getText(mandateProfilesNode);
+        		oap.setMandateProfiles(profiles);
+        	}        	
+        }        
       } 
       OA_set.add(oap);
     }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 6e296b4f4..ceb047280 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -164,6 +164,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
    */
   private ConnectionParameter foreignIDConnectionParameter;
   
+  /**
+   * parameter for connection to OnlineMandates Service
+   */
+  private ConnectionParameter onlineMandatesConnectionParameter;
+  
   /**
    * Parameter for trusted BKUs
    */
@@ -271,6 +276,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
         
         
       foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter();
+      onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter();
     	onlineApplicationAuthParameters  = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID);
     	identityLinkX509SubjectNames =  builder.getIdentityLink_X509SubjectNames();
     	defaultChainingMode = builder.getDefaultChainingMode();
@@ -393,6 +399,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
   public ConnectionParameter getForeignIDConnectionParameter() {
      return foreignIDConnectionParameter;
   }
+  
+  /**
+   * Return a ConnectionParameter bean containing all information
+   * of the authentication component OnlineMandates element
+   * @return ConnectionParameter of the authentication component OnlineMandates element
+   */
+  public ConnectionParameter getOnlineMandatesConnectionParameter() {
+     return onlineMandatesConnectionParameter;
+  }
 
   /**
    * Return a string with a url-reference to the VerifyIdentityLink trust 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index c352fae6c..aa5aa21a3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -88,6 +88,11 @@ public class OAAuthParameter extends OAParameter {
    */
   private VerifyInfoboxParameters verifyInfoboxParameters;
   
+  /**
+   * Parameter for Mandate profiles
+   */
+  private String mandateProfiles;
+  
   /**
    * BZ
    * Type for authentication number (e.g. Firmenbuchnummer)
@@ -325,5 +330,21 @@ public class OAAuthParameter extends OAParameter {
   public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) {
       this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType;
   }
+  
+  /**
+   * Sets the Mandate/Profiles
+   * @param profiles
+   */
+  public void setMandateProfiles(String profiles) {
+	  this.mandateProfiles = profiles;
+  }
+  
+  /**
+   * Returns the Mandates/Profiles
+   * @return
+   */
+  public String getMandateProfiles() {
+	  return this.mandateProfiles;
+  }
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index ce15b75bd..6802005f1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -41,6 +41,8 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
+import org.apache.commons.lang.StringEscapeUtils;
+
 import at.gv.egovernment.moa.id.AuthenticationException;
 import at.gv.egovernment.moa.id.BuildException;
 import at.gv.egovernment.moa.id.MOAIDException;
@@ -117,12 +119,15 @@ public class ProxyServlet extends HttpServlet {
   protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
 
     Logger.debug("getRequestURL:" + req.getRequestURL().toString());
-  //@TODO Parameter
+    
+    String artifact = req.getParameter(PARAM_SAMLARTIFACT);
+    artifact = StringEscapeUtils.escapeHtml(artifact);
+    
     try {
-      if (req.getParameter(PARAM_SAMLARTIFACT) != null) {
+      if (artifact != null) {
  		// check if SAML Artifact was already used in this session (in case of page reload)
 		HttpSession session = req.getSession();
-		if (null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) {
+		if (null != session && artifact.equals(session.getAttribute(ATT_SAML_ARTIFACT))) {
 			if (session.getAttribute(ATT_BROWSERREQU)==null) {
 			    tunnelRequest(req, resp); 
 			}else{
@@ -498,7 +503,6 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map
   
   
   Vector parameters  = new Vector();
-//@TODO Parameter
   for (Enumeration enu = req.getParameterNames(); enu.hasMoreElements();) {
     String paramName = (String) enu.nextElement();
     if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 79db9907b..d35fc875d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -446,6 +446,9 @@ public class ParamValidatorUtils {
    
    public static boolean isValidXMLDocument(String document) {
 	   
+	   if (document == null)
+		   return false;
+	   
 	   Logger.debug("Überprüfe Parameter XMLDocument");
 	   try {   
 		   DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
index 1915ce40a..24e5ff3d0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
@@ -64,7 +64,8 @@ public class ServletUtils {
       out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
       out.flush();
       out.close();
-      Logger.debug("Finished POST " + servletName);
+      Logger.debug("Finished POST " + servletName);
+      
     } else {
       String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), servletGoal, session.getSessionID());
       resp.setContentType("text/html");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
new file mode 100644
index 000000000..59ca0d5ca
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
@@ -0,0 +1,48 @@
+package at.gv.egovernment.moa.id.util.client.mis.simple;
+
+public class MISMandate {
+
+	final static private String OID_NOTAR = "1.2.40.0.10.3.1";
+	final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft";
+	
+	final static private String OID_RECHTSANWALT = "1.2.40.0.10.3.2";
+	final static private String TEXT_RECHTSANWALT = "berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft";
+	
+	final static private String OID_ZIVILTECHNIKER = "1.2.40.0.10.3.3";
+	final static private String TEXT_ZIVILTECHNIKER = "berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft";
+
+	final static private String OID_ORGANWALTER = "1.2.40.0.10.3.4";
+	final static private String TEXT_ORGANWALTER = "Organwalter";
+	
+	
+	private String oid = null;
+	private byte[] mandate = null;
+	
+	public String getProfRep() {
+  	return oid;
+  }
+	public void setProfRep(String oid) {
+  	this.oid = oid;
+  }
+	public byte[] getMandate() {
+  	return mandate;
+  }
+	public void setMandate(byte[] mandate) {
+  	this.mandate = mandate;
+  }
+	
+	public String getTextualDescriptionOfOID() {
+		if (this.oid.equalsIgnoreCase(OID_NOTAR))
+			return TEXT_NOTAR;
+		if (this.oid.equalsIgnoreCase(OID_RECHTSANWALT))
+			return TEXT_RECHTSANWALT;
+		if (this.oid.equalsIgnoreCase(OID_ZIVILTECHNIKER))
+			return TEXT_ZIVILTECHNIKER;
+		if (this.oid.equalsIgnoreCase(OID_ORGANWALTER))
+			return TEXT_ORGANWALTER;
+		
+		return "Keine textuelle Beschreibung für OID " + oid;
+		
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java
new file mode 100644
index 000000000..d8bec4900
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.util.client.mis.simple;
+
+public class MISSessionId {
+
+	private String sessiondId = null;
+	private String redirectURL = null;
+	
+	public String getSessiondId() {
+  	return sessiondId;
+  }
+	public void setSessiondId(String sessiondId) {
+  	this.sessiondId = sessiondId;
+  }
+	public String getRedirectURL() {
+  	return redirectURL;
+  }
+	public void setRedirectURL(String redirectURL) {
+  	this.redirectURL = redirectURL;
+  }
+
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
new file mode 100644
index 000000000..25c341584
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -0,0 +1,261 @@
+package at.gv.egovernment.moa.id.util.client.mis.simple;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.apache.commons.httpclient.methods.StringRequestEntity;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.apache.xerces.parsers.DOMParser;
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.DOMException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+import org.xml.sax.SAXNotRecognizedException;
+import org.xml.sax.SAXNotSupportedException;
+
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+
+public class MISSimpleClient {
+
+		
+	private final static String SOAP_NS = "http://schemas.xmlsoap.org/soap/envelope/";
+	private final static String MIS_NS = "http://reference.e-government.gv.at/namespace/mandates/mis/1.0/xsd";
+	
+	private static Element NS_NODE = null;
+	
+		
+	static {
+		try {
+			NS_NODE = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument().createElement("test");
+			NS_NODE.setAttribute("xmlns:soap", SOAP_NS);
+			NS_NODE.setAttribute("xmlns:mis", MIS_NS);
+		} catch (Exception e) {
+			Logger.warn("Error initializing namespace node.", e);
+		}
+	}
+	
+	public static List sendGetMandatesRequest(String webServiceURL, String sessionId, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
+		if (webServiceURL == null) {
+			throw new NullPointerException("Argument webServiceURL must not be null.");
+		}
+		if (sessionId == null) {
+			throw new NullPointerException("Argument sessionId must not be null.");
+		}
+		
+		// ssl settings
+		if (sSLSocketFactory != null) {
+	        SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); 
+	        Protocol.registerProtocol("https", new Protocol("https", fac, 443));
+		}
+
+		
+		try {
+			Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+			Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest");
+			Element sessionIdElement = doc.createElementNS(MIS_NS, "SessionID");
+			sessionIdElement.appendChild(doc.createTextNode(sessionId));
+			mirElement.appendChild(sessionIdElement);
+	    
+			// send soap request
+			Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement);
+	    
+			// check for error
+			checkForError(mandateIssueResponseElement);
+	    
+			// check for session id
+			NodeList mandateElements  = XPathAPI.selectNodeList(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Mandates/mis:Mandate", NS_NODE);
+	    
+			if (mandateElements == null || mandateElements.getLength() == 0) {
+				throw new MISSimpleClientException("No mandates found in response.");
+			}
+	    
+			ArrayList foundMandates = new ArrayList();
+			for (int i=0; i<mandateElements.getLength(); i++) {
+				Element mandate = (Element) mandateElements.item(i);
+				MISMandate misMandate = new MISMandate();
+				if (mandate.hasAttribute("ProfessionalRepresentative")) {
+					misMandate.setProfRep(mandate.getAttribute("ProfessionalRepresentative"));
+				}
+				
+				//misMandate.setMandate(Base64.decodeBase64(DOMUtils.getText(mandate)));
+				misMandate.setMandate(Base64.decodeBase64(DOMUtils.getText(mandate).getBytes()));
+				foundMandates.add(misMandate);
+			}
+			return foundMandates;
+		} catch (ParserConfigurationException e) {
+			throw new MISSimpleClientException(e);
+		} catch (DOMException e) {
+			throw new MISSimpleClientException(e);
+		} catch (TransformerException e) {
+			throw new MISSimpleClientException(e);
+		} 
+	}
+	
+	public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String redirectURL, String mandateIdentifier[], SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
+		if (webServiceURL == null) {
+			throw new NullPointerException("Argument webServiceURL must not be null.");
+		}
+		if (idl == null) {
+			throw new NullPointerException("Argument idl must not be null.");
+		}
+		if (redirectURL == null) {
+			throw new NullPointerException("Argument redirectURL must not be null.");
+		}
+		
+		// ssl settings
+		if (sSLSocketFactory != null) {
+	        SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory); 
+	        Protocol.registerProtocol("https", new Protocol("https", fac, 443));
+		}
+		
+		try {
+			Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+			Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest");
+			Element idlElement = doc.createElementNS(MIS_NS, "IdentityLink");
+	    
+			idlElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(idl))));
+			mirElement.appendChild(idlElement);
+
+			if (cert != null && cert.length > 0) {
+				Element certElement = doc.createElementNS(MIS_NS, "X509SignatureCertificate");
+				certElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(cert))));
+				//certElement.appendChild(doc.createTextNode(Base64.encodeBase64(cert)));
+				//	    	certElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(cert))));
+				mirElement.appendChild(certElement);
+			}
+			Element redirectElement = doc.createElementNS(MIS_NS, "RedirectURL");
+			redirectElement.appendChild(doc.createTextNode(redirectURL));
+			mirElement.appendChild(redirectElement);
+			if (mandateIdentifier != null && mandateIdentifier.length > 0) {
+				Element filtersElement = doc.createElementNS(MIS_NS, "Filters");
+				Element mandateIdentifiersElement = doc.createElementNS(MIS_NS, "MandateIdentifiers");
+				for (int i=0; i<mandateIdentifier.length; i++) {
+					Element mandateIdentifierElement = doc.createElementNS(MIS_NS, "MandateIdentifier");
+					mandateIdentifierElement.appendChild(doc.createTextNode(mandateIdentifier[i]));
+					mandateIdentifiersElement.appendChild(mandateIdentifierElement);
+				}
+				filtersElement.appendChild(mandateIdentifiersElement);
+				mirElement.appendChild(filtersElement);
+			}
+			// send soap request
+			Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement);
+
+			// check for error
+			checkForError(mandateIssueResponseElement);
+	    
+			// check for session id
+			//String sessionId = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "/mis:MandateIssueResponse/mis:SessionID/text()", NS_NODE)).getNodeValue();
+			Node sessionIdNode = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:SessionID/text()", NS_NODE));
+			if (sessionIdNode == null) {
+				throw new MISSimpleClientException("SessionId not found in response.");
+			}
+			String sessionId = sessionIdNode.getNodeValue();
+
+			Node guiRedirectURLNode = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:GuiRedirectURL/text()", NS_NODE));
+			if (guiRedirectURLNode == null) {
+				throw new MISSimpleClientException("GuiRedirectURL not found in response.");
+			}
+			String guiRedirectURL = guiRedirectURLNode.getNodeValue();
+	    
+			// create return object
+			MISSessionId msid = new MISSessionId();
+			msid.setSessiondId(sessionId);
+			msid.setRedirectURL(guiRedirectURL);
+	    
+			return msid;
+		} catch (ParserConfigurationException e) {
+			throw new MISSimpleClientException(e);
+		} catch (DOMException e) {
+			throw new MISSimpleClientException(e);
+		} catch (TransformerException e) {
+			throw new MISSimpleClientException(e);
+		}
+		
+	}
+	
+	private static void checkForError(Element mandateIssueResponseElement) throws MISSimpleClientException {
+		if (mandateIssueResponseElement == null) {
+			throw new NullPointerException("Argument mandateIssueResponseElement must not be null.");
+		}
+		try {
+		    Element errorElement = (Element) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error", NS_NODE);
+		    if (errorElement != null) {
+		    	String code = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Code/text()", NS_NODE)).getNodeValue();
+		    	String text = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Text/text()", NS_NODE)).getNodeValue();
+		    	throw new MISSimpleClientException("Fehler beim Abfragen des Online-Vollmachten Services: " + code + " / " + text);	    }
+		} catch (TransformerException e) {
+			throw new MISSimpleClientException(e);
+		}
+	}
+	
+	private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException {
+		if (webServiceURL == null) {
+			throw new NullPointerException("Argument webServiceURL must not be null.");
+		}
+		if (request == null) {
+			throw new NullPointerException("Argument request must not be null.");
+		}
+		try {
+			HttpClient httpclient = new HttpClient();
+			PostMethod post = new PostMethod(webServiceURL);
+			StringRequestEntity re = new StringRequestEntity(DOMUtils.serializeNode(packIntoSOAP(request)),"text/xml", "UTF-8");
+			post.setRequestEntity(re);
+			int responseCode = httpclient.executeMethod(post);			
+			if (responseCode != 200) {
+				throw new MISSimpleClientException("Invalid HTTP response code " + responseCode);
+			}
+			//Element elem = parse(post.getResponseBodyAsStream());
+			Document doc = DOMUtils.parseDocumentSimple(post.getResponseBodyAsStream());
+			return unpackFromSOAP(doc.getDocumentElement());
+		} catch(IOException e) {
+			throw new MISSimpleClientException(e);
+		} catch (TransformerException e) {
+			throw new MISSimpleClientException(e);
+		} catch (SAXException e) {
+			throw new MISSimpleClientException(e);
+		} catch (ParserConfigurationException e) {
+			throw new MISSimpleClientException(e);
+		}
+	}
+	
+	private static Element packIntoSOAP(Element element) throws MISSimpleClientException {
+		try {
+			Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+			Element soapEnvelope = doc.createElement("Envelope");
+			soapEnvelope.setAttribute("xmlns", SOAP_NS);
+			Element soapBody = doc.createElement("Body");
+			soapEnvelope.appendChild(soapBody);
+			soapBody.appendChild(doc.importNode(element, true));
+			return soapEnvelope;
+		} catch(ParserConfigurationException e) {
+			throw new MISSimpleClientException(e);
+		}
+	}
+	
+	private static Element unpackFromSOAP(Element element) throws MISSimpleClientException {
+		try {
+			return (Element) XPathAPI.selectSingleNode(element, "/soap:Envelope/soap:Body/child::*[position()=1]", NS_NODE);
+		} catch(TransformerException e) {
+			throw new MISSimpleClientException(e);
+		}
+	}	
+}
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java
new file mode 100644
index 000000000..6f2627e1d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.util.client.mis.simple;
+
+public class MISSimpleClientException extends Exception {
+
+	private static final long serialVersionUID = 1L;
+
+	public MISSimpleClientException() {
+	}
+
+	public MISSimpleClientException(String message) {
+		super(message);
+	}
+
+	public MISSimpleClientException(Throwable cause) {
+		super(cause);
+	}
+
+	public MISSimpleClientException(String message, Throwable cause) {
+		super(message, cause);
+	}
+
+}
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 14e4d5347..f206f6bbb 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -30,6 +30,10 @@ auth.09=Zur Auswahlseite der B
 auth.10=Fehler beim Aufruf von "{0}": Parameter "{1}" fehlt
 auth.11=Die zentral gespeicherte Auswahlseite für Bürgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals. <br>URL "{0}" Interne Fehlermeldung: {1}
 auth.12=Fehlerhafter Parameter "{1}" beim Aufruf von "{0}"
+auth.13=Vollmachtenmodus für ausländische Bürger wird nicht unterstützt.
+auth.14=Zertifikat konnte nicht ausgelesen werden.
+auth.15=Fehler bei Anfrage an Vollmachten Service.
+auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}"
 
 init.00=MOA ID Authentisierung wurde erfolgreich gestartet
 init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist möglicherweise nicht verfügbar
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
index 6ab9c9679..4293fc477 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
@@ -37,7 +37,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
         "http://localhost:9080/", //oaURL
         "file:" + findXmldata("AuthTemplate.html"), 
         "http://localhost:3495/http-security-layer-request",
-         null, null);
+         null, null, null);
       htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
       //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
       assertEquals(readXmldata("htmlForm.html"),htmlForm);
@@ -55,7 +55,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
         "gb", //target
         "http://localhost:9080/", //oaURL
         null, 
-        "http://localhost:3495/http-security-layer-request", null, null);
+        "http://localhost:3495/http-security-layer-request", null, null, null);
       htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
       //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
       assertEquals(readXmldata("htmlForm.html"),htmlForm);
@@ -75,7 +75,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
         "file:" + findXmldata("AuthTemplate.html"), 
          null,
          null,
-         null);
+         null, null);
       htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
       //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
       assertEquals(readXmldata("htmlForm.html"),htmlForm);
@@ -93,7 +93,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
         server.startAuthentication(null, //authURL
         "gb", //target
         "http://localhost:9080/", //oaURL
-        null, null, null, null);
+        null, null, null, null, null);
         //assertEquals("",htmlForm);  
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
@@ -113,7 +113,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
       try {
         server.startAuthentication("http://localhost:8080/auth", //authURL
         "gb", "http://localhost:9080/", //oaURL
-        null, null, null, null);
+        null, null, null, null, null);
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
       }
@@ -131,7 +131,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
       try {
         server.startAuthentication("https://localhost:8443/auth", //authURL
         "gb", "http://host_not_in_config/", //oaURL
-        null, null, null, null);
+        null, null, null, null, null);
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
       }
@@ -150,7 +150,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
       try {
         server.startAuthentication("https://localhost:8443/auth", //authURL
         "gb", null, //oaURL
-        null, null, null, null);
+        null, null, null, null, null);
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
       }
@@ -169,7 +169,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
       try {
         server.startAuthentication("https://localhost:8443/auth", //authURL
         null, "http://localhost:9080/", //oaURL
-        null, null, null, null);
+        null, null, null, null, null);
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
       }
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
index 23130f4c8..4ef3ad92f 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
@@ -131,6 +131,7 @@ public class AbnahmeTestCase extends MOAIDTestCase {
       null,
       null,
       null,
+      null,
       null);
     String sessionID = parseSessionIDFromForm(htmlForm);
     return sessionID;
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java b/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java
index ab2781590..248e5cc33 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java
@@ -14,19 +14,8 @@
 * limitations under the License.
 */
 package test.abnahme.P;
-import java.util.Map;
-
-import sun.misc.BASE64Decoder;
 import test.abnahme.AbnahmeTestCase;
 
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
-import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
-import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.proxy.LoginParameterResolver;
-import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory;
-import at.gv.egovernment.moa.util.Base64Utils;
-
 /**
  * @author Stefan Knirsch
  * @version $Id$
@@ -35,127 +24,127 @@ import at.gv.egovernment.moa.util.Base64Utils;
 
 public class Test100LoginParameterResolver extends AbnahmeTestCase {
 
-  private static final String CLIENT_IP_ADDRESS = "56.246.75.11";
-  private OAConfiguration oaConf;
-  private LoginParameterResolver lpr;
-
+//  private static final String CLIENT_IP_ADDRESS = "56.246.75.11";
+//  private OAConfiguration oaConf;
+//  private LoginParameterResolver lpr;
+//
   public Test100LoginParameterResolver(String name) {
     super(name);
   }
-
-  private void setUp(String publicURLPrefix)
-    throws Exception {
-      
-    // get configuration data
-    ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
-    OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(publicURLPrefix);
-    oaConf = oaParam.getOaConfiguration();
-    System.out.println("Parameterübergabe: " + oaConf.getAuthType());
-
-    // get login parameter resolver
-    LoginParameterResolverFactory.initialize();
-    lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix);
-  }
-  public void testP101() throws Exception {
-    try {
-      // read configuration and set up LoginParameterResolver
-      setUp("https://testP101:9443/");
-      if (! oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH))
-        fail();
-
-      // assemble authentication data
-      AuthenticationData authData = new AuthenticationData();
-      authData.setFamilyName("Huber");
-      authData.setGivenName("Hugo");
-
-      // resolve login headers
-      Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
-
-      // validate login headers
-      assertEquals(1, loginHeaders.keySet().size());
-      System.out.println("Header Authorization: " + loginHeaders.get("Authorization"));
-      System.out.println("Decoded UserID:Password " + 
-        new String(new BASE64Decoder().decodeBuffer(((String)loginHeaders.get("Authorization")).substring(6))));
-      String userIDPassword = "Hugo:Huber";
-      String credentials = Base64Utils.encode(userIDPassword.getBytes());
-      assertEquals("Basic " + credentials, loginHeaders.get("Authorization"));
-      System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
-    }
-    catch (Exception e) {
-      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
-      throw e;
-    }
-
-  }
-  public void testP102() throws Exception {
-    try {
-      // read configuration and set up LoginParameterResolver
-      setUp("https://testP102:9443/");
-      if (! oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH))
-        fail();
-
-      // assemble authentication data
-      AuthenticationData authData = new AuthenticationData();
-      String DATE_OF_BIRTH = "1963-12-29";
-      String VPK = "kp6hOq6LRAkLtrqm6EvDm6bMwJw=";
-      authData.setDateOfBirth(DATE_OF_BIRTH);
-      authData.setBPK(VPK);
-
-      // resolve login parameters
-      Map loginParameters = lpr.getAuthenticationParameters(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
-
-      // validate login headers
-      assertEquals(2, loginParameters.keySet().size());
-      System.out.println("Param1: " + loginParameters.get("Param1"));
-      System.out.println("Param2: " + loginParameters.get("Param2"));
-      assertEquals(DATE_OF_BIRTH, loginParameters.get("Param1"));
-      assertEquals(VPK, loginParameters.get("Param2"));
-      System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
-    }
-    catch (Exception e) {
-      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
-      throw e;
-    }
-  }
-
-  public void testP103() throws Exception {
-    try {
-      // read configuration and set up LoginParameterResolver
-      setUp("https://localhost:9443/");
-      if (! oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH))
-        fail();
-
-      // assemble authentication data
-      AuthenticationData authData = new AuthenticationData();
-      boolean PUBLIC_AUTH = true;
-      String BKZ = "FinanzamtWien23Leitstelle";
-      boolean QUAL_CERT = false;
-      String STAMMZAHL = "3456789012";
-      authData.setPublicAuthority(PUBLIC_AUTH);
-      authData.setPublicAuthorityCode(BKZ);
-      authData.setQualifiedCertificate(QUAL_CERT);
-      authData.setIdentificationValue(STAMMZAHL);
-
-      // resolve login headers
-      Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
-
-      // validate login headers
-      assertEquals(5, loginHeaders.keySet().size());
-      System.out.println("Header Param1: " + loginHeaders.get("Param1"));
-      System.out.println("Header Param2: " + loginHeaders.get("Param2"));
-      System.out.println("Header Param3: " + loginHeaders.get("Param3"));
-      System.out.println("Header Param4: " + loginHeaders.get("Param4"));
-      System.out.println("Header Param5: " + loginHeaders.get("Param5"));
-      assertEquals(String.valueOf(PUBLIC_AUTH), loginHeaders.get("Param1"));
-      assertEquals(BKZ, loginHeaders.get("Param2"));
-      assertEquals(String.valueOf(QUAL_CERT), loginHeaders.get("Param3"));
-      assertEquals(STAMMZAHL, loginHeaders.get("Param4"));
-      assertEquals(CLIENT_IP_ADDRESS, loginHeaders.get("Param5"));
-      System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
-    }
-    catch (Exception e) {
-      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
-      throw e;
-    }
-  }
+//
+//  private void setUp(String publicURLPrefix)
+//    throws Exception {
+//      
+//    // get configuration data
+//    ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
+//    OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(publicURLPrefix);
+//    oaConf = oaParam.getOaConfiguration();
+//    System.out.println("Parameterübergabe: " + oaConf.getAuthType());
+//
+//    // get login parameter resolver
+//    LoginParameterResolverFactory.initialize();
+//    lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix);
+//  }
+//  public void testP101() throws Exception {
+//    try {
+//      // read configuration and set up LoginParameterResolver
+//      setUp("https://testP101:9443/");
+//      if (! oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH))
+//        fail();
+//
+//      // assemble authentication data
+//      AuthenticationData authData = new AuthenticationData();
+//      authData.setFamilyName("Huber");
+//      authData.setGivenName("Hugo");
+//
+//      // resolve login headers
+//      Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
+//
+//      // validate login headers
+//      assertEquals(1, loginHeaders.keySet().size());
+//      System.out.println("Header Authorization: " + loginHeaders.get("Authorization"));
+//      System.out.println("Decoded UserID:Password " + 
+//        new String(new BASE64Decoder().decodeBuffer(((String)loginHeaders.get("Authorization")).substring(6))));
+//      String userIDPassword = "Hugo:Huber";
+//      String credentials = Base64Utils.encode(userIDPassword.getBytes());
+//      assertEquals("Basic " + credentials, loginHeaders.get("Authorization"));
+//      System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+//    }
+//    catch (Exception e) {
+//      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+//      throw e;
+//    }
+//
+//  }
+//  public void testP102() throws Exception {
+//    try {
+//      // read configuration and set up LoginParameterResolver
+//      setUp("https://testP102:9443/");
+//      if (! oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH))
+//        fail();
+//
+//      // assemble authentication data
+//      AuthenticationData authData = new AuthenticationData();
+//      String DATE_OF_BIRTH = "1963-12-29";
+//      String VPK = "kp6hOq6LRAkLtrqm6EvDm6bMwJw=";
+//      authData.setDateOfBirth(DATE_OF_BIRTH);
+//      authData.setBPK(VPK);
+//
+//      // resolve login parameters
+//      Map loginParameters = lpr.getAuthenticationParameters(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
+//
+//      // validate login headers
+//      assertEquals(2, loginParameters.keySet().size());
+//      System.out.println("Param1: " + loginParameters.get("Param1"));
+//      System.out.println("Param2: " + loginParameters.get("Param2"));
+//      assertEquals(DATE_OF_BIRTH, loginParameters.get("Param1"));
+//      assertEquals(VPK, loginParameters.get("Param2"));
+//      System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+//    }
+//    catch (Exception e) {
+//      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+//      throw e;
+//    }
+//  }
+//
+//  public void testP103() throws Exception {
+//    try {
+//      // read configuration and set up LoginParameterResolver
+//      setUp("https://localhost:9443/");
+//      if (! oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH))
+//        fail();
+//
+//      // assemble authentication data
+//      AuthenticationData authData = new AuthenticationData();
+//      boolean PUBLIC_AUTH = true;
+//      String BKZ = "FinanzamtWien23Leitstelle";
+//      boolean QUAL_CERT = false;
+//      String STAMMZAHL = "3456789012";
+//      authData.setPublicAuthority(PUBLIC_AUTH);
+//      authData.setPublicAuthorityCode(BKZ);
+//      authData.setQualifiedCertificate(QUAL_CERT);
+//      authData.setIdentificationValue(STAMMZAHL);
+//
+//      // resolve login headers
+//      Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
+//
+//      // validate login headers
+//      assertEquals(5, loginHeaders.keySet().size());
+//      System.out.println("Header Param1: " + loginHeaders.get("Param1"));
+//      System.out.println("Header Param2: " + loginHeaders.get("Param2"));
+//      System.out.println("Header Param3: " + loginHeaders.get("Param3"));
+//      System.out.println("Header Param4: " + loginHeaders.get("Param4"));
+//      System.out.println("Header Param5: " + loginHeaders.get("Param5"));
+//      assertEquals(String.valueOf(PUBLIC_AUTH), loginHeaders.get("Param1"));
+//      assertEquals(BKZ, loginHeaders.get("Param2"));
+//      assertEquals(String.valueOf(QUAL_CERT), loginHeaders.get("Param3"));
+//      assertEquals(STAMMZAHL, loginHeaders.get("Param4"));
+//      assertEquals(CLIENT_IP_ADDRESS, loginHeaders.get("Param5"));
+//      System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+//    }
+//    catch (Exception e) {
+//      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+//      throw e;
+//    }
+//  }
 }
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
index f873f2c3f..db7aa9719 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
@@ -45,7 +45,7 @@ public class AuthenticationServerTest extends UnitTestCase {
   public void doTest(String testdataDirectory, String authURL, String target, String oaURL, String bkuURL, String templateURL) throws Exception {
   	String testdataRoot = TESTDATA_ROOT + "xmldata/" + testdataDirectory + "/";
   	AuthenticationServer server = AuthenticationServer.getInstance();
-  	String htmlForm = server.startAuthentication(authURL, target, oaURL, templateURL, bkuURL, null, null);
+  	String htmlForm = server.startAuthentication(authURL, target, oaURL, templateURL, bkuURL, null, null, null);
   	String sessionID = parseSessionIDFromForm(htmlForm);
   	String infoboxReadResponse = readFile(TESTDATA_ROOT + "xmldata/testperson1/" + "InfoboxReadResponse.xml");
     HashMap parameters = new HashMap(1);
diff --git a/pom.xml b/pom.xml
index e60eeb382..c0df961d2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -242,19 +242,19 @@
             <dependency>
                 <groupId>iaik.prod</groupId>
                 <artifactId>iaik_jce_full</artifactId>
-                <version>3.18_MOA</version>
+                <version>4.0_MOA</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
                 <groupId>iaik.prod</groupId>
                 <artifactId>iaik_moa</artifactId>
-                <version>1.28</version>
+                <version>1.29</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
                 <groupId>iaik.prod</groupId>
                 <artifactId>iaik_cms</artifactId>
-                <version>4.01_MOA</version>
+                <version>4.1_MOA</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
diff --git a/repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar b/repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar
new file mode 100644
index 000000000..8d41ba860
Binary files /dev/null and b/repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar differ
diff --git a/repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.pom b/repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.pom
new file mode 100644
index 000000000..19c21e912
--- /dev/null
+++ b/repository/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.pom
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?><project>
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>iaik.prod</groupId>
+  <artifactId>iaik_cms</artifactId>
+  <version>4.1_MOA</version>
+</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_cms/maven-metadata.xml b/repository/iaik/prod/iaik_cms/maven-metadata.xml
index 8e46e3d1f..4a224aeab 100644
--- a/repository/iaik/prod/iaik_cms/maven-metadata.xml
+++ b/repository/iaik/prod/iaik_cms/maven-metadata.xml
@@ -1,13 +1,14 @@
 <?xml version="1.0" encoding="UTF-8"?><metadata>
   <groupId>iaik.prod</groupId>
   <artifactId>iaik_cms</artifactId>
-  <version>4.0_MOA</version>
+  <version>4.1_MOA</version>
   <versioning>
-    <latest>4.0_MOA</latest>
-    <release>4.0_MOA</release>
+    <latest>4.1_MOA</latest>
+    <release>4.1_MOA</release>
     <versions>
       <version>4.0_MOA</version>
       <version>4.01_MOA</version>
+      <version>4.1_MOA</version>
     </versions>
     <lastUpdated>20080423102941</lastUpdated>
   </versioning>
diff --git a/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar b/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar
new file mode 100644
index 000000000..bacb70edc
Binary files /dev/null and b/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar differ
diff --git a/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.pom b/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.pom
new file mode 100644
index 000000000..9610b3951
--- /dev/null
+++ b/repository/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.pom
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?><project>
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>iaik.prod</groupId>
+  <artifactId>iaik_jce_full</artifactId>
+  <version>4.0_MOA</version>
+</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_jce_full/maven-metadata-central.xml b/repository/iaik/prod/iaik_jce_full/maven-metadata-central.xml
index c277a0cab..2726eb212 100644
--- a/repository/iaik/prod/iaik_jce_full/maven-metadata-central.xml
+++ b/repository/iaik/prod/iaik_jce_full/maven-metadata-central.xml
@@ -1,13 +1,14 @@
 <?xml version="1.0" encoding="UTF-8"?><metadata>
   <groupId>iaik.prod</groupId>
   <artifactId>iaik_jce_full</artifactId>
-  <version>3.18_MOA</version>
+  <version>4.0_MOA</version>
   <versioning>
-    <latest>3.18_MOA</latest>
+    <latest>4.0_MOA</latest>
     <release>3.18_MOA</release>
     <versions>
       <version>3.16_MOA</version>
       <version>3.18_MOA</version>
+      <version>4.0_MOA</version>
     </versions>
     <lastUpdated>20090810170702</lastUpdated>
   </versioning>
diff --git a/repository/iaik/prod/iaik_jce_full/maven-metadata.xml b/repository/iaik/prod/iaik_jce_full/maven-metadata.xml
index c277a0cab..f3091eb4f 100644
--- a/repository/iaik/prod/iaik_jce_full/maven-metadata.xml
+++ b/repository/iaik/prod/iaik_jce_full/maven-metadata.xml
@@ -1,13 +1,14 @@
 <?xml version="1.0" encoding="UTF-8"?><metadata>
   <groupId>iaik.prod</groupId>
   <artifactId>iaik_jce_full</artifactId>
-  <version>3.18_MOA</version>
+  <version>4.0_MOA</version>
   <versioning>
-    <latest>3.18_MOA</latest>
-    <release>3.18_MOA</release>
+    <latest>4.0_MOA</latest>
+    <release>4.0_MOA</release>
     <versions>
       <version>3.16_MOA</version>
       <version>3.18_MOA</version>
+      <version>4.0_MOA</version>
     </versions>
     <lastUpdated>20090810170702</lastUpdated>
   </versioning>
diff --git a/repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.jar b/repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.jar
new file mode 100644
index 000000000..95a6773a6
Binary files /dev/null and b/repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.jar differ
diff --git a/repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.pom b/repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.pom
new file mode 100644
index 000000000..e94fe3f49
--- /dev/null
+++ b/repository/iaik/prod/iaik_moa/1.29/iaik_moa-1.29.pom
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?><project>
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>iaik.prod</groupId>
+  <artifactId>iaik_moa</artifactId>
+  <version>1.29</version>
+</project>
\ No newline at end of file
diff --git a/repository/iaik/prod/iaik_moa/maven-metadata-MOA.xml b/repository/iaik/prod/iaik_moa/maven-metadata-MOA.xml
index 1126afd0e..32e4aad37 100644
--- a/repository/iaik/prod/iaik_moa/maven-metadata-MOA.xml
+++ b/repository/iaik/prod/iaik_moa/maven-metadata-MOA.xml
@@ -9,6 +9,7 @@
       <version>1.26</version>
       <version>1.27</version>
       <version>1.28</version>
+      <version>1.29</version>
     </versions>
     <lastUpdated>20090810074128</lastUpdated>
   </versioning>
diff --git a/repository/iaik/prod/iaik_moa/maven-metadata-local.xml b/repository/iaik/prod/iaik_moa/maven-metadata-local.xml
index ba853331b..ced753edc 100644
--- a/repository/iaik/prod/iaik_moa/maven-metadata-local.xml
+++ b/repository/iaik/prod/iaik_moa/maven-metadata-local.xml
@@ -2,10 +2,10 @@
 <metadata>
   <groupId>iaik.prod</groupId>
   <artifactId>iaik_moa</artifactId>
-  <version>1.28</version>
+  <version>1.29</version>
   <versioning>
     <versions>
-      <version>1.28</version>
+      <version>1.29</version>
     </versions>
     <lastUpdated>20100618102247</lastUpdated>
   </versioning>
diff --git a/spss/pom.xml b/spss/pom.xml
index ce76a939d..c5ecda04d 100644
--- a/spss/pom.xml
+++ b/spss/pom.xml
@@ -10,7 +10,7 @@
     <groupId>MOA</groupId>
     <artifactId>spss</artifactId>
     <packaging>pom</packaging>
-    <version>1.5.x</version>
+    <version>1.5.0</version>
     <name>MOA SP/SS</name>
 
     <properties>
diff --git a/spss/server/history.txt b/spss/server/history.txt
index 8230358e9..52790e1d1 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -4,7 +4,9 @@
 
 - Fixed Bug #548 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=548&group_id=6&atid=105)
 - IAIK Libraries aktualisiert:
-	iaik-moa:           @TODO
+	iaik-moa:           Version 1.29
+	iaik_jce_full:		Version 4.0_MOA
+	iaik_cms:			Version 4.1_MOA
 
 
 ##############
diff --git a/spss/server/readme.update.txt b/spss/server/readme.update.txt
index 56015c35d..703de0dc0 100644
--- a/spss/server/readme.update.txt
+++ b/spss/server/readme.update.txt
@@ -1,11 +1,11 @@
 
 ======================================================================
-  Update einer bestehenden MOA-SPSS-Installation auf Version 1.4.8
+  Update einer bestehenden MOA-SPSS-Installation auf Version 1.5.0
 ======================================================================
 
 Es gibt zwei Möglichkeiten (im Folgenden als "Update Variante A" und 
 "Update Variante B" bezeichnet), das Update von MOA-SPSS auf Version
-1.4.8 durchzuführen. Update Variante A geht dabei den Weg über eine 
+1.5.0 durchzuführen. Update Variante A geht dabei den Weg über eine 
 vorangestellte Neuinstallation, während Variante B direkt eine  
 bestehende Installation aktualisiert.
 
@@ -16,7 +16,7 @@ JAVA_HOME bezeichnet das Wurzelverzeichnis der JDK-Installation
 CATALINA_HOME bezeichnet das Wurzelverzeichnis der Tomcat-Installation
 
 MOA_SPSS_INST bezeichnet das Verzeichnis, in das Sie die Datei
-moa-spss-1.4.8.zip entpackt haben.
+moa-spss-1.5.0.zip entpackt haben.
 
 =================
 Update Variante A 
@@ -53,7 +53,7 @@ Update Variante B
 1.)	Erstellen Sie eine Sicherungskopie des kompletten Tomcat-Verzeichnisses
 	Ihrer MOA-SPSS-Installation.
 	
-2.)	Entpacken Sie die Datei "moa-spss-1.4.8.zip" in das Verzeichnis MOA_SPSS_INST.
+2.)	Entpacken Sie die Datei "moa-spss-1.5.0.zip" in das Verzeichnis MOA_SPSS_INST.
 
 3.)	Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
 	JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
index 566784796..f6b8b4392 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
@@ -27,10 +27,11 @@ import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
-import java.util.Vector;
 
 import javax.xml.parsers.ParserConfigurationException;
 
+import org.apache.xerces.dom.CoreDocumentImpl;
+import org.w3c.dom.Attr;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -70,19 +71,30 @@ import at.gv.egovernment.moa.util.XPathUtils;
 /**
  * A class to create <code>DataObject</code>s contained in different
  * locations of the MOA XML request format.
- * 
+ *
  * @author Patrick Peck
  * @author Gregor Karlinger
  * @version $Id$
  */
 public class DataObjectFactory {
 
+  /**
+   * XPATH for registering ID attributes of known schemas if
+   * validating parsing fails.
+   */
+  private static final String XPATH =
+    "descendant-or-self::node()[" +
+    "namespace-uri()='http://www.w3.org/2000/09/xmldsig#' " +
+    "or namespace-uri()='http://reference.e-government.gv.at/namespace/persondata/20020228#' " +
+    "or starts-with(namespace-uri(), 'http://uri.etsi.org/01903/')" +
+    "]/attribute::Id";
+
   /** The single instance of this class. */
   private static DataObjectFactory instance = null;
 
   /**
    * Return the only instance of this class.
-   * 
+   *
    * @return The only instance of this class.
    */
   public static synchronized DataObjectFactory getInstance() {
@@ -94,7 +106,7 @@ public class DataObjectFactory {
 
   /**
    * Create a new <code>DataObjectFactory</code>.
-   * 
+   *
    * Protected to disallow multiple instances.
    */
   protected DataObjectFactory() {
@@ -104,8 +116,8 @@ public class DataObjectFactory {
    * Return the signature environment, i.e., the root element of the
    * document, into which the signature will be inserted (if created) or which
    * contains the signature (if verified).
-   * 
-   * @param content The <code>Content</code> object containing the signature 
+   *
+   * @param content The <code>Content</code> object containing the signature
    * environment.
    * @param supplements Additional schema or DTD information.
    * @return The signature environment or <code>null</code>, if no
@@ -128,7 +140,7 @@ public class DataObjectFactory {
     checkAllowContentAndReference(content, false);
 
     // build the EntityResolver for validating parsing
-    if (supplements == null || supplements.isEmpty()) {
+    if ((supplements == null) || supplements.isEmpty()) {
       entityResolver = new MOAEntityResolver();
     } else {
       EntityResolverChain chain = new EntityResolverChain();
@@ -195,7 +207,7 @@ public class DataObjectFactory {
             Element element =
               checkForSingleElement(((ContentXML) content).getXMLContent());
             contentBytes = DOMUtils.serializeNode(element, "UTF-8");
-            
+
             break;
           }
         default : {
@@ -208,25 +220,27 @@ public class DataObjectFactory {
       throw new MOAApplicationException("2219", null);
     }
 
-    // For logging in Debug-Mode: Mask baseid with xxx
-    String logString = new String(contentBytes);
-    // TODO use RegExp
-    String startS = "<pr:Identification><pr:Value>";
-    String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
-    String logWithMaskedBaseid = logString;
-    int start = logString.indexOf(startS);
-    if (start > -1) {
-       int end = logString.indexOf(endS);
-       if (end > -1) {
+    if (Logger.isTraceEnabled()) {
+      // For logging in Debug-Mode: Mask baseid with xxx
+      String logString = new String(contentBytes);
+      // TODO use RegExp
+      String startS = "<pr:Identification><pr:Value>";
+      String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
+      String logWithMaskedBaseid = logString;
+      int start = logString.indexOf(startS);
+      if (start > -1) {
+        int end = logString.indexOf(endS);
+        if (end > -1) {
           logWithMaskedBaseid = logString.substring(0, start);
           logWithMaskedBaseid += startS;
           logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
           logWithMaskedBaseid += logString.substring(end, logString.length());
-       }
+        }
+      }
+
+      // try to parse validating
+      Logger.trace(">>> parsing the following content: \n" + logWithMaskedBaseid);
     }
-    
-    // try to parse validating
-    Logger.trace(">>> parsing the following content: \n" + logWithMaskedBaseid);
     try {
       ByteArrayInputStream is = new ByteArrayInputStream(contentBytes);
       Document doc =
@@ -250,6 +264,21 @@ public class DataObjectFactory {
     try {
       ByteArrayInputStream is = new ByteArrayInputStream(contentBytes);
       Document doc = DOMUtils.parseDocument(is, false, null, null);
+      // Since the parse tree will not contain any post schema validation information,
+      // we need to register any attributes known to be of type xsd:Id manually.
+      NodeList idAttributes = XPathUtils.selectNodeList(doc.getDocumentElement(), XPATH);
+      for (int i = 0; i < idAttributes.getLength(); i++) {
+        Node item = idAttributes.item(i);
+        if (item instanceof Attr) {
+          Attr attr = (Attr) item;
+          Element owner = attr.getOwnerElement();
+          // Only available in DOM-Level 3 (Java 1.5):
+          // owner.setIdAttributeNode(attr, true);
+          if (doc instanceof CoreDocumentImpl) {
+            ((CoreDocumentImpl) doc).putIdentifier(attr.getValue(), owner);
+          }
+        }
+      }
       return new XMLDataObjectImpl(doc.getDocumentElement());
     } catch (Exception e) {
       throw new MOAApplicationException("2218", null);
@@ -258,11 +287,11 @@ public class DataObjectFactory {
 
   /**
    * Create an <code>XMLDataObject</code> from the given signature environment.
-   * 
+   *
    * @param signatureEnvironment The signature environment contained in the
    * result.
    * @param uri The URI identifying the data. This must be either the empty
-   * URI, an URI starting with <code>"#xpointer"</code>, <code>"#xmlns"</code> 
+   * URI, an URI starting with <code>"#xpointer"</code>, <code>"#xmlns"</code>
    * or <code>"#element"</code>; or an URI starting with <code>"#"</code> and
    * followed by an element ID.
    * @param referenceID The reference ID to set for the data object.
@@ -312,16 +341,16 @@ public class DataObjectFactory {
   }
 
   /**
-   * Build a <code>StreamEntityResolver</code> from a <code>List</code> of 
+   * Build a <code>StreamEntityResolver</code> from a <code>List</code> of
    * supplements.
-   * 
-   * @param supplements The supplements, given as 
+   *
+   * @param supplements The supplements, given as
    * <code>XMLDataObjectAssociation</code>s.
    * @return A <code>StreamEntityResolver</code> mapping the supplements by
    * their reference URI to an <code>InputStream</code> of their respective
-   * content. 
+   * content.
    */
-  private static StreamEntityResolver buildSupplementEntityResolver(List supplements) 
+  private static StreamEntityResolver buildSupplementEntityResolver(List supplements)
     throws MOAApplicationException
   {
     Map entities = new HashMap();
@@ -342,10 +371,10 @@ public class DataObjectFactory {
         case Content.LOCREF_CONTENT:
           {
         	String locRefURI = ((ContentLocRef) content).getLocationReferenceURI();
-        	
+
             TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
         	if (context.FindResolvedEntity(locRefURI)==null) {
-	
+
 	            ExternalURIResolver uriResolver = new ExternalURIResolver();
 	            InputStream uriStream = null;
 	            byte[] contentBytes;
@@ -378,17 +407,18 @@ public class DataObjectFactory {
             int i = 0;
 
             // find the first element node
-            while (i < nodes.getLength()
-              && nodes.item(i).getNodeType() != Node.ELEMENT_NODE)
+            while ((i < nodes.getLength())
+              && (nodes.item(i).getNodeType() != Node.ELEMENT_NODE)) {
               i++;
+            }
 
             // serialize the node
             if (i < nodes.getLength()) {
-              try 
+              try
               {
                 byte[] serialized = DOMUtils.serializeNode(nodes.item(i), "UTF-8");
                 entities.put(reference, new ByteArrayInputStream(serialized));
-              } 
+              }
               catch (Exception e)
               {
                 throw new MOAApplicationException("2281", new Object[]{reference}, e);
@@ -404,7 +434,7 @@ public class DataObjectFactory {
 
   /**
    * Create a <code>DataObject</code> from a <code>Content</code> object.
-   * 
+   *
    * @param content The <code>Content</code> object containing the data.
    * @param finalDataMetaInfo The meta information corresponding with <code>content</code>.
    * @param referenceID The reference ID to set in the resulting
@@ -452,10 +482,10 @@ public class DataObjectFactory {
     checkAllowContentAndReference(content, allowContentAndReference);
 
     // ok, build the data object; use content first, if available
-    switch (content.getContentType()) 
+    switch (content.getContentType())
     {
       case Content.XML_CONTENT :
-      {  
+      {
         ContentXML contentXml = (ContentXML) content;
         dataObject = createFromXmlContent(contentXml, xmlAsNodeList);
         break;
@@ -499,7 +529,7 @@ public class DataObjectFactory {
   /**
    * Check, if content and reference URIs are allowed in the content an throw
    * an exception if an illegal combination of the two occurs.
-   * 
+   *
    * @param content The <code>Content</code> to check.
    * @param allowContentAndReference Whether explicit content and a reference
    * are allowed at the same time.
@@ -514,13 +544,13 @@ public class DataObjectFactory {
     String reference = content.getReference();
 
     // check for content and reference not being set
-    if (content.getContentType() == Content.REFERENCE_CONTENT
-      && reference == null) {
+    if ((content.getContentType() == Content.REFERENCE_CONTENT)
+      && (reference == null)) {
       String errorCode = allowContentAndReference ? "1111" : "1110";
       throw new MOAApplicationException(errorCode, null);
     }
 
-    // if we only allow either content or reference being set at once, check 
+    // if we only allow either content or reference being set at once, check
     if (!allowContentAndReference
       && (content.getContentType() != Content.REFERENCE_CONTENT)
       && (reference != null)) {
@@ -531,10 +561,10 @@ public class DataObjectFactory {
   /**
    * Create a <code>DataObject</code> from a
    * <code>XMLDataObjectAssociation</code> object.
-   * 
+   *
    * @param xmlDataObjAssoc The <code>XMLDataObjectAssociation</code> object.
    * @param xmlContentAllowed Whether the content contained in the
-   * <code>xmlDataObjAssoc</code> is allowed to be of type 
+   * <code>xmlDataObjAssoc</code> is allowed to be of type
    * <code>XML_CONTENT</code>.
    * @param binaryContentRepeatable If binary content must be provided as a
    * <code>DataObject</code> that can be read multiple times.
@@ -559,11 +589,11 @@ public class DataObjectFactory {
     switch (content.getContentType())
     {
       case Content.XML_CONTENT :
-      {  
+      {
         if (xmlContentAllowed)
         {
           dataObject = createFromXmlContent((ContentXML) content, true);
-        } 
+        }
         else
         {
           throw new MOAApplicationException("2280", null);
@@ -601,8 +631,8 @@ public class DataObjectFactory {
   /**
    * Create a <code>DataObject</code> from a <code>TransformParameter</code>
    * object.
-   * 
-   * @param transformParameter The <code>TransformParameter</code> object 
+   *
+   * @param transformParameter The <code>TransformParameter</code> object
    * containing the data.
    * @return A <code>DataObject</code> representing the data in
    * <code>root</code>.
@@ -662,7 +692,7 @@ public class DataObjectFactory {
 
   /**
    * Create a <code>DataObject</code> from data located at the given URI.
-   * 
+   *
    * @param uri The <code>URI</code> where the data is located. This method uses
    * an <code>ExternalURIResolver</code> to resolve URIs.
    * @param asXml If <code>true</code>, a <code>DataObject</code> is only
@@ -682,7 +712,7 @@ public class DataObjectFactory {
 
   /**
    * Create a <code>DataObject</code> from data located at the given URI.
-   * 
+   *
    * @param uri The <code>URI</code> where the data is located. This method uses
    * an <code>ExternalURIResolver</code> to resolve URIs.
    * @param asXml If <code>true</code>, a <code>DataObject</code> is only
@@ -701,7 +731,7 @@ public class DataObjectFactory {
     Logger.trace(">>> resolving uri \"" + uri + "\"");
 
     ExternalURIResolver resolver = new ExternalURIResolver();
-        
+
     TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
     InputStream is = context.ResolveURI(uri);
     String contentType = null;
@@ -718,12 +748,12 @@ public class DataObjectFactory {
     DataObjectImpl dataObject;
 
     // read the content
-    if (contentType != null && contentTypeIsXml(contentType)) {
+    if ((contentType != null) && contentTypeIsXml(contentType)) {
       Document doc;
 
       if (asXml) {
         try {
-          // try parsing non-validating: this has to succeed or we 
+          // try parsing non-validating: this has to succeed or we
           // bail out by throwing an exception
           is = resolver.resolve(uri);
           doc = DOMUtils.parseDocument(is, false, null, null);
@@ -767,14 +797,14 @@ public class DataObjectFactory {
           Logger.trace(">>> read stream for \"" + uri + "\"");
         }
       }
-    } 
-    
-    else if (asXml) 
+    }
+
+    else if (asXml)
     {
       // if we need XML data, we're in the wrong place here
       closeInputStream(is);
       throw new MOAApplicationException("2211", new Object[] { uri });
-    } 
+    }
     else
     {
       // content is binary: make it available as a binary input stream
@@ -805,20 +835,22 @@ public class DataObjectFactory {
     dataObject.setURI(uri);
 
     Logger.trace("<<< resolved uri \"" + uri + "\"");
-    
+
     return dataObject;
   }
 
   /**
    * Savely closes the specified input stream.
-   * 
+   *
    * @param is The input stream to be closed.
    */
   private static void closeInputStream(InputStream is)
   {
     try
     {
-      if (is != null) is.close();
+      if (is != null) {
+        is.close();
+      }
     }
     catch (Throwable t)
     {
@@ -828,10 +860,10 @@ public class DataObjectFactory {
 
   /**
    * Determine whether the content type is XML.
-   * 
+   *
    * Content types recognized as XML start with <code>text/xml</code> and
    * <code>application/xml</code>.
-   * 
+   *
    * @param contentType The content MIME type.
    * @return boolean If <code>true</code>, the content type is XML, otherwise
    * not.
@@ -842,8 +874,8 @@ public class DataObjectFactory {
   }
 
   /**
-   * Create a <code>DataObject</code> from a <code>ContentXML</code> object. 
-   * 
+   * Create a <code>DataObject</code> from a <code>ContentXML</code> object.
+   *
    * @param xmlContent The <code>ContentXML</code> object from
    * which the <code>DataObject</code> is to be built.
    * @param xmlAsNodeList If <code>true</code>, the children of
@@ -879,7 +911,7 @@ public class DataObjectFactory {
   /**
    * Check, that the given <code>NodeList</code> contains a single DOM element
    * node and return it, otherwise throw an exception.
-   * 
+   *
    * @param nodes The <code>NodeList</code> to check for a single element.
    * @return The single element contained in <code>nodes</code>.
    * @throws MOAApplicationException Thrown, if <code>nodes</code> does not
@@ -912,11 +944,11 @@ public class DataObjectFactory {
 
   /**
    * Create a <code>DataObject</code> from a <code>ContentBinary</code> object.
-   * 
+   *
    * @param binaryContent The <code>ContentBinary</code> object containing the
    * data.
    * @param asXml If <code>true</code>, <code>binaryContent</code> must
-   * contain XML data. Otherwise, a <code>BinaryDataObject</code> will be 
+   * contain XML data. Otherwise, a <code>BinaryDataObject</code> will be
    * returned containing a byte stream to the decoded Base64 data.
    * @param repeatable If multiple calls to <code>getInputStream()</code> must
    * repeatedly return the content of the data object.
-- 
cgit v1.2.3


From 07449c789f2561bb768d111e5b7d2c14e5dec26f Mon Sep 17 00:00:00 2001
From: kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Thu, 7 Apr 2011 19:22:50 +0000
Subject: * Update Parameterüberprüfung Templates * Update
 Beispiel-Konfigurationen * Update ContentType für InfoBoxReadRequest
 (Zertifikat) bei Online-Mandates
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1202 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../conf/moa-id/SampleMOAIDConfiguration.xml       |  2 +-
 .../conf/moa-id/SampleMOAIDConfigurationProxy.xml  |  2 +-
 .../SampleMOAIDConfiguration_withTestBKs.xml       |  2 +-
 .../SampleMOAIDConfiguration_withTestBKsProxy.xml  |  2 +-
 .../id/auth/servlet/VerifyCertificateServlet.java  |  2 +-
 .../id/auth/servlet/VerifyIdentityLinkServlet.java |  6 ++-
 .../moa/id/util/ParamValidatorUtils.java           |  8 +++-
 .../gv/egovernment/moa/id/util/ServletUtils.java   | 54 +++++++++++++++++-----
 8 files changed, 59 insertions(+), 19 deletions(-)

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index 8dd49e2d7..b74956473 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -102,7 +102,7 @@
 			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
 			<!--<Mandates>-->
 				<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
-<!--				<Profiles>Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
+<!--				<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
 <!--			</Mandates>-->
 		</AuthComponent>
 	</OnlineApplication>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index 11b794888..b2a1a3453 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -111,7 +111,7 @@
 			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
 			<!--<Mandates>-->
 				<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
-<!--				<Profiles>Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
+<!--				<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
 <!--			</Mandates>-->
 		</AuthComponent>
 		<!-- fuer MOA-ID-PROXY -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 80c7a8dfd..35b8e19d1 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -101,7 +101,7 @@
 			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
 			<!-- <Mandates> -->
 				<!-- Liste der Vollmachten-Identifikatoren, die festlegt mit welchen Vollmachtstyp man sich bei der Online-Applikation anmelden kann-->
-				<!--<Profiles>Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
+				<!--<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
 			<!--</Mandates> -->
 		</AuthComponent>
 	</OnlineApplication>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index dd207f76d..4aa6d773b 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -112,7 +112,7 @@
 			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
 			<!--<Mandates>-->
 				<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
-<!--				<Profiles>Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
+<!--				<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
 <!--			</Mandates>-->
 		</AuthComponent>
 		<!-- fuer MOA-ID-PROXY -->
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index d101df1fa..0014d2647 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -110,7 +110,7 @@ public class VerifyCertificateServlet extends AuthServlet {
 	    
 	    // escape parameter strings
 		sessionID = StringEscapeUtils.escapeHtml(sessionID);
-		
+				
 	    AuthenticationSession session = null;
 	    try {
 	       // check parameter
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 23861d290..740c85942 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -108,6 +108,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
       throw new IOException(e.getMessage());
     }
     String sessionID = req.getParameter(PARAM_SESSIONID);
+       
 
     // escape parameter strings
 	sessionID = StringEscapeUtils.escapeHtml(sessionID);
@@ -178,7 +179,10 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
                    session.getSessionID());
            
           
-     		   ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+     		  //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
+     		  //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+     		  Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
+     		  ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
     			
     		}
     		else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index d35fc875d..a1e039661 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -270,8 +270,12 @@ public class ParamValidatorUtils {
     	  // check if template url starts with http or https 
     	  if (template.startsWith("http") || template.startsWith("https")) {
     	
-    		  // check if template url is from same server
-    		  if (template.contains(req.getServerName())) {
+    		  // check if template url is from same server    		  
+    		  String name = req.getServerName();
+    		  String httpName = "http://" + name;
+    		  String httpsName = "https://" + name;
+    		  
+    		  if (template.startsWith(httpName) || template.startsWith(httpsName)) {
     			 new URL(template);
     			 Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL erfolgreich überprüft");
      	         return true;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
index 24e5ff3d0..c3d548d54 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
@@ -18,16 +18,17 @@
  */
 package at.gv.egovernment.moa.id.util;
 
-import java.io.IOException;
-import java.io.OutputStream;
-
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.logging.Logger;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.net.URLEncoder;
+
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.logging.Logger;
 
 /**
  * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
@@ -96,7 +97,7 @@ public class ServletUtils {
       
       //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
       resp.setContentType("text/xml;charset=UTF-8");
-      
+            
       OutputStream out = resp.getOutputStream();
       out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
       out.flush();
@@ -104,5 +105,36 @@ public class ServletUtils {
       Logger.debug("Finished POST " + servletName);
     
   }
+
+  /**
+   * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing 
+   * depending on the requests starting text.
+   * 
+   * @param resp The httpServletResponse
+   * @param session The current AuthenticationSession
+   * @param createXMLSignatureRequestOrRedirect The request
+   * @param servletGoal The servlet to which the redirect should happen
+   * @param servletName The servlet name for debug purposes
+   * @throws MOAIDException
+   * @throws IOException
+   */
+  public static void writeCreateXMLSignatureRequestURLEncoded(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName, String dataURL) 
+  throws MOAIDException,
+         IOException { 
+	  resp.setStatus(200);
+	  Logger.debug("ContentType set to: application/x-www-form-urlencoded");
+	
+	  resp.setContentType("application/x-www-form-urlencoded");
+	  
+	  String content = "XMLRequest=" + URLEncoder.encode(createXMLSignatureRequestOrRedirect, "UTF-8") + "&" + 
+	  					"DataURL=" + URLEncoder.encode(dataURL, "UTF-8");
+      
+      OutputStream out = resp.getOutputStream();
+      out.write(content.getBytes("UTF-8"));
+      out.flush();
+      out.close();
+      Logger.debug("Finished POST " + servletName);
+    
+  }
 
 }
-- 
cgit v1.2.3


From 9bbe4aa713e2c38dcfba02880c9b2cb63e82a859 Mon Sep 17 00:00:00 2001
From: kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Tue, 21 Jun 2011 15:40:44 +0000
Subject: * Update MOA-ID (Template Mechanismus für Online-Vollmachten inkl.
 MOA-ID Config) * Update BK-Auswahl Howto * Update Default-Konfigurationen *
 Löschen von A1-Signatur Texten * Entfernung von tempates.war
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1206 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../schemas/MOA-ID-Configuration-1.5.0.xsd         |  15 ++
 id/assembly-auth.xml                               |   4 +-
 id/assembly-proxy.xml                              |   4 +-
 id/readme_1.5.0.txt                                |   1 +
 .../main/webapp/BKAuswahl-MOA-Template-Howto.pdf   | Bin 191806 -> 191887 bytes
 id/server/auth/src/main/webapp/css/index.css       |  19 +-
 id/server/auth/src/main/webapp/img/infobutton.gif  | Bin 0 -> 868 bytes
 id/server/auth/src/main/webapp/index.html          |   5 +-
 id/server/auth/src/main/webapp/info_bk.html        |   2 +-
 id/server/auth/src/main/webapp/info_mandates.html  |  58 +++++
 .../conf/moa-id/SampleMOAIDConfiguration.xml       |  14 ++
 .../conf/moa-id/SampleMOAIDConfigurationProxy.xml  |  14 ++
 .../SampleMOAIDConfiguration_withTestBKs.xml       |  14 ++
 .../SampleMOAIDConfiguration_withTestBKsProxy.xml  |  14 ++
 .../conf/moa-id/SampleMOAWIDConfiguration.xml      |  14 ++
 .../conf/moa-id/SampleMOAWIDConfigurationProxy.xml |  14 ++
 .../SampleMOAWIDConfiguration_withTestBKs.xml      |  14 ++
 .../SampleMOAWIDConfiguration_withTestBKsProxy.xml |  14 ++
 .../SampleBKUSelectionTemplate.html                |   8 +-
 .../sampleTemplates/handy_mandate_template.html    |  26 +++
 .../sampleTemplates/handy_moa-id_template.html     |  41 ++++
 .../sampleTemplates/local_mandate_template.html    |  26 +++
 .../sampleTemplates/local_moa-id_template.html     |  31 +++
 .../sampleTemplates/online_mandate_template.html   |  26 +++
 .../sampleTemplates/online_moa-id_template.html    |  38 ++++
 .../transforms/TransformsInfoAuthBlockTable_DE.xml |   8 +-
 .../profiles/MOAIDTransformAuthBlockTable_DE.xml   |   8 +-
 .../data/deploy/templates/LIESMICH_TEMPLATES.txt   |  39 ----
 id/server/doc/MOA-ID-Configuration-1.5.0.xsd       |  23 ++
 .../doc/moa_id/examples/BKUSelectionTemplate.html  |  13 +-
 .../SampleMOAIDVerifyInfoboxesConfiguration.xml    |   1 -
 .../moa_id/examples/conf/MOA-ID-Configuration.xml  |   2 -
 id/server/doc/moa_id/id-admin_2.htm                |  39 ++--
 id/server/doc/moa_id/id-anwendung_1.htm            |  19 ++
 .../moa/id/auth/AuthenticationServer.java          |   6 +
 .../AuthenticationBlockAssertionBuilder.java       |   7 +-
 .../builder/CreateXMLSignatureRequestBuilder.java  |  54 +++--
 .../auth/builder/GetIdentityLinkFormBuilder.java   | 235 ++++++++++++++++-----
 .../moa/id/auth/builder/SAMLArtifactBuilder.java   |   9 +
 .../moa/id/auth/data/AuthenticationSession.java    |   7 +-
 .../id/auth/servlet/GetMISSessionIDServlet.java    |  10 +-
 .../servlet/VerifyAuthenticationBlockServlet.java  |   5 +-
 .../moa/id/config/ConfigurationBuilder.java        |  91 +++++++-
 .../moa/id/config/OnlineMandatesTemplates.java     |  54 +++++
 .../moa/id/config/auth/OAAuthParameter.java        |  24 ++-
 .../resources/properties/id_messages_de.properties |   1 +
 .../main/webapp/SampleBKUSelectionTemplate.html    |  13 +-
 47 files changed, 893 insertions(+), 191 deletions(-)
 create mode 100644 id/server/auth/src/main/webapp/img/infobutton.gif
 create mode 100644 id/server/auth/src/main/webapp/info_mandates.html
 create mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/handy_mandate_template.html
 create mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/handy_moa-id_template.html
 create mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/local_mandate_template.html
 create mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/local_moa-id_template.html
 create mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/online_mandate_template.html
 create mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/online_moa-id_template.html
 delete mode 100644 id/server/data/deploy/templates/LIESMICH_TEMPLATES.txt
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OnlineMandatesTemplates.java

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd
index 2e4c33c03..19b793fdb 100644
--- a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd
+++ b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.0.xsd
@@ -308,6 +308,21 @@
 			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
 			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>
 			<xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
+			<xsd:element name="OnlineMandates" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="BKU" maxOccurs="unbounded">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element name="MOA-ID-Template" type="TemplateType"/>
+									<xsd:element name="MandateTemplate" type="TemplateType"/>
+								</xsd:sequence>
+								<xsd:attribute name="URL" use="required"/>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
 		</xsd:sequence>
 	</xsd:complexType>
 	<xsd:complexType name="TemplateType">
diff --git a/id/assembly-auth.xml b/id/assembly-auth.xml
index e971d701a..0f676552b 100644
--- a/id/assembly-auth.xml
+++ b/id/assembly-auth.xml
@@ -101,7 +101,7 @@
 				<unpack>true</unpack>
 			</binaries>
 		</moduleSet>
-		<moduleSet>
+		<!-- <moduleSet>
 			<includes>
 				<include>MOA.id:moa-id-templates</include>
 			</includes>
@@ -111,7 +111,7 @@
 				<outputDirectory>/templates</outputDirectory>
 				<unpack>false</unpack>
 			</binaries>
-		</moduleSet>
+		</moduleSet>-->
 	</moduleSets>
 
 	<componentDescriptors>
diff --git a/id/assembly-proxy.xml b/id/assembly-proxy.xml
index 0f7af5491..4e22222e5 100644
--- a/id/assembly-proxy.xml
+++ b/id/assembly-proxy.xml
@@ -98,7 +98,7 @@
 				<unpack>true</unpack>
 			</binaries>
 		</moduleSet>
-		<moduleSet>
+		<!-- <moduleSet>
 			<includes>
 				<include>MOA.id:moa-id-templates</include>
 			</includes>
@@ -108,7 +108,7 @@
 				<outputDirectory>/templates</outputDirectory>
 				<unpack>false</unpack>
 			</binaries>
-		</moduleSet>
+		</moduleSet>-->
 	</moduleSets>
 	
 	<componentDescriptors>
diff --git a/id/readme_1.5.0.txt b/id/readme_1.5.0.txt
index 56a08cc0c..533589e16 100644
--- a/id/readme_1.5.0.txt
+++ b/id/readme_1.5.0.txt
@@ -19,6 +19,7 @@ gleichen Verzeichnis):
 	iaik_cms:			Version 4.1_MOA
 - Update Parameterüberprüfung
 - Einbindung von Online-Vollmachten
+- Möglichkeit der Einbindung eines Templates für die Online-Vollmachten Anmeldung
 - Update MOA-Template zur Bürgerkartenauswahl
 - Update Transformationen (für Online-Vollmachten)
 - Änderung der Konfiguration für:
diff --git a/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf b/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf
index dcf38c218..77c32e35e 100644
Binary files a/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf and b/id/server/auth/src/main/webapp/BKAuswahl-MOA-Template-Howto.pdf differ
diff --git a/id/server/auth/src/main/webapp/css/index.css b/id/server/auth/src/main/webapp/css/index.css
index 28fea78e3..2d46c4227 100644
--- a/id/server/auth/src/main/webapp/css/index.css
+++ b/id/server/auth/src/main/webapp/css/index.css
@@ -118,7 +118,6 @@ h2#tabheader, h2#contentheader {
 	padding : 5px 5px 5px 5px;
 }
 
-
 button {
 	background: #efefef;
 	border:1px solid #000;
@@ -142,9 +141,9 @@ button {
 }
 
 #leftcontent a {
-	text-decoration:none;
+	text-decoration:none; 
 	color: #000;
-	display:block;
+/*	display:block;*/
 	padding:4px;	
 }
 
@@ -212,6 +211,20 @@ p {
 	vertical-align: middle;
 }
 
+
+.infobutton {
+	background-color: #005a00;
+	color: white;
+	font-family: serif;
+	text-decoration: none;
+	padding-top: 2px;
+	padding-right: 4px;
+	padding-bottom: 2px;
+	padding-left: 4px;
+	font-weight: bold;
+}
+
+
 /* [OPTIONAL] Geben Sie hier die Farbe fuer den hellen Hintergrund an */
 .hell {
 	background-color : #DDDDDD;	
diff --git a/id/server/auth/src/main/webapp/img/infobutton.gif b/id/server/auth/src/main/webapp/img/infobutton.gif
new file mode 100644
index 000000000..31e236e34
Binary files /dev/null and b/id/server/auth/src/main/webapp/img/infobutton.gif differ
diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
index 62576b15e..b40ea89f5 100644
--- a/id/server/auth/src/main/webapp/index.html
+++ b/id/server/auth/src/main/webapp/index.html
@@ -124,9 +124,12 @@
                         
                         <!-- [OPTIONAL] Um die Anmeldung mit Vollmachten auszublenden, kommentieren Sie das folgende div (mandate) aus -->
 						<div id="mandate">
-	                   		<input type="checkbox" name="Mandate" style="vertical-align: middle; margin-right: 5px;" id="mandateCheckBox"><label>in Vertretung anmelden</label>
+                        	<input type="checkbox" name="Mandate" style="vertical-align: middle; margin-right: 5px;" id="mandateCheckBox">
+								<label>in Vertretung anmelden</label>
+                          <a href="info_mandates.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
                         </div> 
                     </div>
+
                     
                     
 
diff --git a/id/server/auth/src/main/webapp/info_bk.html b/id/server/auth/src/main/webapp/info_bk.html
index 8bfee57f2..f15501a80 100644
--- a/id/server/auth/src/main/webapp/info_bk.html
+++ b/id/server/auth/src/main/webapp/info_bk.html
@@ -14,7 +14,7 @@
             <div id="banner">
                 <!-- [OPTIONAL] Aendern Sie hier die Titelueberschrift der Seite) -->
                 <div id="bannerleft">
-                    <h1>Musterseite</h1>
+                    <h1>MOA-Template zur Bürgerkartenauswahl (Musterseite)</h1>
                     <!-- Meldung im Browser, wenn JavaScript nicht aktiviert -->
                     <noscript>
                         <p>
diff --git a/id/server/auth/src/main/webapp/info_mandates.html b/id/server/auth/src/main/webapp/info_mandates.html
new file mode 100644
index 000000000..c46b91636
--- /dev/null
+++ b/id/server/auth/src/main/webapp/info_mandates.html
@@ -0,0 +1,58 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html lang="de">
+	<head>
+		<title>Information</title>
+        <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+        <meta http-equiv="Content-Style-Type" content="text/css">
+        <link rel="stylesheet" type="text/css" href="css/index.css">
+	</head>
+	<body>
+		<div id="wrapper">
+            <p id="skiplinks">
+                <a href="#content">Zum Inhalt springen</a>
+            </p>
+            <div id="banner">
+                <!-- [OPTIONAL] Aendern Sie hier die Titelueberschrift der Seite) -->
+                <div id="bannerleft">
+                    <h1>MOA-Template zur Bürgerkartenauswahl (Musterseite)</h1>
+                    <!-- Meldung im Browser, wenn JavaScript nicht aktiviert -->
+                    <noscript>
+                        <p>
+                            Bitte aktivieren Sie JavaScript.
+                        </p>
+	                </noscript>
+                </div>                
+                <!-- [OPTIONAL] Aendern Sie hier das Logo der Seite (und Alternativtext fuer das Bild) -->
+                <div id="bannerright">
+                    <img src="img/logo.jpg" alt="Logo">
+                </div>
+            </div>
+            <div id="main">
+                <div id="centercontent">
+                    <h2 id="contentheader" class="dunkel">
+                        Information zur Anmeldung mittels elektronischer Vollmacht
+                    </h2>
+                    <div id="content" class="hell">
+                        <p>
+                        <p>Aktivieren Sie das K&auml;stchen <input type="checkbox" checked="true" readonly="true" enabled="false"/> "in Vertretung anmelden",
+			wenn Sie sich als Vertreter f&uuml;r eine andere Person anmelden m&ouml;chten. Das Vollmachtenservice
+			der Stammzahlenregisterbeh&ouml;rde bietet Ihnen Ihre verf&uuml;gbaren Vollmachten zur Auswahl an.</p>
+
+			
+			<p>Das Service zum Eintragen einer Vollmacht zwischen zwei nat&uuml;rlichen Personen k&ouml;nnen Sie
+			unter dem Hyperlink <a href="https://vollmachten.stammzahlenregister.gv.at/">Bilaterale Vollmacht</a>
+			eintragen.</p>
+			
+			<p>Als Organwalter (gem&auml;&szlig; &sect; 5 Abs. 3 E-GovG) und berufsm&auml;&szlig;ige Parteinvertreter,
+			aktivieren Sie bitte ebenfalls das K&auml;stchen <input type="checkbox" checked="true" readonly="true" enabled="false"/> "in Vertretung anmelden".</p>
+
+			
+			<p><span style="text-decoration: underline">Hinweis</span>: Welche Vollmachten Ihnen bei der jeweiligen
+			B&uuml;rgerkartenapplikation zur Verf&uuml;gung stehen, h&auml;ngt vom Anwendungsbetreiber ab.</p>
+                        </p>
+					</div>
+                </div>
+            </div>
+		</div>
+	</body>
+</html>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index b74956473..0494502f7 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -15,6 +15,20 @@
 			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
 			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
 			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+			<!--<OnlineMandates>
+				<BKU URL="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
+					<MOA-ID-Template URL="sampleTemplates/handy_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/handy_mandate_template.html"/>
+				</BKU>
+				<BKU URL="https://localhost:3496/https-security-layer-request">
+					<MOA-ID-Template URL="sampleTemplates/local_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/local_mandate_template.html"/>
+				</BKU>
+				<BKU URL="https://[yourserver]/bkuonline/https-security-layer-request">
+					<MOA-ID-Template URL="sampleTemplates/online_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/online_mandate_template.html"/>					
+				</BKU>
+			</OnlineMandates>-->
 		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index b2a1a3453..31bcdf512 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -15,6 +15,20 @@
 			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
 			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
 			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+			<!--<OnlineMandates>
+				<BKU URL="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
+					<MOA-ID-Template URL="sampleTemplates/handy_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/handy_mandate_template.html"/>
+				</BKU>
+				<BKU URL="https://localhost:3496/https-security-layer-request">
+					<MOA-ID-Template URL="sampleTemplates/local_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/local_mandate_template.html"/>
+				</BKU>
+				<BKU URL="https://[yourserver]/bkuonline/https-security-layer-request">
+					<MOA-ID-Template URL="sampleTemplates/online_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/online_mandate_template.html"/>					
+				</BKU>
+			</OnlineMandates>-->
 		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 35b8e19d1..9989b5927 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -15,6 +15,20 @@
 			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
 			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
 			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+			<!--<OnlineMandates>
+				<BKU URL="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
+					<MOA-ID-Template URL="sampleTemplates/handy_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/handy_mandate_template.html"/>
+				</BKU>
+				<BKU URL="https://localhost:3496/https-security-layer-request">
+					<MOA-ID-Template URL="sampleTemplates/local_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/local_mandate_template.html"/>
+				</BKU>
+				<BKU URL="https://[yourserver]/bkuonline/https-security-layer-request">
+					<MOA-ID-Template URL="sampleTemplates/online_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/online_mandate_template.html"/>					
+				</BKU>
+			</OnlineMandates>-->
 		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index 4aa6d773b..2b03faf5d 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -15,6 +15,20 @@
 			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
 			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
 			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+			<!--<OnlineMandates>
+				<BKU URL="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
+					<MOA-ID-Template URL="sampleTemplates/handy_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/handy_mandate_template.html"/>
+				</BKU>
+				<BKU URL="https://localhost:3496/https-security-layer-request">
+					<MOA-ID-Template URL="sampleTemplates/local_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/local_mandate_template.html"/>
+				</BKU>
+				<BKU URL="https://[yourserver]/bkuonline/https-security-layer-request">
+					<MOA-ID-Template URL="sampleTemplates/online_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/online_mandate_template.html"/>					
+				</BKU>
+			</OnlineMandates>-->
 		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index 3d062900d..58ed8bce7 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -15,6 +15,20 @@
 			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
 			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
 			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+			<!--<OnlineMandates>
+				<BKU URL="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
+					<MOA-ID-Template URL="sampleTemplates/handy_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/handy_mandate_template.html"/>
+				</BKU>
+				<BKU URL="https://localhost:3496/https-security-layer-request">
+					<MOA-ID-Template URL="sampleTemplates/local_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/local_mandate_template.html"/>
+				</BKU>
+				<BKU URL="https://[yourserver]/bkuonline/https-security-layer-request">
+					<MOA-ID-Template URL="sampleTemplates/online_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/online_mandate_template.html"/>					
+				</BKU>
+			</OnlineMandates>-->			
 		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index c8c88c22d..497508363 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -15,6 +15,20 @@
 			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
 			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
 			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+			<!--<OnlineMandates>
+				<BKU URL="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
+					<MOA-ID-Template URL="sampleTemplates/handy_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/handy_mandate_template.html"/>
+				</BKU>
+				<BKU URL="https://localhost:3496/https-security-layer-request">
+					<MOA-ID-Template URL="sampleTemplates/local_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/local_mandate_template.html"/>
+				</BKU>
+				<BKU URL="https://[yourserver]/bkuonline/https-security-layer-request">
+					<MOA-ID-Template URL="sampleTemplates/online_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/online_mandate_template.html"/>					
+				</BKU>
+			</OnlineMandates>-->			
 		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index 225270f5b..82462ec2c 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -15,6 +15,20 @@
 			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
 			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
 			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+			<!--<OnlineMandates>
+				<BKU URL="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
+					<MOA-ID-Template URL="sampleTemplates/handy_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/handy_mandate_template.html"/>
+				</BKU>
+				<BKU URL="https://localhost:3496/https-security-layer-request">
+					<MOA-ID-Template URL="sampleTemplates/local_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/local_mandate_template.html"/>
+				</BKU>
+				<BKU URL="https://[yourserver]/bkuonline/https-security-layer-request">
+					<MOA-ID-Template URL="sampleTemplates/online_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/online_mandate_template.html"/>					
+				</BKU>
+			</OnlineMandates>-->			
 		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 4f2a5977c..692db9ff3 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -15,6 +15,20 @@
 			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
 			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
 			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
+			<!--<OnlineMandates>
+				<BKU URL="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
+					<MOA-ID-Template URL="sampleTemplates/handy_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/handy_mandate_template.html"/>
+				</BKU>
+				<BKU URL="https://localhost:3496/https-security-layer-request">
+					<MOA-ID-Template URL="sampleTemplates/local_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/local_mandate_template.html"/>
+				</BKU>
+				<BKU URL="https://[yourserver]/bkuonline/https-security-layer-request">
+					<MOA-ID-Template URL="sampleTemplates/online_moa-id_template.html"/>
+					<MandateTemplate URL="sampleTemplates/online_mandate_template.html"/>					
+				</BKU>
+			</OnlineMandates>-->			
 		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleBKUSelectionTemplate.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleBKUSelectionTemplate.html
index 2f2ea6552..983de7c70 100644
--- a/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleBKUSelectionTemplate.html
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleBKUSelectionTemplate.html
@@ -27,18 +27,16 @@
 <h4>Hinweise: </h4>
 <ul>
   <li> 
-  	<p>Bei der Anmeldung mit einer <a href="http://www.a-trust.at/info.asp?node=337" target="_blank">A-Trust B&uuml;rgerkarte</a> oder Ihrer
-  	<a href="http://www.chipkarte.at/esvapps/page/page.jsp?p_pageid=110&p_menuid=62182&p_id=2" target="_blank">E-CARD</a> ben&ouml;tigen Sie 
+  	<p>Bei der Anmeldung mit einer <a href="http://www.a-trust.at/" target="_blank">A-Trust B&uuml;rgerkarte</a> oder Ihrer
+  	<a href="http://www.chipkarte.at" target="_blank">E-CARD</a> ben&ouml;tigen Sie 
   	eine funktionsf&auml;hige <a href="http://www.buergerkarte.at/" target="_blank">B&uuml;rgerkartensoftware</a> sowie einen passenden Kartenleser.</p>
   </li>
   <li> 
-    <p>Bei der Anmeldung mit der <a href="http://www.a1.net/signatur" target="_blank">A1-Signatur</a> &uuml;ber Ihr Handy wird keine B&uuml;rgerkartensoftware und 
+    <p>Bei der Anmeldung mit der <a href="http://www.a-trust.at/mobile/" target="_blank">A-Trust Handysignatur</a> &uuml;ber Ihr Handy wird keine B&uuml;rgerkartensoftware und 
       kein Kartenleser ben&ouml;tigt.</p>
   </li>
 </ul>
 
-<p align="right">&nbsp; </p>
-
 
 </body>
 </html>
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/handy_mandate_template.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/handy_mandate_template.html
new file mode 100644
index 000000000..8fda2a880
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/handy_mandate_template.html
@@ -0,0 +1,26 @@
+<!--
+Templateseite zur Signatur für Online-Vollmachten (für Handysignatur)
+-->
+<html>
+  <head>
+    <meta http-equiv="content-type" content="text/html; charset=UTF-8">    
+    <title>Vollmachten-Anmeldung</title>
+    <!-- Javascript darf nicht verändert werden -->
+    <script language="javascript">
+      function fillFrame() {    
+        var f = top.frames['mandate'];
+        with (f.document) {
+          open();
+		  <Mandate>
+		   close();
+        }
+      }
+    </script>
+  </head>
+  <!-- onLoad="fillFrame(); return false;" darf nicht verändert werden-->
+  <body onLoad="fillFrame(); return false;">
+    <h2>Vollmachten-Anmeldung (Handysignatur)</h2>
+    <!-- Name des iframe darf nicht veändert werden -->
+    <iframe name="mandate" src="" frameborder="0" width="250" height="400"></iframe>    
+  </body>
+</html>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/handy_moa-id_template.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/handy_moa-id_template.html
new file mode 100644
index 000000000..28d84fea2
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/handy_moa-id_template.html
@@ -0,0 +1,41 @@
+<!--
+MOA-ID Template für Handy-Signatur bei Online-Vollmachten
+-->
+<html>
+<head>
+<!-- base target muss bei lokale BKU und Handy-Signatur gesetzt sein -->
+<base target="_parent">
+<meta http-equiv="content-type" content="text/html; charset=UTF-8">
+<title>Vollmachten-Anmeldung</title>
+</head>
+<body onLoad="document.VollmachtenForm.submit();">
+<form name="VollmachtenForm" action="<BKU>" method="post">
+<input type="hidden" name="XMLRequest" value="<XMLRequest>"/>
+<input type="hidden" name="DataURL" value="<DataURL>"/>
+<input type="hidden" name="PushInfobox" value="<PushInfobox>"/>
+<input type="submit" value="Starte Signatur" name="Senden"/>
+
+<!-- Angabe der Parameter für die Handy-BKU -->
+<input type="hidden" name="appletWidth" value="220">
+<input type="hidden" name="appletHeight" value="159">
+	
+<!-- Angabe des Parameters fuer die Hintergrundfarbe der Handy-Signatur -->
+<input type="hidden" name="backgroundColor" value="#DDDDDD"> 
+            
+<input type="hidden" name="redirecttarget" value="_parent">
+</form>
+
+<form name="CustomizedInfoForm"
+ action="<BKU>"
+ method="post">
+  <input type="hidden"
+        name="XMLRequest"
+        value="<CertInfoXMLRequest>"/>
+    <input type="hidden"
+        name="DataURL"
+        value="<CertInfoDataURL>"/>
+ <input type="hidden" value="Weitere Info"/>
+</form>
+ </body>
+ </html>
+ 
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/local_mandate_template.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/local_mandate_template.html
new file mode 100644
index 000000000..6b84dfd8e
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/local_mandate_template.html
@@ -0,0 +1,26 @@
+<!--
+Templateseite zur Signatur für Online-Vollmachten (für Lokale-BKU)
+-->
+<html>
+  <head>
+    <meta http-equiv="content-type" content="text/html; charset=UTF-8">    
+    <title>Vollmachten-Anmeldung</title>
+    <!-- Javascript darf nicht verändert werden -->
+    <script language="javascript">
+      function fillFrame() {    
+        var f = top.frames['mandate'];
+        with (f.document) {
+          open();
+		  <Mandate>
+		   close();
+        }
+      }
+    </script>
+  </head>
+  <!-- onLoad="fillFrame(); return false;" darf nicht verändert werden-->
+  <body onLoad="fillFrame(); return false;">
+    <h2>Vollmachten-Anmeldung (Lokale-BKU)</h2>
+    <!-- Name des iframe darf nicht veändert werden -->
+    <iframe name="mandate" src="" frameborder="0" width="250" height="400"></iframe>    
+  </body>
+</html>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/local_moa-id_template.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/local_moa-id_template.html
new file mode 100644
index 000000000..b9506ca0e
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/local_moa-id_template.html
@@ -0,0 +1,31 @@
+<!--
+MOA-ID Template für lokale BKU bei Online-Vollmachten
+-->
+<html>
+<head>
+<!-- base target muss bei lokale BKU und Handy-Signatur gesetzt sein -->
+<base target="_parent">
+<meta http-equiv="content-type" content="text/html; charset=UTF-8">
+<title>Vollmachten-Anmeldung</title>
+</head>
+<body onLoad="document.VollmachtenForm.submit();">
+<form name="VollmachtenForm" action="<BKU>" method="post">
+<input type="hidden" name="XMLRequest" value="<XMLRequest>"/>
+<input type="hidden" name="DataURL" value="<DataURL>"/>
+<input type="hidden" name="PushInfobox" value="<PushInfobox>"/>
+<input type="submit" value="Starte Signatur" name="Senden"/>
+</form>
+
+<form name="CustomizedInfoForm"
+ action="<BKU>"
+ method="post">
+  <input type="hidden"
+        name="XMLRequest"
+        value="<CertInfoXMLRequest>"/>
+    <input type="hidden"
+        name="DataURL"
+        value="<CertInfoDataURL>"/>
+ <input type="hidden" value="Weitere Info"/>
+</form>
+ </body>
+ </html>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/online_mandate_template.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/online_mandate_template.html
new file mode 100644
index 000000000..ac7c17c8f
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/online_mandate_template.html
@@ -0,0 +1,26 @@
+<!--
+Templateseite zur Signatur für Online-Vollmachten (für Online-BKU)
+-->
+<html>
+  <head>
+    <meta http-equiv="content-type" content="text/html; charset=UTF-8">    
+    <title>Vollmachten-Anmeldung</title>
+    <!-- Javascript darf nicht verändert werden -->
+    <script language="javascript">
+      function fillFrame() {    
+        var f = top.frames['mandate'];
+        with (f.document) {
+          open();
+		  <Mandate>
+		   close();
+        }
+      }
+    </script>
+  </head>
+  <!-- onLoad="fillFrame(); return false;" darf nicht verändert werden-->
+  <body onLoad="fillFrame(); return false;">
+    <h2>Vollmachten-Anmeldung (Online-BKU)</h2>
+    <!-- Name des iframe darf nicht veändert werden -->
+    <iframe name="mandate" src="" frameborder="0" width="250" height="400"></iframe>    
+  </body>
+</html>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/online_moa-id_template.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/online_moa-id_template.html
new file mode 100644
index 000000000..33c7f39c6
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/online_moa-id_template.html
@@ -0,0 +1,38 @@
+<!--
+MOA-ID Template für Online-BKU bei Online-Vollmachten
+-->
+<html>
+<head>
+<meta http-equiv="content-type" content="text/html; charset=UTF-8">
+<title>Vollmachten-Anmeldung</title>
+</head>
+<body onLoad="document.VollmachtenForm.submit();">
+<form name="VollmachtenForm" action="<BKU>" method="post">
+<input type="hidden" name="XMLRequest" value="<XMLRequest>"/>
+<input type="hidden" name="DataURL" value="<DataURL>"/>
+<input type="hidden" name="PushInfobox" value="<PushInfobox>"/>
+<input type="submit" value="Starte Signatur" name="Senden"/>
+
+<!-- Angabe der Parameter fuer die Online-BKU -->
+<input type="hidden" name="appletWidth" value="220">
+<input type="hidden" name="appletHeight" value="140">
+			
+<!-- Angabe des Parameter fuer die Hintergrundfarbe der Online-BKU -->
+<input type="hidden" name="appletBackgroundColor" value="#DDDDDD">
+</form>
+
+<form name="CustomizedInfoForm"
+ action="<BKU>"
+ method="post">
+  <input type="hidden"
+        name="XMLRequest"
+        value="<CertInfoXMLRequest>"/>
+    <input type="hidden"
+        name="DataURL"
+        value="<CertInfoDataURL>"/>
+ <input type="hidden" value="Weitere Info"/>
+</form>
+
+ </body>
+ </html>
+    
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
index 7fae15b7c..bfcb95be9 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
@@ -50,9 +50,7 @@
 									<tr>
 										<td class="italicstyle">Vollmacht:</td>
 										<td class="normalstyle">
-											<xsl:text>Ich bin weiters ermächtigt als </xsl:text>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-											<xsl:text> von </xsl:text>
+											<xsl:text>Ich bin ermächtigt, für </xsl:text>
 											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
 											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
 												<xsl:text>, geboren am </xsl:text>
@@ -66,7 +64,7 @@
 												<xsl:text>, </xsl:text>
 												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
 											</xsl:if>
-											<xsl:text>, in deren Auftrag zu handeln.</xsl:text>
+											<xsl:text>, zu handeln.</xsl:text>
 										</td>
 									</tr>
 								</xsl:if>
@@ -173,4 +171,4 @@
 	<sl10:FinalDataMetaInfo>
 		<sl10:MimeType>application/xhtml+xml</sl10:MimeType>
 	</sl10:FinalDataMetaInfo>
-</sl10:TransformsInfo>
+</sl10:TransformsInfo>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
index 24b0bfc38..3387aa462 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
-	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
 		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
 			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
 				<xsl:output method="xml" xml:space="default"/>
@@ -51,9 +51,7 @@
 									<tr>
 										<td class="italicstyle">Vollmacht:</td>
 										<td class="normalstyle">
-											<xsl:text>Ich bin weiters ermächtigt als </xsl:text>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-											<xsl:text> von </xsl:text>
+											<xsl:text>Ich bin ermächtigt, für </xsl:text>
 											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
 											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
 												<xsl:text>, geboren am </xsl:text>
@@ -67,7 +65,7 @@
 												<xsl:text>, </xsl:text>
 												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
 											</xsl:if>
-											<xsl:text>, in deren Auftrag zu handeln.</xsl:text>
+											<xsl:text>, zu handeln.</xsl:text>
 										</td>
 									</tr>
 								</xsl:if>
diff --git a/id/server/data/deploy/templates/LIESMICH_TEMPLATES.txt b/id/server/data/deploy/templates/LIESMICH_TEMPLATES.txt
deleted file mode 100644
index e23ebad6e..000000000
--- a/id/server/data/deploy/templates/LIESMICH_TEMPLATES.txt
+++ /dev/null
@@ -1,39 +0,0 @@
-TEMPLATES:
-==========
-Zweck:
-------
-Mithilfe von Templates können Sie das Aussehen der Seiten 
-"Auswahl der Bürgerkartenumgebung" sowie  "Anmeldung mit Bürgerkarte" 
-anpassen. Damit können Sie zusätzliche Hintergrundinformationen (Wozu 
-dient die Anmeldung, etc.) zu diesen Seiten hinzufügen und das Layout an 
-Ihre sonstigen Anwendungen anpassen.
-
-Wird kein Template mit den Parametern Template und BKUSelectionTemplate 
-angegeben, so wird defaultmäßig jew. eine schlichte "neutrale" Variante 
-angezeigt.
-
-Bei der Erstellung von Template muss die Form gemäß MOA-ID Dokumentation 
-Abschnitt: "Aufruf von MOA-ID" (id-anwendung_1.htm) eingehalten werden.
-
-Templates können Grundsätzlich von jeder HTTP Adresse abgerufen 
-werden, d.h. sie können auf einen belibigen Webserver abgelegt werden.
-
-
-Anwendung des Beispiels:
-------------------------
-Wenn Sie keinen anderen Webserver zum Ablegen der Templates verwenden möchten,
-so kann die Webcontainer Fähigkeit von Tomcat für die Ablage der HTML-Templates 
-genutzt werden. Ein einfaches Beispiel mit den beiden Templates
-"SampleBKUSelectionTemplate.html" sowie "SampleTemplate.html" findet sich im 
-WAR Archiv moaid-templates.war
-
-
-Wenn dieses WAR Archiv in das webapps Verzeichnis von Tomcat gestellt wird, so 
-wird diese automatisch entpackt und deployed. In Folge können Sie die Template 
-Dateien per Parameter beim Aufruf von MOA-ID angeben.
-
-Beispiel Link mit Einsatz von Template:
-https://localhost:8443/moa-id-auth/SelectBKU?Target=Test-Bereich&OA=https://localhost:8443/&BKUSelectionTemplate=http://localhost:8080/moaid-templates/SampleBKUSelectionTemplate.html&Template=http://localhost:8080/moaid-templates/SampleTemplate.html
-
-
-Sie können diese beiden Templates als Vorlage für eigene Designs verwenden.
\ No newline at end of file
diff --git a/id/server/doc/MOA-ID-Configuration-1.5.0.xsd b/id/server/doc/MOA-ID-Configuration-1.5.0.xsd
index c5d6f0b07..19b793fdb 100644
--- a/id/server/doc/MOA-ID-Configuration-1.5.0.xsd
+++ b/id/server/doc/MOA-ID-Configuration-1.5.0.xsd
@@ -1,4 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSpy v2006 sp2 U (http://www.altova.com) by Klaus Stranacher (Technische Universität Graz) -->
 <xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
 	<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
 	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
@@ -307,6 +308,21 @@
 			<xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
 			<xsd:element name="Template" type="TemplateType" minOccurs="0"/>
 			<xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
+			<xsd:element name="OnlineMandates" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="BKU" maxOccurs="unbounded">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element name="MOA-ID-Template" type="TemplateType"/>
+									<xsd:element name="MandateTemplate" type="TemplateType"/>
+								</xsd:sequence>
+								<xsd:attribute name="URL" use="required"/>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
 		</xsd:sequence>
 	</xsd:complexType>
 	<xsd:complexType name="TemplateType">
@@ -444,6 +460,13 @@
 						<xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
 						<xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
 						<xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
+						<xsd:element name="Mandates" minOccurs="0">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element name="Profiles" type="xsd:string"/>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
 					</xsd:sequence>
 					<xsd:attribute name="slVersion" use="optional" default="1.1">
 						<xsd:simpleType>
diff --git a/id/server/doc/moa_id/examples/BKUSelectionTemplate.html b/id/server/doc/moa_id/examples/BKUSelectionTemplate.html
index 5536226a8..731cc36fd 100644
--- a/id/server/doc/moa_id/examples/BKUSelectionTemplate.html
+++ b/id/server/doc/moa_id/examples/BKUSelectionTemplate.html
@@ -29,23 +29,12 @@
 <ul>
   <li> 
     <p>Wollen Sie eine A-Trust B&uuml;rgerkarte erwerben? Hier finden Sie Informationen 
-      dazu: <a href="http://www.a-trust.at/info.asp?node=337" target="_blank">A-Trust 
+      dazu: <a href="http://www.a-trust.at/" target="_blank">A-Trust 
       B&uuml;rgerkarte.</a> Bei der Anmeldung mit der A-Trust B&uuml;rgerkarte 
       ben&ouml;tigen Sie eine funktionsf&auml;hige B&uuml;rgerkartensoftware sowie 
       einen passenden Kartenleser.</p>
   </li>
-  <li> 
-    <p>Wollen Sie ein A1-Signatur erwerben? Wenden Sie sich an 0800-664 680 um 
-      Informationen zur A1-Signatur zu erhalten.
-      Hier finden Sie ebenfalls Informationen dazu: <a href="http://www.a1.net/signatur" target="_blank">A1-Signatur</a>. 
-      Bei der Anmeldung mit der A1-Signatur wird keine B&uuml;rgerkartensoftware und 
-      kein Kartenleser ben&ouml;tigt.</p>
-  </li>
 </ul>
-<div align="right"><a href="http://validator.w3.org/check?uri=http://localhost:8080/moaid-templates/SampleBKUSElectionTemplate.html"><img border="0"
-          src="/moaid-templates/valid-html401.gif"
-          alt="Valid HTML 4.01!" height="31" width="88"></a> </div>
-<p align="right">&nbsp; </p>
 
 
 </body>
diff --git a/id/server/doc/moa_id/examples/SampleMOAIDVerifyInfoboxesConfiguration.xml b/id/server/doc/moa_id/examples/SampleMOAIDVerifyInfoboxesConfiguration.xml
index 09e60c6f1..5c814b834 100644
--- a/id/server/doc/moa_id/examples/SampleMOAIDVerifyInfoboxesConfiguration.xml
+++ b/id/server/doc/moa_id/examples/SampleMOAIDVerifyInfoboxesConfiguration.xml
@@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-ID ohne Proxy mit Unterstuetzung fuer A-Trust und A1-Signatur  -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
 	<!-- Konfiguration fuer MOA-ID-AUTH -->
 	<AuthComponent>
diff --git a/id/server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml b/id/server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml
index d0ea9cf6c..ae106f24a 100644
--- a/id/server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml
+++ b/id/server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml
@@ -1,6 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer A-Trust und A1-Signatur 
-		 Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
 	<!-- Konfiguration fuer MOA-ID-AUTH -->
 	<AuthComponent>
diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm
index 6e5dec828..647bd616e 100644
--- a/id/server/doc/moa_id/id-admin_2.htm
+++ b/id/server/doc/moa_id/id-admin_2.htm
@@ -181,6 +181,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                 Das Element <tt>AuthComponent</tt> hat sechs Kind-Elemente:
               <ul>
                 <li><tt>BKUSelection</tt> (optional)</li>
+                <li><tt>Templates</tt> (optional)</li>
                 <li><tt>SecurityLayer</tt></li>
                 <li><tt>MOA-SP</tt></li>
                 <li><tt>IdentityLinkSigners</tt></li>
@@ -211,7 +212,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                   <p id="block"> <b>AuthComponent/Templates</b> <br />
                 Das optionale Element <tt>Templates</tt> kann genau einmal vorkommen, um
                 das Aussehen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; sowie
-                &quot;Anmeldung mit B&uuml;rgerkarte&quot; anzupassen. Die hier
+                &quot;Anmeldung mit B&uuml;rgerkarte&quot; anzupassen. Des Weiteren k&ouml;nnen die Templates zur Anmeldung mit Online-Vollmachten angepasst werden. Die hier
                 spezifizierten (globalen) Templates haben Priorit&auml;t gegen&uuml;ber Templates,
                 die in der aufrufenden URL (vgl. <a href="id-anwendung_1.htm" target="_new">Aufruf von MOA-ID-AUTH</a>)
                 &uuml;bergeben werden, haben jedoch Nachrang gegen&uuml;ber in
@@ -225,36 +226,34 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                 verwendet. Templates in der aufrufenden URL werden demnach nur mehr dann
                 herangezogen, wenn in der Konfigurationsdatei weder globale (f&uuml;r alle
                 Online-Applikationen g&uuml;ltig) noch lokale (Templates je Online-Applikation)
-                spezifiziert sind.<br>
-                Das <tt>Templates</tt>-Element hat die zwei Kindelemente
-                <tt>BKUSelectionTemplate</tt> und <tt>Template</tt>. Jedes dieser
-                beiden Elemente kann genau einmal vorkommen oder fehlen.
+                spezifiziert sind. Hinweis: Die Template zur Anmeldung mit Online-Vollmachten k&ouml;nnen nicht &uuml;ber die URL angegeben werden.<br>
+                Das <tt>Templates</tt>-Element hat die drei Kindelemente
+                <tt>BKUSelectionTemplate</tt>, <tt>Template</tt>und <tt>OnlineMandates</tt>. Jedes dieser
+                drei Elemente kann genau einmal vorkommen oder fehlen.
                 Das Kindelement <tt>BKUSelectionTemplate</tt> spezifiziert ein Template
                 zur Gestaltung der Seite &quot;Auswahl der B&uuml;rgerkartenumgebung&quot;,
                 w&auml;hrend das Kindelement <tt>Template</tt> die Seite
-                &quot;Anmeldung mit B&uuml;rgerkarte&quot; referenziert.
-                Beide Elemente haben genau ein Attribut namens <tt>URL</tt>,
+      &quot;Anmeldung mit B&uuml;rgerkarte&quot; referenziert. Dies beiden Elemente haben genau ein Attribut namens <tt>URL</tt>,
                 das die Lage des Templates im Form einer URL beschreibt.
                 Relative Pfadangaben werden dabei relativ zum Verzeichnis, in dem sich die
-                MOA-ID Konfigurationsdatei befindet, interpretiert. Bei Templates die &uuml;ber das Protokoll https referenziert werden, muss vor dem Start des Tomcat ein Truststore angegeben werden, das die notwendigen vertrauensw&uuml;rdigen Zertifikate enth&auml;lt. Siehe dazu die Parameter in den vorbereiteten Startdateien <tt>startTomcat.bat</tt> und <tt>tomcat-start.sh</tt>.<br>
-                Im folgenden Beispiel werden zwei Templates im Verzeichnis
-                CATALINA_HOME/conf/moa-id/templates referenziert:
-                <br>
-                <pre>
+      MOA-ID Konfigurationsdatei befindet, interpretiert. Bei Templates die &uuml;ber das Protokoll https referenziert werden, muss vor dem Start des Tomcat ein Truststore angegeben werden, das die notwendigen vertrauensw&uuml;rdigen Zertifikate enth&auml;lt. Siehe dazu die Parameter in den vorbereiteten Startdateien <tt>startTomcat.bat</tt> und <tt>tomcat-start.sh</tt>.Das Kindeelement <tt>OnlineMandates</tt> referenziert Templates zur Gestaltung der Seite Online-Vollmachten Anmeldung. Hier kann BKU spezifisch ein MOA-ID Template (das beispielsweise Gr&ouml;&szlig;enparameter f&uuml;r die verwendete BKU enth&auml;lt) und ein Template zur Gestaltung der Seite f&uuml;r die Anmeldung mit Online-Vollmacht angegeben werden. Innerhalb dieses Templates wird in einem iFrame das angegebene MOA-ID Template aufgerufen. F&uuml;r BKU URLs, die nicht konfiguriert sind wird dein Standard-Template verwendet. Im folgenden Beispiel werden drei Templates im Verzeichnis
+                CATALINA_HOME/conf/moa-id/templates referenziert: <br>
+      <pre>
 &lt;Templates&gt;
   &lt;BKUSelectionTemplate URL="templates/SampleBKUSelectionTemplate.html"/&gt;
   &lt;Template URL="templates/SampleTemplate.html"/&gt;
+  &lt;OnlineMandates&gt;<br>    &lt;BKU URL=&quot;https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx&quot;&gt;<br>	   &lt;MOA-ID-Template URL=&quot;sampleTemplates/handy_moa-id_template.html&quot;/&gt;<br>	   &lt;MandateTemplate URL=&quot;sampleTemplates/handy_mandate_template.html&quot;/&gt;<br>	 &lt;/BKU&gt;<br>	 &lt;BKU URL=&quot;https://localhost:3496/https-security-layer-request&quot;&gt;<br>	   &lt;MOA-ID-Template URL=&quot;sampleTemplates/local_moa-id_template.html&quot;/&gt;<br>	   &lt;MandateTemplate URL=&quot;sampleTemplates/local_mandate_template.html&quot;/&gt;<br>	 &lt;/BKU&gt;<br>	 &lt;BKU URL=&quot;https://[yourserver]/bkuonline/https-security-layer-request&quot;&gt;<br>	   &lt;MOA-ID-Template URL=&quot;sampleTemplates/online_moa-id_template.html&quot;/&gt;<br>	   &lt;MandateTemplate URL=&quot;sampleTemplates/online_mandate_template.html&quot;/&gt;					<br>	 &lt;/BKU&gt;<br> &lt;/OnlineMandates&gt;
 &lt;/Templates&gt;</pre>
 
-                <br>
-                Richtlinien zur Struktur der beiden Templates k&ouml;nnen der
+<br>
+                Richtlinien zur Struktur der Templates k&ouml;nnen der
                 MOA-ID-Spezifikation bzw. dem Abschnitt
                 <a href="id-anwendung_1.htm" target="_new">Aufruf von MOA-ID-AUTH</a>
                 dieses Handbuches entnommen werden.
 
                   </p>
     
-                    <div id="SecurityLayer" />
+<div id="SecurityLayer" />
                   <p id="block"> <b>AuthComponent/SecurityLayer</b> <br />
                     Das Element <tt>SecurityLayer</tt> enth&auml;lt Parameter
                     zur Nutzung des Security-Layers. <br />
@@ -384,8 +383,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                           <li id="IdentifierVI"><tt>Identifier:</tt> Dieses Attribut muss vorhanden sein und gibt
                             den <tt>Namen</tt> der Infobox an. Er muss dabei exakt dem <tt>Bezeichner</tt>
                             der jeweiligen zu validierenden Infobox aus der BKU entsprechen, also
-                            zum Beispiel <tt>Mandates</tt> f&uuml;r die <tt>Vollmachten</tt>-Infobox oder
-                            <tt>EHSPToken</tt> f&uuml;r die <tt>GDAToken</tt>-Infobox.
+                            zum Beispiel<tt> EHSPToken</tt> f&uuml;r die <tt>GDAToken</tt>-Infobox.
                             <br />
                           </li>
                           <li id="requiredVI"><tt>required:</tt> Dieses Attribut vom Typ
@@ -435,9 +433,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
                           <li id="FriendlyNameVI"><tt>FriendlyName</tt>: Das Element ist optional und
                             enth&auml;lt einen Namen, der von MOA-ID zur Anzeige von, die jeweilige Infobox
                             betreffende, Fehlermeldungen im Browser verwendet wird. Im Regelfall wird man
-                            hier den deutschen Namen der Infobox setzen, also z.B. <tt>Vollmachten</tt>
-                            oder <tt>Stellvertretungen</tt> f&uuml;r die <tt>Mandates</tt>-Infobox oder
-                            <tt>GDAToken</tt> f&uuml;r die <tt>EHSPToken</tt>-Infobox.
+                            hier den deutschen Namen der Infobox setzen, also z.B.<tt> GDAToken</tt> f&uuml;r die <tt>EHSPToken</tt>-Infobox.
                             <br />
                             Fehlt dieses Element, so wird f&uuml;r Fehlermeldungen der Wert des
                             <a href="#IdentifierVI">Identifier</a>-Attributes verwendet.
@@ -721,8 +717,7 @@ Hinweis: Um den Online-Vollmachten Modus f&uuml;r eine Online Applikation zu akt
                             Dieses Kindelement kann genau einmal vorkommen und entspricht in seiner Struktur dem
                             Element <a href="#AuthTemplates" target="_new">AuthComponent/Templates</a>.
                             Es kann verwendet werden, um Templates zur Gestaltung der Seiten
-                            &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; sowie
-                			&quot;Anmeldung mit B&uuml;rgerkarte&quot; individuell f&uuml;r
+                            &quot;Auswahl der B&uuml;rgerkartenumgebung&quot;, &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie &quot;Anmeldung mit Online-Vollmacht&quot; individuell f&uuml;r
                             eine Online-Applikation zu definieren. Die hier definierten Templates haben
                             Priorit&auml;t gegen&uuml;ber globalen Templates und Templates, die
                             in der aufrufenden URL &uuml;bergeben werden.
diff --git a/id/server/doc/moa_id/id-anwendung_1.htm b/id/server/doc/moa_id/id-anwendung_1.htm
index 041cd437a..b8d0d79e5 100644
--- a/id/server/doc/moa_id/id-anwendung_1.htm
+++ b/id/server/doc/moa_id/id-anwendung_1.htm
@@ -175,6 +175,25 @@ Innerhalb dieser <tt>&lt;form&gt;</tt>-Elemente k&ouml;nnen Texte, Beschriftunge
 und es k&ouml;nnen zus&auml;tzliche Elemente darin aufgenommen werden. <br />
 <br />
 Auch dabei ist die vorgegebene Grundstruktur einzuhalten, die speziellen Tags <tt>&lt;StartAuth&gt;</tt> und <tt>&lt;BKUSelect&gt;</tt> sind verpflichtend.</p>
+
+<div id="block">
+  <p><b>Templates f&uuml;r Online-Vollmachten</b><br /><br />
+    Die Gestaltung der Seite f&uuml;r die Anmeldung mit Online-Vollmachten kann &uuml;ber zwei Templates angespasst werden. </p>
+  <p>Das Template f&uuml;r die Seite "Anmeldung mit Online-Vollmacht" von MOA-ID-AUTH kann aus folgender Grundstruktur aufgebaut werden: </p>
+</div>
+<pre>
+&lt;html&gt;<br>  &lt;head&gt;<br>    &lt;meta http-equiv=&quot;content-type&quot; content=&quot;text/html; charset=UTF-8&quot;&gt;    <br>    &lt;title&gt;Vollmachten-Anmeldung&lt;/title&gt;<br>    &lt;script language=&quot;javascript&quot;&gt;<br>      function fillFrame() {    <br>        var f = top.frames['mandate'];<br>        with (f.document) {<br>          open();<br>          &lt;Mandate&gt;<br>     	    close();<br>        }<br>      }<br>    &lt;/script&gt;<br>  &lt;/head&gt;<br>  &lt;body onLoad=&quot;fillFrame(); return false;&quot;&gt;<br>    &lt;h2&gt;Vollmachten-Anmeldung Template&lt;/h2&gt;<br>    &lt;iframe name=&quot;mandate&quot; src=&quot;&quot; frameborder=&quot;0&quot; width=&quot;250&quot; height=&quot;400&quot;&gt;&lt;/iframe&gt;    <br>  &lt;/body&gt;<br>&lt;/html&gt;</pre>
+
+<p>Innerhalb des Dokuments k&ouml;nnen Texte, Beschriftungen und Styles modifiziert werden,
+  und es k&ouml;nnen zus&auml;tzliche Elemente darin aufgenommen werden. <br />
+  <br />
+  Auch dabei ist die vorgegebene Grundstruktur einzuhalten, das spezielle Tags <tt>&lt;Mandate&gt;</tt> ist verpflichtend.
+  </pre>
+  Weiters ist verpflichtend ist der JavaScript Code, der Aufruf der <tt>fillFrame</tt> Funktion im body und das <tt>name</tt> Attribut des <tt>iframe</tt>s.</p>
+<div id="block2">
+  <p>Weiters muss ein MOA-ID Template angegeben werden, das den Anforderungen des Templatef&uuml;r die Anmeldeseite von MOA-ID-AUTH gen&uuml;gen muss (siehe oben). Zus&auml;tzlich zu beachten ist, dass im Header dieser MOA-ID Templates f&uuml;r die lokale BKU und die Handysignatur der Codeteil <pre>&lt;base target=&quot;_parent&quot;&gt;</pre> 
+  vorkommt. Fehlt dieser Teil so wird die Online-Applikation im iFrame des Template f&uuml;r die Seite "Anmeldung mit Online-Vollmacht" ge&ouml;ffnet (was im Allgemeinen nicht erw&uuml;nscht ist).</p></div>
+<p>Beispiele f&uuml;r diese MOA-ID Templates und die Templates f&uuml;r die Seite &quot;Anmeldung mit Online-Vollmacht&quot; sind in den Default-Konfigurationen vorhanden.</p>
 <p><strong>Wichtiger Hinweis:</strong> wenn die Templates &uuml;ber HTTPS geladen werden sollten, so muss das SSL/TLS Zertifikat des Servers in einem Java Truststore gespeichert werden und dieser beim Start von Tomcat angegeben werden. </p>
 <strong>Vorgeschlagene Vorgehensweise:<br>
 </strong>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index a772e0457..af7841321 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -291,6 +291,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
    *                may be <code>null</code>; in this case, the default location will be used
    * @param useMandate Indicates if mandate is used or not               
    * @param templateURL URL providing an HTML template for the HTML form generated
+   * @param templateMandteURL URL providing an HTML template for the HTML form generated (for signing in mandates mode)
    * @param scheme determines the protocol used 
    * @return HTML form
    * @throws AuthenticationException
@@ -391,6 +392,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
           ex);
       }
     }
+  
+    
     String pushInfobox = "";
     VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters();
     if (verifyInfoboxParameters != null) {
@@ -887,6 +890,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML Attributes
     session.setExtendedSAMLAttributesOA(new Vector());
     
+    //System.out.println("SAML set: " + session.getExtendedSAMLAttributesAUTH().size());
+    
     if (verifyInfoboxParameters != null) {
       
       infoboxParameters = verifyInfoboxParameters.getInfoboxParameters();     
@@ -1720,6 +1725,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     }
     AuthenticationData authData = null;
     synchronized (authenticationDataStore) {
+    	System.out.println("assertionHandle: " + assertionHandle);
       authData = (AuthenticationData) authenticationDataStore.get(assertionHandle);
       if (authData == null) {
         Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index bab387b4a..d105c3206 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -190,9 +190,12 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
       } 
       ExtendedSAMLAttribute bpkAttribute = 
           new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
-         
+      
+      System.out.println("extendedSAMLAttributes: " + extendedSAMLAttributes.size());
+      
      extendedSAMLAttributes.add(bpkAttribute);
-      //gebeORwbpk = gebeORwbpk  + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
+
+     //gebeORwbpk = gebeORwbpk  + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
      wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
      //..BZ     
     }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index c61e2dd84..4d29c9135 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -152,8 +152,8 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
 //		request += "</style>";
 		request += "</head>";
 		request += "<body>";
-		request += "<h4 class=\"h4style\">Authentication Data:</h4>";
-		request += "<p class=\"titlestyle\">Personal Data</p>";
+		request += "<h4 class=\"h4style\">Anmeldedaten für (Requesting Application Access for):</h4>";
+		request += "<p class=\"titlestyle\">Persönliche Daten (Personal Data)</p>";
 		request += "<table class=\"parameters\">";
 		request += "<tr>";
 		request += "<td class=\"italicstyle\">Name:</td>";
@@ -162,21 +162,21 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
 		request += "</td>";
 		request += "</tr>";
 		request += "</table>";
-		request += "<p class=\"titlestyle\">Application Data</p>";
+		request += "<p class=\"titlestyle\">Daten zur Anwendung (Application Data)</p>";
 		request += "<table class=\"parameters\">";
 		request += "<tr>";
-		request += "<td class=\"italicstyle\">Name:</td>";
+		request += "<td class=\"italicstyle\">Dienst (Service):</td>";
 		request += "<td class=\"normalstyle\">";
 		// friendlyname from OA
 		request += StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName();
 		request += "</td>";
 		request += "</tr>";
 		request += "<tr>";
-		request += "<td class=\"italicstyle\">Country:</td>";
-		request += "<td class=\"normalstyle\">Austria</td>";
+		request += "<td class=\"italicstyle\">Land (Country):</td>";
+		request += "<td class=\"normalstyle\">Österreich (Austria)</td>";
 		request += "</tr>";
 		request += "</table>";
-		request += "<p class=\"titlestyle\">Technical Parameters</p>";
+		request += "<p class=\"titlestyle\">Technische Parameter (Technical Parameters)</p>";
 		request += "<table class=\"parameters\">";
 		request += "<tr>";
 		request += "<td class=\"italicstyle\">URL:</td>";
@@ -203,7 +203,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
 			// OA is publicservice
 			request += "<tr>";
 			request += "<td class=\"italicstyle\">";
-			request += "Sector:</td>";
+			request += "Sektor (Sector):</td>";
 			request += "<td class=\"normalstyle\">";
 			request += target + " (" + sectorName + ")";
 			request += "</td>";
@@ -212,27 +212,45 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
 		}
 		
 		request += "<tr>";
-		request += "<td class=\"italicstyle\">Date:</td>";
+		request += "<td class=\"italicstyle\">Datum (Date):</td>";
 		request += "<td class=\"normalstyle\">";   
 		request += date;
 		request += "</td>";
 		request += "</tr>";
 		request += "<tr>";
-		request += "<td class=\"italicstyle\">Time:</td>";
+		request += "<td class=\"italicstyle\">Zeit (Time):</td>";
 		request += "<td class=\"normalstyle\">";
 		request += time;
 		request += "</td>";
 		request += "</tr>";
 		request += "</table>";
 		
-		request += "<p class=\"normalstyle\">I hereby request to access this e-government application by using my " +
-			"domestic electronic identity. <br/>" +
-			"I further affirm that I am not yet registered with the Austrian Central " + 
-			"Residents Registry and that I am not obliged to register with the Austrian " + 
-			"Central Residents Registry according to Austrian law.<br/>" + 
-			"In the event I am not yet registered with the Supplementary Register, I " + 
-			"explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " +
-			"BGBl. I Nr.  7/2008 und BGBl. I Nr. 59/2008).</p>";
+		request += "<p class=\"normalstyle\">Mit der Anmeldung erfolgt eine Abfrage des Ergänzungsregister für " +  
+					"natürliche Personen (ERnP), damit ich meinen elektronischen " +  
+					"Identitätsnachweis (meine elektronische Identitätskarte) unmittelbar " +  
+					"als Österreichische Bürgerkarte verwenden kann. Ich bin nicht im " +  
+					"Zentralen Melderegister eingetragen und stimme, sofern ich nicht im " +  
+					"ERnP eingetragen bin, einer Eintragung ins ERnP zu. Ich nehme zur " + 
+					"Kenntnis, dass die Eintragung ins ERnP ausschließlich der Aufzeichnung " +  
+					"jener Daten, die für die eindeutige Identität notwendig sind, dient.</p>";
+
+		request += "<p class=\"normalstyle\">I affirm that I am not registered with the Austrian Central " + 
+					"Register of Residents or the Supplementary Register for Natural Persons. I therefore " + 
+					"apply for registration in the Supplementary Register for Natural Persons in order to use " +
+					"my electronic identity (my electronic ID card) as an Austrian citizen card. I take note " + 
+					"that registration in the Supplementary Register for Natural Persons solely serves keeping " + 
+					"records of those data that are used for validation of unique identity and that those data " +  
+					"is only used for e-government purposes.</p>";
+		
+		
+//		request += "<p class=\"normalstyle\">I hereby request to access this e-government application by using my " +
+//			"domestic electronic identity. <br/>" +
+//			"I further affirm that I am not yet registered with the Austrian Central " + 
+//			"Residents Registry and that I am not obliged to register with the Austrian " + 
+//			"Central Residents Registry according to Austrian law.<br/>" + 
+//			"In the event I am not yet registered with the Supplementary Register, I " + 
+//			"explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " +
+//			"BGBl. I Nr.  7/2008 und BGBl. I Nr. 59/2008).</p>";
 		
 		request += "</body>";
 		request += "</html>";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index 9bab8643f..dcaed084a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -15,11 +15,19 @@
 */
 package at.gv.egovernment.moa.id.auth.builder;
 
+import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.StringReader;
 import java.io.StringWriter;
 
+import at.gv.egovernment.moa.id.AuthenticationException;
 import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.OnlineMandatesTemplates;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
 
 /**
  * Builder for HTML form requesting the security layer implementation
@@ -43,6 +51,8 @@ public class GetIdentityLinkFormBuilder extends Builder {
   private static final String CERTINFO_DATAURL_TAG = "<CertInfoDataURL>";
   /** special tag in the HTML template to be substituted for the infoboxes to be pushed from the BKU */
   private static final String PUSHINFOBOX_TAG = "<PushInfobox>";
+  /** special tag in the HTML template to be substituted for the BKU URL */
+  private static final String MANDATE_TAG = "<Mandate>";
   /** private static int all contains the representation to replace all tags*/
   private static final int ALL = -1;
 
@@ -83,48 +93,101 @@ public class GetIdentityLinkFormBuilder extends Builder {
     "</body>" + nl +
     "</html>";
   
-  /** default HTML template */
-  private static final String DEFAULT_HTML_TEMPLATE_FOR_MANDATES = 
+  /** default HTML template for mandates */
+  private static final String DEFAULT_HTML_TEMPLATE_FOR_MANDATES_OLD = 
     "<html>" + nl +
     "<head>" + nl +
-    "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl +    
+    "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl +
     "<title>Vollmachten-Anmeldung</title>" + nl +
-    "<script type=\"text/javascript\">" + nl +
-	"window.onload=function() {" + nl +
-	"document.VollmachtenForm.submit();"  + nl +
-	"document.VollmachtenForm.Senden.disabled=true;" + nl +
-	"return;" + nl +
-	"}" + nl +
-	"</script>" + nl +
-    "</head>" + nl +
-    "<body>" + nl +
-    "<form name=\"VollmachtenForm\"" + nl +
-    "      action=\"" + BKU_TAG + "\"" + nl +
-    "      method=\"post\">" + nl +
-    "  <input type=\"hidden\" " + nl +
-    "         name=\"XMLRequest\"" + nl +
-    "         value=\"" + XMLREQUEST_TAG + "\"/>" + nl +
-    "  <input type=\"hidden\" " + nl +
-    "         name=\"DataURL\"" + nl +
-    "         value=\"" + DATAURL_TAG + "\"/>" + nl +
-    "  <input type=\"hidden\" " + nl +
-    "         name=\"PushInfobox\"" + nl +
-    "         value=\"" + PUSHINFOBOX_TAG + "\"/>" + nl +
-    "  <input type=\"submit\" value=\"Starte Signatur\" name=\"Senden\"/>" + nl +
-    "</form>" + nl +
-    "<form name=\"CertificateInfoForm\"" + nl +
-    "      action=\"" + BKU_TAG + "\"" + nl +
-    "      method=\"post\">" + nl +
-    "  <input type=\"hidden\" " + nl +
-    "         name=\"XMLRequest\"" + nl +
-    "         value=\"" + CERTINFO_XMLREQUEST_TAG + "\"/>" + nl +
-    "  <input type=\"hidden\" " + nl +
-    "         name=\"DataURL\"" + nl +
-    "         value=\"" + CERTINFO_DATAURL_TAG + "\"/>" + nl +
-//	"  <input type=\"submit\" value=\"Information zu Wurzelzertifikaten\"/>" + nl +    
-    "  <input type=\"hidden\" value=\"Information zu Wurzelzertifikaten\"/>" + nl +
-    "</form>" + nl +
-    "</body>" + nl +
+    "<script language=\"javascript\">" + nl +
+    "	function fillFrame() {" + nl +
+    "		var f = top.frames['mandate'];" + nl +
+    "		with (f.document) {" + nl +
+    "		  	open();" + nl +
+    "           <Mandate>" + nl +  
+	" 		    close();" + nl +
+	"   	}" + nl +
+	"	}" + nl +
+	"</script>" + nl +	
+	"</head>" + nl +
+	"<body onLoad=\"fillFrame(); return false;\">" + nl +
+	"<h2>Vollmachten-Anmeldung</h2>" + nl +
+	"<iframe name=\"mandate\" src=\"\" frameborder=\"0\" width=\"250\" height=\"400\"></iframe>" + nl +    
+	"</body>" + nl +
+    "</html>";
+  
+  
+  /** default HTML template - iFrame */
+  private static final String DEFAULT_HTML_TEMPLATE_IFRAME_FOR_MANDATES_OLD = 
+    "<html>" +
+    "<head>" +
+    //"<base target=\"_parent\">" +
+    "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" +     
+    "<title>Vollmachten-Anmeldung</title>" + 
+    "</head>" + 
+    "<body onLoad=\"document.VollmachtenForm.submit();\">" + 
+    "<form name=\"VollmachtenForm\"" + 
+    "      action=\"" + BKU_TAG + "\"" + 
+    "      method=\"post\">" + 
+    "  <input type=\"hidden\" " + 
+    "         name=\"XMLRequest\"" + 
+    "         value=\"" + XMLREQUEST_TAG + "\"/>" + 
+    "  <input type=\"hidden\" " + 
+    "         name=\"DataURL\"" + 
+    "         value=\"" + DATAURL_TAG + "\"/>" + 
+    "  <input type=\"hidden\" " + 
+    "         name=\"PushInfobox\"" +
+    "         value=\"" + PUSHINFOBOX_TAG + "\"/>" +
+    "  <input type=\"submit\" value=\"Starte Signatur\" name=\"Senden\"/>" +
+    "</form>" + 
+    "<form name=\"CertificateInfoForm\"" + 
+    "      action=\"" + BKU_TAG + "\"" + 
+    "      method=\"post\">" + 
+    "  <input type=\"hidden\" " + 
+    "         name=\"XMLRequest\"" + 
+    "         value=\"" + CERTINFO_XMLREQUEST_TAG + "\"/>" + 
+    "  <input type=\"hidden\" " + 
+    "         name=\"DataURL\"" + 
+    "         value=\"" + CERTINFO_DATAURL_TAG + "\"/>" + 
+    "  <input type=\"hidden\" value=\"Information zu Wurzelzertifikaten\"/>" + 
+    "</form>" + 
+    "</body>" + 
+    "</html>";
+  
+  /** default HTML template for Online mandates */
+  private static final String DEFAULT_HTML_TEMPLATE_IFRAME_FOR_MANDATES = 
+    "<html>" +
+    "<head>" +
+    "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" +     
+    "<title>Vollmachten-Anmeldung</title>" + 
+    "</head>" + 
+    "<body onLoad=\"document.VollmachtenForm.submit();\">" + 
+    "<form name=\"VollmachtenForm\"" + 
+    "      action=\"" + BKU_TAG + "\"" + 
+    "      method=\"post\">" + 
+    "  <input type=\"hidden\" " + 
+    "         name=\"XMLRequest\"" + 
+    "         value=\"" + XMLREQUEST_TAG + "\"/>" + 
+    "  <input type=\"hidden\" " + 
+    "         name=\"DataURL\"" + 
+    "         value=\"" + DATAURL_TAG + "\"/>" + 
+    "  <input type=\"hidden\" " + 
+    "         name=\"PushInfobox\"" +
+    "         value=\"" + PUSHINFOBOX_TAG + "\"/>" +
+    "  <input type=\"submit\" value=\"Starte Signatur\" name=\"Senden\"/>" +
+    "</form>" + 
+    "<form name=\"CertificateInfoForm\"" + 
+    "      action=\"" + BKU_TAG + "\"" + 
+    "      method=\"post\">" + 
+    "  <input type=\"hidden\" " + 
+    "         name=\"XMLRequest\"" + 
+    "         value=\"" + CERTINFO_XMLREQUEST_TAG + "\"/>" + 
+    "  <input type=\"hidden\" " + 
+    "         name=\"DataURL\"" + 
+    "         value=\"" + CERTINFO_DATAURL_TAG + "\"/>" + 
+    "  <input type=\"hidden\" value=\"Information zu Wurzelzertifikaten\"/>" + 
+    "</form>" + 
+    "</body>" + 
     "</html>";
 
   /**
@@ -167,25 +230,101 @@ public class GetIdentityLinkFormBuilder extends Builder {
   /**
    * Builds the HTML form, including XML Request and data URL as parameters.
    * 
-   * @param htmlTemplate template to be used for the HTML form;
-   *         may be <code>null</code>, in this case a default layout will be produced
    * @param xmlRequest XML Request to be sent as a parameter in the form
    * @param bkuURL URL of the "B&uuml;rgerkartenumgebung" the form will be submitted to;
    *         may be <code>null</code>, in this case the default URL will be used
    * @param dataURL DataURL to be sent as a parameter in the form
    */
   public String buildCreateSignature(
-    String bkuURL, 
+	String bkuURL, 
     String xmlRequest, 
-    String dataURL)
+    String dataURL,
+    String oaUrl)
   throws BuildException 
   {      
-  	String htmlForm = DEFAULT_HTML_TEMPLATE_FOR_MANDATES;
-    htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL);
-    htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL);
-    htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL);
-  	return htmlForm;
+	  String htmlForm = "";
+	  OAAuthParameter oaParam;
+	   try {
+	      oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaUrl);
+	   } catch (ConfigurationException e) {
+	      Logger.error("Error on building HTMl form for online mandates: " + e.getMessage());
+         throw new BuildException("builder.03", null);
+	   }
+
+	   OnlineMandatesTemplates[] templatesOnlineMandates = oaParam.getTemplateOnlineMandates();
+	   if (templatesOnlineMandates == null) {
+		   // no templates given
+		   htmlForm = DEFAULT_HTML_TEMPLATE_IFRAME_FOR_MANDATES;	  
+		   htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL);
+		   htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL);
+		   htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL);
+	   } else {
+		   String moaidTemplateUrl = null;
+		   String mandateTemplateUrl = null;
+		   // check for configured bku URL
+		   for (int i = 0; i < templatesOnlineMandates.length; i++) {
+			   if (templatesOnlineMandates[i].getBkuURL().compareToIgnoreCase(bkuURL) == 0) {
+				   moaidTemplateUrl = templatesOnlineMandates[i].getMoaIdTemplateURL();
+				   mandateTemplateUrl = templatesOnlineMandates[i].getMandatesTemplateURL();
+			   }			   
+		   }		   
+		   if (moaidTemplateUrl == null || mandateTemplateUrl == null) {
+			   Logger.debug("Configured and used BKU URL are not equal. So standard template is used.");
+			   htmlForm = DEFAULT_HTML_TEMPLATE_IFRAME_FOR_MANDATES;	  
+			   htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL);
+			   htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL);
+			   htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL);
+		   } else {
+			   // use configured templates
+			   String moaidTemplate;
+			   String mandateTemplate;
+			   try {
+				   moaidTemplate = new String(FileUtils.readURL(moaidTemplateUrl));
+			   } catch (IOException ex) {
+				   throw new BuildException("auth.03", new Object[] { moaidTemplateUrl, ex.toString()},ex);
+			   }
+			   try {
+				   mandateTemplate = new String(FileUtils.readURL(mandateTemplateUrl));
+			   } catch (IOException ex) {
+				   throw new BuildException("auth.03", new Object[] { mandateTemplateUrl, ex.toString()},ex);
+			   }
+		   
+			   
+			   // Mandatem template with iFrame
+			   htmlForm = mandateTemplate;
+	
+	
+			   // HTML form with XML signature request, which is filled into the iFrame 
+			   String htmlFormiFrame = moaidTemplate;
+			   htmlFormiFrame = replaceTag(htmlFormiFrame, BKU_TAG, bkuURL, true, ALL);
+			   htmlFormiFrame = replaceTag(htmlFormiFrame, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL);
+			   htmlFormiFrame = replaceTag(htmlFormiFrame, DATAURL_TAG, dataURL, true, ALL);	
+			   htmlFormiFrame = htmlFormiFrame.replaceAll("\"", "\\\"");
+			   htmlFormiFrame = htmlFormiFrame.replaceAll("'", "\\\\'");
+
+			   // add writeln('[data]') for each line in the iframe
+			   BufferedReader reader = new BufferedReader(new StringReader(htmlFormiFrame));
+			   String str;
+			   String htmlFormiFrameWriteLn = "";
+			   try {
+				   while ((str = reader.readLine()) != null) {
+					   if (str.length() > 0) 
+						   htmlFormiFrameWriteLn += "writeln('" + str + "');";
+				   }	
+			   } catch(IOException e) {
+				   throw new BuildException("builder.03", null);
+			   }
+	
+			   htmlForm = replaceTag(htmlForm, MANDATE_TAG, htmlFormiFrameWriteLn, true, ALL);
+			   			   
+		   }
+		   
+	   }
+	   
+	   return htmlForm;
+	  
   }
+ 
   /**
    * Encodes a string for inclusion as a parameter in the form.
    * Double quotes are substituted by <code>"&amp;quot;"</code>.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
index f0e9c7484..c94eb0b25 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
@@ -64,6 +64,10 @@ public class SAMLArtifactBuilder {
       byte[] sourceID;
       // alternative sourceId
       String alternativeSourceID = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(GENERIC_CONFIG_PARAM_SOURCEID);
+      
+      System.out.println("alternativeSourceID: " + alternativeSourceID);
+      System.out.println("authURL: " + authURL);
+      
       if (!ParepUtils.isEmpty(alternativeSourceID)) {
         // if generic config parameter "AuthenticationServer.SourceID" is given, use that sourceID instead of authURL;
         sourceID = md.digest(alternativeSourceID.getBytes());
@@ -71,6 +75,9 @@ public class SAMLArtifactBuilder {
       } else {
         sourceID = md.digest(authURL.getBytes());
       }
+      
+      System.out.println("sourceID: " + new String(sourceID));
+      
       byte[] assertionHandle = md.digest(sessionID.getBytes());
       ByteArrayOutputStream out = new ByteArrayOutputStream(42);
       out.write(0);
@@ -78,7 +85,9 @@ public class SAMLArtifactBuilder {
       out.write(sourceID, 0, 20);
       out.write(assertionHandle, 0, 20);
       byte[] samlArtifact = out.toByteArray();
+      System.out.println("samlArtifact: " + new String(samlArtifact));
       String samlArtifactBase64 = Base64Utils.encode(samlArtifact);
+      System.out.println("samlArtifact Base64: " + samlArtifactBase64);
       return samlArtifactBase64;
     }
     catch (Throwable ex) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 554b5012e..3d040d476 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -64,6 +64,7 @@ public class AuthenticationSession {
      * HTML template URL
      */
     private String templateURL;
+    
     /**
      * URL of the BKU
      */
@@ -363,14 +364,16 @@ public class AuthenticationSession {
   public String getTemplateURL() {
     return templateURL;
   }
-
+  
+  
   /**
    * @param string the template URL
    */
   public void setTemplateURL(String string) {
     templateURL = string;
   }
-
+  
+  
   /**
    * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
    *
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index 4c0abdb0f..0270eb3cb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -16,6 +16,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.fileupload.FileUploadException;
 import org.apache.commons.lang.StringEscapeUtils;
 
+import at.gv.egovernment.moa.id.AuthenticationException;
 import at.gv.egovernment.moa.id.BuildException;
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
@@ -32,6 +33,7 @@ import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
 
 /**
  * Servlet requested for getting the foreign eID
@@ -143,8 +145,8 @@ public class GetMISSessionIDServlet extends AuthServlet {
 	               session.getSessionID());
 	    	
 	    	Logger.debug(createXMLSignatureRequestOrRedirect);
-	    	
-	    	String request = getHTMLForm(createXMLSignatureRequestOrRedirect, session.getBkuURL(), dataurl);
+ 
+	    	String request = getHTMLForm(createXMLSignatureRequestOrRedirect, session.getBkuURL(), dataurl, session.getPublicOAURLPrefix());
 
 	    	resp.setContentType("text/html;charset=UTF-8");
 			PrintWriter out = new PrintWriter(resp.getOutputStream());
@@ -164,8 +166,8 @@ public class GetMISSessionIDServlet extends AuthServlet {
 		} 
   }
   
-  private static String getHTMLForm(String request, String bkuURI, String dataURL) throws BuildException {
-	  return new GetIdentityLinkFormBuilder().buildCreateSignature(bkuURI, request, dataURL);
+  private static String getHTMLForm(String request, String bkuURI, String dataURL, String oaUrl) throws BuildException {
+	  return new GetIdentityLinkFormBuilder().buildCreateSignature(bkuURI, request, dataURL, oaUrl);
 	  
   }
   
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index f1fb15be0..44a1f3098 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -102,6 +102,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
 		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
 		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
 		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+		
 		  
     Map parameters;
     try 
@@ -142,8 +143,10 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
 			}
 			resp.setContentType("text/html");
 			resp.setStatus(302);
-			resp.addHeader("Location", redirectURL);
+			
+			resp.addHeader("Location", redirectURL);			
 			Logger.debug("REDIRECT TO: " + redirectURL);
+			
 		}
     
 		catch (MOAIDException ex) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index b5275cdd5..5a598b03d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -94,6 +94,13 @@ public class ConfigurationBuilder {
   /** an XPATH-Expression */ 
   protected static final String AUTH_TEMPLATE_XPATH =
     ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "Template/@URL";
+    /** an XPATH-Expression */ 
+  public static final String AUTH_TEMPLATE_ONLINEMANDATES_BKU_XPATH =
+	   ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "OnlineMandates/" + CONF + "BKU";
+  
+  
+  //protected static final String AUTH_MANDATE_TEMPLATE_XPATH =
+//    ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "MandateTemplate/@URL";
   /** an XPATH-Expression */ 
   protected static final String INPUT_PROCESSOR_TEMPLATE_XPATH =
     ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "InputProcessorSignTemplate/@URL";
@@ -145,6 +152,11 @@ public class ConfigurationBuilder {
   /** an XPATH-Expression */ 
   protected static final String OA_AUTH_COMPONENT_TEMPLATE_XPATH =
     CONF + "Templates/" + CONF + "Template/@URL";
+  /** an XPATH-Expression */
+  public static final String OA_AUTH_COMPONENT_TEMPLATE_ONLINEMANDATES_BKU_XPATH = 
+	   CONF + "Templates/" + CONF + "OnlineMandates/" + CONF + "BKU";
+  //protected static final String OA_AUTH_COMPONENT_MANDATE_TEMPLATE_XPATH =
+    //CONF + "Templates/" + CONF + "MandateTemplate/@URL";
   /** an XPATH-Expression */ 
   protected static final String OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH = CONF + "TransformsInfo/@filename";
   /** an XPATH-Expression */ 
@@ -465,10 +477,12 @@ public class ConfigurationBuilder {
     String bkuSelectionTemplateURL =     
         XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null);
     String templateURL =     
-        XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null);
+    	XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null);
     String inputProcessorSignTemplateURL =     
       XPathUtils.getAttributeValue(configElem_, INPUT_PROCESSOR_TEMPLATE_XPATH, null);
     
+    OnlineMandatesTemplates[] templatesOnlineMandates =  buildTemplateOnlineMandates(configElem_);
+
     List OA_set = new ArrayList();
     NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH);
 
@@ -536,7 +550,9 @@ public class ConfigurationBuilder {
         oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink")));
         oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate")));        
         oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL));
-        oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL));        
+        oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL));
+        oap.setTemplateOnlineMandates(buildTemplateOnlineMandatesOA(authComponent, templatesOnlineMandates));
+      
         oap.setInputProcessorSignTemplateURL(buildTemplateURL(authComponent, INPUT_PROCESSOR_TEMPLATE_XPATH, inputProcessorSignTemplateURL));        
         // load OA specific transforms if present
         String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH);        
@@ -590,6 +606,77 @@ public class ConfigurationBuilder {
     }
     return templateURL;
   }
+  
+  
+  
+  protected OnlineMandatesTemplates[] buildTemplateOnlineMandates(Node contextNode) {
+	  String xpathExpr = AUTH_TEMPLATE_ONLINEMANDATES_BKU_XPATH;
+	  List onlineMandatesTemplatesList = new ArrayList();
+	  
+	  NodeIterator bkuIter = XPathUtils.selectNodeIterator(contextNode, xpathExpr);
+	      
+	  Element bkuElem;
+	  while ((bkuElem = (Element) bkuIter.nextNode()) != null) {
+		  String bkuUrl = XPathUtils.getAttributeValue(bkuElem, "@URL", null);	    	  
+		  String moaidTemplateUrl = XPathUtils.getAttributeValue(bkuElem, CONF + "MOA-ID-Template/@URL", null);
+		  String mandateTemplateUrl = XPathUtils.getAttributeValue(bkuElem, CONF + "MandateTemplate/@URL", null);
+	    	  
+		  OnlineMandatesTemplates template = new OnlineMandatesTemplates();
+		  template.setBkuURL(bkuUrl);
+		  if (moaidTemplateUrl != null) {
+			  moaidTemplateUrl = FileUtils.makeAbsoluteURL(moaidTemplateUrl, rootConfigFileDir_);
+		  }
+		  if (moaidTemplateUrl != null) {
+			  mandateTemplateUrl = FileUtils.makeAbsoluteURL(mandateTemplateUrl, rootConfigFileDir_);
+		  }
+		  template.setMoaIdTemplateURL(moaidTemplateUrl);
+		  template.setMandatesTemplateURL(mandateTemplateUrl);
+	    	  
+		  onlineMandatesTemplatesList.add(template);
+		  
+	  }
+	  
+	  if (onlineMandatesTemplatesList.isEmpty())
+		  return null;
+	  
+	  OnlineMandatesTemplates[] onlinemandatesTemplates = new OnlineMandatesTemplates[onlineMandatesTemplatesList.size()];
+	  onlineMandatesTemplatesList.toArray(onlinemandatesTemplates);
+	  
+	  return onlinemandatesTemplates;
+	      
+  }
+  
+  protected OnlineMandatesTemplates[] buildTemplateOnlineMandatesOA(Node contextNode, OnlineMandatesTemplates[] defaultTemplatesOnlineMandates) {
+	  
+	  String xpathExpr = OA_AUTH_COMPONENT_TEMPLATE_ONLINEMANDATES_BKU_XPATH;
+	  List onlineMandatesTemplatesList = new ArrayList();
+	  
+	  NodeIterator bkuIter = XPathUtils.selectNodeIterator(contextNode, xpathExpr);
+	      
+	  Element bkuElem;
+	  while ((bkuElem = (Element) bkuIter.nextNode()) != null) {
+		  String bkuUrl = XPathUtils.getAttributeValue(bkuElem, "@URL", null);	    	  
+		  String moaidTemplateUrl = XPathUtils.getAttributeValue(bkuElem, CONF + "MOA-ID-Template/@URL", null);
+		  String mandateTemplateUrl = XPathUtils.getAttributeValue(bkuElem, CONF + "MandateTemplate/@URL", null);
+	    	  
+		  OnlineMandatesTemplates template = new OnlineMandatesTemplates();
+		  template.setBkuURL(bkuUrl);
+		  template.setMoaIdTemplateURL(moaidTemplateUrl);
+		  template.setMandatesTemplateURL(mandateTemplateUrl);
+	    	  
+		  onlineMandatesTemplatesList.add(template);
+		  
+	  }
+	  
+	  if (onlineMandatesTemplatesList.isEmpty())
+		  return defaultTemplatesOnlineMandates;
+	  
+	  OnlineMandatesTemplates[] onlinemandatesTemplates = new OnlineMandatesTemplates[onlineMandatesTemplatesList.size()];
+	  onlineMandatesTemplatesList.toArray(onlinemandatesTemplates);
+	  
+	  return onlinemandatesTemplates;
+	      
+  }
 
   
   /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OnlineMandatesTemplates.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OnlineMandatesTemplates.java
new file mode 100644
index 000000000..9ff2467a0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OnlineMandatesTemplates.java
@@ -0,0 +1,54 @@
+package at.gv.egovernment.moa.id.config;
+
+public class OnlineMandatesTemplates {
+
+	private String bkuURL;
+	
+	private String moaIdTemplateURL;
+	
+	private String mandatesTemplateURL;
+
+	/**
+	 * @return the bkuURL
+	 */
+	public String getBkuURL() {
+		return bkuURL;
+	}
+
+	/**
+	 * @param bkuURL the bkuURL to set
+	 */
+	public void setBkuURL(String bkuURL) {
+		this.bkuURL = bkuURL;
+	}
+
+	/**
+	 * @return the moaIdTemplateURL
+	 */
+	public String getMoaIdTemplateURL() {
+		return moaIdTemplateURL;
+	}
+
+	/**
+	 * @param moaIdTemplateURL the moaIdTemplateURL to set
+	 */
+	public void setMoaIdTemplateURL(String moaIdTemplateURL) {
+		this.moaIdTemplateURL = moaIdTemplateURL;
+	}
+
+	/**
+	 * @return the mandatesTemplateURL
+	 */
+	public String getMandatesTemplateURL() {
+		return mandatesTemplateURL;
+	}
+
+	/**
+	 * @param mandatesTemplateURL the mandatesTemplateURL to set
+	 */
+	public void setMandatesTemplateURL(String mandatesTemplateURL) {
+		this.mandatesTemplateURL = mandatesTemplateURL;
+	}
+	
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index aa5aa21a3..fbaf32c1c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -16,6 +16,7 @@
 package at.gv.egovernment.moa.id.config.auth;
 
 import at.gv.egovernment.moa.id.config.OAParameter;
+import at.gv.egovernment.moa.id.config.OnlineMandatesTemplates;
 
 /**
  * Configuration parameters belonging to an online application,
@@ -79,6 +80,8 @@ public class OAAuthParameter extends OAParameter {
    * template for web page "Anmeldung mit B&uuml;rgerkarte"
    */
   private String templateURL;
+
+  private OnlineMandatesTemplates[] templateOnlineMandates;
   /**
    * template for web page "Signatur der Anmeldedaten"
    */
@@ -167,7 +170,8 @@ public class OAAuthParameter extends OAParameter {
     return provideCertificate;
   }
   
-   /**
+
+/**
       * Returns the key box identifier.
       * @return String
       */
@@ -193,6 +197,7 @@ public class OAAuthParameter extends OAParameter {
     return templateURL;
   } 
   
+  
   /**
    * Returns the inputProcessorSignTemplateURL url.
    * @return The inputProcessorSignTemplateURL url or <code>null</code> if no url for
@@ -239,6 +244,21 @@ public class OAAuthParameter extends OAParameter {
     this.transformsInfos = transformsInfos;
   }
   /**
+ * @return the templateOnlineMandates
+ */
+public OnlineMandatesTemplates[] getTemplateOnlineMandates() {
+	return templateOnlineMandates;
+}
+
+/**
+ * @param templateOnlineMandates the templateOnlineMandates to set
+ */
+public void setTemplateOnlineMandates(
+		OnlineMandatesTemplates[] templateOnlineMandates) {
+	this.templateOnlineMandates = templateOnlineMandates;
+}
+
+/**
    * Sets the provideAuthBlock.
    * @param provideAuthBlock The provideAuthBlock to set
    */
@@ -295,7 +315,7 @@ public class OAAuthParameter extends OAParameter {
    public void setTemplateURL(String templateURL) {
       this.templateURL = templateURL;
    }
-
+   
   /**
    * Sets the input processor sign form template url.
    *
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index f206f6bbb..b8ee6ac68 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -70,6 +70,7 @@ parser.07=Fehler beim Parsen: Assoziatives Array im {0}-InfoboxResponse enth
 builder.00=Fehler beim Aufbau der Struktur "{0}": {1}
 builder.01=Fehlerhaftes Template: Kennung "{0}" fehlt
 builder.02=Fehler beim Ausblenden von Stammzahlen
+builder.03=Fehler beim Aufbau des HTML Codes für Vollmachten
 
 service.00=Fehler beim Aufruf des Web Service: {0}
 service.01=Fehler beim Aufruf des Web Service: kein Endpoint
diff --git a/id/templates/src/main/webapp/SampleBKUSelectionTemplate.html b/id/templates/src/main/webapp/SampleBKUSelectionTemplate.html
index 5536226a8..251793a93 100644
--- a/id/templates/src/main/webapp/SampleBKUSelectionTemplate.html
+++ b/id/templates/src/main/webapp/SampleBKUSelectionTemplate.html
@@ -33,19 +33,8 @@
       B&uuml;rgerkarte.</a> Bei der Anmeldung mit der A-Trust B&uuml;rgerkarte 
       ben&ouml;tigen Sie eine funktionsf&auml;hige B&uuml;rgerkartensoftware sowie 
       einen passenden Kartenleser.</p>
-  </li>
-  <li> 
-    <p>Wollen Sie ein A1-Signatur erwerben? Wenden Sie sich an 0800-664 680 um 
-      Informationen zur A1-Signatur zu erhalten.
-      Hier finden Sie ebenfalls Informationen dazu: <a href="http://www.a1.net/signatur" target="_blank">A1-Signatur</a>. 
-      Bei der Anmeldung mit der A1-Signatur wird keine B&uuml;rgerkartensoftware und 
-      kein Kartenleser ben&ouml;tigt.</p>
-  </li>
+  </li>  
 </ul>
-<div align="right"><a href="http://validator.w3.org/check?uri=http://localhost:8080/moaid-templates/SampleBKUSElectionTemplate.html"><img border="0"
-          src="/moaid-templates/valid-html401.gif"
-          alt="Valid HTML 4.01!" height="31" width="88"></a> </div>
-<p align="right">&nbsp; </p>
 
 
 </body>
-- 
cgit v1.2.3


From abe2192ea697ccc133f1fededa3a8ee1528ec7c8 Mon Sep 17 00:00:00 2001
From: kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Mon, 27 Jun 2011 11:37:28 +0000
Subject: Update readmes, Template zur BK-Auswahl (neue Bilder),
 Vollmachten-Template

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1210 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 id/assembly-auth.xml                               |   1 +
 id/assembly-proxy.xml                              |   1 +
 id/history.txt                                     |   7 ++
 id/readme_1.5.0.txt                                |  14 ++--
 .../auth/src/main/webapp/img/ecard_aktivieren.jpg  | Bin 18927 -> 3767 bytes
 .../src/main/webapp/img/mobilsig_aktivieren.jpg    | Bin 19202 -> 3758 bytes
 id/server/auth/src/main/webapp/index.html          |   4 +-
 .../sampleTemplates/handy_mandate_template.html    |   2 +-
 .../sampleTemplates/handy_moa-id_template.html     |   2 -
 .../sampleTemplates/local_mandate_template.html    |   2 +-
 .../sampleTemplates/local_moa-id_template.html     |   2 +-
 .../sampleTemplates/online_mandate_template.html   |   2 +-
 id/server/doc/moa_id/id-anwendung_1.htm            |   9 +--
 spss/assembly-lib.xml                              |   1 +
 spss/assembly.xml                                  |   1 +
 spss/server/readme.inst.txt                        |  72 ++++++++-------------
 16 files changed, 56 insertions(+), 64 deletions(-)

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/assembly-auth.xml b/id/assembly-auth.xml
index 0f676552b..3e9cc64c8 100644
--- a/id/assembly-auth.xml
+++ b/id/assembly-auth.xml
@@ -51,6 +51,7 @@
 				<include>LICENSE-2.0.txt</include>
 				<include>NOTICE.txt</include>
 				<include>IAIK-LICENSE.txt</include>
+				<include>EUPL v.1.1 - Licence.pdf</include>				
 			</includes>
 		</fileSet>
 	</fileSets>
diff --git a/id/assembly-proxy.xml b/id/assembly-proxy.xml
index 4e22222e5..c55d3dbfd 100644
--- a/id/assembly-proxy.xml
+++ b/id/assembly-proxy.xml
@@ -37,6 +37,7 @@
 				<include>LICENSE-2.0.txt</include>
 				<include>NOTICE.txt</include>
 				<include>IAIK-LICENSE.txt</include>
+				<include>EUPL v.1.1 - Licence.pdf</include>	
 			</includes>
 		</fileSet>
 	</fileSets>
diff --git a/id/history.txt b/id/history.txt
index 4aa774480..d8c4bdfc7 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -7,6 +7,12 @@ History MOA-ID:
 
 Version MOA-ID 1.5.0: Änderungen seit Version MOA-ID 1.4.8:
 
+- Lizenzwechsel: MOA-ID/SPSS stand bisher unter einer Apache 2.0 Lizenz. Mit
+  dieser Version 1.5.0 wird ein Wechsel auf die "European Union Public License
+  (EUPL) v1.1" vollzogen. Im  Sinne einer stufenweisen Migration wird dieses
+  Release als Übergang noch unter beiden Lizenzen (Apache 2.0 oder EUPL 1.1)
+  bereitgestellt. Zukünftige Updates und Versionen werden aber nur mehr unter
+  EUPL zur Verfügung stehen.
 - Fixed Bug #552 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=552&group_id=6&atid=105)
 - Fixed Bug #551 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=551&group_id=6&atid=105)
 - Fixed Bug #550 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=550&group_id=6&atid=105)
@@ -21,6 +27,7 @@ Version MOA-ID 1.5.0: 
 - Änderung der Konfiguration für:
 	- Angabe einer Liste von vertrauenswürdigen BKUs (aufgrund Parameterprüfung)
 	- Online-Vollmachten
+
 	
 =====
 
diff --git a/id/readme_1.5.0.txt b/id/readme_1.5.0.txt
index 30b8ebd26..7341e85be 100644
--- a/id/readme_1.5.0.txt
+++ b/id/readme_1.5.0.txt
@@ -10,6 +10,13 @@ Mit MOA ID Version 1.5.0 wurden folgende Neuerungen eingef
 erstmals in der Veröffentlichung enthalten sind (siehe auch history.txt im 
 gleichen Verzeichnis):
 
+- Lizenzwechsel:  MOA-ID/SPSS stand bisher unter einer Apache 2.0 Lizenz. Mit
+  dieser Version 1.5.0 wird ein Wechsel auf die "European Union Public License
+  (EUPL) v1.1" vollzogen. Im  Sinne einer stufenweisen Migration wird dieses
+  Release als Übergang noch unter beiden Lizenzen (Apache 2.0 oder EUPL 1.1)
+  bereitgestellt. Zukünftige Updates und Versionen werden aber nur mehr unter
+  EUPL zur Verfügung stehen. Beachten Sie die Hinweise zu Lizenzen weiterer
+  Elemente in "NOTICE.txt".
 - Fixed Bug #552 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=552&group_id=6&atid=105)
 - Fixed Bug #551 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=551&group_id=6&atid=105)
 - Fixed Bug #550 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=550&group_id=6&atid=105)
@@ -26,13 +33,6 @@ gleichen Verzeichnis):
 	- Angabe einer Liste von vertrauenswürdigen BKUs (aufgrund Parameterprüfung)
 	- Online-Vollmachten
 
-Lizenzwechsel:  MOA-ID/SPSS stand bisher unter einer Apache 2.0 Lizenz. Mit
-dieser Version 1.5.0 wird ein Wechsel auf die "European Union Public License
-(EUPL) v1.1" vollzogen. Im  Sinne einer stufenweisen Migration wird dieses
-Release als Übergang noch unter beiden Lizenzen (Apache 2.0 oder EUPL 1.1)
-bereitgestellt. Zukünftige Updates und Versionen werden aber nur mehr unter
-EUPL zur Verfügung stehen. Beachten Sie die Hinweise zu Lizenzen weiterer
-Elemente in "NOTICE.txt".
 
 -------------------------------------------------------------------------------
 B. Durchführung eines Updates
diff --git a/id/server/auth/src/main/webapp/img/ecard_aktivieren.jpg b/id/server/auth/src/main/webapp/img/ecard_aktivieren.jpg
index 4b29a9786..2e8e87f86 100644
Binary files a/id/server/auth/src/main/webapp/img/ecard_aktivieren.jpg and b/id/server/auth/src/main/webapp/img/ecard_aktivieren.jpg differ
diff --git a/id/server/auth/src/main/webapp/img/mobilsig_aktivieren.jpg b/id/server/auth/src/main/webapp/img/mobilsig_aktivieren.jpg
index e72aeadfc..be1799b7a 100644
Binary files a/id/server/auth/src/main/webapp/img/mobilsig_aktivieren.jpg and b/id/server/auth/src/main/webapp/img/mobilsig_aktivieren.jpg differ
diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
index 25d5d9f28..6e60ae433 100644
--- a/id/server/auth/src/main/webapp/index.html
+++ b/id/server/auth/src/main/webapp/index.html
@@ -172,10 +172,10 @@
 
                 <div id="rightcontent">
                     <p>
-                        <a href="http://www.buergerkarte.at/de/aktivieren/online.html" target="_blank"><img src="img/ecard_aktivieren.jpg" border="0" alt="eCard online aktivieren" width="210"></a>                    
+                        <a href="http://www.buergerkarte.at/de/aktivieren/online.html" target="_blank"><img src="img/ecard_aktivieren.jpg" border="0" alt="eCard online aktivieren"></a>                    
                     </p>
                     <p>
-                        <a href="http://www.buergerkarte.at/de/aktivieren/mobil.html" target="_blank"><img src="img/mobilsig_aktivieren.jpg" border="0" alt="Mobile Signatur aktivieren" width="210"></a>                    
+                        <a href="http://www.buergerkarte.at/de/aktivieren/mobil.html" target="_blank"><img src="img/mobilsig_aktivieren.jpg" border="0" alt="Handy Signatur aktivieren"></a>                    
                     </p>                   
                 </div>
 
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/handy_mandate_template.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/handy_mandate_template.html
index 8fda2a880..58f2a9ec5 100644
--- a/id/server/data/deploy/conf/moa-id/sampleTemplates/handy_mandate_template.html
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/handy_mandate_template.html
@@ -21,6 +21,6 @@ Templateseite zur Signatur für Online-Vollmachten (für Handysignatur)
   <body onLoad="fillFrame(); return false;">
     <h2>Vollmachten-Anmeldung (Handysignatur)</h2>
     <!-- Name des iframe darf nicht veändert werden -->
-    <iframe name="mandate" src="" frameborder="0" width="250" height="400"></iframe>    
+    <iframe name="mandate" src="" frameborder="0" width="250" height="400" scrolling="no"></iframe>    
   </body>
 </html>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/handy_moa-id_template.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/handy_moa-id_template.html
index 28d84fea2..60d1a8733 100644
--- a/id/server/data/deploy/conf/moa-id/sampleTemplates/handy_moa-id_template.html
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/handy_moa-id_template.html
@@ -3,8 +3,6 @@ MOA-ID Template für Handy-Signatur bei Online-Vollmachten
 -->
 <html>
 <head>
-<!-- base target muss bei lokale BKU und Handy-Signatur gesetzt sein -->
-<base target="_parent">
 <meta http-equiv="content-type" content="text/html; charset=UTF-8">
 <title>Vollmachten-Anmeldung</title>
 </head>
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/local_mandate_template.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/local_mandate_template.html
index 6b84dfd8e..bbea993d8 100644
--- a/id/server/data/deploy/conf/moa-id/sampleTemplates/local_mandate_template.html
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/local_mandate_template.html
@@ -21,6 +21,6 @@ Templateseite zur Signatur für Online-Vollmachten (für Lokale-BKU)
   <body onLoad="fillFrame(); return false;">
     <h2>Vollmachten-Anmeldung (Lokale-BKU)</h2>
     <!-- Name des iframe darf nicht veändert werden -->
-    <iframe name="mandate" src="" frameborder="0" width="250" height="400"></iframe>    
+    <iframe name="mandate" src="" frameborder="0" width="250" height="400" scrolling="no"></iframe>    
   </body>
 </html>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/local_moa-id_template.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/local_moa-id_template.html
index b9506ca0e..47dc64408 100644
--- a/id/server/data/deploy/conf/moa-id/sampleTemplates/local_moa-id_template.html
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/local_moa-id_template.html
@@ -3,7 +3,7 @@ MOA-ID Template für lokale BKU bei Online-Vollmachten
 -->
 <html>
 <head>
-<!-- base target muss bei lokale BKU und Handy-Signatur gesetzt sein -->
+<!-- base target muss bei lokaler BKU gesetzt sein -->
 <base target="_parent">
 <meta http-equiv="content-type" content="text/html; charset=UTF-8">
 <title>Vollmachten-Anmeldung</title>
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/online_mandate_template.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/online_mandate_template.html
index ac7c17c8f..6b75fcb6a 100644
--- a/id/server/data/deploy/conf/moa-id/sampleTemplates/online_mandate_template.html
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/online_mandate_template.html
@@ -21,6 +21,6 @@ Templateseite zur Signatur für Online-Vollmachten (für Online-BKU)
   <body onLoad="fillFrame(); return false;">
     <h2>Vollmachten-Anmeldung (Online-BKU)</h2>
     <!-- Name des iframe darf nicht veändert werden -->
-    <iframe name="mandate" src="" frameborder="0" width="250" height="400"></iframe>    
+    <iframe name="mandate" src="" frameborder="0" width="250" height="400" scrolling="no"></iframe>    
   </body>
 </html>
\ No newline at end of file
diff --git a/id/server/doc/moa_id/id-anwendung_1.htm b/id/server/doc/moa_id/id-anwendung_1.htm
index b8d0d79e5..25c1d8674 100644
--- a/id/server/doc/moa_id/id-anwendung_1.htm
+++ b/id/server/doc/moa_id/id-anwendung_1.htm
@@ -99,7 +99,7 @@ StartAuthentication?Target=&lt;gesch&auml;ftsbereich&gt;
 <div id="block">
 <b>Template</b><br /><br />
 Ein <a href="examples/Template.html">Template</a> f&uuml;r die Anmeldeseite von MOA-ID-AUTH kann aus folgender Grundstruktur aufgebaut werden: </div>
-<pre>&lt;!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.01 Transitional//EN&quot;&gt;<br>&lt;html&gt;<br>&lt;head&gt;<br>&lt;title&gt;MOA ID - Identifizierter Zugang mit B&amp;uuml;rgerkarte&lt;/title&gt;
+<pre>&lt;html&gt;<br>&lt;head&gt;<br>&lt;title&gt;MOA ID - Identifizierter Zugang mit B&amp;uuml;rgerkarte&lt;/title&gt;
 	&lt;meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=utf-8&quot;&gt;<br>&lt;/head&gt;</pre>
 <p>&lt;form name=&quot;CustomizedForm&quot; action=&quot;&lt;BKU&gt;&quot; method=&quot;post&quot;&gt;<br>
 &lt;div align=&quot;center&quot;&gt;<br>
@@ -156,7 +156,7 @@ SelectBKU?Target=&lt;gesch&auml;ftsbereich&gt;
 <b>BKUSelectionTemplate</b><br /><br />
 Ein <a href="examples/BKUSelectionTemplate.html">Template f&uuml;r die BKU-Auswahl</a> von MOA-ID-AUTH kann aus folgender Grundstruktur aufgebaut werden: </div>
 <pre>
-&lt;!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.01 Transitional//EN&quot;&gt;<br>&lt;html&gt;<br>&lt;head&gt;<br>&lt;title&gt;MOA ID - Auswahl der B&amp;uuuml;rgerkartenumgebung&lt;/title&gt;
+&lt;html&gt;<br>&lt;head&gt;<br>&lt;title&gt;MOA ID - Auswahl der B&amp;uuuml;rgerkartenumgebung&lt;/title&gt;
 	&lt;meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=utf-8&quot;&gt;<br>&lt;/head&gt;</pre><p>&lt;form name=&quot;CustomizedForm&quot; method=&quot;post&quot; action=&quot;&lt;StartAuth&gt;&quot;&gt;<br>
 &lt;BKUSelect&gt; <br>
 &lt;input type=&quot;submit&quot; value=&quot;Ausw&amp;auml;hlen&quot;/&gt;<br>
@@ -182,7 +182,7 @@ Auch dabei ist die vorgegebene Grundstruktur einzuhalten, die speziellen Tags <t
   <p>Das Template f&uuml;r die Seite "Anmeldung mit Online-Vollmacht" von MOA-ID-AUTH kann aus folgender Grundstruktur aufgebaut werden: </p>
 </div>
 <pre>
-&lt;html&gt;<br>  &lt;head&gt;<br>    &lt;meta http-equiv=&quot;content-type&quot; content=&quot;text/html; charset=UTF-8&quot;&gt;    <br>    &lt;title&gt;Vollmachten-Anmeldung&lt;/title&gt;<br>    &lt;script language=&quot;javascript&quot;&gt;<br>      function fillFrame() {    <br>        var f = top.frames['mandate'];<br>        with (f.document) {<br>          open();<br>          &lt;Mandate&gt;<br>     	    close();<br>        }<br>      }<br>    &lt;/script&gt;<br>  &lt;/head&gt;<br>  &lt;body onLoad=&quot;fillFrame(); return false;&quot;&gt;<br>    &lt;h2&gt;Vollmachten-Anmeldung Template&lt;/h2&gt;<br>    &lt;iframe name=&quot;mandate&quot; src=&quot;&quot; frameborder=&quot;0&quot; width=&quot;250&quot; height=&quot;400&quot;&gt;&lt;/iframe&gt;    <br>  &lt;/body&gt;<br>&lt;/html&gt;</pre>
+&lt;html&gt;<br>  &lt;head&gt;<br>    &lt;meta http-equiv=&quot;content-type&quot; content=&quot;text/html; charset=UTF-8&quot;&gt;    <br>    &lt;title&gt;Vollmachten-Anmeldung&lt;/title&gt;<br>    &lt;script language=&quot;javascript&quot;&gt;<br>      function fillFrame() {    <br>        var f = top.frames['mandate'];<br>        with (f.document) {<br>          open();<br>          &lt;Mandate&gt;<br>     	    close();<br>        }<br>      }<br>    &lt;/script&gt;<br>  &lt;/head&gt;<br>  &lt;body onLoad=&quot;fillFrame(); return false;&quot;&gt;<br>    &lt;h2&gt;Vollmachten-Anmeldung Template&lt;/h2&gt;<br>    &lt;iframe name=&quot;mandate&quot; src=&quot;&quot; frameborder=&quot;0&quot; width=&quot;250&quot; height=&quot;400&quot; scrolling=&quot;no&quot;&gt;&lt;/iframe&gt;    <br>  &lt;/body&gt;<br>&lt;/html&gt;</pre>
 
 <p>Innerhalb des Dokuments k&ouml;nnen Texte, Beschriftungen und Styles modifiziert werden,
   und es k&ouml;nnen zus&auml;tzliche Elemente darin aufgenommen werden. <br />
@@ -191,7 +191,8 @@ Auch dabei ist die vorgegebene Grundstruktur einzuhalten, die speziellen Tags <t
   </pre>
   Weiters ist verpflichtend ist der JavaScript Code, der Aufruf der <tt>fillFrame</tt> Funktion im body und das <tt>name</tt> Attribut des <tt>iframe</tt>s.</p>
 <div id="block2">
-  <p>Weiters muss ein MOA-ID Template angegeben werden, das den Anforderungen des Templatef&uuml;r die Anmeldeseite von MOA-ID-AUTH gen&uuml;gen muss (siehe oben). Zus&auml;tzlich zu beachten ist, dass im Header dieser MOA-ID Templates f&uuml;r die lokale BKU und die Handysignatur der Codeteil <pre>&lt;base target=&quot;_parent&quot;&gt;</pre> 
+  <p>Weiters muss ein MOA-ID Template angegeben werden, das den Anforderungen des Templatef&uuml;r die Anmeldeseite von MOA-ID-AUTH gen&uuml;gen muss (siehe oben). Zus&auml;tzlich zu beachten ist, dass im Header dieser MOA-ID Templates f&uuml;r die lokale BKU der Codeteil 
+  <pre>&lt;base target=&quot;_parent&quot;&gt;</pre> 
   vorkommt. Fehlt dieser Teil so wird die Online-Applikation im iFrame des Template f&uuml;r die Seite "Anmeldung mit Online-Vollmacht" ge&ouml;ffnet (was im Allgemeinen nicht erw&uuml;nscht ist).</p></div>
 <p>Beispiele f&uuml;r diese MOA-ID Templates und die Templates f&uuml;r die Seite &quot;Anmeldung mit Online-Vollmacht&quot; sind in den Default-Konfigurationen vorhanden.</p>
 <p><strong>Wichtiger Hinweis:</strong> wenn die Templates &uuml;ber HTTPS geladen werden sollten, so muss das SSL/TLS Zertifikat des Servers in einem Java Truststore gespeichert werden und dieser beim Start von Tomcat angegeben werden. </p>
diff --git a/spss/assembly-lib.xml b/spss/assembly-lib.xml
index 5fb27b0f2..c18a6a319 100644
--- a/spss/assembly-lib.xml
+++ b/spss/assembly-lib.xml
@@ -146,6 +146,7 @@
 				<include>LICENSE-2.0.txt</include>
 				<include>NOTICE.txt</include>
 				<include>IAIK-LICENSE.txt</include>
+				<include>EUPL v.1.1 - Licence.pdf</include>	
 			</includes>
 		</fileSet>
 		<fileSet>
diff --git a/spss/assembly.xml b/spss/assembly.xml
index 9c959ad06..f2a111f78 100644
--- a/spss/assembly.xml
+++ b/spss/assembly.xml
@@ -124,6 +124,7 @@
 				<include>LICENSE-2.0.txt</include>
 				<include>NOTICE.txt</include>
 				<include>IAIK-LICENSE.txt</include>
+				<include>EUPL v.1.1 - Licence.pdf</include>	
 			</includes>
 		</fileSet>
 		<fileSet>
diff --git a/spss/server/readme.inst.txt b/spss/server/readme.inst.txt
index 82e061dbb..b14da5ee1 100644
--- a/spss/server/readme.inst.txt
+++ b/spss/server/readme.inst.txt
@@ -8,49 +8,31 @@ BEVOR SIE STARTEN BEACHTEN SIE BITTE FOLGENDE HINWEISE ZUR
 LIZENSIERUNG VON MOA SP/SS SOWIE DER VON IHM VERWENDETEN
 BIBLIOTHEKEN:
 
-1. MOA SP/SS selbst ist freie Software und wird von Bundeskanzler-
-   amt und Bundesministerium für Finanzen zu den Bedingungen der 
-   Apache 2.0 Lizenz zur Verfügung gestellt. Eine Kopie dieser
-   Lizenz finden Sie in der Datei "Apache-2.0.txt" im Verzeichnis
-   "licenses" dieser Distribution.
-   
-2. MOA SP/SS verwendet Kryptographie-Biliotheken, deren Rechte bei 
-   der Stiftung Secure Information and Communication Technologies
-   (http://jcewww.iaik.tugraz.at) liegen. Für diese Kryptographie-
-   Bibliotheken besteht folgende Situation:
+This product includes software originally developed at the
+Austrian Federal Computing Centre (BRZ - Bundesrechenzentrum,
+www.brz.gv.at) and the Federal Chancellery Austria (Stabsstelle
+IKT-Strategie des Bundes, Bundeskanzleramt, 
+www.digitales.oesterreich.gv.at).
 
-    Stiftung SIC gewährt dem Lizenznehmer eine nicht-exklusive, 
-    nicht-übertragbare Runtime Lizenz für die "IAIK MOA" Module 
-    im Kontext von MOA SP/SS und MOA ID. Alle Versuche, Teile oder 
-    die kompletten  IAIK Crypto Toolkits, die zusammen mit dem MOA
-    Produktbündel ausgeliefert werden, für andere Zwecke als jenem 
-    für Applikationen im MOA Kontext zu verwenden, sind nicht erlaubt. 
-    Auch weitere Versuche, die sich auf die Entwicklung von Anwendungen, 
-    oder aber darüber hinaus auf die Schaffung eines eigenen Toolkits, 
-    oder die Aufnahme in ein weiters weiteres Toolkit beziehen, sind 
-    nicht erlaubt. Die hier beschriebene Runtime Lizenz ist nicht 
-    übertragbar auf weitere Vertragspartner des Kunden, Personen, 
-    Organisationen oder Unternehmen außerhalb der Organisation des 
-    Lizenznehmers.
-      
-3. MOA SP/SS verwendet folgende weitere Bibliotheken, die allesamt
-   freie Software und in dieser Distribution bereits enthalten 
-   sind. Es gelten jedoch unterschiedliche Lizenzbedingungen:
-   
-     * Die Produkte Xerces Java 2, Xalan Java 2, Axis, Commons
-       und Log4J werden von der Apache Software Foundation zu den
-       Bedingungen der Apache 2.0 Lizenz zur Verfügung gestellt. 
-       Eine Kopie dieser Lizenz finden Sie in der Datei 
-       "Apache-2.0.txt" im Verzeichnis "licenses" dieser 
-       Distribution.
-       	
-     * Das Produkt Jaxen wird von The Werken Company zu den Bedin-
-       gungen einer BSD-ähnlichen Lizenz zur Verfügung gestellt.
-       Eine Kopie dieser Lizenz finden Sie in der Datei "Jaxen.txt"
-       im Verzeichnis "licenses" dieser Distribution. 
-       
-     * Das Produkt PostgreSQL JDBC Driver wird von PostgreSQL Global
-       Development Group zu den Bedingungen einer BSD-ähnlichen 
-       Lizenz zur Verfügung gestellt. Eine Kopie dieser Lizenz finden
-       Sie in der Datei "PostgreSQL-JDBC.txt" im Verzeichnis 
-       "licenses" dieser Distribution.         
\ No newline at end of file
+This product includes software developed by third parties
+and provided under an open source license (www.opensource.org).
+
+This product -- up to and including version 1.5.0 -- includes software
+"IAIK MOA" provided by Stiftung Secure Information and Communication
+Technologies SIC (www.sic.st). This software has been licensed under the terms
+and conditions given in "IAIK-LICENSE".
+
+This product includes software ("IAIK MOA") provided by Stiftung Secure
+Information and Communication Technologies SIC (www.sic.st). This software has
+been licensed under the terms and conditions given in "SIC-LICENSE.txt".
+
+License change:
+Up to and including version 1.5.0 of this product were published under an
+Apache 2.0 license (see "LICENSE-2.0.txt"). From version 1.5.0 onwards the
+product is licensed under the terms and conditions of the European Union Public
+Licence (EUPL) Version 1.1 ("EUPL v.1.1 - Licence.pdf").
+For this present version 1.5.0 a transitional dual license is granted: The
+licensee can choose to either use "LICENSE-2.0.txt" together with
+"IAIK_LICENSE", or "EUPL v.1.1 - Licence.pdf" together with "SIC-LICENSE.txt"
+(for software provided by Stiftung Secure Information and Communication
+Technologies SIC).
\ No newline at end of file
-- 
cgit v1.2.3


From 77c3560745fcba9e3975472dd77cb928924fb35f Mon Sep 17 00:00:00 2001
From: kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Thu, 6 Oct 2011 19:15:53 +0000
Subject: MOA-ID: - Fixed Bug #556
 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=556&group_id=6&atid=105)
 - Update Einbindung Online-Vollmachten (Vor Auswahl der Vollmacht werden die
 Signaturdaten signiert) - Update Transformationen (für Online-Vollmachten) -
 Änderung der Konfiguration für Online-Vollmachten (keine Templates mehr für
 Online-Vollmachten; Attribute provideMandatorDate in OA-Konfiguration) -
 sampleTemplates in Standard-Konfiguration gelöscht - Update der
 Standard-Konfigurationen MOA-SPSS: - Library aktualisiert: Axis - Version
 1.0_IAIK (gepatchte Variante von Axis 1.0 zur Vermeidung von XXE Attacken) -
 axis-1.0_IAIK.jar zu repository hinzugefügt
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1217 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 id/history.txt                                     |   6 +-
 id/oa/.settings/org.eclipse.wst.common.component   |   5 +-
 id/server/auth/src/main/webapp/iframeHandyBKU.html |   6 +-
 .../auth/src/main/webapp/iframeOnlineBKU.html      |  11 +-
 id/server/auth/src/main/webapp/index.html          |  15 +-
 .../conf/moa-id/SampleMOAIDConfiguration.xml       |  92 +----
 .../conf/moa-id/SampleMOAIDConfigurationProxy.xml  |  89 +----
 .../SampleMOAIDConfiguration_withTestBKs.xml       |  83 +---
 .../SampleMOAIDConfiguration_withTestBKsProxy.xml  |  86 +---
 .../conf/moa-id/SampleMOAWIDConfiguration.xml      |  61 +--
 .../conf/moa-id/SampleMOAWIDConfigurationProxy.xml |  55 +--
 .../SampleMOAWIDConfiguration_withTestBKs.xml      |  60 +--
 .../SampleMOAWIDConfiguration_withTestBKsProxy.xml |  55 +--
 .../moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt  |  26 --
 .../ParepInputProcessorSignTemplate.html           |  61 ---
 .../SampleBKUSelectionTemplate.html                |  42 --
 .../SampleInputProcessorSignTemplate.html          |  39 --
 .../moa-id/sampleTemplates/SampleTemplate.html     |  56 ---
 .../sampleTemplates/handy_mandate_template.html    |  26 --
 .../sampleTemplates/handy_moa-id_template.html     |  39 --
 .../sampleTemplates/local_mandate_template.html    |  26 --
 .../sampleTemplates/local_moa-id_template.html     |  31 --
 .../sampleTemplates/online_mandate_template.html   |  26 --
 .../sampleTemplates/online_moa-id_template.html    |  38 --
 .../transforms/TransformsInfoAuthBlockTable_DE.xml |  41 +-
 .../transforms/TransformsInfoAuthBlockTable_EN.xml |  41 +-
 .../profiles/MOAIDTransformAuthBlockTable_DE.xml   |  41 +-
 .../profiles/MOAIDTransformAuthBlockTable_EN.xml   |  41 +-
 .../moa/id/auth/AuthenticationServer.java          | 432 ++++++++++++---------
 .../AuthenticationBlockAssertionBuilder.java       |  47 +--
 .../AuthenticationDataAssertionBuilder.java        | 123 ++++++
 .../moa/id/auth/builder/SAMLArtifactBuilder.java   |  10 +-
 .../moa/id/auth/data/AuthenticationSession.java    | 173 +++++++--
 .../id/auth/servlet/GetMISSessionIDServlet.java    |  68 ++--
 .../auth/servlet/ProcessValidatorInputServlet.java |   2 +-
 .../servlet/VerifyAuthenticationBlockServlet.java  |  24 ++
 .../id/auth/servlet/VerifyCertificateServlet.java  | 111 +++---
 .../id/auth/servlet/VerifyIdentityLinkServlet.java |  30 +-
 .../id/util/client/mis/simple/MISSimpleClient.java |  19 +-
 .../AuthenticationBlockAssertionBuilderTest.java   |   2 +-
 pom.xml                                            |   2 +-
 repository/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar    | Bin 0 -> 1025987 bytes
 repository/axis/axis/1.0_IAIK/axis-1.0_IAIK.pom    |   7 +
 spss/server/history.txt                            |   2 +
 44 files changed, 863 insertions(+), 1387 deletions(-)
 delete mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt
 delete mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/ParepInputProcessorSignTemplate.html
 delete mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/SampleBKUSelectionTemplate.html
 delete mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/SampleInputProcessorSignTemplate.html
 delete mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/SampleTemplate.html
 delete mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/handy_mandate_template.html
 delete mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/handy_moa-id_template.html
 delete mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/local_mandate_template.html
 delete mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/local_moa-id_template.html
 delete mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/online_mandate_template.html
 delete mode 100644 id/server/data/deploy/conf/moa-id/sampleTemplates/online_moa-id_template.html
 create mode 100644 repository/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar
 create mode 100644 repository/axis/axis/1.0_IAIK/axis-1.0_IAIK.pom

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/id/history.txt b/id/history.txt
index 59e127d6a..8d88f1bb1 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -7,7 +7,11 @@ History MOA-ID:
 
 Version MOA-ID 1.5.1: Änderungen seit Version MOA-ID 1.5.0:
 
-- @TODO
+- Fixed Bug #556 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=556&group_id=6&atid=105) 
+- Fixed Bug @TODO Apostroph
+- Update Einbindung Online-Vollmachten (Vor Auswahl der Vollmacht werden die Signaturdaten signiert)
+- Update Transformationen (für Online-Vollmachten)
+- Änderung der Konfiguration für Online-Vollmachten
 
 
 =====
diff --git a/id/oa/.settings/org.eclipse.wst.common.component b/id/oa/.settings/org.eclipse.wst.common.component
index 086feced3..3bc38ebcc 100644
--- a/id/oa/.settings/org.eclipse.wst.common.component
+++ b/id/oa/.settings/org.eclipse.wst.common.component
@@ -1,7 +1,8 @@
-<project-modules id="moduleCoreId" project-version="2.0">
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
   <wb-module deploy-name="moa-id-oa">
     <property name="context-root" value="moa-id-oa"/>
     <wb-resource deploy-path="/" source-path="src/main/webapp"/>
     <property name="java-output-path" value="/target/classes"/>
   </wb-module>
-</project-modules>
\ No newline at end of file
+</project-modules>
diff --git a/id/server/auth/src/main/webapp/iframeHandyBKU.html b/id/server/auth/src/main/webapp/iframeHandyBKU.html
index f07b73265..a7e541b85 100644
--- a/id/server/auth/src/main/webapp/iframeHandyBKU.html
+++ b/id/server/auth/src/main/webapp/iframeHandyBKU.html
@@ -8,11 +8,13 @@
     	<script type="text/javascript">
 			// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
            	// z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
-			var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
+			// var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
+			var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample";
 				
 			// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Handy Signatur an -->
 			<!-- z.B.: value="https://yoururl.at/moa-id-auth/template_handyBKU.html"-->
-			var URL_TO_HANDYSIGNATUR_TEMPLATE = "[URL_TO_HANDYSIGNATUR_TEMPLATE]";
+			//var URL_TO_HANDYSIGNATUR_TEMPLATE = "[URL_TO_HANDYSIGNATUR_TEMPLATE]";
+			var URL_TO_HANDYSIGNATUR_TEMPLATE = "https://localhost:8443/moa-id-auth/template_handyBKU.html";
 				
 				
 			window.onload=function() {
diff --git a/id/server/auth/src/main/webapp/iframeOnlineBKU.html b/id/server/auth/src/main/webapp/iframeOnlineBKU.html
index 4873245be..60f44ace9 100644
--- a/id/server/auth/src/main/webapp/iframeOnlineBKU.html
+++ b/id/server/auth/src/main/webapp/iframeOnlineBKU.html
@@ -8,16 +8,19 @@
 	    <script type="text/javascript">
 			// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
             // z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
-			var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
+			// var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
+			var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample";
 			
 			// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Online BKU an
 			// z.B.: "https://yoururl.at/moa-id-auth/template_onlineBKU.html"
-			var URL_TO_ONLINEBKU_TEMPLATE = "[URL_TO_ONLINEBKU_TEMPLATE]";
-			
+			//var URL_TO_ONLINEBKU_TEMPLATE = "[URL_TO_ONLINEBKU_TEMPLATE]";
+			var URL_TO_ONLINEBKU_TEMPLATE = "https://localhost:8443/moa-id-auth/template_onlineBKU.html";
+
 			// [MUSS] Geben Sie hier die URL zur Online BKU an
 			// z.B.: value="https://yoururl.at/bkuonline/https-security-layer-request"
 			// Hinweis: Diese URL muss auch bei den vertrauenswürdigen BKUs in der MOA-ID Konfiguration angegeben werden (siehe Element MOA-IDConfiguration/TrustedBKUs/BKUURL)
-			var URL_TO_ONLINEBKU = "[URL_TO_ONLINEBKU]";
+			//var URL_TO_ONLINEBKU = "[URL_TO_ONLINEBKU]";
+			var URL_TO_ONLINEBKU = "https://localhost:8444/bkuonline/https-security-layer-request";
 				
 			window.onload=function() {
 				document.getElementById('moaidform').action = MOA_ID_STARTAUTHENTICATION;
diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
index cdf96e5b7..d78f01f2a 100644
--- a/id/server/auth/src/main/webapp/index.html
+++ b/id/server/auth/src/main/webapp/index.html
@@ -11,11 +11,13 @@
         <script type="text/javascript">
 			// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
             // z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
-			var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
+			// var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
+			var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample";
 			
 			// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die lokale BKU an
             // z.B.: https://yoururl.at/moa-id-auth/template_localBKU.html
-			var URL_TO_LOKALBKU_TEMPLATE = "[URL_TO_LOKALBKU_TEMPLATE]";
+			//var URL_TO_LOKALBKU_TEMPLATE = "[URL_TO_LOKALBKU_TEMPLATE]";
+			var URL_TO_LOKALBKU_TEMPLATE = "https://localhost:8443/moa-id-auth/template_localBKU.html";
 			
 			
 			window.onload=function() {
@@ -135,8 +137,12 @@
 
                     <div id="localBKU" style="display:none" class="hell">
                         <hr>
+                        <!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an -->
+                        <!-- z.B.: action="https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at"-->
                         <form method="post" id="moaidform">
                             <input type="hidden" name="show" value="false"> 
+							<!-- [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die lokale BKU an -->
+                            <!-- z.B.: value="https://yoururl.at/moa-id-auth/template_localBKU.html"-->
                             <input type="hidden" name="Template" id="Template">
                             <input type="hidden" name="bkuURI" value="https://localhost:3496/https-security-layer-request">
                             <input type="hidden" name="useMandate" id="useMandate"> 
@@ -172,10 +178,10 @@
 
                 <div id="rightcontent">
                     <p>
-                        <a href="http://www.buergerkarte.at/de/aktivieren/online.html" target="_blank"><img src="img/ecard_aktivieren.jpg" border="0" alt="eCard online aktivieren"></a>                    
+                        <a href="http://www.buergerkarte.at/de/aktivieren/online.html" target="_blank"><img src="img/ecard_aktivieren.jpg" border="0" alt="eCard online aktivieren" width="210"></a>                    
                     </p>
                     <p>
-                        <a href="http://www.buergerkarte.at/de/aktivieren/mobil.html" target="_blank"><img src="img/mobilsig_aktivieren.jpg" border="0" alt="Handy Signatur aktivieren"></a>                    
+                        <a href="http://www.buergerkarte.at/de/aktivieren/mobil.html" target="_blank"><img src="img/mobilsig_aktivieren.jpg" border="0" alt="Mobile Signatur aktivieren" width="210"></a>                    
                     </p>                   
                 </div>
 
@@ -192,7 +198,6 @@
                         <p>
                         	Diese Musterseite erf&uuml;llt die Richtlinie f&uuml;r barrierefreie Webinhalte 2.0 (WCAG 2.0 des W3C) Stufe AA. Das Pr&uuml;fprotokoll hierzu finden Sie hier: <a href="WCAG-Pruefprotokoll.pdf" target="_blank">Pruefprotokoll.pdf (PDF, 705kB)</a>.
                         </p>
-                        
    	            	</div>
                 </div>
             </div>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index 0494502f7..697cadec4 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -1,45 +1,17 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-ID ohne Proxy mit Unterstuetzung fuer A-Trust und Handy-Signatur  -->
+<!-- Beispielkonfiguration fuer MOA-ID ohne Proxy -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
 	<!-- Konfiguration fuer MOA-ID-AUTH -->
 	<AuthComponent>
-		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-		<BKUSelection BKUSelectionAlternative="HTMLSelect">
-			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-				<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			</ConnectionParameter>
-		</BKUSelection>
-		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
-		<Templates>
-			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-			<!--<OnlineMandates>
-				<BKU URL="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
-					<MOA-ID-Template URL="sampleTemplates/handy_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/handy_mandate_template.html"/>
-				</BKU>
-				<BKU URL="https://localhost:3496/https-security-layer-request">
-					<MOA-ID-Template URL="sampleTemplates/local_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/local_mandate_template.html"/>
-				</BKU>
-				<BKU URL="https://[yourserver]/bkuonline/https-security-layer-request">
-					<MOA-ID-Template URL="sampleTemplates/online_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/online_mandate_template.html"/>					
-				</BKU>
-			</OnlineMandates>-->
-		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
-		<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
+			<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
 			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>-->
 		</SecurityLayer>
 		<MOA-SP>
 			<!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. 
            Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
-			<!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
 			<!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
 			<!--	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
 			<!--	<ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
@@ -53,71 +25,49 @@
 				<TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
 				<!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
 				<!-- Wählen Sie hier entsprechende der Sprachauswahl im Element <SecurityLayer><TransformsInfo> das deutsche oder englische Profil -->
-				<!--<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>-->
-				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>
+				<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_DE</VerifyTransformsInfoProfileID>
+				<!--<VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
-			<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
-			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
-						
+				<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
+				<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
 				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
 				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
-				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+				<!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
 			</ConnectionParameter>
 		</ForeignIdentities>
-		
 		<!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service -->
 		<!-- <OnlineMandates> -->
-			<!-- Echtsystem -->
-			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">-->
-			<!-- Testsystem -->
-			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis-test/MandateIssueRequest">-->
-				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Online-Vollmachten System an -->
-				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
-				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
-				<!-- <ClientKeyStore password="password">certs/clientcert.p12</ClientKeyStore>				-->
-			<!-- </ConnectionParameter> -->
-			<!-- Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben -->
-			<!-- (siehe Element OnlineMandates unter MOA-IDConfiguration/AuthComponent/OnlineMandates)-->
+		<!-- Echtsystem -->
+		<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">-->
+		<!-- Testsystem -->
+		<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis-test/MandateIssueRequest">-->
+		<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Online-Vollmachten System an -->
+		<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+		<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+		<!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>				-->
+		<!-- </ConnectionParameter> -->
+		<!-- Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben -->
+		<!-- (siehe Element OnlineMandates unter MOA-IDConfiguration/AuthComponent/OnlineMandates)-->
 		<!-- </OnlineMandates> -->
-
-		
 	</AuthComponent>
 	<!-- Eintragung fuer jede Online-Applikation -->
 	<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
 	<OnlineApplication publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
 		<!-- fuer MOA-ID-AUTH -->
 		<AuthComponent slVersion="1.2">
-			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-           &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
-           nur f&uuml;r diese Online Applikation<-->
-			<Templates>
-				<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-				<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-				<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-			</Templates>
-			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-			<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-			<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-			<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-			
 			<!-- Aktivieren von Vollmachten fuer diese Online-Applikation-->
 			<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
 			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
 			<!--<Mandates>-->
-				<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
-<!--				<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
-<!--			</Mandates>-->
+			<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+			<!--				<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
+			<!--			</Mandates>-->
 		</AuthComponent>
 	</OnlineApplication>
 	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index 31bcdf512..41103cf3c 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -1,38 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer A-Trust und Handy-Signatur -->
+<!-- Beispielkonfiguration fuer MOA-ID -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
 	<!-- Konfiguration fuer MOA-ID-AUTH -->
 	<AuthComponent>
-		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-		<BKUSelection BKUSelectionAlternative="HTMLSelect">
-			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-				<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			</ConnectionParameter>
-		</BKUSelection>
-		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
-		<Templates>
-			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-			<!--<OnlineMandates>
-				<BKU URL="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
-					<MOA-ID-Template URL="sampleTemplates/handy_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/handy_mandate_template.html"/>
-				</BKU>
-				<BKU URL="https://localhost:3496/https-security-layer-request">
-					<MOA-ID-Template URL="sampleTemplates/local_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/local_mandate_template.html"/>
-				</BKU>
-				<BKU URL="https://[yourserver]/bkuonline/https-security-layer-request">
-					<MOA-ID-Template URL="sampleTemplates/online_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/online_mandate_template.html"/>					
-				</BKU>
-			</OnlineMandates>-->
-		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
-		<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
+			<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
 			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
 			<!--  <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>-->
 		</SecurityLayer>
@@ -57,36 +30,32 @@
 				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
-
-<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
+		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
-			<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
-			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
-						
+				<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
+				<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
 				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
 				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
-				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+				<!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
 			</ConnectionParameter>
 		</ForeignIdentities>
-		
 		<!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service -->
 		<!-- <OnlineMandates> -->
-			<!-- Echtsystem -->
-			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">-->
-			<!-- Testsystem -->
-			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis-test/MandateIssueRequest">-->
-				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Online-Vollmachten System an -->
-				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
-				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
-				<!-- <ClientKeyStore password="password">certs/clientcert.p12</ClientKeyStore>				-->
-			<!-- </ConnectionParameter> -->
-			<!-- Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben -->
-			<!-- (siehe Element OnlineMandates unter MOA-IDConfiguration/AuthComponent/OnlineMandates)-->
+		<!-- Echtsystem -->
+		<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">-->
+		<!-- Testsystem -->
+		<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis-test/MandateIssueRequest">-->
+		<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Online-Vollmachten System an -->
+		<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+		<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+		<!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>				-->
+		<!-- </ConnectionParameter> -->
+		<!-- Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben -->
+		<!-- (siehe Element OnlineMandates unter MOA-IDConfiguration/AuthComponent/OnlineMandates)-->
 		<!-- </OnlineMandates> -->
-
 	</AuthComponent>
 	<!-- Konfiguration fuer MOA-ID-PROXY -->
 	<ProxyComponent>
@@ -103,30 +72,13 @@
 	<OnlineApplication publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
 		<!-- fuer MOA-ID-AUTH -->
 		<AuthComponent slVersion="1.2">
-			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-           &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
-           nur f&uuml;r diese Online Applikation<-->
-			<Templates>
-				<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-				<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-				<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-			</Templates>
-			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-			<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-			<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-			<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
 			<!-- Aktivieren von Vollmachten fuer diese Online-Applikation-->
 			<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
 			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
 			<!--<Mandates>-->
-				<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
-<!--				<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
-<!--			</Mandates>-->
+			<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+			<!--				<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
+			<!--			</Mandates>-->
 		</AuthComponent>
 		<!-- fuer MOA-ID-PROXY -->
 		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
@@ -161,5 +113,4 @@
 		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 	</TrustedBKUs>
-
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 9989b5927..05c6387e1 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -1,35 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-ID ohne Proxy mit Unterstuetzung fuer A-Trust und Handy-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext -->
+<!-- Beispielkonfiguration fuer MOA-ID ohne Proxy -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
 	<!-- Konfiguration fuer MOA-ID-AUTH -->
 	<AuthComponent>
-		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-		<BKUSelection BKUSelectionAlternative="HTMLSelect">
-			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-				<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			</ConnectionParameter>
-		</BKUSelection>
-		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
-		<Templates>
-			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-			<!--<OnlineMandates>
-				<BKU URL="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
-					<MOA-ID-Template URL="sampleTemplates/handy_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/handy_mandate_template.html"/>
-				</BKU>
-				<BKU URL="https://localhost:3496/https-security-layer-request">
-					<MOA-ID-Template URL="sampleTemplates/local_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/local_mandate_template.html"/>
-				</BKU>
-				<BKU URL="https://[yourserver]/bkuonline/https-security-layer-request">
-					<MOA-ID-Template URL="sampleTemplates/online_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/online_mandate_template.html"/>					
-				</BKU>
-			</OnlineMandates>-->
-		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
 			<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
@@ -62,60 +35,40 @@
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
-			<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
-			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
-				
+				<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
+				<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
 				<!-- Voraussetzung: A-Trust bzw. A-CERT Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
 				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
-				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+				<!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
 			</ConnectionParameter>
 		</ForeignIdentities>
-		
 		<!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service -->
 		<!-- <OnlineMandates> -->
-			<!-- Echtsystem -->
-			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">-->
-			<!-- Testsystem -->
-			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis-test/MandateIssueRequest">-->
-				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Online-Vollmachten System an -->
-				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
-				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
-				<!-- <ClientKeyStore password="password">certs/clientcert.p12</ClientKeyStore>				-->
-			<!-- </ConnectionParameter> -->
-			<!-- Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben -->
-			<!-- (siehe Element OnlineMandates unter MOA-IDConfiguration/AuthComponent/OnlineMandates)-->
+		<!-- Echtsystem -->
+		<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">-->
+		<!-- Testsystem -->
+		<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis-test/MandateIssueRequest">-->
+		<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Online-Vollmachten System an -->
+		<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+		<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+		<!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>				-->
+		<!-- </ConnectionParameter> -->
+		<!-- Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben -->
+		<!-- (siehe Element OnlineMandates unter MOA-IDConfiguration/AuthComponent/OnlineMandates)-->
 		<!-- </OnlineMandates> -->
-		
 	</AuthComponent>
 	<!-- Eintragung fuer jede Online-Applikation -->
 	<!--  publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden  -->
 	<OnlineApplication publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
 		<!-- fuer MOA-ID-AUTH -->
 		<AuthComponent slVersion="1.2">
-			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-           &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
-           nur f&uuml;r diese Online Applikation<-->
-			<Templates>
-				<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-				<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-				<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-			</Templates>
-			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-			<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-			<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-			<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
-						<!-- Aktivieren von Vollmachten fuer diese Online-Applikation-->
+			<!-- Aktivieren von Vollmachten fuer diese Online-Applikation-->
 			<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
 			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
 			<!-- <Mandates> -->
-				<!-- Liste der Vollmachten-Identifikatoren, die festlegt mit welchen Vollmachtstyp man sich bei der Online-Applikation anmelden kann-->
-				<!--<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
+			<!-- Liste der Vollmachten-Identifikatoren, die festlegt mit welchen Vollmachtstyp man sich bei der Online-Applikation anmelden kann-->
+			<!--<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
 			<!--</Mandates> -->
 		</AuthComponent>
 	</OnlineApplication>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index 2b03faf5d..1d8b50537 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -1,38 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer A-Trust und Handy-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext -->
+<!-- Beispielkonfiguration fuer MOA-ID  -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
 	<!-- Konfiguration fuer MOA-ID-AUTH -->
 	<AuthComponent>
-		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-		<BKUSelection BKUSelectionAlternative="HTMLSelect">
-			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-				<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			</ConnectionParameter>
-		</BKUSelection>
-		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
-		<Templates>
-			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-			<!--<OnlineMandates>
-				<BKU URL="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
-					<MOA-ID-Template URL="sampleTemplates/handy_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/handy_mandate_template.html"/>
-				</BKU>
-				<BKU URL="https://localhost:3496/https-security-layer-request">
-					<MOA-ID-Template URL="sampleTemplates/local_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/local_mandate_template.html"/>
-				</BKU>
-				<BKU URL="https://[yourserver]/bkuonline/https-security-layer-request">
-					<MOA-ID-Template URL="sampleTemplates/online_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/online_mandate_template.html"/>					
-				</BKU>
-			</OnlineMandates>-->
-		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
-		<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
+			<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
 			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>-->
 		</SecurityLayer>
@@ -62,32 +35,28 @@
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
-			<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
-			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
-						
+				<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
+				<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
 				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
 				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
-				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+				<!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
 			</ConnectionParameter>
 		</ForeignIdentities>
-		
 		<!-- Einstellungen für den Zugriff auf das Online-Vollmachten Service -->
 		<!-- <OnlineMandates> -->
-			<!-- Echtsystem -->
-			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">-->
-			<!-- Testsystem -->
-			<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis-test/MandateIssueRequest">-->
-				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Online-Vollmachten System an -->
-				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
-				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
-				<!-- <ClientKeyStore password="password">certs/clientcert.p12</ClientKeyStore>				-->
-			<!-- </ConnectionParameter> -->
-			<!-- Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben -->
-			<!-- (siehe Element OnlineMandates unter MOA-IDConfiguration/AuthComponent/OnlineMandates)-->
+		<!-- Echtsystem -->
+		<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">-->
+		<!-- Testsystem -->
+		<!-- <ConnectionParameter URL="https://vollmachten.stammzahlenregister.gv.at/mis-test/MandateIssueRequest">-->
+		<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Online-Vollmachten System an -->
+		<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
+		<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
+		<!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore>				-->
+		<!-- </ConnectionParameter> -->
+		<!-- Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu aktivieren, müssen Sie das Vollmachten Profil angeben -->
+		<!-- (siehe Element OnlineMandates unter MOA-IDConfiguration/AuthComponent/OnlineMandates)-->
 		<!-- </OnlineMandates> -->
-		
-		
 	</AuthComponent>
 	<!-- Konfiguration fuer MOA-ID-PROXY -->
 	<ProxyComponent>
@@ -104,30 +73,13 @@
 	<OnlineApplication publicURLPrefix="https://localhost:8443/" friendlyName="Online Applikation 1">
 		<!-- fuer MOA-ID-AUTH -->
 		<AuthComponent slVersion="1.2">
-			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-           &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
-           nur f&uuml;r diese Online Applikation<-->
-			<Templates>
-				<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-				<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-				<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-			</Templates>
-			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-			<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-			<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-			<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
 			<!-- Aktivieren von Vollmachten fuer diese Online-Applikation-->
 			<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
 			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
 			<!--<Mandates>-->
-				<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
-<!--				<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
-<!--			</Mandates>-->
+			<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+			<!--				<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
+			<!--			</Mandates>-->
 		</AuthComponent>
 		<!-- fuer MOA-ID-PROXY -->
 		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
index 58ed8bce7..f639af1b6 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -1,38 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-WID ohne Proxy mit Unterstuetzung fuer A-Trust und Handy-Signatur -->
+<!-- Beispielkonfiguration fuer MOA-WID ohne Proxy -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
 	<!-- Konfiguration fuer MOA-ID-AUTH -->
 	<AuthComponent>
-		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-		<BKUSelection BKUSelectionAlternative="HTMLSelect">
-			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-				<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			</ConnectionParameter>
-		</BKUSelection>
-		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
-		<Templates>
-			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-			<!--<OnlineMandates>
-				<BKU URL="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
-					<MOA-ID-Template URL="sampleTemplates/handy_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/handy_mandate_template.html"/>
-				</BKU>
-				<BKU URL="https://localhost:3496/https-security-layer-request">
-					<MOA-ID-Template URL="sampleTemplates/local_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/local_mandate_template.html"/>
-				</BKU>
-				<BKU URL="https://[yourserver]/bkuonline/https-security-layer-request">
-					<MOA-ID-Template URL="sampleTemplates/online_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/online_mandate_template.html"/>					
-				</BKU>
-			</OnlineMandates>-->			
-		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
-		<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
+			<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
 			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>-->
 		</SecurityLayer>
@@ -57,20 +30,18 @@
 				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
-<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
+		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
-			<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
-			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
-						
+				<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
+				<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
 				<!-- Voraussetzung: A-Trust oder A-CERT Zertifikat mit Verwaltungseigenschaft oder Dienstleistereigenschaft. -->
 				<!-- Wenn ihr MOA-ID Zertifikat diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
-				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+				<!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
 			</ConnectionParameter>
 		</ForeignIdentities>
-		
 	</AuthComponent>
 	<!-- Eintragung fuer jede Online-Applikation -->
 	<!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
@@ -82,23 +53,6 @@
 				<!-- Beispiel Firmenbuchnummer -->
 				<pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
 			</IdentificationNumber>
-			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-           &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
-           nur f&uuml;r diese Online Applikation<-->
-			<Templates>
-				<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-				<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-				<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-			</Templates>
-			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-			<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-			<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-			<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
 		</AuthComponent>
 	</OnlineApplication>
 	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
@@ -118,10 +72,9 @@
 	<!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
 	<!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
 	<!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
-		<!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
+	<!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
 	<TrustedBKUs>
 		<BKUURL>https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 		<BKUURL>https://www.a-trust.at/mobile/https-security-layer-request/default.aspx</BKUURL>
 	</TrustedBKUs>
-
 </MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
index 497508363..a63eb8db9 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -1,38 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-WID mit Unterstuetzung fuer A-Trust und Handy-Signatur -->
+<!-- Beispielkonfiguration fuer MOA-WID -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
 	<!-- Konfiguration fuer MOA-ID-AUTH -->
 	<AuthComponent>
-		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-		<BKUSelection BKUSelectionAlternative="HTMLSelect">
-			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-				<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			</ConnectionParameter>
-		</BKUSelection>
-		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
-		<Templates>
-			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-			<!--<OnlineMandates>
-				<BKU URL="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
-					<MOA-ID-Template URL="sampleTemplates/handy_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/handy_mandate_template.html"/>
-				</BKU>
-				<BKU URL="https://localhost:3496/https-security-layer-request">
-					<MOA-ID-Template URL="sampleTemplates/local_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/local_mandate_template.html"/>
-				</BKU>
-				<BKU URL="https://[yourserver]/bkuonline/https-security-layer-request">
-					<MOA-ID-Template URL="sampleTemplates/online_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/online_mandate_template.html"/>					
-				</BKU>
-			</OnlineMandates>-->			
-		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
-		<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
+			<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
 			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>-->
 		</SecurityLayer>
@@ -61,13 +34,12 @@
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
-			<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
-			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
-			
+				<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
+				<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
 				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
 				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
-				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+				<!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
 			</ConnectionParameter>
 		</ForeignIdentities>
 	</AuthComponent>
@@ -91,23 +63,6 @@
 				<!-- Beispiel Firmenbuchnummer -->
 				<pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
 			</IdentificationNumber>
-			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-           &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
-           nur f&uuml;r diese Online Applikation<-->
-			<Templates>
-				<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-				<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-				<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-			</Templates>
-			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-			<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-			<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-			<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
 		</AuthComponent>
 		<!-- fuer MOA-ID-PROXY -->
 		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
index 82462ec2c..6d7e1d0d1 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -1,38 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-WID ohne Proxy mit Unterstuetzung fuer A-Trust und Handy-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext -->
+<!-- Beispielkonfiguration fuer MOA-WID ohne Proxy -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
 	<!-- Konfiguration fuer MOA-ID-AUTH -->
 	<AuthComponent>
-		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-		<BKUSelection BKUSelectionAlternative="HTMLSelect">
-			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-				<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			</ConnectionParameter>
-		</BKUSelection>
-		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
-		<Templates>
-			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-			<!--<OnlineMandates>
-				<BKU URL="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
-					<MOA-ID-Template URL="sampleTemplates/handy_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/handy_mandate_template.html"/>
-				</BKU>
-				<BKU URL="https://localhost:3496/https-security-layer-request">
-					<MOA-ID-Template URL="sampleTemplates/local_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/local_mandate_template.html"/>
-				</BKU>
-				<BKU URL="https://[yourserver]/bkuonline/https-security-layer-request">
-					<MOA-ID-Template URL="sampleTemplates/online_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/online_mandate_template.html"/>					
-				</BKU>
-			</OnlineMandates>-->			
-		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
-		<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
+			<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
 			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>-->
 		</SecurityLayer>
@@ -58,22 +31,16 @@
 				<!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockTable_EN</VerifyTransformsInfoProfileID>-->
 			</VerifyAuthBlock>
 		</MOA-SP>
-		<!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird -->
-		<!-- IdentityLinkSigners-->
-		<!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
-		<!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName-->
-		<!--/IdentityLinkSigners-->
 		<!-- Einstellungen für den Zugriff auf das Stammzahlenregister-Gateway - für ausländische Personen -->
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
-			<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
-			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
-			
+				<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
+				<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
 				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
 				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
-				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+				<!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
 			</ConnectionParameter>
 		</ForeignIdentities>
 	</AuthComponent>
@@ -87,23 +54,6 @@
 				<!-- Beispiel Firmenbuchnummer -->
 				<pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
 			</IdentificationNumber>
-			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-           &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
-           nur f&uuml;r diese Online Applikation<-->
-			<Templates>
-				<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-				<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-				<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-			</Templates>
-			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-			<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-			<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-			<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
 		</AuthComponent>
 	</OnlineApplication>
 	<!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
index 692db9ff3..6ce0f5d51 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -1,38 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-WID mit Unterstuetzung fuer A-Trust und Handy-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext -->
+<!-- Beispielkonfiguration fuer MOA-WID -->
 <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
 	<!-- Konfiguration fuer MOA-ID-AUTH -->
 	<AuthComponent>
-		<!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
-		<BKUSelection BKUSelectionAlternative="HTMLSelect">
-			<ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
-				<!-- 	<AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
-			</ConnectionParameter>
-		</BKUSelection>
-		<!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-        &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <-->
-		<Templates>
-			<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-			<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-			<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-			<!--<OnlineMandates>
-				<BKU URL="https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx">
-					<MOA-ID-Template URL="sampleTemplates/handy_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/handy_mandate_template.html"/>
-				</BKU>
-				<BKU URL="https://localhost:3496/https-security-layer-request">
-					<MOA-ID-Template URL="sampleTemplates/local_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/local_mandate_template.html"/>
-				</BKU>
-				<BKU URL="https://[yourserver]/bkuonline/https-security-layer-request">
-					<MOA-ID-Template URL="sampleTemplates/online_moa-id_template.html"/>
-					<MandateTemplate URL="sampleTemplates/online_mandate_template.html"/>					
-				</BKU>
-			</OnlineMandates>-->			
-		</Templates>
 		<!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
 		<SecurityLayer>
-		<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
+			<!-- Wählen Sie hier den deutschen oder englischen Auswahltext -->
 			<TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_DE.xml"/>
 			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockTable_EN.xml"/>-->
 		</SecurityLayer>
@@ -62,13 +35,12 @@
 		<ForeignIdentities>
 			<!-- Echtsystem (Eintragung ins ERnP nur mit Echtkarten gemäß E-Government Gleichwertigkeits Verordnung) -->
 			<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at/services/IdentityLinkCreation">
-			<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
-			<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
-			
+				<!-- Testsystem (Eintragung ins ERnP - auch für Testkarten) -->
+				<!--<ConnectionParameter URL="https://gateway.stammzahlenregister.gv.at:8443/services/IdentityLinkCreation">-->
 				<!-- Geben Sie hier ihren Client Keystore für den Zugriff auf das Stammzahlenregister-Gateway an -->
 				<!-- Voraussetzung: A-Trust Zertifikat mit Verwaltungseigenschaft. Wenn ihr MOA-ID Zertifikat -->
 				<!-- diese Voraussetzung erfüllt, können Sie dieses hier angeben. -->
-				<ClientKeyStore password="password">cert/clientcert.p12</ClientKeyStore>
+				<!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
 			</ConnectionParameter>
 		</ForeignIdentities>
 	</AuthComponent>
@@ -92,23 +64,6 @@
 				<!-- Beispiel Firmenbuchnummer -->
 				<pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
 			</IdentificationNumber>
-			<!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
-           &quot;Anmeldung mit B&uuml;rgerkarte&quot; sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren 
-           nur f&uuml;r diese Online Applikation<-->
-			<Templates>
-				<!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/-->
-				<!--Template URL="sampleTemplates/SampleTemplate.html"/-->
-				<!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/-->
-			</Templates>
-			<!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
-			<!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
-			<!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
-			<!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
-			<!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
-			<!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
 		</AuthComponent>
 		<!-- fuer MOA-ID-PROXY -->
 		<ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt b/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt
deleted file mode 100644
index 04029dc80..000000000
--- a/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt
+++ /dev/null
@@ -1,26 +0,0 @@
-TEMPLATES:
-==========
-Zweck:
-------
-Mithilfe von Templates können Sie beispielsweise das Aussehen der Seiten 
-"Auswahl der Bürgerkartenumgebung" sowie "Anmeldung mit Bürgerkarte" 
-anpassen. Damit können Sie zusätzliche Hintergrundinformationen (Wozu 
-dient die Anmeldung, etc.) zu diesen Seiten hinzufügen und das Layout an 
-Ihre sonstigen Anwendungen anpassen.
-
-Wenn Sie in den Beispielkonfigurationsdateien die Elmente 
-"AuthComponent/Templates" oder "OnlineApplication/AuthComponent/Templates"
-aktivieren, dann werden die in diesem Verzeichnis enthaltenen Beispieltemplates
-geladen. Es sind dies sehr einfache Templates, die nur das Laden über die 
-Konfigurationsdatei demonstrieren sollen. (Das Laden der Templates über
-die Konfigurationsdatei steht erst ab Version 1.3.1 zur Verfügung).
-Etwas aufwendigere Templates (mit CSS) finden Sie als eigene Webapplikation im 
-Verzeichnis "/auth/templates" der entpackten Distribution.
-
-Die Datei ParepInputProcessorSignTemplate.html dient als Template für die 
-Formulare der beruflichen Parteienvertretung, welche bereits die Styleguide für
-das österreichische E-Government erfüllen sollen. 
-
-Nähere Informationen zu den Templates finden Sie im MOA-ID-Konfigurationshandbuch.
-
-
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/ParepInputProcessorSignTemplate.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/ParepInputProcessorSignTemplate.html
deleted file mode 100644
index 99bc057ad..000000000
--- a/id/server/data/deploy/conf/moa-id/sampleTemplates/ParepInputProcessorSignTemplate.html
+++ /dev/null
@@ -1,61 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
-
-<html>
-<head>
-<BASE href="<BASE_href>">
-<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-<title>Berufliche Parteieinvertretung</title>
-<link href="css/styles.css" type="text/css" rel="stylesheet">
-<link href="css/styles_opera.css" type="text/css" rel="stylesheet">
-<link href="css/mandates.css" type="text/css" rel="stylesheet">
-    <script language="javascript" type="text/javascript">
-      //<!--
-      function autoSubmit() {
-        document.VerifyAuthBlockForm.submitButton.disabled=true;
-        document.VerifyAuthBlockForm.submit();
-      } //-->
-    </script>
-<script src="formallg.js" type="text/javascript"></script>
-<script src="fa.js" type="text/javascript"></script>
-</head>
-<body onLoad="autoSubmit()">
-
-
-<div class="hleft">
-<!--Stammzahlenregisterbehörde--><br />
-<!--Ballhausplatz 2--><br />
-<!--1014 Wien-->
-</div>
-<div class="hright" align="right"><!--img src="img/szr-logo.jpg" width="400" height="56" /--></div>
-<div class="htitle" align="left">
-  <h1>Berufliche Parteienvertretung</h1>
-</div>
-<div class="leiste1" align="center">
-Bitte beachten Sie
-</div>
-<div class="leiste2" align="center">
-</div>
-<div class="leiste3">
-<img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" />&nbsp; Feld muss ausgef&uuml;llt sein
-</div>
-<div class="leiste3">
-<img alt=" Hilfe zum Ausfüllen " src="img/info.gif" width="10" height="16" />&nbsp; Ausf&uuml;llhilfe
-</div>
-<div class="leiste3">
-<img alt=" Angabe bitte ergänzen oder richtig stellen! " src="img/rufezeichen.gif" width="10" height="16" />&nbsp; Fehlerhinweis</div>
-<div style="clear: both">&nbsp;</div>
-
-<h2>Berufliche Parteienvertretung einer nat&uuml;rlichen/juristischen Person
-</h2>
-<div class="boundingbox">
-  <br/><br/>
-    <form name="VerifyAuthBlockForm" action="<BKU>" method="post" enctype="application/x-www-form-urlencoded">
-      <input type="hidden" name="XMLRequest" value="<XMLRequest>"/>
-      <input type="hidden" name="DataURL" value="<DataURL>"/>
-      <input type="hidden" name="PushInfobox" value="<PushInfobox>"/>
-      &nbsp;&nbsp;&nbsp;&nbsp;<input type="submit" value="Signieren der Anmeldedaten" id="submitButton"/>
-    </form>
-  <br/>
-</div>
-</body>
-</html>
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleBKUSelectionTemplate.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleBKUSelectionTemplate.html
deleted file mode 100644
index 983de7c70..000000000
--- a/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleBKUSelectionTemplate.html
+++ /dev/null
@@ -1,42 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<title>MOA ID - Auswahl der B&uuuml;rgerkartenumgebung</title>
-	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-	<meta name="Author" content="Max Mustermann">
-	<meta name="keywords" content="MOA-ID">
-</head>
-
-<body>
-
-<h1 align="center">Auswahl der B&uuml;rgerkartenumgebung</h1>
-
-<p></p>
-<p>Sie haben sich f&uuml;r Anmeldung mit Ihrer B&uuml;rgerkarte entschieden. Da es verschiedene Formen der B&uuml;rgerkarte gibt, m&uuml;ssen Sie nun w&auml;hlen, welche Sie bei der Anmeldung verwenden wollen.</p>
-<h3>Auswahl der B&uuml;rgerkarte</h3>
-<form name="CustomizedForm" method="post" action="<StartAuth>">
-  <BKUSelect> 
-  <input type="submit" value="Ausw&auml;hlen"/>
-</form>
-<br/>
-<p></p>
-
- <input type="hidden" value="Weitere Info"/>
-</form>
-
-<h4>Hinweise: </h4>
-<ul>
-  <li> 
-  	<p>Bei der Anmeldung mit einer <a href="http://www.a-trust.at/" target="_blank">A-Trust B&uuml;rgerkarte</a> oder Ihrer
-  	<a href="http://www.chipkarte.at" target="_blank">E-CARD</a> ben&ouml;tigen Sie 
-  	eine funktionsf&auml;hige <a href="http://www.buergerkarte.at/" target="_blank">B&uuml;rgerkartensoftware</a> sowie einen passenden Kartenleser.</p>
-  </li>
-  <li> 
-    <p>Bei der Anmeldung mit der <a href="http://www.a-trust.at/mobile/" target="_blank">A-Trust Handysignatur</a> &uuml;ber Ihr Handy wird keine B&uuml;rgerkartensoftware und 
-      kein Kartenleser ben&ouml;tigt.</p>
-  </li>
-</ul>
-
-
-</body>
-</html>
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleInputProcessorSignTemplate.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleInputProcessorSignTemplate.html
deleted file mode 100644
index 9c8e67a20..000000000
--- a/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleInputProcessorSignTemplate.html
+++ /dev/null
@@ -1,39 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<title>MOA ID - Identifizierter Zugang mit B&uuml;rgerkarte</title>
-  <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-  <meta name="Author" content="Max Mustermann">
-  <meta name="keywords" content="MOA-ID">
-  <script language="javascript" type="text/javascript">
-    //<!--
-    function autoSubmit() {
-      document.VerifyAuthBlockForm.submitButton.disabled=true;
-      document.VerifyAuthBlockForm.submit();
-    } //-->
-  </script>
-</head>
-
-<body onLoad="autoSubmit()">
-<h1 align="center">Sicherer Zugang zur Online-Anwendung mit B&uuml;rgerkarte</h1>
-<p></p>
-
-Der identifizierte Zugang erfolgt &uuml;ber die Module f&uuml;r Online Applikationen (MOA) unter Verwendung einer B&uuml;rgerkarte und deren Signaturfunktion.
-
-<p></p>
-<p>Sie werden in ku&uuml;rze zur Signatur der Anmeldedaten aufgefordert. Wenn sie diese
-signieren, so werden sie zur Online-Anwendung weitergeleitet und angemeldet.</p>
-
-<form name="VerifyAuthBlockForm" action="<BKU>" method="post" enctype="application/x-www-form-urlencoded">
-  <div align="center">
-    <input type="hidden" name="XMLRequest" value="<XMLRequest>"/>
-    <input type="hidden" name="DataURL" value="<DataURL>"/>
-    <input type="hidden" name="PushInfobox" value="<PushInfobox>"/>
-    <input type="submit" value="Signieren der Anmeldedaten" id="submitButton"/>
-  </div>
-</form>
-
-<p align="right">&nbsp; </p>
-
-</body>
-</html>
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleTemplate.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleTemplate.html
deleted file mode 100644
index 83a6639e6..000000000
--- a/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleTemplate.html
+++ /dev/null
@@ -1,56 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<title>MOA ID - Identifizierter Zugang mit B&uuml;rgerkarte</title>
-	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-	<meta name="Author" content="Max Mustermann">
-	<meta name="keywords" content="MOA-ID">
-</head>
-
-<body>
-
-<h1 align="center">Sicherer Zugang zur Online-Anwendung mit B&uuml;rgerkarte</h1>
-
-<p></p>
-
-Der identifizierte Zugang erfolgt &uuml;ber die Module f&uuml;r Online Applikationen (MOA) unter Verwendung einer B&uuml;rgerkarte und deren Signaturfunktion.
-
-<p></p>
-<p>Wenn Sie in Folge die Schaltfl&auml;che "Anmeldung mit B&uuml;rgerkarte"
-aktivieren, so werden Sie zur Signatur der Anmeldedaten aufgefordert. Wenn Sie diese
-signieren, so werden Sie zur Online-Anwendung weitergeleitet und angemeldet.</p>
-
-
-<form name="CustomizedForm" action="<BKU>" method="post">
-  <div align="center">
-    <input type="hidden" 
-        name="XMLRequest" 
-        value="<XMLRequest>"/>
-    <input type="hidden" 
-        name="DataURL" 
-        value="<DataURL>"/>
-    <input type="hidden" 
-        name="PushInfobox" 
-        value="<PushInfobox>"/>
-    <input type="submit" value="Anmeldung mit B&uuml;rgerkarte" name="submit"/>
-  </div>
-</form>
-<form name="CustomizedInfoForm"
- action="<BKU>"
- method="post">
-  <input type="hidden"
-        name="XMLRequest"
-        value="<CertInfoXMLRequest>"/>
-    <input type="hidden"
-        name="DataURL"
-        value="<CertInfoDataURL>"/>
-
-
-<br/>
-<p></p>
-
- <input type="hidden" value="Weitere Info"/>
-</form>
-
-</body>
-</html>
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/handy_mandate_template.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/handy_mandate_template.html
deleted file mode 100644
index 58f2a9ec5..000000000
--- a/id/server/data/deploy/conf/moa-id/sampleTemplates/handy_mandate_template.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-Templateseite zur Signatur für Online-Vollmachten (für Handysignatur)
--->
-<html>
-  <head>
-    <meta http-equiv="content-type" content="text/html; charset=UTF-8">    
-    <title>Vollmachten-Anmeldung</title>
-    <!-- Javascript darf nicht verändert werden -->
-    <script language="javascript">
-      function fillFrame() {    
-        var f = top.frames['mandate'];
-        with (f.document) {
-          open();
-		  <Mandate>
-		   close();
-        }
-      }
-    </script>
-  </head>
-  <!-- onLoad="fillFrame(); return false;" darf nicht verändert werden-->
-  <body onLoad="fillFrame(); return false;">
-    <h2>Vollmachten-Anmeldung (Handysignatur)</h2>
-    <!-- Name des iframe darf nicht veändert werden -->
-    <iframe name="mandate" src="" frameborder="0" width="250" height="400" scrolling="no"></iframe>    
-  </body>
-</html>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/handy_moa-id_template.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/handy_moa-id_template.html
deleted file mode 100644
index 60d1a8733..000000000
--- a/id/server/data/deploy/conf/moa-id/sampleTemplates/handy_moa-id_template.html
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-MOA-ID Template für Handy-Signatur bei Online-Vollmachten
--->
-<html>
-<head>
-<meta http-equiv="content-type" content="text/html; charset=UTF-8">
-<title>Vollmachten-Anmeldung</title>
-</head>
-<body onLoad="document.VollmachtenForm.submit();">
-<form name="VollmachtenForm" action="<BKU>" method="post">
-<input type="hidden" name="XMLRequest" value="<XMLRequest>"/>
-<input type="hidden" name="DataURL" value="<DataURL>"/>
-<input type="hidden" name="PushInfobox" value="<PushInfobox>"/>
-<input type="submit" value="Starte Signatur" name="Senden"/>
-
-<!-- Angabe der Parameter für die Handy-BKU -->
-<input type="hidden" name="appletWidth" value="220">
-<input type="hidden" name="appletHeight" value="159">
-	
-<!-- Angabe des Parameters fuer die Hintergrundfarbe der Handy-Signatur -->
-<input type="hidden" name="backgroundColor" value="#DDDDDD"> 
-            
-<input type="hidden" name="redirecttarget" value="_parent">
-</form>
-
-<form name="CustomizedInfoForm"
- action="<BKU>"
- method="post">
-  <input type="hidden"
-        name="XMLRequest"
-        value="<CertInfoXMLRequest>"/>
-    <input type="hidden"
-        name="DataURL"
-        value="<CertInfoDataURL>"/>
- <input type="hidden" value="Weitere Info"/>
-</form>
- </body>
- </html>
- 
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/local_mandate_template.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/local_mandate_template.html
deleted file mode 100644
index bbea993d8..000000000
--- a/id/server/data/deploy/conf/moa-id/sampleTemplates/local_mandate_template.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-Templateseite zur Signatur für Online-Vollmachten (für Lokale-BKU)
--->
-<html>
-  <head>
-    <meta http-equiv="content-type" content="text/html; charset=UTF-8">    
-    <title>Vollmachten-Anmeldung</title>
-    <!-- Javascript darf nicht verändert werden -->
-    <script language="javascript">
-      function fillFrame() {    
-        var f = top.frames['mandate'];
-        with (f.document) {
-          open();
-		  <Mandate>
-		   close();
-        }
-      }
-    </script>
-  </head>
-  <!-- onLoad="fillFrame(); return false;" darf nicht verändert werden-->
-  <body onLoad="fillFrame(); return false;">
-    <h2>Vollmachten-Anmeldung (Lokale-BKU)</h2>
-    <!-- Name des iframe darf nicht veändert werden -->
-    <iframe name="mandate" src="" frameborder="0" width="250" height="400" scrolling="no"></iframe>    
-  </body>
-</html>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/local_moa-id_template.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/local_moa-id_template.html
deleted file mode 100644
index 47dc64408..000000000
--- a/id/server/data/deploy/conf/moa-id/sampleTemplates/local_moa-id_template.html
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-MOA-ID Template für lokale BKU bei Online-Vollmachten
--->
-<html>
-<head>
-<!-- base target muss bei lokaler BKU gesetzt sein -->
-<base target="_parent">
-<meta http-equiv="content-type" content="text/html; charset=UTF-8">
-<title>Vollmachten-Anmeldung</title>
-</head>
-<body onLoad="document.VollmachtenForm.submit();">
-<form name="VollmachtenForm" action="<BKU>" method="post">
-<input type="hidden" name="XMLRequest" value="<XMLRequest>"/>
-<input type="hidden" name="DataURL" value="<DataURL>"/>
-<input type="hidden" name="PushInfobox" value="<PushInfobox>"/>
-<input type="submit" value="Starte Signatur" name="Senden"/>
-</form>
-
-<form name="CustomizedInfoForm"
- action="<BKU>"
- method="post">
-  <input type="hidden"
-        name="XMLRequest"
-        value="<CertInfoXMLRequest>"/>
-    <input type="hidden"
-        name="DataURL"
-        value="<CertInfoDataURL>"/>
- <input type="hidden" value="Weitere Info"/>
-</form>
- </body>
- </html>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/online_mandate_template.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/online_mandate_template.html
deleted file mode 100644
index 6b75fcb6a..000000000
--- a/id/server/data/deploy/conf/moa-id/sampleTemplates/online_mandate_template.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-Templateseite zur Signatur für Online-Vollmachten (für Online-BKU)
--->
-<html>
-  <head>
-    <meta http-equiv="content-type" content="text/html; charset=UTF-8">    
-    <title>Vollmachten-Anmeldung</title>
-    <!-- Javascript darf nicht verändert werden -->
-    <script language="javascript">
-      function fillFrame() {    
-        var f = top.frames['mandate'];
-        with (f.document) {
-          open();
-		  <Mandate>
-		   close();
-        }
-      }
-    </script>
-  </head>
-  <!-- onLoad="fillFrame(); return false;" darf nicht verändert werden-->
-  <body onLoad="fillFrame(); return false;">
-    <h2>Vollmachten-Anmeldung (Online-BKU)</h2>
-    <!-- Name des iframe darf nicht veändert werden -->
-    <iframe name="mandate" src="" frameborder="0" width="250" height="400" scrolling="no"></iframe>    
-  </body>
-</html>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/online_moa-id_template.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/online_moa-id_template.html
deleted file mode 100644
index 33c7f39c6..000000000
--- a/id/server/data/deploy/conf/moa-id/sampleTemplates/online_moa-id_template.html
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-MOA-ID Template für Online-BKU bei Online-Vollmachten
--->
-<html>
-<head>
-<meta http-equiv="content-type" content="text/html; charset=UTF-8">
-<title>Vollmachten-Anmeldung</title>
-</head>
-<body onLoad="document.VollmachtenForm.submit();">
-<form name="VollmachtenForm" action="<BKU>" method="post">
-<input type="hidden" name="XMLRequest" value="<XMLRequest>"/>
-<input type="hidden" name="DataURL" value="<DataURL>"/>
-<input type="hidden" name="PushInfobox" value="<PushInfobox>"/>
-<input type="submit" value="Starte Signatur" name="Senden"/>
-
-<!-- Angabe der Parameter fuer die Online-BKU -->
-<input type="hidden" name="appletWidth" value="220">
-<input type="hidden" name="appletHeight" value="140">
-			
-<!-- Angabe des Parameter fuer die Hintergrundfarbe der Online-BKU -->
-<input type="hidden" name="appletBackgroundColor" value="#DDDDDD">
-</form>
-
-<form name="CustomizedInfoForm"
- action="<BKU>"
- method="post">
-  <input type="hidden"
-        name="XMLRequest"
-        value="<CertInfoXMLRequest>"/>
-    <input type="hidden"
-        name="DataURL"
-        value="<CertInfoDataURL>"/>
- <input type="hidden" value="Weitere Info"/>
-</form>
-
- </body>
- </html>
-    
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
index bfcb95be9..4ec0f94ae 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
@@ -10,8 +10,8 @@
 							<style type="text/css" media="screen">
               					.normalstyle { font-size: medium; } 
               					.italicstyle { font-size: medium; font-style: italic; }
-								.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: medium; } 
-								.h4style{ font-size: large; font-family: Verdana; }                                                                                      
+								.titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; } 
+								.h4style{ font-size: large; }                                                                                      
               				</style>
 						</head>
 						<body>
@@ -46,25 +46,11 @@
 										</td>
 									</tr>
 								</xsl:if>
-								<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+								<xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']">
 									<tr>
 										<td class="italicstyle">Vollmacht:</td>
 										<td class="normalstyle">
-											<xsl:text>Ich bin ermächtigt, für </xsl:text>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-												<xsl:text>, geboren am </xsl:text>
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
-												<xsl:text>.</xsl:text>
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
-												<xsl:text>.</xsl:text>
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-											</xsl:if>
-											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-												<xsl:text>, </xsl:text>
-												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-											</xsl:if>
-											<xsl:text>, zu handeln.</xsl:text>
+											<xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text>
 										</td>
 									</tr>
 								</xsl:if>
@@ -98,6 +84,15 @@
 										</td>
 									</tr>
 								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']">
+									<tr>
+										<td class="italicstyle">
+											Vollmachten-Referenz:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/>
+										</td>
+									</tr>
+								</xsl:if>
 								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
 									<tr>
 										<td class="italicstyle">
@@ -116,14 +111,6 @@
 										</td>
 									</tr>
 								</xsl:if>
-								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-									<tr>
-										<td class="italicstyle">Identifikator des Vollmachtgebers:</td>
-										<td class="normalstyle">
-											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
-										</td>
-									</tr>
-								</xsl:if>
 								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
 									<tr>
 										<td class="italicstyle">OID:</td>
@@ -171,4 +158,4 @@
 	<sl10:FinalDataMetaInfo>
 		<sl10:MimeType>application/xhtml+xml</sl10:MimeType>
 	</sl10:FinalDataMetaInfo>
-</sl10:TransformsInfo>
\ No newline at end of file
+</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
index 17691ca8d..5e45cd6d0 100644
--- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
@@ -10,8 +10,8 @@
 							<style type="text/css" media="screen">
               					.normalstyle { font-size: medium; } 
               					.italicstyle { font-size: medium; font-style: italic; }
-								.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: medium; } 
-								.h4style{ font-size: large; font-family: Verdana; }                                                                                      
+								.titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; } 
+								.h4style{ font-size: large; }                                                                                      
               				</style>
 						</head>
 						<body>
@@ -46,27 +46,11 @@
 										</td>
 									</tr>
 								</xsl:if>
-								<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+								<xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']">
 									<tr>
 										<td class="italicstyle">Mandate:</td>
 										<td class="normalstyle">
-											<xsl:text>I am also authorized as </xsl:text>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-											<xsl:text> of </xsl:text>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-												<xsl:text>, born on </xsl:text>
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
-												<xsl:text>.</xsl:text>
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
-												<xsl:text>.</xsl:text>
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-											</xsl:if>
-											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-												<xsl:text>, </xsl:text>
-												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-											</xsl:if>
-											<xsl:text>, to act on their behalf.</xsl:text>
+											<xsl:text>I log in as representative. In the next step a list of available mandates is shown. Here I select one mandate.</xsl:text>
 										</td>
 									</tr>
 								</xsl:if>
@@ -100,6 +84,15 @@
 										</td>
 									</tr>
 								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']">
+									<tr>
+										<td class="italicstyle">
+											Mandate Reference:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/>
+										</td>
+									</tr>
+								</xsl:if>
 								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
 									<tr>
 										<td class="italicstyle">
@@ -118,14 +111,6 @@
 										</td>
 									</tr>
 								</xsl:if>
-								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-									<tr>
-										<td class="italicstyle">Identifier of the principal:</td>
-										<td class="normalstyle">
-											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
-										</td>
-									</tr>
-								</xsl:if>
 								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
 									<tr>
 										<td class="italicstyle">OID:</td>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
index 3387aa462..74bede15c 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
-<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+	<dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
 		<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
 			<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
 				<xsl:output method="xml" xml:space="default"/>
@@ -11,8 +11,8 @@
 							<style type="text/css" media="screen">
               					.normalstyle { font-size: medium; } 
               					.italicstyle { font-size: medium; font-style: italic; }
-								.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: medium; } 
-								.h4style{ font-size: large; font-family: Verdana; }                                                                                      
+								.titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; } 
+								.h4style{ font-size: large; }                                                                                      
               				</style>
 						</head>
 						<body>
@@ -47,25 +47,11 @@
 										</td>
 									</tr>
 								</xsl:if>
-								<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+								<xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']">
 									<tr>
 										<td class="italicstyle">Vollmacht:</td>
 										<td class="normalstyle">
-											<xsl:text>Ich bin ermächtigt, für </xsl:text>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-												<xsl:text>, geboren am </xsl:text>
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
-												<xsl:text>.</xsl:text>
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
-												<xsl:text>.</xsl:text>
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-											</xsl:if>
-											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-												<xsl:text>, </xsl:text>
-												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-											</xsl:if>
-											<xsl:text>, zu handeln.</xsl:text>
+											<xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text>
 										</td>
 									</tr>
 								</xsl:if>
@@ -99,6 +85,15 @@
 										</td>
 									</tr>
 								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']">
+									<tr>
+										<td class="italicstyle">
+											Vollmachten-Referenz:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/>
+										</td>
+									</tr>
+								</xsl:if>
 								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
 									<tr>
 										<td class="italicstyle">
@@ -117,14 +112,6 @@
 										</td>
 									</tr>
 								</xsl:if>
-								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-									<tr>
-										<td class="italicstyle">Identifikator des Vollmachtgebers:</td>
-										<td class="normalstyle">
-											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
-										</td>
-									</tr>
-								</xsl:if>
 								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
 									<tr>
 										<td class="italicstyle">OID:</td>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
index 207296d52..bf72e4689 100644
--- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
@@ -11,8 +11,8 @@
 							<style type="text/css" media="screen">
               					.normalstyle { font-size: medium; } 
               					.italicstyle { font-size: medium; font-style: italic; }
-								.titlestyle{ text-decoration:underline; font-weight:bold; font-family: Verdana;  font-size: medium; } 
-								.h4style{ font-size: large; font-family: Verdana; }                                                                                      
+								.titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; } 
+								.h4style{ font-size: large; }                                                                                      
               				</style>
 						</head>
 						<body>
@@ -47,27 +47,11 @@
 										</td>
 									</tr>
 								</xsl:if>
-								<xsl:if test="//saml:Attribute[@AttributeName='MandatorName']">
+								<xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']">
 									<tr>
 										<td class="italicstyle">Mandate:</td>
 										<td class="normalstyle">
-											<xsl:text>I am also authorized as </xsl:text>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='RepresentationType']/saml:AttributeValue/text()"/>
-											<xsl:text> of </xsl:text>
-											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorName']/saml:AttributeValue/text()"/>
-											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDateOfBirth']">
-												<xsl:text>, born on </xsl:text>
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,9,2)"/>
-												<xsl:text>.</xsl:text>
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,6,2)"/>
-												<xsl:text>.</xsl:text>
-												<xsl:value-of select="substring(//saml:Attribute[@AttributeName='MandatorDateOfBirth']/saml:AttributeValue,1,4)"/>
-											</xsl:if>
-											<xsl:if test="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']">
-												<xsl:text>, </xsl:text>
-												<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorDomainIdentifier']/saml:AttributeValue/text()"/>
-											</xsl:if>
-											<xsl:text>, to act on their behalf.</xsl:text>
+											<xsl:text>I log in as representative. In the next step a list of available mandates is shown. Here I select one mandate.</xsl:text>
 										</td>
 									</tr>
 								</xsl:if>
@@ -101,6 +85,15 @@
 										</td>
 									</tr>
 								</xsl:if>
+								<xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']">
+									<tr>
+										<td class="italicstyle">
+											Mandate Reference:</td>
+										<td class="normalstyle">
+											<xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/>
+										</td>
+									</tr>
+								</xsl:if>
 								<xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
 									<tr>
 										<td class="italicstyle">
@@ -119,14 +112,6 @@
 										</td>
 									</tr>
 								</xsl:if>
-								<xsl:if test="//saml:Attribute[@AttributeName='MandatorWbpk']">
-									<tr>
-										<td class="italicstyle">Identifier of the principal:</td>
-										<td class="normalstyle">
-											<xsl:value-of select="//saml:Attribute[@AttributeName='MandatorWbpk']/saml:AttributeValue/text()"/>
-										</td>
-									</tr>
-								</xsl:if>
 								<xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
 									<tr>
 										<td class="italicstyle">OID:</td>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 94fd4f28e..9e15e04dd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -550,7 +550,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     // now validate the extended infoboxes
     verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam.getProvideStammzahl());
     
-    return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam, false);
+    return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
   }
   
   
@@ -571,7 +571,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
    *        the BKU including the <code>&lt;InfoboxReadResponse&gt;</code>
    * @return String representation of the <code>&lt;CreateXMLSignatureRequest&gt;</code>
    */
-  public String verifyMandate(String sessionID, MISMandate mandate)
+  public void verifyMandate(String sessionID, MISMandate mandate)
     throws
       AuthenticationException,
       BuildException,
@@ -591,28 +591,25 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     
     
     AuthenticationSession session = getSession(sessionID);
-    AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
-
-      
     OAAuthParameter oaParam =
       AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
         session.getPublicOAURLPrefix());
     
-    try {
-    	// set extended SAML attributes
-		setExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService());
-	} catch (SAXException e) {
-		throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e);
-	} catch (IOException e) {
-		throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e);
-	} catch (ParserConfigurationException e) {
-		throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e);
-	} catch (TransformerException e) {
-		throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e);
+	if (oaParam.getProvideFullMandatorData()) {
+		try {
+	    	// set extended SAML attributes if provideMandatorData is true
+	    	setExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService());
+		} catch (SAXException e) {
+			throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e);
+		} catch (IOException e) {
+			throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e);
+		} catch (ParserConfigurationException e) {
+			throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e);
+		} catch (TransformerException e) {
+			throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}, e);
+		}
 	}
-
-    
-    return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam, true);
+		
   }
   
   /**
@@ -625,7 +622,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
    * @throws BuildException
    * @throws ValidateException
    */
-  public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam, boolean fromMandate)
+  public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam)
     throws 
       ConfigurationException, 
       BuildException,
@@ -638,7 +635,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance().
       getOnlineApplicationParameter(session.getPublicOAURLPrefix());
 
-    if (!fromMandate) {
+//    if (!fromMandate) {
 	    //BZ.., calculate bPK for signing to be already present in AuthBlock
 	    IdentityLink identityLink = session.getIdentityLink();
 	    if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
@@ -649,11 +646,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 	        identityLink.setIdentificationValue(bpkBase64);
 	      }
 	    //..BZ
-    }
+//    }
     
 
     // builds the AUTH-block
-    String authBlock = buildAuthenticationBlock(session, fromMandate);
+    String authBlock = buildAuthenticationBlock(session);
     
 //    session.setAuthBlock(authBlock);
     // builds the <CreateXMLSignatureRequest>
@@ -837,7 +834,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
    * @throws BuildException If an error occurs on serializing an extended SAML attribute 
    *                        to be appended to the AUTH-Block.
    */
-  private String buildAuthenticationBlock(AuthenticationSession session, boolean fromMandate) throws BuildException {
+  private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException {
      IdentityLink identityLink = session.getIdentityLink();
      String issuer = identityLink.getName();
        String gebDat = identityLink.getDateOfBirth();
@@ -862,8 +859,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       oaURL, 
       gebDat,
       extendedSAMLAttributes,
-      session, 
-      fromMandate);
+      session);
       
     return authBlock;
   }
@@ -949,7 +945,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
                 throw new ValidateException("validator.43", new Object[] {friendlyName});
               }
               // set compatibility mode for mandates infobox and all infoboxes (it is possible to be a parep infobox)
-              session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams()));
+              //session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams()));
               // check for party representation in mandates infobox
               if (Constants.INFOBOXIDENTIFIER_MANDATES.equalsIgnoreCase(identifier) && !((infoboxTokenList == null || infoboxTokenList.size() == 0))){
                 //We need app specific parameters
@@ -1187,6 +1183,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     
 	  Vector extendedSamlAttributes = new Vector(); 
 	  
+	  
 	  extendedSamlAttributes.clear();
     
 	  //extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
@@ -1404,72 +1401,189 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     }
 
     
-    // Exchange person data information by a mandate if needed
-    boolean mandateMode = session.getUseMandate();
+    // builds authentication data and stores it together with a SAML artifact
+    AuthenticationData authData = buildAuthenticationData(session, vsresp);
     
-    List oaAttributes = session.getExtendedSAMLAttributesOA();
-    IdentityLink replacementIdentityLink = null;
+    if (session.getUseMandate()) {    	
+    	// mandate mode
+    	return null;
+    }
+    else {
+    	
+    	String samlAssertion =
+            new AuthenticationDataAssertionBuilder().build(
+              authData, 
+              session.getAssertionPrPerson(), 
+              session.getAssertionAuthBlock(), 
+              session.getAssertionIlAssertion(),
+              session.getBkuURL(),
+              session.getAssertionSignerCertificateBase64(),
+              session.getAssertionBusinessService(),
+              session.getExtendedSAMLAttributesOA());
+          authData.setSamlAssertion(samlAssertion);
+          
+          String assertionFile = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.WriteAssertionToFile");
+          if (!ParepUtils.isEmpty(assertionFile))
+			try {
+				ParepUtils.saveStringToFile(samlAssertion, new File(assertionFile));
+			} catch (IOException e) {
+				throw new BuildException(
+				        "builder.00",
+				        new Object[] { "AuthenticationData", e.toString()},
+				        e);
+			} 
+    
+          String samlArtifact =
+          	new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
+          storeAuthenticationData(samlArtifact, authData);
+          
+          // invalidates the authentication session
+          sessionStore.remove(sessionID);
+          Logger.info(
+          		"Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact);
+          return samlArtifact;
+          
+    }
+    	
+    
+    
+    
+  }
+  
+  /**
+   * Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+   * security layer implementation.<br>
+   * <ul>
+   * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+   * <li>Parses <code>&lt;CreateXMLSignatureResponse&gt;</code> for error codes</li>
+   * <li>Parses authentication block enclosed in 
+   *      <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+   * <li>Verifies authentication block by calling the MOA SP component</li>
+   * <li>Creates authentication data</li>
+   * <li>Creates a corresponding SAML artifact</li>
+   * <li>Stores authentication data in the authentication data store 
+   *      indexed by the SAML artifact</li>
+   * <li>Deletes authentication session</li>
+   * <li>Returns the SAML artifact, encoded BASE64</li>
+   * </ul>
+   * 
+   * @param sessionID session ID of the running authentication session
+   * @param xmlCreateXMLSignatureReadResponse String representation of the 
+   *           <code>&lt;CreateXMLSignatureResponse&gt;</code>
+   * @return SAML artifact needed for retrieving authentication data, encoded BASE64
+   */
+  public String verifyAuthenticationBlockMandate(
+    String sessionID, 
+    Element mandate)
+    throws
+      AuthenticationException,
+      BuildException,
+      ParseException,
+      ConfigurationException,
+      ServiceException,
+      ValidateException {
+
+    if (isEmpty(sessionID))
+         throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
+    AuthenticationSession session = getSession(sessionID);
+    //AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
 
-//    if (mandateMode) {
-//        Iterator it = oaAttributes.iterator();
-//          //ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next();
-//        Element mandate = session.getMandateElem();
-//        replacementIdentityLink = new IdentityLink();
-//        Element mandator = ParepUtils.extractMandator(mandate);
-//        String dateOfBirth = "";
-//        Element prPerson = null;
-//        String familyName = "";
-//        String givenName = "";
-//        String identificationType = "";
-//        String identificationValue = "";
-//        if (mandator != null) {
-//        	boolean physical = ParepUtils.isPhysicalPerson(mandator);
-//        	if (physical) {
-//        		familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
-//        		givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
-//        		dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
-//        	} else {
-//        		familyName = ParepUtils.extractMandatorFullName(mandator);
-//        	}
-//        	identificationType = ParepUtils.getIdentification(mandator, "Type");
-//        	identificationValue = ParepUtils.extractMandatorWbpk(mandator);
-//        	prPerson = ParepUtils.extractPrPersonOfMandate(mandate);
-//        	if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) {
-//        		// now we calculate the wbPK and do so if we got it from the BKU
-//        		identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier();
-//        		identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier());
-//        		ParepUtils.HideStammZahlen(prPerson, true, null, null, true);
-//        	}
-//        	
-//        
-//        	replacementIdentityLink.setDateOfBirth(dateOfBirth);
-//        	replacementIdentityLink.setFamilyName(familyName);
-//        	replacementIdentityLink.setGivenName(givenName);
-//        	replacementIdentityLink.setIdentificationType(identificationType);
-//        	replacementIdentityLink.setIdentificationValue(identificationValue);
-//        	replacementIdentityLink.setPrPerson(prPerson);
-//        	try {
-//                replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion());
-//        	} catch (Exception e) {
-//                throw new ValidateException("validator.64", null);
-//              }
-//            
-//          }
-//        
-//      }
+    
+    IdentityLink tempIdentityLink = null;
+
+    if (session.getUseMandate()) {        
+        tempIdentityLink = new IdentityLink();
+        Element mandator = ParepUtils.extractMandator(mandate);
+        String dateOfBirth = "";
+        Element prPerson = null;
+        String familyName = "";
+        String givenName = "";
+        String identificationType = "";
+        String identificationValue = "";
+        if (mandator != null) {
+        	boolean physical = ParepUtils.isPhysicalPerson(mandator);
+        	if (physical) {
+        		familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+        		givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+        		dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+        	} else {
+        		familyName = ParepUtils.extractMandatorFullName(mandator);
+        	}
+        	identificationType = ParepUtils.getIdentification(mandator, "Type");
+        	identificationValue = ParepUtils.extractMandatorWbpk(mandator);
+        	prPerson = ParepUtils.extractPrPersonOfMandate(mandate);
+        	if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) {
+        		// now we calculate the wbPK and do so if we got it from the BKU
+        		identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier();
+        		identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier());
+        		ParepUtils.HideStammZahlen(prPerson, true, null, null, true);
+        	}
+        	
+        
+        	tempIdentityLink.setDateOfBirth(dateOfBirth);
+        	tempIdentityLink.setFamilyName(familyName);
+        	tempIdentityLink.setGivenName(givenName);
+        	tempIdentityLink.setIdentificationType(identificationType);
+        	tempIdentityLink.setIdentificationValue(identificationValue);
+        	tempIdentityLink.setPrPerson(prPerson);
+        	try {
+        		tempIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion());
+        	} catch (Exception e) {
+                throw new ValidateException("validator.64", null);
+              }
+            
+          }
+        
+      }
     
     // builds authentication data and stores it together with a SAML artifact
-    AuthenticationData authData = buildAuthenticationData(session, vsresp, replacementIdentityLink);
-    String samlArtifact =
-    	new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
-    storeAuthenticationData(samlArtifact, authData);
+    AuthenticationData authData = session.getAssertionAuthData(); //buildAuthenticationData(session, vsresp, replacementIdentityLink);
     
-    // invalidates the authentication session
-    sessionStore.remove(sessionID);
-    Logger.info(
-    		"Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact);
-    return samlArtifact;
     
+    Element mandatePerson = tempIdentityLink.getPrPerson();
+    String mandateData = null;
+	try {
+		mandateData = DOMUtils.serializeNode(mandatePerson);
+	} catch (TransformerException e1) {
+		throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
+	} catch (IOException e1) {
+		throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
+	}
+    
+    String samlAssertion =
+    	new AuthenticationDataAssertionBuilder().buildMandate(
+    			authData, 
+    			session.getAssertionPrPerson(), 
+    			mandateData,
+    			session.getAssertionAuthBlock(), 
+    			session.getAssertionIlAssertion(),
+    			session.getBkuURL(),
+    			session.getAssertionSignerCertificateBase64(),
+    			session.getAssertionBusinessService(),
+    			session.getExtendedSAMLAttributesOA());
+    authData.setSamlAssertion(samlAssertion);
+          
+    String assertionFile = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.WriteAssertionToFile");
+    if (!ParepUtils.isEmpty(assertionFile))
+    	try {
+    		ParepUtils.saveStringToFile(samlAssertion, new File(assertionFile));
+    	} catch (IOException e) {
+    		throw new BuildException(
+    				"builder.00",
+    				new Object[] { "AuthenticationData", e.toString()},
+    				e);
+    	} 
+    
+    	String samlArtifact =
+          	new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
+        storeAuthenticationData(samlArtifact, authData);
+          
+          // invalidates the authentication session
+          sessionStore.remove(sessionID);
+          Logger.info(
+          		"Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact);
+          return samlArtifact;
+        
   }
 
   /**
@@ -1540,79 +1654,45 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       }
     }
 
-    // Exchange person data information by a mandate if needed
-    List oaAttributes = session.getExtendedSAMLAttributesOA();
-    IdentityLink replacementIdentityLink = null;
-    if (session.isMandateCompatibilityMode() && oaAttributes != null && oaAttributes.size()>0) {
-      // look if we have a mandate
-      boolean foundMandate = false;
-      Iterator it = oaAttributes.iterator();
-      while (!foundMandate && it.hasNext()) {
-        ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next();
-        if (ParepValidator.EXT_SAML_MANDATE_RAW.equals(samlAttribute.getName())) {
-          Object value = samlAttribute.getValue();
-          if (value instanceof Element) {
-            Element mandate = (Element) value;
-            replacementIdentityLink = new IdentityLink();
-            Element mandator = ParepUtils.extractMandator(mandate);
-            String dateOfBirth = "";
-            Element prPerson = null;
-            String familyName = "";
-            String givenName = "";
-            String identificationType = "";
-            String identificationValue = "";
-            if (mandator != null) {
-              boolean physical = ParepUtils.isPhysicalPerson(mandator);
-              if (physical) {
-                familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
-                givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
-                dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
-              } else {
-                familyName = ParepUtils.extractMandatorFullName(mandator);
-              }
-              identificationType = ParepUtils.getIdentification(mandator, "Type");
-              identificationValue = ParepUtils.extractMandatorWbpk(mandator);
-              prPerson = ParepUtils.extractPrPersonOfMandate(mandate);
-              if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) {
-                // now we calculate the wbPK and do so if we got it from the BKU
-                identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier();
-                identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier());
-                ParepUtils.HideStammZahlen(prPerson, true, null, null, true);
-              }
-
-            }
-            replacementIdentityLink.setDateOfBirth(dateOfBirth);
-            replacementIdentityLink.setFamilyName(familyName);
-            replacementIdentityLink.setGivenName(givenName);
-            replacementIdentityLink.setIdentificationType(identificationType);
-            replacementIdentityLink.setIdentificationValue(identificationValue);
-            replacementIdentityLink.setPrPerson(prPerson);
-            try {
-              replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion());
-            } catch (Exception e) {
-              throw new ValidateException("validator.64", null);
-            }
-          } else {
-            Logger.info("The type of Mandate SAML-Attribute is not \"org.w3c.dom.Element\"");
-            throw new ValidateException("validator.64", null);
-          }
-        }
-      }
-    }
-    
     VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse();
     X509Certificate cert = session.getForeignSignerCertificate();
     vsresp.setX509certificate(cert);
-    AuthenticationData authData = buildAuthenticationData(session, vsresp, replacementIdentityLink);
-    String samlArtifact =
-      new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
-    storeAuthenticationData(samlArtifact, authData);
-    
-    // invalidates the authentication session
-    sessionStore.remove(sessionID);
-    Logger.info(
-      "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact);
-    return samlArtifact;
+    AuthenticationData authData = buildAuthenticationData(session, vsresp);
+    
+    
+    String samlAssertion =
+        new AuthenticationDataAssertionBuilder().build(
+          authData, 
+          session.getAssertionPrPerson(), 
+          session.getAssertionAuthBlock(), 
+          session.getAssertionIlAssertion(),
+          session.getBkuURL(),
+          session.getAssertionSignerCertificateBase64(),
+          session.getAssertionBusinessService(),
+          session.getExtendedSAMLAttributesOA());
+      authData.setSamlAssertion(samlAssertion);
+      
+      String assertionFile = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.WriteAssertionToFile");
+      if (!ParepUtils.isEmpty(assertionFile))
+		try {
+			ParepUtils.saveStringToFile(samlAssertion, new File(assertionFile));
+		} catch (IOException e) {
+			throw new BuildException(
+			        "builder.00",
+			        new Object[] { "AuthenticationData", e.toString()},
+			        e);
+		} 
+
+      String samlArtifact =
+      	new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
+      storeAuthenticationData(samlArtifact, authData);
+      
+      // invalidates the authentication session
+      sessionStore.remove(sessionID);
+      Logger.info(
+      		"Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact);
+    
+      return samlArtifact;
   }
   
   /**
@@ -1626,18 +1706,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
    */
   private AuthenticationData buildAuthenticationData(
     AuthenticationSession session,
-    VerifyXMLSignatureResponse verifyXMLSigResp,
-    IdentityLink replacementIdentityLink)
+    VerifyXMLSignatureResponse verifyXMLSigResp)
     throws ConfigurationException, BuildException {
 
-    IdentityLink identityLink;
-    if (replacementIdentityLink == null) {
-      identityLink = session.getIdentityLink();
-    } else {
-      // We have got data form a mandate we need now to use to stay compatible with applications
-      identityLink = replacementIdentityLink;
-    }
-      
+    IdentityLink identityLink = session.getIdentityLink();
     AuthenticationData authData = new AuthenticationData();
     OAAuthParameter oaParam =
       AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
@@ -1661,6 +1733,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       authData.setIdentificationValue(identityLink.getIdentificationValue());
     }
     String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl);
+    
     try {     
       String signerCertificateBase64 = "";
       if (oaParam.getProvideCertifcate()) {
@@ -1696,22 +1769,17 @@ public class AuthenticationServer implements MOAIDAuthConstants {
         ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink.getIdentificationValue(), "");
       }
       String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : "";
-      String samlAssertion =
-        new AuthenticationDataAssertionBuilder().build(
-          authData, 
-          prPerson, 
-          authBlock, 
-          ilAssertion,
-          session.getBkuURL(),
-          signerCertificateBase64,
-          businessService,
-          session.getExtendedSAMLAttributesOA());
-      authData.setSamlAssertion(samlAssertion);
       
-      String assertionFile = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter("AuthenticationServer.WriteAssertionToFile");
-      if (!ParepUtils.isEmpty(assertionFile)) ParepUtils.saveStringToFile(samlAssertion, new File(assertionFile)); //Ex: "c:/saml_assertion.xml"
-     
+      session.setAssertionAuthBlock(authBlock);
+      session.setAssertionAuthData(authData);
+      session.setAssertionBusinessService(businessService);
+      session.setAssertionIlAssertion(ilAssertion);
+      session.setAssertionPrPerson(prPerson);
+      session.setAssertionSignerCertificateBase64(signerCertificateBase64);
+      
       return authData;
+      
+      
     } catch (Throwable ex) {
       throw new BuildException(
         "builder.00",
@@ -1735,7 +1803,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     }
     AuthenticationData authData = null;
     synchronized (authenticationDataStore) {
-    	System.out.println("assertionHandle: " + assertionHandle);
+    	//System.out.println("assertionHandle: " + assertionHandle);
       authData = (AuthenticationData) authenticationDataStore.get(assertionHandle);
       if (authData == null) {
         Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index d48054e4b..35c4244c6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -49,6 +49,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
@@ -154,15 +155,14 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
     String oaURL, 
     String gebDat,
     List extendedSAMLAttributes,
-    AuthenticationSession session, 
-    boolean fromMandate)
+    AuthenticationSession session)
   throws BuildException
   {
     session.setSAMLAttributeGebeORwbpk(true);
     String gebeORwbpk = "";
     String wbpkNSDeclaration = "";
     
-    //BZ.., reading OA parameters
+    //reading OA parameters
     OAAuthParameter oaParam;
    try {
       oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
@@ -171,7 +171,6 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
       Logger.error("Error on building AUTH-Block: " + e.getMessage());
          throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
    }
-   //..BZ
     
     
     if (target == null) {
@@ -181,12 +180,11 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
          gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
          wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
          
-         //BZ.., adding type of wbPK domain identifier        
+         //adding type of wbPK domain identifier        
         ExtendedSAMLAttribute idLinkDomainIdentifierTypeAttribute = 
              new ExtendedSAMLAttributeImpl("IdentityLinkDomainIdentifierType", oaParam.getIdentityLinkDomainIdentifierType(), Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
             
         extendedSAMLAttributes.add(idLinkDomainIdentifierTypeAttribute);
-        //..BZ
          
       } else {
         // We do not have a wbPK, therefore no SAML-Attribute is provided
@@ -194,13 +192,11 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
       }
     } else {
       // OA is a govermental application
-      //BZ..
       String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);      
       //gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target });
       gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target + " (" + sectorName + ")" });
-      //..BZ
       
-      //BZ.., no business service, adding bPK
+      //no business service, adding bPK
       
       Element bpkSamlValueElement;
       try {
@@ -213,34 +209,41 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
 //      String s = xmlToString(bpkSamlValueElement);
 //      System.out.println("bpkSamlValueElement: " + s);
       
-      
-      if (!fromMandate) {
-    	  ExtendedSAMLAttribute bpkAttribute = 
-    		  new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
-      
-    	  //System.out.println("extendedSAMLAttributes: " + extendedSAMLAttributes.size());
-      
-    	  extendedSAMLAttributes.add(bpkAttribute);
-      }  
+      ExtendedSAMLAttribute bpkAttribute = 
+    	  new ExtendedSAMLAttributeImpl("bPK", bpkSamlValueElement, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
+      extendedSAMLAttributes.add(bpkAttribute);
+    	  
+      boolean useMandate = session.getUseMandate();
+      if (useMandate) {
+    	  String mandateReferenceValue = Random.nextRandom();
+    	  // remove leading "-"
+    	  if (mandateReferenceValue.startsWith("-"))
+    		  mandateReferenceValue = mandateReferenceValue.substring(1);
+    		 
+    	  session.setMandateReferenceValue(mandateReferenceValue);
+    		 
+    	  ExtendedSAMLAttribute mandateReferenceValueAttribute = 
+    		  new ExtendedSAMLAttributeImpl("mandateReferenceValue", mandateReferenceValue, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK);
+    	            
+    	  extendedSAMLAttributes.add(mandateReferenceValueAttribute);
+      }
     	
       
 
      //gebeORwbpk = gebeORwbpk  + MessageFormat.format(BPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
      wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
-     //..BZ     
     }
     
-    //BZ.., adding friendly name of OA    
+    //adding friendly name of OA    
     String oaFriendlyName = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "" : oaParam.getFriendlyName(); 
     
     ExtendedSAMLAttribute oaFriendlyNameAttribute = 
          new ExtendedSAMLAttributeImpl("oaFriendlyName", oaFriendlyName, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY);
     
     extendedSAMLAttributes.add(oaFriendlyNameAttribute);
-    //..BZ
     
     String assertion;
-    try {
+    try {    	
       assertion = MessageFormat.format(
         AUTH_BLOCK, new Object[] { 
           wbpkNSDeclaration, 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index 640c60e49..367116c73 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -74,6 +74,40 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
       "{12}" +
 	  "	</saml:AttributeStatement>" + NL +
 	  "</saml:Assertion>";
+	
+	/**
+	 * XML template for the <code>&lt;saml:Assertion&gt;</code> to be built
+	 */
+	private static final String AUTH_DATA_MANDATE =
+		"<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL +
+	  "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" +
+	  " xmlns:si=''" +  XSI_NS_URI + "''" +
+    " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL +
+	  "	<saml:AttributeStatement>" + NL + 
+	  "		<saml:Subject>" + NL +
+	  "			<saml:NameIdentifier NameQualifier=''{3}''>{4}</saml:NameIdentifier>" + NL +
+	  "     <saml:SubjectConfirmation>" + NL +
+	  "       <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL +
+	  "       <saml:SubjectConfirmationData>{5}{6}</saml:SubjectConfirmationData>" + NL +
+	  "     </saml:SubjectConfirmation>" + NL +
+	  "		</saml:Subject>" + NL +
+	  "		<saml:Attribute AttributeName=''PersonData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL +
+	  "			<saml:AttributeValue>{7}</saml:AttributeValue>" + NL +
+	  "		</saml:Attribute>" + NL +
+	  "		<saml:Attribute AttributeName=''MandateData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL +
+	  "			<saml:AttributeValue>{8}</saml:AttributeValue>" + NL +
+	  "		</saml:Attribute>" + NL +
+	  "		<saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+	  "			<saml:AttributeValue>{9}</saml:AttributeValue>" + NL +
+	  "		</saml:Attribute>" + NL +
+      "   <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+      "     <saml:AttributeValue>{10}</saml:AttributeValue>" + NL +
+      "   </saml:Attribute>" + NL +
+	  "{11}" + 
+      "{12}" +
+      "{13}" +
+	  "	</saml:AttributeStatement>" + NL +
+	  "</saml:Assertion>";
 	/**
 	 * XML template for the <code>&lt;saml:Attribute&gt;</code> named <code>"isPublicAuthority"</code>,
 	 * to be inserted into the <code>&lt;saml:Assertion&gt;</code>
@@ -181,5 +215,94 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
     } 
     return assertion;
   }
+  
+  /**
+   * Builds the authentication data <code>&lt;saml:Assertion&gt;</code>.
+   * 
+   * @param authData the <code>AuthenticationData</code> to build the 
+   * 				 <code>&lt;saml:Assertion&gt;</code> from
+   * @param xmlPersonData <code>lt;pr:Person&gt;</code> element as a String
+   * @param xmlAuthBlock authentication block to be included in a 
+   * 				 <code>lt;saml:SubjectConfirmationData&gt;</code> element; may include
+   * 				 the <code>"Stammzahl"</code> or not; may be empty
+   * @param xmlIdentityLink the IdentityLink
+   * @param signerCertificateBase64 Base64 encoded certificate of the signer. Maybe
+   *         an empty string if the signer certificate should not be provided. 
+   *         Will be ignored if the <code>businessService</code> parameter is
+   *         set to <code>false</code>.
+   * @param businessService <code>true</code> if the online application is a
+   *                        business service, otherwise <code>false</code>
+   * @return the <code>&lt;saml:Assertion&gt;</code>
+   * @throws BuildException if an error occurs during the build process
+   */
+  public String buildMandate(
+  	AuthenticationData authData, 
+  	String xmlPersonData, 
+  	String xmlMandateData,
+  	String xmlAuthBlock, 
+  	String xmlIdentityLink,
+    String bkuURL,
+    String signerCertificateBase64,
+    boolean businessService,
+    List extendedSAMLAttributes) 
+  throws BuildException 
+  {
+  		
+  	String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false";
+  	String publicAuthorityAttribute = "";
+  	if (authData.isPublicAuthority()) {
+  		String publicAuthorityIdentification = authData.getPublicAuthorityCode();
+  		if (publicAuthorityIdentification == null)
+  			publicAuthorityIdentification = "True";
+  		publicAuthorityAttribute = MessageFormat.format(
+  			PUBLIC_AUTHORITY_ATT, new Object[] { publicAuthorityIdentification });
+  	}
+    
+    
+    String signerCertificateAttribute = "";
+    if (signerCertificateBase64 != "") {
+      signerCertificateAttribute = MessageFormat.format(
+        SIGNER_CERTIFICATE_ATT, new Object[] { signerCertificateBase64 });
+    } 
+    
+    String pkType;
+    String pkValue;
+    if (businessService) {
+      pkType = authData.getIdentificationType();
+      pkValue = authData.getWBPK();
+           
+    } else {
+      // <saml:NameIdentifier NameQualifier> always has the bPK as type/value
+      pkType = URN_PREFIX_BPK;
+      pkValue = authData.getBPK();
+    }
+    
+//    System.out.println("pkType; " + pkType);
+//    System.out.println("pkValue; " + pkValue);
+    
+  	String assertion;
+    try {
+    	
+      assertion = MessageFormat.format(AUTH_DATA_MANDATE, new Object[] {
+        authData.getAssertionID(), 
+        authData.getIssuer(), 
+        authData.getIssueInstant(), 
+        pkType,
+        pkValue, 
+        StringUtils.removeXMLDeclaration(xmlAuthBlock), 
+        StringUtils.removeXMLDeclaration(xmlIdentityLink), 
+        StringUtils.removeXMLDeclaration(xmlPersonData),
+        StringUtils.removeXMLDeclaration(xmlMandateData),
+        isQualifiedCertificate,
+        bkuURL,
+        publicAuthorityAttribute,
+        signerCertificateAttribute,
+        buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+    } catch (ParseException e) {
+      Logger.error("Error on building Authentication Data Assertion: " + e.getMessage());
+      throw new BuildException("builder.00", new Object[] { "Authentication Data Assertion", e.toString()});
+    } 
+    return assertion;
+  }
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
index 556b0cb6a..41e4cd37d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
@@ -74,8 +74,8 @@ public class SAMLArtifactBuilder {
       // alternative sourceId
       String alternativeSourceID = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(GENERIC_CONFIG_PARAM_SOURCEID);
       
-      System.out.println("alternativeSourceID: " + alternativeSourceID);
-      System.out.println("authURL: " + authURL);
+      //System.out.println("alternativeSourceID: " + alternativeSourceID);
+      //System.out.println("authURL: " + authURL);
       
       if (!ParepUtils.isEmpty(alternativeSourceID)) {
         // if generic config parameter "AuthenticationServer.SourceID" is given, use that sourceID instead of authURL;
@@ -85,7 +85,7 @@ public class SAMLArtifactBuilder {
         sourceID = md.digest(authURL.getBytes());
       }
       
-      System.out.println("sourceID: " + new String(sourceID));
+      //System.out.println("sourceID: " + new String(sourceID));
       
       byte[] assertionHandle = md.digest(sessionID.getBytes());
       ByteArrayOutputStream out = new ByteArrayOutputStream(42);
@@ -94,9 +94,9 @@ public class SAMLArtifactBuilder {
       out.write(sourceID, 0, 20);
       out.write(assertionHandle, 0, 20);
       byte[] samlArtifact = out.toByteArray();
-      System.out.println("samlArtifact: " + new String(samlArtifact));
+      //System.out.println("samlArtifact: " + new String(samlArtifact));
       String samlArtifactBase64 = Base64Utils.encode(samlArtifact);
-      System.out.println("samlArtifact Base64: " + samlArtifactBase64);
+      //System.out.println("samlArtifact Base64: " + samlArtifactBase64);
       return samlArtifactBase64;
     }
     catch (Throwable ex) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index bae95c2a6..61e4cd28b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -36,6 +36,7 @@ import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
 import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 
@@ -87,25 +88,41 @@ public class AuthenticationSession {
     private boolean useMandate;
     
     /**
-     * Selected mandate 
+     * Reference value for mandate
      */
-    private Element mandateElem;
+    private String mandateReferenceValue;
     
     /**
-	 * @return the mandateElem
-	 */
-	public Element getMandateElem() {
-		return mandateElem;
-	}
-
-	/**
-	 * @param mandateElem the mandateElem to set
-	 */
-	public void setMandateElem(Element mandateElem) {
-		this.mandateElem = mandateElem;
-	}
-
-	/** 
+     * Authentication data for the assertion
+     */
+    private AuthenticationData assertionAuthData; 
+    
+    /**
+     * Persondata for the assertion
+     */
+    private String assertionPrPerson;
+    
+    /**
+     * Authblock for the assertion
+     */
+    private String assertionAuthBlock;
+    
+    /**
+     * Identitylink assertion for the (MOA) assertion
+     */
+    private String assertionIlAssertion;
+    
+    /**
+     * Signer certificate (base64 encoded) for the assertion
+     */
+    private String assertionSignerCertificateBase64;
+    
+    /**
+     * bussiness service for the assertion
+     */
+    boolean assertionBusinessService;
+    
+    /** 
      * SessionID for MIS
      */
     private String misSessionID;
@@ -176,14 +193,7 @@ public class AuthenticationSession {
    */
   private String pushInfobox;
 
-  /**
-   * AppSpecificConfiguration entry of then mandates infobox-validator. Tells 
-   * whether person data from the representative have to be exchanged by data 
-   * from the mandate
-   */
-  private boolean mandateCompatibilityMode = false;
-  
-  
+    
   
   /**
    * Constructor for AuthenticationSession.
@@ -562,20 +572,6 @@ public class AuthenticationSession {
     return null;
   }
 
-  /**
-   * @return the mandateCompatibilityMode
-   */
-  public boolean isMandateCompatibilityMode() {
-    return mandateCompatibilityMode;
-  }
-
-  /**
-   * @param mandateCompatibilityMode the mandateCompatibilityMode to set
-   */
-  public void setMandateCompatibilityMode(boolean mandateCompatibilityMode) {
-    this.mandateCompatibilityMode = mandateCompatibilityMode;
-  }
-
   /**
    * Returns domain identifier (the register and number in the register parameter).
    * <code>null</code> in the case of not a business service.
@@ -660,4 +656,105 @@ public class AuthenticationSession {
   public String getMISSessionID() {
 	  return this.misSessionID;
   }
+  
+    /**
+   * @return the assertionAuthData
+   */
+  public AuthenticationData getAssertionAuthData() {
+	  return assertionAuthData;
+  }
+
+  /**
+   * @param assertionAuthData the assertionAuthData to set
+   */
+  public void setAssertionAuthData(AuthenticationData assertionAuthData) {
+	  this.assertionAuthData = assertionAuthData;
+  }
+  
+  /**
+   * @return the assertionPrPerson
+   */
+  public String getAssertionPrPerson() {
+	  return assertionPrPerson;
+  }
+
+  /**
+   * @param assertionPrPerson the assertionPrPerson to set
+   */
+  public void setAssertionPrPerson(String assertionPrPerson) {
+	  this.assertionPrPerson = assertionPrPerson;
+  }
+
+  /**
+   * @return the assertionAuthBlock
+   */
+  public String getAssertionAuthBlock() {
+	  return assertionAuthBlock;
+  }
+
+  /**
+   * @param assertionAuthBlock the assertionAuthBlock to set
+   */
+  public void setAssertionAuthBlock(String assertionAuthBlock) {
+	  this.assertionAuthBlock = assertionAuthBlock;
+  }
+
+  /**
+   * @return the assertionIlAssertion
+   */
+  public String getAssertionIlAssertion() {
+	  return assertionIlAssertion;
+  }
+
+  /**
+   * @param assertionIlAssertion the assertionIlAssertion to set
+   */
+  public void setAssertionIlAssertion(String assertionIlAssertion) {
+	  this.assertionIlAssertion = assertionIlAssertion;
+  }
+  
+  /**
+   * @return the assertionSignerCertificateBase64
+   */
+  public String getAssertionSignerCertificateBase64() {
+	  return assertionSignerCertificateBase64;
+  }
+
+  /**
+   * @param assertionSignerCertificateBase64 the assertionSignerCertificateBase64 to set
+   */
+  public void setAssertionSignerCertificateBase64(String assertionSignerCertificateBase64) {
+	  this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64;
+  }
+
+  /**
+   * @return the assertionBusinessService
+   */
+  public boolean getAssertionBusinessService() {
+	  return assertionBusinessService;
+  }
+
+  /**
+   * @param assertionBusinessService the assertionBusinessService to set
+   */
+  public void setAssertionBusinessService(boolean assertionBusinessService) {
+	  this.assertionBusinessService = assertionBusinessService;
+  }
+
+  /**
+   * @return the mandateReferenceValue
+   */
+  public String getMandateReferenceValue() {
+	  return mandateReferenceValue;
+  }
+
+  /**
+   * @param mandateReferenceValue the mandateReferenceValue to set
+   */
+  public void setMandateReferenceValue(String mandateReferenceValue) {
+	  this.mandateReferenceValue = mandateReferenceValue;
+  }
+  
+  
 }
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index b1ae12084..977784a6b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -27,7 +27,6 @@ package at.gv.egovernment.moa.id.auth.servlet;
 import iaik.pki.PKIException;
 
 import java.io.IOException;
-import java.io.PrintWriter;
 import java.security.GeneralSecurityException;
 import java.util.List;
 
@@ -38,16 +37,14 @@ import javax.servlet.http.HttpServletResponse;
 import javax.xml.parsers.ParserConfigurationException;
 
 import org.apache.commons.lang.StringEscapeUtils;
-import org.w3c.dom.Document;
+import org.w3c.dom.Element;
 import org.xml.sax.SAXException;
 
-import at.gv.egovernment.moa.id.BuildException;
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -58,6 +55,7 @@ import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.URLEncoder;
 
 /**
  * Servlet requested for getting the foreign eID
@@ -139,8 +137,6 @@ public class GetMISSessionIDServlet extends AuthServlet {
 	    	
 	    	String misSessionID = session.getMISSessionID();
 	    	
-	    	//System.out.println("MIS Session ID (GetMISServlet): " + misSessionID);
-	    	
 	    	AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
 	    	ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();	
 	    	SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
@@ -158,31 +154,36 @@ public class GetMISSessionIDServlet extends AuthServlet {
 	    	
 	    	// for now: list contains only one element
 	    	MISMandate mandate = (MISMandate)list.get(0);	    	
-   	
+	    	
 	    	// verify mandate signature
-	    	String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyMandate(sessionID, mandate);
+	    	AuthenticationServer.getInstance().verifyMandate(sessionID, mandate);
 
 	    	byte[] byteMandate = mandate.getMandate();
 	    	String stringMandate = new String(byteMandate);
-	    	Document mandateDoc = DOMUtils.parseDocument(stringMandate, false, null, null);
-	    	session.setMandateElem(mandateDoc.getDocumentElement());
-	    	//System.out.println("stringMandate: " + stringMandate);
+	    	Element mandateDoc = DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
+	    	//session.setMandateElem(mandateDoc.getDocumentElement());
 	    	
-	    	String dataurl =
-	             new DataURLBuilder().buildDataURL(
-	               session.getAuthURL(),
-	               REQ_VERIFY_AUTH_BLOCK,
-	               session.getSessionID());
-	    	
-	    	Logger.debug(createXMLSignatureRequestOrRedirect);
- 
-	    	//String request = getHTMLForm(createXMLSignatureRequestOrRedirect, session.getBkuURL(), dataurl, session.getPublicOAURLPrefix());
-	    	String request = null;
-	    	resp.setContentType("text/html;charset=UTF-8");
-			PrintWriter out = new PrintWriter(resp.getOutputStream());
-			out.print(request);
-			out.flush();
-	    	
+	    	String redirectURL = null;
+	    	String samlArtifactBase64 = 
+				AuthenticationServer.getInstance().verifyAuthenticationBlockMandate(sessionID, mandateDoc);
+	    	
+	    	
+	    	if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
+				  redirectURL = session.getOAURLRequested();
+	  			if (!session.getBusinessService()) {
+	          redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
+	        }
+	  			redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+	  			redirectURL = resp.encodeRedirectURL(redirectURL);
+				} else {
+		      redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+				}
+				resp.setContentType("text/html");
+				resp.setStatus(302);
+				
+				resp.addHeader("Location", redirectURL);			
+				Logger.debug("REDIRECT TO: " + redirectURL);
+	    		    	
 			    		      
 	    }
 	    catch (MOAIDException ex) {
@@ -198,6 +199,21 @@ public class GetMISSessionIDServlet extends AuthServlet {
 		} catch (ParserConfigurationException e) {
 			handleError(null, e, req, resp);
 		} 
+  }
+  
+  /**
+   * Adds a parameter to a URL.
+   * @param url the URL
+   * @param paramname parameter name
+   * @param paramvalue parameter value
+   * @return the URL with parameter added
+   */
+  private static String addURLParameter(String url, String paramname, String paramvalue) {
+		String param = paramname + "=" + paramvalue;
+  	if (url.indexOf("?") < 0)
+	  	return url + "?" + param;
+  	else
+  		return url + "&" + param;
   }
   
  
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
index 1dfc266a9..b5c57d5cf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
@@ -175,7 +175,7 @@ public class ProcessValidatorInputServlet extends AuthServlet {
 		    
       AuthenticationSession session = AuthenticationServer.getSession(sessionID);
       AuthenticationServer.processInput(session, parameters);
-      String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null, false);
+      String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
       if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
         // Now sign the AUTH Block
         String dataURL = new DataURLBuilder().buildDataURL(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 5b9995709..f7f9d8fed 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -39,8 +39,10 @@ import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.ServletUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.URLEncoder;
 
@@ -140,6 +142,28 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
 			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
 			String samlArtifactBase64 = 
 				AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+			
+			if (samlArtifactBase64 == null) { 
+				//mandate Mode
+				
+				Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+    			
+     		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+
+     		   // build dataurl
+     		   String dataurl =
+                 new DataURLBuilder().buildDataURL(
+                   session.getAuthURL(),
+                   REQ_VERIFY_CERTIFICATE,
+                   session.getSessionID());
+           
+          
+     		  //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
+     		  //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+     		  Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
+     		  ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+				
+			}
 			if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
 			  redirectURL = session.getOAURLRequested();
   			if (!session.getBusinessService()) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index c9f9491bb..181c46bf9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -150,7 +150,9 @@ public class VerifyCertificateServlet extends AuthServlet {
     			throw new AuthenticationException("auth.14", null);    		
     		}
     		
-	    	boolean useMandate = session.getUseMandate();
+	    	boolean useMandate = session.getUseMandate();
+	    	
+	    	
 	    	if (useMandate) {
 	    		// Mandate Modus	    	
 	    		// make request to MIS
@@ -162,8 +164,6 @@ public class VerifyCertificateServlet extends AuthServlet {
     			// get identitity link as byte[]
     			Element elem = session.getIdentityLink().getSamlAssertion();
     			String s = DOMUtils.serializeNode(elem);
-//    			byte[] idl = DOMUtils.nodeToByteArray(elem);
-//    			String s = new String(idl);
     			byte[] idl = s.getBytes();
     			
     			// redirect url
@@ -187,8 +187,10 @@ public class VerifyCertificateServlet extends AuthServlet {
     	          for(int i = 0; i < profilesArray.length; i++) {
     	        	  profilesArray[i] = profilesArray[i].trim();
     	          }
-    	          
-    	          MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), redirectURL, profilesArray, sslFactory);
+    	          
+    	          String oaFriendlyName = oaParam.getFriendlyName();
+    	          String mandateReferenceValue = session.getMandateReferenceValue();
+    	          MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory);
     	          String redirectMISGUI = misSessionID.getRedirectURL();
     	          
     	          if (misSessionID == null) {
@@ -235,21 +237,6 @@ public class VerifyCertificateServlet extends AuthServlet {
 		} 
   }
     
-  /**
-   * Adds a parameter to a URL.
-   * @param url the URL
-   * @param paramname parameter name
-   * @param paramvalue parameter value
-   * @return the URL with parameter added
-   */
-  private static String addURLParameter(String url, String paramname, String paramvalue) {
-		String param = paramname + "=" + paramvalue;
-  	if (url.indexOf("?") < 0)
-	  	return url + "?" + param;
-  	else
-  		return url + "&" + param;
-  }
-  
   /**
    * Does the request to the SZR-GW
    * @param givenname
@@ -312,50 +299,42 @@ public class VerifyCertificateServlet extends AuthServlet {
 //	
 //  }
   
-  /**
-   * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW
-   * @param givenname
-   * @param familyname
-   * @param birthday
-   * @return
-   */
-  private static Document buildGetIdentityLinkRequest(X509Certificate cert) {
-	  
-	  try {
-		  	byte[] certbyte = cert.getEncoded();
-		  	String certstring = Base64.encode(certbyte); 
-	      
-			DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
-			factory.setNamespaceAware(true);
-	        DocumentBuilder builder = factory.newDocumentBuilder();
-	        Document doc = builder.newDocument();
-	        
-	        Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest");
-	        getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS);
-	        doc.appendChild(getIdentityLink);
-	        
-	        Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate");
-	        getIdentityLink.appendChild(x509certificate);
-	        Text certbase64 = doc.createTextNode(certstring);
-	        x509certificate.appendChild(certbase64);
-	                          
-	        return doc;
-	    } catch (ParserConfigurationException e) {
-	    	e.printStackTrace();
-	    } catch (CertificateEncodingException e) {
-			e.printStackTrace();
-		}
-	    return null;
-	
-	}
-  
-    /**
-   * Checks a parameter.
-   * @param param parameter
-   * @return true if the parameter is null or empty
-   */
-  private boolean isEmpty(String param) {
-    return param == null || param.length() == 0;
-  }
- 
+//  /**
+//   * Builds the szrgw:GetIdentityLinkRequest für the SZR-GW
+//   * @param givenname
+//   * @param familyname
+//   * @param birthday
+//   * @return
+//   */
+//  private static Document buildGetIdentityLinkRequest(X509Certificate cert) {
+//	  
+//	  try {
+//		  	byte[] certbyte = cert.getEncoded();
+//		  	String certstring = Base64.encode(certbyte); 
+//	      
+//			DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
+//			factory.setNamespaceAware(true);
+//	        DocumentBuilder builder = factory.newDocumentBuilder();
+//	        Document doc = builder.newDocument();
+//	        
+//	        Element getIdentityLink = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:GetIdentityLinkRequest");
+//	        getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGWConstants.SZRGW_REQUEST_NS);
+//	        doc.appendChild(getIdentityLink);
+//	        
+//	        Element x509certificate = doc.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, "szrgw:X509Certificate");
+//	        getIdentityLink.appendChild(x509certificate);
+//	        Text certbase64 = doc.createTextNode(certstring);
+//	        x509certificate.appendChild(certbase64);
+//	                          
+//	        return doc;
+//	    } catch (ParserConfigurationException e) {
+//	    	e.printStackTrace();
+//	    } catch (CertificateEncodingException e) {
+//			e.printStackTrace();
+//		}
+//	    return null;
+//	
+//	}
+//  
+     
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 99ae497ba..df5abe4f5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -171,33 +171,9 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
     	    }
     	    
     	}
-//    	else {
-//    		boolean useMandate = session.getUseMandate();
-//    		if (useMandate) { // Mandate modus
-//    			// read certificate and set dataurl to VerifyCertificateServlet
-//    			
-//    			Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
-//    			
-//     		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
-//
-//     		   // build dataurl
-//     		   String dataurl =
-//                 new DataURLBuilder().buildDataURL(
-//                   session.getAuthURL(),
-//                   REQ_VERIFY_CERTIFICATE,
-//                   session.getSessionID());
-//           
-//          
-//     		  //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
-//     		  //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-//     		  Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
-//     		  ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-//    			
-//    		}
-    		else {
-    			ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
-    		}
-//    	}
+    	else {
+    		ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
+    	}
       
     }
     catch (ParseException ex) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index 3b8caca4c..60678fe22 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -56,6 +56,7 @@ import org.xml.sax.SAXNotSupportedException;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
 
 
 public class MISSimpleClient {
@@ -134,7 +135,7 @@ public class MISSimpleClient {
 		} 
 	}
 	
-	public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String redirectURL, String mandateIdentifier[], SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
+	public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, String mandateIdentifier[], SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
 		if (webServiceURL == null) {
 			throw new NullPointerException("Argument webServiceURL must not be null.");
 		}
@@ -165,10 +166,22 @@ public class MISSimpleClient {
 				//certElement.appendChild(doc.createTextNode(Base64.encodeBase64(cert)));
 				//	    	certElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(cert))));
 				mirElement.appendChild(certElement);
-			}
+			}
+			
+			if (!StringUtils.isEmpty(oaFriendlyName)) {
+				Element oaFriendlyNameElement = doc.createElementNS(MIS_NS, "OAFriendlyName");
+				oaFriendlyNameElement.appendChild(doc.createTextNode(oaFriendlyName));
+				mirElement.appendChild(oaFriendlyNameElement);
+			}
+			
 			Element redirectElement = doc.createElementNS(MIS_NS, "RedirectURL");
 			redirectElement.appendChild(doc.createTextNode(redirectURL));
-			mirElement.appendChild(redirectElement);
+			mirElement.appendChild(redirectElement);
+			
+			Element referenceValueElement = doc.createElementNS(MIS_NS, "ReferenceValue");
+			referenceValueElement.appendChild(doc.createTextNode(referenceValue));
+			mirElement.appendChild(referenceValueElement);
+			
 			if (mandateIdentifier != null && mandateIdentifier.length > 0) {
 				Element filtersElement = doc.createElementNS(MIS_NS, "Filters");
 				Element mandateIdentifiersElement = doc.createElementNS(MIS_NS, "MandateIdentifiers");
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java
index 19867dd38..e79394a28 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java
@@ -63,7 +63,7 @@ public class AuthenticationBlockAssertionBuilderTest extends UnitTestCase {
 
 	public void testBuild() throws Exception {
 		AuthenticationBlockAssertionBuilder builder = new AuthenticationBlockAssertionBuilder();
-		String assertionBuilt = builder.buildAuthBlock(ISSUER, ISSUE_INSTANT, AUTH_URL, TARGET, "", "", OA_URL, GEB_DAT, null, null, false);
+		String assertionBuilt = builder.buildAuthBlock(ISSUER, ISSUE_INSTANT, AUTH_URL, TARGET, "", "", OA_URL, GEB_DAT, null, null);
 		assertionBuilt = XML_DECL + assertionBuilt;
 		String assertionShould = XML_DECL + ASSERTION_SHOULD;
 		assertXmlEquals(assertionShould, assertionBuilt);
diff --git a/pom.xml b/pom.xml
index 1e9a92abe..e89c83833 100644
--- a/pom.xml
+++ b/pom.xml
@@ -97,7 +97,7 @@
             <dependency>
                 <groupId>axis</groupId>
                 <artifactId>axis</artifactId>
-                <version>1.1</version>
+                <version>1.0_IAIK</version>
                 <scope>compile</scope>
             </dependency>
             <dependency>
diff --git a/repository/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar b/repository/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar
new file mode 100644
index 000000000..a354bf718
Binary files /dev/null and b/repository/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar differ
diff --git a/repository/axis/axis/1.0_IAIK/axis-1.0_IAIK.pom b/repository/axis/axis/1.0_IAIK/axis-1.0_IAIK.pom
new file mode 100644
index 000000000..51dd78d1e
--- /dev/null
+++ b/repository/axis/axis/1.0_IAIK/axis-1.0_IAIK.pom
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?><project>
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>axis</groupId>
+  <artifactId>axis</artifactId>
+  <version>1.0_IAIK</version>
+  <description>AXIS 1.0 patched</description>
+</project>
diff --git a/spss/server/history.txt b/spss/server/history.txt
index 8444e9853..e92e457c9 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -2,6 +2,8 @@
 1.5.1
 ##############
 
+- Library aktualisiert:
+	Axis:	Version 1.0_IAIK (gepatchte Variante von Axis 1.0 zur Vermeidung von XXE Attacken)
 - @TODO
 
 
-- 
cgit v1.2.3


From a9b2e962d2853b74d314cb9f614cab446a7134c0 Mon Sep 17 00:00:00 2001
From: kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Thu, 26 Jan 2012 21:59:33 +0000
Subject: * optionalen useUTC Parameter in Konfig eingefügt (damit IssueInstant
 in SAML Assertion auf UTC einstellbar) * optionalen sourceID Parameter bei
 MOA-ID Aufruf eingefügt (wird 1:1 in SAML Assertion übernommen) * Update Doku
 (useUTC, sourceID, Vollmachten-Profile) * Ablaufänderung bei
 Vollmachten-Modus (Signatur Zertifikat wird aus Signatur entnommen und nicht
 mittels eigenem Infobox-Request)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1233 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../at/gv/egovernment/moa/util/DateTimeUtils.java  |  83 +++++++++------
 .../schemas/MOA-ID-Configuration-1.5.1.xsd         |   9 +-
 .../gv/egovernment/moa/util/DateTimeUtilsTest.java |   2 +-
 id/readme_1.5.1.txt                                |   2 +
 .../conf/moa-id/SampleMOAIDConfiguration.xml       |   3 +-
 .../conf/moa-id/SampleMOAIDConfigurationProxy.xml  |   3 +-
 .../SampleMOAIDConfiguration_withTestBKs.xml       |   3 +-
 .../SampleMOAIDConfiguration_withTestBKsProxy.xml  |   3 +-
 id/server/doc/MOA-ID-Configuration-1.5.1.xsd       |   9 +-
 id/server/doc/MOA_ID_1.5_Anhang.pdf                | Bin 70517 -> 296723 bytes
 id/server/doc/moa_id/faqs.htm                      |   3 +-
 id/server/doc/moa_id/id-admin.htm                  |   2 +-
 id/server/doc/moa_id/id-admin_1.htm                |   2 +-
 id/server/doc/moa_id/id-admin_2.htm                |  10 +-
 id/server/doc/moa_id/id-admin_3.htm                |   2 +-
 id/server/doc/moa_id/id-anwendung.htm              |   2 +-
 id/server/doc/moa_id/id-anwendung_1.htm            |   8 +-
 id/server/doc/moa_id/id-anwendung_2.htm            |   3 +-
 id/server/doc/moa_id/links.htm                     |   3 +-
 id/server/doc/moa_id/moa.htm                       |   2 +-
 .../moa/id/auth/AuthenticationServer.java          |  59 +++++++----
 .../moa/id/auth/MOAIDAuthConstants.java            |   2 +
 .../builder/AuthenticationAssertionBuilder.java    |  26 +++++
 .../AuthenticationDataAssertionBuilder.java        |  15 ++-
 .../moa/id/auth/data/AuthenticationSession.java    |  28 +++++-
 .../auth/servlet/GetAuthenticationDataService.java |   9 +-
 .../auth/servlet/StartAuthenticationServlet.java   |  13 ++-
 .../servlet/VerifyAuthenticationBlockServlet.java  | 112 +++++++++++++++++++--
 .../id/auth/servlet/VerifyCertificateServlet.java  |  62 +-----------
 .../id/auth/servlet/VerifyIdentityLinkServlet.java |   2 +-
 .../moa/id/config/ConfigurationBuilder.java        |   1 +
 .../moa/id/config/auth/OAAuthParameter.java        |  21 ++++
 .../moa/id/data/AuthenticationData.java            |  15 +++
 .../moa/id/proxy/builder/SAMLRequestBuilder.java   |   2 +-
 .../moa/id/util/ParamValidatorUtils.java           |  30 ++++++
 .../id/util/client/mis/simple/MISSimpleClient.java |  19 +++-
 .../test/abnahme/A/Test100StartAuthentication.java |  16 +--
 .../test/abnahme/A/Test300VerifyAuthBlock.java     |   4 +-
 .../A/Test600GetAuthenticationDataService.java     |   2 +-
 .../test/java/test/abnahme/AbnahmeTestCase.java    |   2 +-
 .../moa/id/auth/AuthenticationServerTest.java      |   2 +-
 41 files changed, 421 insertions(+), 175 deletions(-)

(limited to 'id/server/data/deploy/conf/moa-id')

diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java
index 92e845967..d70073db8 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java
@@ -26,6 +26,7 @@ package at.gv.egovernment.moa.util;
 
 import java.io.StringWriter;
 import java.text.ParseException;
+import java.text.SimpleDateFormat;
 import java.util.Calendar;
 import java.util.Date;
 import java.util.GregorianCalendar;
@@ -48,38 +49,56 @@ public class DateTimeUtils {
    * @param cal the <code>Calendar</code> value
    * @return the <code>dateTime</code> value
    */
-  public static String buildDateTime(Calendar cal) {
-    StringWriter out = new StringWriter();
-    out.write("" + cal.get(Calendar.YEAR));
-    out.write("-");
-    out.write(to2DigitString(cal.get(Calendar.MONTH) + 1));
-    out.write("-");
-    out.write(to2DigitString(cal.get(Calendar.DAY_OF_MONTH)));
-    out.write("T");
-    out.write(to2DigitString(cal.get(Calendar.HOUR_OF_DAY)));
-    out.write(":");
-    out.write(to2DigitString(cal.get(Calendar.MINUTE)));
-    out.write(":");
-    out.write(to2DigitString(cal.get(Calendar.SECOND)));
-    int tzOffsetMilliseconds =
-      cal.get(Calendar.ZONE_OFFSET) + cal.get(Calendar.DST_OFFSET);
-    if (tzOffsetMilliseconds != 0) {
-      int tzOffsetMinutes = tzOffsetMilliseconds / (1000 * 60);
-      int tzOffsetHours = tzOffsetMinutes / 60;
-      tzOffsetMinutes -= tzOffsetHours * 60;
-      if (tzOffsetMilliseconds > 0) {
-        out.write("+");
-        out.write(to2DigitString(tzOffsetHours));
-        out.write(":");
-        out.write(to2DigitString(tzOffsetMinutes));
-      } else {
-        out.write("-");
-        out.write(to2DigitString(-tzOffsetHours));
-        out.write(":");
-        out.write(to2DigitString(-tzOffsetMinutes));
-      }
-    }
-    return out.toString();
+  public static String buildDateTime(Calendar cal, boolean useUTC) {
+	  
+	  if (useUTC)
+		  return buildDateTimeUTC(cal);
+	  else {
+	    StringWriter out = new StringWriter();
+	    out.write("" + cal.get(Calendar.YEAR));
+	    out.write("-");
+	    out.write(to2DigitString(cal.get(Calendar.MONTH) + 1));
+	    out.write("-");
+	    out.write(to2DigitString(cal.get(Calendar.DAY_OF_MONTH)));
+	    out.write("T");
+	    out.write(to2DigitString(cal.get(Calendar.HOUR_OF_DAY)));
+	    out.write(":");
+	    out.write(to2DigitString(cal.get(Calendar.MINUTE)));
+	    out.write(":");
+	    out.write(to2DigitString(cal.get(Calendar.SECOND)));
+	    int tzOffsetMilliseconds =
+	      cal.get(Calendar.ZONE_OFFSET) + cal.get(Calendar.DST_OFFSET);
+	    if (tzOffsetMilliseconds != 0) {
+	      int tzOffsetMinutes = tzOffsetMilliseconds / (1000 * 60);
+	      int tzOffsetHours = tzOffsetMinutes / 60;
+	      tzOffsetMinutes -= tzOffsetHours * 60;
+	      if (tzOffsetMilliseconds > 0) {
+	        out.write("+");
+	        out.write(to2DigitString(tzOffsetHours));
+	        out.write(":");
+	        out.write(to2DigitString(tzOffsetMinutes));
+	      } else {
+	        out.write("-");
+	        out.write(to2DigitString(-tzOffsetHours));
+	        out.write(":");
+	        out.write(to2DigitString(-tzOffsetMinutes));
+	      }
+	    }
+	    return out.toString();
+	  }
+  }
+  
+  /**
+   * Builds a <code>dateTime</code> value in UTC from a <code>Calendar</code> value.
+   * @param cal the <code>Calendar</code> value
+   * @return the <code>dateTime</code> value
+   */
+  public static String buildDateTimeUTC(Calendar cal) {
+    
+	  SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
+	  f.setTimeZone(TimeZone.getTimeZone("UTC"));
+	  
+	  return f.format(cal.getTime());		
   }
   
   /**
diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd
index cc562187a..d16953eab 100644
--- a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd
+++ b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd
@@ -89,10 +89,16 @@
 	<xsd:element name="MOA-IDConfiguration">
 		<xsd:complexType>
 			<xsd:sequence>
-				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+				<xsd:element name="AuthComponent" minOccurs="0">
 					<xsd:annotation>
 						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
 					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:complexContent>
+							<xsd:extension base="AuthComponentType">								
+							</xsd:extension>
+						</xsd:complexContent>
+					</xsd:complexType>
 				</xsd:element>
 				<xsd:element name="ProxyComponent" minOccurs="0">
 					<xsd:annotation>
@@ -467,6 +473,7 @@
 					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
 					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
 					<xsd:attribute name="provideFullMandatorData" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="useUTC" type="xsd:boolean" use="optional" default="false"/>
 					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
 				</xsd:complexType>
 			</xsd:element>
diff --git a/common/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java b/common/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java
index 8fdd389a2..3364e9888 100644
--- a/common/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java
+++ b/common/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java
@@ -121,7 +121,7 @@ public class DateTimeUtilsTest extends TestCase {
   	Calendar cal = new GregorianCalendar(TimeZone.getTimeZone(timeZone));
   	cal.set(year,month, day, hour, min, sec);
   	cal.set(Calendar.MILLISECOND, 0);
-  	String dateTimeBuilt = DateTimeUtils.buildDateTime(cal);
+  	String dateTimeBuilt = DateTimeUtils.buildDateTime(cal, false);
   	assertEquals(dateTimeShould, dateTimeBuilt);
   }
 
diff --git a/id/readme_1.5.1.txt b/id/readme_1.5.1.txt
index 8cf5e7361..e742212df 100644
--- a/id/readme_1.5.1.txt
+++ b/id/readme_1.5.1.txt
@@ -17,6 +17,8 @@ gleichen Verzeichnis):
 - Änderung der Konfiguration 
 	- für Online-Vollmachten
 	- Fixer Target-Parameter für Online-Applikation konfigurierbar
+	- Optionaler Parameter zur Angabe der IssueInstant im UTC Format in der SAML-Assertion
+- Weiterer optionaler Parameter sourceID beim MOA-ID Aufruf
 - IAIK Libraries aktualisiert:
 	iaik-moa:           Version 1.31	
 
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
index 697cadec4..6525642f1 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -65,7 +65,8 @@
 			<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
 			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
 			<!--<Mandates>-->
-			<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+			<!-- Liste der Vollmachten-Profile, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+			<!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.-->
 			<!--				<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
 			<!--			</Mandates>-->
 		</AuthComponent>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
index 41103cf3c..27bf6681c 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -76,7 +76,8 @@
 			<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
 			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
 			<!--<Mandates>-->
-			<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+			<!-- Liste der Vollmachten-Profile, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+			<!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.-->
 			<!--				<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
 			<!--			</Mandates>-->
 		</AuthComponent>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
index 05c6387e1..eefc7cf6a 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -67,7 +67,8 @@
 			<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
 			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
 			<!-- <Mandates> -->
-			<!-- Liste der Vollmachten-Identifikatoren, die festlegt mit welchen Vollmachtstyp man sich bei der Online-Applikation anmelden kann-->
+			<!-- Liste der Vollmachten-Profile, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+			<!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.-->
 			<!--<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
 			<!--</Mandates> -->
 		</AuthComponent>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
index 1d8b50537..f9e296c62 100644
--- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -77,7 +77,8 @@
 			<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->
 			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->
 			<!--<Mandates>-->
-			<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+			<!-- Liste der Vollmachten-Profile, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann-->
+			<!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.-->
 			<!--				<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->
 			<!--			</Mandates>-->
 		</AuthComponent>
diff --git a/id/server/doc/MOA-ID-Configuration-1.5.1.xsd b/id/server/doc/MOA-ID-Configuration-1.5.1.xsd
index cc562187a..d16953eab 100644
--- a/id/server/doc/MOA-ID-Configuration-1.5.1.xsd
+++ b/id/server/doc/MOA-ID-Configuration-1.5.1.xsd
@@ -89,10 +89,16 @@
 	<xsd:element name="MOA-IDConfiguration">
 		<xsd:complexType>
 			<xsd:sequence>
-				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+				<xsd:element name="AuthComponent" minOccurs="0">
 					<xsd:annotation>
 						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
 					</xsd:annotation>
+					<xsd:complexType>
+						<xsd:complexContent>
+							<xsd:extension base="AuthComponentType">								
+							</xsd:extension>
+						</xsd:complexContent>
+					</xsd:complexType>
 				</xsd:element>
 				<xsd:element name="ProxyComponent" minOccurs="0">
 					<xsd:annotation>
@@ -467,6 +473,7 @@
 					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
 					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
 					<xsd:attribute name="provideFullMandatorData" type="xsd:boolean" use="optional" default="false"/>
+					<xsd:attribute name="useUTC" type="xsd:boolean" use="optional" default="false"/>
 					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
 				</xsd:complexType>
 			</xsd:element>
diff --git a/id/server/doc/MOA_ID_1.5_Anhang.pdf b/id/server/doc/MOA_ID_1.5_Anhang.pdf
index 454ff933a..f2e5057c7 100644
Binary files a/id/server/doc/MOA_ID_1.5_Anhang.pdf and b/id/server/doc/MOA_ID_1.5_Anhang.pdf differ
diff --git a/id/server/doc/moa_id/faqs.htm b/id/server/doc/moa_id/faqs.htm
index 0b9ef0415..814d0c9f7 100644
--- a/id/server/doc/moa_id/faqs.htm
+++ b/id/server/doc/moa_id/faqs.htm
@@ -207,8 +207,7 @@ MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Tr
       </td>
       <td valign="top" width="460">
         <hr />
-<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
-</td></tr></table>
+<div style="font-size:8pt; color:#909090">&copy; 2012</div></td></tr></table>
 <br />
 
 
diff --git a/id/server/doc/moa_id/id-admin.htm b/id/server/doc/moa_id/id-admin.htm
index 7192f02e2..7d014299e 100644
--- a/id/server/doc/moa_id/id-admin.htm
+++ b/id/server/doc/moa_id/id-admin.htm
@@ -311,7 +311,7 @@ Die Versionsangaben beziehen sich auf die Versionen, mit denen die MOA ID Webapp
 <td width="170" valign="top"><br /></td>
 <td valign="top">
 <hr />
-<div style="font-size:8pt; color:#909090">&copy; 2004</div>
+<div style="font-size:8pt; color:#909090">&copy; 2012</div>
 </td></tr></table>
 <br />
 
diff --git a/id/server/doc/moa_id/id-admin_1.htm b/id/server/doc/moa_id/id-admin_1.htm
index 9b18fcdbe..08a1acc73 100644
--- a/id/server/doc/moa_id/id-admin_1.htm
+++ b/id/server/doc/moa_id/id-admin_1.htm
@@ -539,7 +539,7 @@ Wenn nun versucht wird, eine Transaktion mit einer ung&uumlltigen SessionID fort
 <td width="170" valign="top"><br /></td>
 <td valign="top">
 <hr />
-<div style="font-size:8pt; color:#909090">&copy; 2010</div>
+<div style="font-size:8pt; color:#909090">&copy; 2012</div>
 </td></tr></table>
 <br />
 
diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm
index ea4874edd..8a217bfcc 100644
--- a/id/server/doc/moa_id/id-admin_2.htm
+++ b/id/server/doc/moa_id/id-admin_2.htm
@@ -613,8 +613,9 @@ Hinweis: Um den Online-Vollmachten Modus f&uuml;r eine Online Applikation zu akt
                               Anmeldedaten aufzunehmen.
                               Alle Attribute sind optional und haben den Default-Wert
                               <tt>false</tt>.                            <br>
-                            Das Attribut <tt id="provideStammzahlOA2">provideFullMandatorData</tt> bestimmt ob bei einer Vollmachten-Anmeldung die vollst&auml;ndigen Vollmacht in der SAML Assertion mitgegeben wird oder nur die Basisdaten wie Name, Geburtsdatum und bPK des  Vertreters (bzw. Organwalter/PV) sowie Name, Geburtsdatum und bPK (bzw. Name  und Stammzahl bei juristischen Personen) des Vertretenen in der Assertion  &uuml;bermittelt. Bei <tt id="provideStammzahlOA3">provideFullMandatorData=false</tt> werden nur die Basisdaten &uuml;bermittelt (Defaulteinstellung). Bei <tt id="provideStammzahlOA4">provideFullMandatorData=true</tt> wird zus&auml;tzlich die gesamte Vollmacht &uuml;bergeben. </p>
-<p><b>Anmerkung</b>: Das Attribut <tt>provideStammzahl</tt> steht in keinem
+                            Das Attribut <tt id="provideStammzahlOA2">provideFullMandatorData</tt> bestimmt ob bei einer Vollmachten-Anmeldung die vollst&auml;ndigen Vollmacht in der SAML Assertion mitgegeben wird oder nur die Basisdaten wie Name, Geburtsdatum und bPK des  Vertreters (bzw. Organwalter/PV) sowie Name, Geburtsdatum und bPK (bzw. Name  und Stammzahl bei juristischen Personen) des Vertretenen in der Assertion  &uuml;bermittelt. Bei <tt id="provideStammzahlOA3">provideFullMandatorData=false</tt> werden nur die Basisdaten &uuml;bermittelt (Defaulteinstellung). Bei <tt id="provideStammzahlOA4">provideFullMandatorData=true</tt> wird zus&auml;tzlich die gesamte Vollmacht &uuml;bergeben.<br>
+                            Das Attribut <tt id="provideStammzahlOA5">useUTC</tt> bestimmt ob IssueInstant in der SAML Assertion als UTC (2012-01-26T18:38:35Z, <tt id="provideStammzahlOA8">useUTC=true</tt>) oder dem Default-Format (z.B.: 2012-01-26T19:38:35+01:00,  <tt id="provideStammzahlOA9">useUTC=false</tt>) angegeben wird. </p>
+      <p><b>Anmerkung</b>: Das Attribut <tt>provideStammzahl</tt> steht in keinem
                               Zusammenhang zum gleichnamigen Attribut
                               <a href="#provideStammzahlVI">VerifyInfoboxes/@provideStammzahl</a>,
                               das angibt ob die Stammzahl an eine <i>Pr&uuml;fapplikation</i> weitergegeben
@@ -921,7 +922,8 @@ Hinweis: Um den Online-Vollmachten Modus f&uuml;r eine Online Applikation zu akt
                               <br />
                               Mit Hilfe dieses Elements werden die Online-Vollmachten f&uuml;r die Online-Applikation aktiviert. 
                               Als Kindelement muss <tt>Profiles</tt> angegeben werden. Dieses Element beinhaltet eine (Komma-separierte)
-                              Liste von Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann.<br/>
+                              Liste von Vollmachten-Profilen, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann.
+                              Unter <a href="https://vollmachten.stammzahlenregister.gv.at/mis/" target="_blank">https://vollmachten.stammzahlenregister.gv.at/mis/</a> finden Sie eine Liste der unterstützen Vollmachten-Profile.<br/>
                               Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfiguriert werden - siehe <a href="#AuthComponent_OnlineMandates">hier</a>                              
 </p>                            
                             
@@ -1453,7 +1455,7 @@ Im Falle einer fehlerhaften neuen Konfiguration wird die urspr&uuml;ngliche Konf
 <td width="170" valign="top"><br /></td>
 <td valign="top">
 <hr />
-<div style="font-size:8pt; color:#909090">&copy; 2010</div>
+<div style="font-size:8pt; color:#909090">&copy; 2012</div>
 </td></tr></table>
 <br />
 
diff --git a/id/server/doc/moa_id/id-admin_3.htm b/id/server/doc/moa_id/id-admin_3.htm
index 8b1c74e7c..5b95feca8 100644
--- a/id/server/doc/moa_id/id-admin_3.htm
+++ b/id/server/doc/moa_id/id-admin_3.htm
@@ -194,7 +194,7 @@ Um das Logging in die Datenbank Log4j bekannt zu machen, muss die Log4j-Konfigur
 <td width="170" valign="top"><br /></td>
 <td valign="top">
 <hr />
-<div style="font-size:8pt; color:#909090">&copy; 2004</div>
+<div style="font-size:8pt; color:#909090">&copy; 2012</div>
 </td></tr></table>
 <br />
 
diff --git a/id/server/doc/moa_id/id-anwendung.htm b/id/server/doc/moa_id/id-anwendung.htm
index d5057f854..c4cab64e1 100644
--- a/id/server/doc/moa_id/id-anwendung.htm
+++ b/id/server/doc/moa_id/id-anwendung.htm
@@ -94,7 +94,7 @@ Dies kann unter Mithilfe der Webapplikation MOA-ID-PROXY geschehen, die f&uuml;r
 <td width="170" valign="top"><br /></td>
 <td valign="top">
 <hr />
-<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
+<div style="font-size:8pt; color:#909090">&copy; 2012</div>
 </td></tr></table>
 <br />
 
diff --git a/id/server/doc/moa_id/id-anwendung_1.htm b/id/server/doc/moa_id/id-anwendung_1.htm
index 28f7a5979..ad45ff7e1 100644
--- a/id/server/doc/moa_id/id-anwendung_1.htm
+++ b/id/server/doc/moa_id/id-anwendung_1.htm
@@ -73,7 +73,7 @@ Projekt <span style="font-size:48pt; ">moa</span>&#160;
 Der Aufruf erfolgt durch einen Verweis der Form: </div>
 <pre>&lt;a href=&quot;https://&lt;moa-id-server-und-pfad&gt;/
 StartAuthentication?Target=&lt;gesch&auml;ftsbereich&gt;
-&OA=&lt;oa-url&gt;&Template=&lt;template-url&gt;&amp;useMandate=false&quot;&gt;</pre>
+&OA=&lt;oa-url&gt;&Template=&lt;template-url&gt;&amp;useMandate=false&amp;sourceID=&lt;sourceID&gt;&quot;&gt;</pre>
 <table border="1"><tbody valign="baseline">
 <tr>
 <td id="klein">&lt;moa-id-server-und-pfad&gt;</td><td id="klein">Server und Pfad, wo MOA-ID-AUTH installiert ist</td>
@@ -92,6 +92,10 @@ StartAuthentication?Target=&lt;gesch&auml;ftsbereich&gt;
   <td id="klein">useMandate=&lt;true/false&gt;</td>
   <td id="klein">optional; Gibt an ob eine Anmeldung im Online-Vollmachten-Modus durchgef&uuml;hrt werden soll (=true) oder nicht (=false);</td>
 </tr>
+<tr>
+  <td id="klein2">sourceID=&lt;sourceID&gt;</td>
+  <td id="klein2">optional; Gibt eine sourceID an, die (wenn sie gesetzt ist) in der SAML-Assertion aufscheint</td>
+</tr>
 </tbody>
 </table>
 <br/><br/>
@@ -204,7 +208,7 @@ Im folgenden Beispiel wird in den Java Truststore &quot;truststore.jks&quot; mit
 <td width="170" valign="top"><br /></td>
 <td valign="top">
 <hr />
-<div style="font-size:8pt; color:#909090">&copy; 2004</div>
+<div style="font-size:8pt; color:#909090">&copy; 2012</div>
 </td></tr></table>
 <br />
 
diff --git a/id/server/doc/moa_id/id-anwendung_2.htm b/id/server/doc/moa_id/id-anwendung_2.htm
index df8b10aad..4e2e89d74 100644
--- a/id/server/doc/moa_id/id-anwendung_2.htm
+++ b/id/server/doc/moa_id/id-anwendung_2.htm
@@ -237,8 +237,7 @@ Falls n&ouml;tig, kann eine ma
 <td width="170" valign="top"><br /></td>
 <td valign="top">
 <hr />
-<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
-</td></tr></table>
+<div style="font-size:8pt; color:#909090">&copy; 2012</div></td></tr></table>
 <br />
 
 
diff --git a/id/server/doc/moa_id/links.htm b/id/server/doc/moa_id/links.htm
index ef6c09083..2956c6263 100644
--- a/id/server/doc/moa_id/links.htm
+++ b/id/server/doc/moa_id/links.htm
@@ -134,8 +134,7 @@ MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Tr
 <td width="170" valign="top"><br /></td>
 <td valign="top">
 <hr />
-<div style="font-size:8pt; color:#909090">&copy; 2010
-  <!-- Development Center, BRZ GmbH --></div>
+<div style="font-size:8pt; color:#909090">&copy; 2012</div>
 </td></tr></table>
 <br />
 
diff --git a/id/server/doc/moa_id/moa.htm b/id/server/doc/moa_id/moa.htm
index 94f4a35ea..09fb1c5b6 100644
--- a/id/server/doc/moa_id/moa.htm
+++ b/id/server/doc/moa_id/moa.htm
@@ -247,7 +247,7 @@ an den Benutzer weitergeleitet und die Anfragen des Benutzers an die OA weiterge
 <td width="170" valign="top"><br /></td>
 <td valign="top">
 <hr />
-<div style="font-size:8pt; color:#909090">&copy; 2010</div>
+<div style="font-size:8pt; color:#909090">&copy; 2012</div>
 </td></tr></table>
 <br />
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 68e6b950a..a68dca65a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -24,11 +24,15 @@
 
 package at.gv.egovernment.moa.id.auth;
 
+import iaik.ixsil.exceptions.UtilsException;
+import iaik.ixsil.util.Utils;
 import iaik.pki.PKIException;
 import iaik.x509.X509Certificate;
 
 import java.io.ByteArrayInputStream;
 import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.security.Principal;
@@ -49,7 +53,6 @@ import org.apache.xpath.XPathAPI;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
 import org.xml.sax.SAXException;
 
 import at.gv.egovernment.moa.id.AuthenticationException;
@@ -114,7 +117,6 @@ import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.DateTimeUtils;
 import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 
 /**
@@ -305,7 +307,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
    * @param useMandate Indicates if mandate is used or not               
    * @param templateURL URL providing an HTML template for the HTML form generated
    * @param templateMandteURL URL providing an HTML template for the HTML form generated (for signing in mandates mode)
-   * @param scheme determines the protocol used 
+   * @param scheme determines the protocol used
+   * @param sourceID 
    * @return HTML form
    * @throws AuthenticationException
    * @see GetIdentityLinkFormBuilder
@@ -320,7 +323,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     String bkuURL,
     String useMandate,
     String sessionID,
-    String scheme)
+    String scheme, 
+    String sourceID)
     throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
 
 	  String useMandateString = null;
@@ -381,7 +385,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
       session.setAuthURL(authURL);
       session.setTemplateURL(templateURL);
-      session.setBusinessService(oaParam.getBusinessService());      
+      session.setBusinessService(oaParam.getBusinessService());
+      if (sourceID != null)
+    	  session.setSourceID(sourceID);
     }
     // BKU URL has not been set yet, even if session already exists
     if (bkuURL == null) {
@@ -510,17 +516,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     }
        
     // for testing new identity link certificate
-    // https://localhost:8443/moa-id-auth/StartAuthentication?Target=AR&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample
 //    xmlInfoboxReadResponse = null;
 //    try {
-//    File file = new File("c:/temp/xxxMuster-new-cert_infobox.xml");
+//    File file = new File("c:/temp/XXXMuster.xml");
 //    FileInputStream fis;
 //	
 //		fis = new FileInputStream(file);
 //		byte[] array = Utils.readFromInputStream(fis);
 //    
 //    xmlInfoboxReadResponse = new String(array);
-//    //System.out.println(xmlInfoboxReadResponse);
+//    System.out.println(xmlInfoboxReadResponse);
 //    
 //    } catch (FileNotFoundException e) {
 //		// TODO Auto-generated catch block
@@ -529,7 +534,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 //		// TODO Auto-generated catch block
 //		e.printStackTrace();
 //	}
-//    
+    
  	
     
  // parses the <InfoboxReadResponse>
@@ -687,7 +692,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     
 
     // builds the AUTH-block
-    String authBlock = buildAuthenticationBlock(session);
+    String authBlock = buildAuthenticationBlock(session, oaParam);
     
 //    session.setAuthBlock(authBlock);
     // builds the <CreateXMLSignatureRequest>
@@ -871,14 +876,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
    * @throws BuildException If an error occurs on serializing an extended SAML attribute 
    *                        to be appended to the AUTH-Block.
    */
-  private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException {
+  private String buildAuthenticationBlock(AuthenticationSession session, OAAuthParameter oaParam) throws BuildException {
      IdentityLink identityLink = session.getIdentityLink();
      String issuer = identityLink.getName();
        String gebDat = identityLink.getDateOfBirth();
      String identificationValue = identityLink.getIdentificationValue();
      String identificationType = identityLink.getIdentificationType();
 
-     String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+    String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), oaParam.getUseUTC());
     session.setIssueInstant(issueInstant);
     String authURL = session.getAuthURL();
     String target = session.getTarget();
@@ -1418,6 +1423,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     // parses <CreateXMLSignatureResponse>
     CreateXMLSignatureResponse csresp =
       new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse();
+    
     try {
       String serializedAssertion = DOMUtils.serializeNode(csresp.getSamlAssertion());
       session.setAuthBlock(serializedAssertion);
@@ -1502,12 +1508,21 @@ public class AuthenticationServer implements MOAIDAuthConstants {
       }
     }
 
+    OAAuthParameter oaParam =
+        AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+          session.getPublicOAURLPrefix());
+    boolean useUTC = oaParam.getUseUTC();
     
     // builds authentication data and stores it together with a SAML artifact
-    AuthenticationData authData = buildAuthenticationData(session, vsresp);
+    AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC);
     
     if (session.getUseMandate()) {    	
     	// mandate mode
+    	//session.setAssertionAuthBlock(assertionAuthBlock)
+    	
+    	// set signer certificate
+    	session.setSignerCertificate(vsresp.getX509certificate());
+    	
     	return null;
     }
     else {
@@ -1521,6 +1536,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
               session.getBkuURL(),
               session.getAssertionSignerCertificateBase64(),
               session.getAssertionBusinessService(),
+              session.getSourceID(),
               session.getExtendedSAMLAttributesOA());
           authData.setSamlAssertion(samlAssertion);
           
@@ -1677,6 +1693,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     			session.getBkuURL(),
     			session.getAssertionSignerCertificateBase64(),
     			session.getAssertionBusinessService(),
+    			session.getSourceID(),
     			session.getExtendedSAMLAttributesOA());
     authData.setSamlAssertion(samlAssertion);
           
@@ -1772,9 +1789,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     }
 
     VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse();
-    X509Certificate cert = session.getForeignSignerCertificate();
+    X509Certificate cert = session.getSignerCertificate();
     vsresp.setX509certificate(cert);
-    AuthenticationData authData = buildAuthenticationData(session, vsresp);
+    
+    OAAuthParameter oaParam =
+        AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+          session.getPublicOAURLPrefix());
+    boolean useUTC = oaParam.getUseUTC();
+    AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC);
     
     
     String samlAssertion =
@@ -1786,6 +1808,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
           session.getBkuURL(),
           session.getAssertionSignerCertificateBase64(),
           session.getAssertionBusinessService(),
+          session.getSourceID(),
           session.getExtendedSAMLAttributesOA());
       authData.setSamlAssertion(samlAssertion);
       
@@ -1823,7 +1846,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
    */
   private AuthenticationData buildAuthenticationData(
     AuthenticationSession session,
-    VerifyXMLSignatureResponse verifyXMLSigResp)
+    VerifyXMLSignatureResponse verifyXMLSigResp, 
+    boolean useUTC)
     throws ConfigurationException, BuildException {
 
     IdentityLink identityLink = session.getIdentityLink();
@@ -1836,7 +1860,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     authData.setMinorVersion(0);
     authData.setAssertionID(Random.nextRandom());
     authData.setIssuer(session.getAuthURL());
-    authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
+    authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC));
     authData.setIdentificationType(identityLink.getIdentificationType());    
     authData.setGivenName(identityLink.getGivenName());
     authData.setFamilyName(identityLink.getFamilyName());
@@ -1845,6 +1869,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
     authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
     authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode());
     authData.setBkuURL(session.getBkuURL());
+    authData.setUseUTC(oaParam.getUseUTC());
     boolean provideStammzahl = oaParam.getProvideStammzahl();
     if (provideStammzahl) {
       authData.setIdentificationValue(identityLink.getIdentificationValue());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 260b3fd01..f3be98ef0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -43,6 +43,8 @@ public interface MOAIDAuthConstants {
   public static final String PARAM_OA = "OA";
   /** servlet parameter &quot;bkuURI&quot; */
   public static final String PARAM_BKU = "bkuURI";
+  /** servlet parameter &quot;sourceID&quot; */
+  public static final String PARAM_SOURCEID = "sourceID";  
   /** servlet parameter &quot;BKUSelectionTemplate&quot; */
   public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate";
   /** servlet parameter &quot;BKUSelectionTemplate&quot; */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
index 8af4e3af5..410d045f0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
@@ -57,6 +57,11 @@ public class AuthenticationAssertionBuilder {
   "   <saml:Attribute AttributeName=''{0}'' AttributeNamespace=''{1}''>" + NL +
   "     <saml:AttributeValue>{2}</saml:AttributeValue>" + NL +
   "   </saml:Attribute>"+ NL;
+  
+  protected static String SAML_ATTRIBUTE_NO_NAMESPACE =
+	  "   <saml:Attribute AttributeName=''{0}''>" + NL +
+	  "     <saml:AttributeValue>{1}</saml:AttributeValue>" + NL +
+	  "   </saml:Attribute>"+ NL;
 
   /**
    * Empty constructor
@@ -108,5 +113,26 @@ public class AuthenticationAssertionBuilder {
     }
    return sb.toString();
   }
+  
+  /**
+   * Builds the SAML attributes to be appended to the AUTHBlock or to the SAML assertion 
+   * delivered to the online application.
+   * The method traverses through the list of given SAML attribute objects and builds an 
+   * XML structure (String representation) for each of the attributes. 
+   * 
+   * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock or  
+   *                               to the SAML assertion delivered to the online application.
+   * @return                       A string representation including the XML structures of
+   *                               the SAML attributes.
+   *                               
+   * @throws ParseException        If an error occurs on serializing an SAML attribute.
+   */
+  protected String buildSourceIDSAMLAttributes(String sourceID) throws ParseException {
+    StringBuffer sb = new StringBuffer();
+    if (sourceID!=null)       
+          sb.append(MessageFormat.format( SAML_ATTRIBUTE_NO_NAMESPACE, new Object[] {"SourceID", sourceID}));
+
+    return sb.toString();
+  }
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index 367116c73..7032e09eb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -69,9 +69,10 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
       "   <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
       "     <saml:AttributeValue>{9}</saml:AttributeValue>" + NL +
       "   </saml:Attribute>" + NL +
-	  "{10}" + 
-      "{11}" +
+      "{10}" +      
+	  "{11}" + 
       "{12}" +
+      "{13}" +      
 	  "	</saml:AttributeStatement>" + NL +
 	  "</saml:Assertion>";
 	
@@ -103,9 +104,10 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
       "   <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
       "     <saml:AttributeValue>{10}</saml:AttributeValue>" + NL +
       "   </saml:Attribute>" + NL +
-	  "{11}" + 
-      "{12}" +
+      "{11}" +
+	  "{12}" + 
       "{13}" +
+      "{14}" +
 	  "	</saml:AttributeStatement>" + NL +
 	  "</saml:Assertion>";
 	/**
@@ -156,6 +158,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
     String bkuURL,
     String signerCertificateBase64,
     boolean businessService,
+    String sourceID,
     List extendedSAMLAttributes) 
   throws BuildException 
   {
@@ -195,6 +198,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
   	String assertion;
     try {
     	
+   	
       assertion = MessageFormat.format(AUTH_DATA, new Object[] {
         authData.getAssertionID(), 
         authData.getIssuer(), 
@@ -206,6 +210,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
         StringUtils.removeXMLDeclaration(xmlPersonData), 
         isQualifiedCertificate,
         bkuURL,
+        buildSourceIDSAMLAttributes(sourceID),
         publicAuthorityAttribute,
         signerCertificateAttribute,
         buildExtendedSAMLAttributes(extendedSAMLAttributes)});
@@ -244,6 +249,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
     String bkuURL,
     String signerCertificateBase64,
     boolean businessService,
+    String sourceID,
     List extendedSAMLAttributes) 
   throws BuildException 
   {
@@ -295,6 +301,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
         StringUtils.removeXMLDeclaration(xmlMandateData),
         isQualifiedCertificate,
         bkuURL,
+        buildSourceIDSAMLAttributes(sourceID),
         publicAuthorityAttribute,
         signerCertificateAttribute,
         buildExtendedSAMLAttributes(extendedSAMLAttributes)});
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 3ab8ff819..5a18b720b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -62,6 +62,11 @@ public class AuthenticationSession {
 	 * Friendly name for the target, if target is configured via MOA-ID configuration
 	 */
 	private String targetFriendlyName;
+	
+	/**
+	 * SourceID
+	 */
+	private String sourceID;
 	/**
 	 * Indicates if target from configuration is used or not
 	 */
@@ -155,7 +160,7 @@ public class AuthenticationSession {
     private boolean businessService;
     
     /**
-     * Signer certificate of the foreign citizen
+     * Signer certificate of the foreign citizen or for mandate mode
      */
     private X509Certificate signerCertificate;
   /**
@@ -212,11 +217,11 @@ public class AuthenticationSession {
     infoboxValidators = new ArrayList();
   }
 
-  public X509Certificate getForeignSignerCertificate() {
+  public X509Certificate getSignerCertificate() {
 	  return signerCertificate;
   }
   
-  public void setForeignSignerCertificate(X509Certificate signerCertificate) {
+  public void setSignerCertificate(X509Certificate signerCertificate) {
 	  this.signerCertificate = signerCertificate;
   }
   
@@ -284,6 +289,14 @@ public class AuthenticationSession {
     return target;
   }
   
+  /**
+   * Returns the sourceID.
+   * @return String
+   */
+  public String getSourceID() {
+    return sourceID;
+  }
+  
   /**
    * Returns the target friendly name.
    * @return String
@@ -332,6 +345,15 @@ public class AuthenticationSession {
       this.target = target;
     }
   }
+  
+  /**
+   * Sets the sourceID
+   * @param sourceID The sourceID to set
+   */
+  public void setSourceID(String sourceID) {
+    this.sourceID = sourceID;
+  }
+  
   /**
    * Sets the target. If the target includes the target prefix, the prefix will be stripped off.
    * @param target The target to set
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
index da5ad6ab9..b5c72ef9f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
@@ -87,6 +87,7 @@ public class GetAuthenticationDataService implements Constants {
 		String statusMessageCode = null;
     String statusMessage = null;
 		String samlAssertion = "";
+		boolean useUTC = false;
 		if (requests.length > 1) {
 			// more than 1 request given as parameter
 			statusCode = "samlp:Requester";
@@ -113,8 +114,11 @@ public class GetAuthenticationDataService implements Constants {
                     requestID = request.getAttribute("RequestID");
 					String samlArtifact = DOMUtils.getText(samlArtifactElem);
 					try {
+						
             AuthenticationData authData = AuthenticationServer.getInstance().
   						getAuthenticationData(samlArtifact);
+                        
+            useUTC = authData.getUseUTC();
             // success
             samlAssertion = authData.getSamlAssertion();
             statusCode = "samlp:Success";
@@ -135,12 +139,13 @@ public class GetAuthenticationDataService implements Constants {
 	    }
 		}
     try {
-			String responseID = Random.nextRandom();
-			String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+			String responseID = Random.nextRandom();			
+			String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC);
       if (statusMessage == null)
 			  statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null);
 	    responses[0] = new SAMLResponseBuilder().build(
 	    	responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion);
+    
   	}
     catch (MOAIDException e) {
 	    AxisFault fault = AxisFault.makeFault(e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index ca3883dad..431af3c31 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -79,21 +79,22 @@ public class StartAuthenticationServlet extends AuthServlet {
     authURL = authURL.concat(req.getContextPath() + "/");
 
     String target = req.getParameter(PARAM_TARGET);
+    String sourceID = req.getParameter(PARAM_SOURCEID);
     String oaURL = req.getParameter(PARAM_OA);
     String bkuURL = req.getParameter(PARAM_BKU);
     String templateURL = req.getParameter(PARAM_TEMPLATE);
     String sessionID = req.getParameter(PARAM_SESSIONID);
     String useMandate = req.getParameter(PARAM_USEMANDATE);
     
-    
     // escape parameter strings
     target = StringEscapeUtils.escapeHtml(target);
+    sourceID = StringEscapeUtils.escapeHtml(sourceID);
     oaURL = StringEscapeUtils.escapeHtml(oaURL);
     bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
     templateURL = StringEscapeUtils.escapeHtml(templateURL);
     sessionID = StringEscapeUtils.escapeHtml(sessionID);
     useMandate = StringEscapeUtils.escapeHtml(useMandate);
-       
+    
     resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
     resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
     resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
@@ -111,7 +112,9 @@ public class StartAuthenticationServlet extends AuthServlet {
 		    if (!ParamValidatorUtils.isValidSessionID(sessionID))
              throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
 		    if (!ParamValidatorUtils.isValidUseMandate(useMandate))
-	             throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+	             throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");		    
+		    if (!ParamValidatorUtils.isValidSourceID(sourceID))
+	             throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
 		    
 		    OAAuthParameter oaParam =
 		          AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
@@ -130,11 +133,11 @@ public class StartAuthenticationServlet extends AuthServlet {
 		    	if (!ParamValidatorUtils.isValidTarget(target))
 		    		throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
 		    	
-		    	getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme());
+		    	getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID);
 		    }
 		    else {
 		    	// use target from config			    	
-		    	getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, targetConfig, targetFriendlyNameConfig, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme());
+		    	getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, targetConfig, targetFriendlyNameConfig, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID);
 		    }
 
 			resp.setContentType("text/html;charset=UTF-8");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index f7f9d8fed..17cbe7a3d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -24,26 +24,40 @@
 
 package at.gv.egovernment.moa.id.auth.servlet;
 
+import iaik.pki.PKIException;
+import iaik.x509.X509Certificate;
+
 import java.io.IOException;
+import java.security.GeneralSecurityException;
 import java.util.Map;
 
+import javax.net.ssl.SSLSocketFactory;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
 
 import org.apache.commons.fileupload.FileUploadException;
 import org.apache.commons.lang.StringEscapeUtils;
+import org.w3c.dom.Element;
 
+import at.gv.egovernment.moa.id.AuthenticationException;
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.URLEncoder;
 
 /**
@@ -143,27 +157,31 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
 			String samlArtifactBase64 = 
 				AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
 			
+			
 			if (samlArtifactBase64 == null) { 
 				//mandate Mode
+			
+				callMISService(session, req, resp);
 				
-				Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+				//Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
     			
-     		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+     		   //String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
 
      		   // build dataurl
-     		   String dataurl =
-                 new DataURLBuilder().buildDataURL(
-                   session.getAuthURL(),
-                   REQ_VERIFY_CERTIFICATE,
-                   session.getSessionID());
+//     		   String dataurl =
+//                 new DataURLBuilder().buildDataURL(
+//                   session.getAuthURL(),
+//                   REQ_VERIFY_CERTIFICATE,
+//                   session.getSessionID());
            
           
      		  //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
      		  //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-     		  Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
-     		  ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+     		  //Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
+     		  //ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
 				
 			}
+			
 			if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
 			  redirectURL = session.getOAURLRequested();
   			if (!session.getBusinessService()) {
@@ -187,6 +205,78 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
 		}
 
   }
+  
+  /**
+   * Calls the MIS Service
+   * @param session
+ * @throws IOException 
+   */
+  private void callMISService(AuthenticationSession session, HttpServletRequest req, HttpServletResponse resp) throws IOException {
+	  
+	  try {
+		  AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
+		ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();	
+		SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
+		
+		// get identitity link as byte[]
+		Element elem = session.getIdentityLink().getSamlAssertion();
+		String s = DOMUtils.serializeNode(elem);
+		
+		System.out.println("IDL: " + s);
+		
+		byte[] idl = s.getBytes();
+		
+		// redirect url
+		// build redirect(to the GetMISSessionIdSerlvet)
+        String redirectURL =
+              new DataURLBuilder().buildDataURL(
+                session.getAuthURL(),
+                GET_MIS_SESSIONID,
+                session.getSessionID());
+		
+        String oaURL = session.getOAURLRequested();
+        OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
+        String profiles = oaParam.getMandateProfiles();
+
+        if (profiles == null) {
+      	  Logger.error("No Mandate/Profile for OA configured.");
+      	  throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
+        }
+        
+        String profilesArray[] = profiles.split(",");  	 		 
+        for(int i = 0; i < profilesArray.length; i++) {
+      	  profilesArray[i] = profilesArray[i].trim();
+        }
+        
+        String oaFriendlyName = oaParam.getFriendlyName();
+        String mandateReferenceValue = session.getMandateReferenceValue();
+        X509Certificate cert = session.getSignerCertificate();
+        MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory);
+        String redirectMISGUI = misSessionID.getRedirectURL();
+        
+        if (misSessionID == null) {
+      	  Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
+      	  throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
+        }
+        
+        session.setMISSessionID(misSessionID.getSessiondId());
+	
+        resp.setStatus(302);
+    	  resp.addHeader("Location", redirectMISGUI);
+    	  Logger.debug("REDIRECT TO: " + redirectURL);
+	  }
+	  catch (MOAIDException ex) {
+	      handleError(null, ex, req, resp);
+	    } catch (GeneralSecurityException ex) {
+	    	handleError(null, ex, req, resp);
+		} catch (PKIException e) {
+			handleError(null, e, req, resp);
+		} catch (MISSimpleClientException e) {
+			handleError(null, e, req, resp);
+		} catch (TransformerException e) {
+			handleError(null, e, req, resp);
+		} 
+  }
   /**
    * Adds a parameter to a URL.
    * @param url the URL
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index acf8b0b64..27f956c40 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -146,56 +146,8 @@ public class VerifyCertificateServlet extends AuthServlet {
 	    	
 	    	
 	    	if (useMandate) {
-	    		// Mandate Modus	    	
-	    		// make request to MIS
-	    		
-	    		AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
-    			ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();	
-    			SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
-    			
-    			// get identitity link as byte[]
-    			Element elem = session.getIdentityLink().getSamlAssertion();
-    			String s = DOMUtils.serializeNode(elem);
-    			byte[] idl = s.getBytes();
-    			
-    			// redirect url
-    			// build redirect(to the GetMISSessionIdSerlvet)
-    	          String redirectURL =
-    	                new DataURLBuilder().buildDataURL(
-    	                  session.getAuthURL(),
-    	                  GET_MIS_SESSIONID,
-    	                  session.getSessionID());
-    			
-    	          String oaURL = session.getOAURLRequested();
-    	          OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
-    	          String profiles = oaParam.getMandateProfiles();
-
-    	          if (profiles == null) {
-    	        	  Logger.error("No Mandate/Profile for OA configured.");
-    	        	  throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
-    	          }
-    	          
-    	          String profilesArray[] = profiles.split(",");  	 		 
-    	          for(int i = 0; i < profilesArray.length; i++) {
-    	        	  profilesArray[i] = profilesArray[i].trim();
-    	          }
-    	          
-    	          String oaFriendlyName = oaParam.getFriendlyName();
-    	          String mandateReferenceValue = session.getMandateReferenceValue();
-    	          MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory);
-    	          String redirectMISGUI = misSessionID.getRedirectURL();
-    	          
-    	          if (misSessionID == null) {
-    	        	  Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
-    	        	  throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
-    	          }
-    	          
-    	          session.setMISSessionID(misSessionID.getSessiondId());
-    		
-    	          resp.setStatus(302);
-  		    	  resp.addHeader("Location", redirectMISGUI);
-  		    	  Logger.debug("REDIRECT TO: " + redirectURL);
-    	          
+	    		Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
+    			throw new AuthenticationException("auth.13", null);    	          
 	    	}
 	    	else {
 	    		// Foreign Identities Modus	
@@ -218,15 +170,7 @@ public class VerifyCertificateServlet extends AuthServlet {
 	    }
 	    catch (MOAIDException ex) {
 	      handleError(null, ex, req, resp);
-	    } catch (GeneralSecurityException ex) {
-	    	handleError(null, ex, req, resp);
-		} catch (PKIException e) {
-			handleError(null, e, req, resp);
-		} catch (MISSimpleClientException e) {
-			handleError(null, e, req, resp);
-		} catch (TransformerException e) {
-			handleError(null, e, req, resp);
-		} 
+	    } 
   }
     
   /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 6d4a21674..fc5d82936 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -150,7 +150,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
     		   // create the InfoboxReadRequest to get the certificate
     		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
 
-    		   // build dataurl (to the GetForeignIDSerlvet)
+    		   // build dataurl (to the VerifyCertificateSerlvet)
           String dataurl =
                 new DataURLBuilder().buildDataURL(
                   session.getAuthURL(),
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index 7fe85cfae..8cc51bf93 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -579,6 +579,7 @@ public class ConfigurationBuilder {
         oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink")));
         oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate")));
         oap.setProvideFullMandatorData(BoolUtils.valueOf(authComponent.getAttribute("provideFullMandatorData")));
+        oap.setUseUTC(BoolUtils.valueOf(authComponent.getAttribute("useUTC")));
         oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL));
         oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL));        
       
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index f85666acf..65e21cbce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -84,6 +84,9 @@ public class OAAuthParameter extends OAParameter {
    * determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data 
    */
   private boolean provideFullMandatorData;
+  
+  /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/
+  private boolean useUTC;
   /**
    * url to a template for web page "Auswahl der B&uuml;rgerkartenumgebung"
    */
@@ -191,6 +194,14 @@ public class OAAuthParameter extends OAParameter {
     return provideFullMandatorData;
   }
   
+  /**
+   * Returns <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>.
+   * @return <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>.
+   */
+  public boolean getUseUTC() {
+    return useUTC;
+  }
+  
 
 /**
       * Returns the key box identifier.
@@ -305,6 +316,16 @@ public class OAAuthParameter extends OAParameter {
   public void setProvideFullMandatorData(boolean provideFullMandatorData) {
     this.provideFullMandatorData = provideFullMandatorData;
   }
+  
+  /**
+   * Sets the useUTC variable.
+   * @param useUTC The useUTC value to set
+   */
+  public void setUseUTC(boolean useUTC) {
+    this.useUTC = useUTC;
+  } 
+  
+  
 
    /**
     * Sets the key box identifier.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 44eb98dad..79f3b4e30 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -107,6 +107,9 @@ public class AuthenticationData {
    * the corresponding <code>lt;saml:Assertion&gt;</code>
    */
   private String samlAssertion;
+  
+  /** useUTC */
+  private boolean useUTC;
   /**
    * creation timestamp
    */
@@ -166,6 +169,14 @@ public class AuthenticationData {
   public String getWBPK() {
     return wbPK;
   }
+  
+  /**
+   * Returns useUTC
+   * @return useUTC
+   */
+  public boolean getUseUTC() {
+	  return useUTC;
+  }
 
   /**
    * Sets the minorVersion.
@@ -215,6 +226,10 @@ public class AuthenticationData {
     this.wbPK = wbPK;
   }
 
+  public void setUseUTC(boolean useUTC) {
+	  this.useUTC = useUTC;
+  }
+  
   /**
    * Returns the assertionID.
    * @return String
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
index 5ce952662..2493f42b8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
@@ -63,7 +63,7 @@ public class SAMLRequestBuilder implements Constants {
    */
   public Element build(String requestID, String samlArtifactBase64) throws BuildException {
   	try {
-  		String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+  		String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), true);
   		String request = MessageFormat.format(REQUEST, new Object[] {requestID, issueInstant, samlArtifactBase64});
   		Element requestElem = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
 	  	return requestElem;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 8c3bccab3..fa220d13d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -75,6 +75,36 @@ public class ParamValidatorUtils {
     	  return false;  
       }
             
+   }
+   
+   /**
+    * Checks if the given target is valid
+    * @param sourceID HTTP parameter from request
+    * @return 
+    */
+   public static boolean isValidSourceID(String sourceID) {
+   
+	   Logger.debug("Überprüfe Parameter sourceID");
+	   
+      // if non parameter is given return true
+      if (sourceID == null) {
+    	  Logger.debug("Parameter Target ist null");
+    	  return true;
+      }
+         
+      
+      Pattern pattern = Pattern.compile("[\\w-_]{1,50}");
+      Matcher matcher = pattern.matcher(sourceID);
+      boolean b = matcher.matches();
+      if (b) {
+    	Logger.debug("Parameter sourceID erfolgreich überprüft");
+    	return true;
+      }
+      else {
+    	  Logger.error("Fehler Überprüfung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-50 Zeichen lang)");
+    	  return false;  
+      }
+            
    }
    
    /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index 1181253f1..620919c61 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -149,7 +149,8 @@ public class MISSimpleClient {
 			Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
 			Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest");
 			Element idlElement = doc.createElementNS(MIS_NS, "IdentityLink");
-	    
+	    
+			
 			idlElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(idl))));
 			mirElement.appendChild(idlElement);
 
@@ -237,7 +238,18 @@ public class MISSimpleClient {
 		}
 	}
 	
-	private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException {
+	private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException {
+		
+//		try {
+//			System.out.println("REQUEST-MIS: \n"  + DOMUtils.serializeNode(request));
+//		} catch (TransformerException e1) {
+//			// TODO Auto-generated catch block
+//			e1.printStackTrace();
+//		} catch (IOException e1) {
+//			// TODO Auto-generated catch block
+//			e1.printStackTrace();
+//		}
+		
 		if (webServiceURL == null) {
 			throw new NullPointerException("Argument webServiceURL must not be null.");
 		}
@@ -249,7 +261,8 @@ public class MISSimpleClient {
 			PostMethod post = new PostMethod(webServiceURL);
 			StringRequestEntity re = new StringRequestEntity(DOMUtils.serializeNode(packIntoSOAP(request)),"text/xml", "UTF-8");
 			post.setRequestEntity(re);
-			int responseCode = httpclient.executeMethod(post);			
+			int responseCode = httpclient.executeMethod(post);
+			
 			if (responseCode != 200) {
 				throw new MISSimpleClientException("Invalid HTTP response code " + responseCode);
 			}
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
index fcf7477c5..818773794 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
@@ -47,7 +47,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
         "http://localhost:9080/", //oaURL
         "file:" + findXmldata("AuthTemplate.html"), 
         "http://localhost:3495/http-security-layer-request",
-         null, null, null);
+         null, null, null, null);
       htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
       //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
       assertEquals(readXmldata("htmlForm.html"),htmlForm);
@@ -66,7 +66,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
         null,
         "http://localhost:9080/", //oaURL
         null, 
-        "http://localhost:3495/http-security-layer-request", null, null, null);
+        "http://localhost:3495/http-security-layer-request", null, null, null, null);
       htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
       //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
       assertEquals(readXmldata("htmlForm.html"),htmlForm);
@@ -87,7 +87,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
         "file:" + findXmldata("AuthTemplate.html"), 
          null,
          null,
-         null, null);
+         null, null, null);
       htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
       //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
       assertEquals(readXmldata("htmlForm.html"),htmlForm);
@@ -106,7 +106,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
         "gb", //target
         null,
         "http://localhost:9080/", //oaURL
-        null, null, null, null, null);
+        null, null, null, null, null, null);
         //assertEquals("",htmlForm);  
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
@@ -126,7 +126,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
       try {
         server.startAuthentication("http://localhost:8080/auth", //authURL
         "gb", null, "http://localhost:9080/", //oaURL
-        null, null, null, null, null);
+        null, null, null, null, null, null);
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
       }
@@ -144,7 +144,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
       try {
         server.startAuthentication("https://localhost:8443/auth", //authURL
         "gb", null, "http://host_not_in_config/", //oaURL
-        null, null, null, null, null);
+        null, null, null, null, null, null);
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
       }
@@ -163,7 +163,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
       try {
         server.startAuthentication("https://localhost:8443/auth", //authURL
         "gb", null, null, //oaURL
-        null, null, null, null, null);
+        null, null, null, null, null, null);
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
       }
@@ -182,7 +182,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {
       try {
         server.startAuthentication("https://localhost:8443/auth", //authURL
         null, null, "http://localhost:9080/", //oaURL
-        null, null, null, null, null);
+        null, null, null, null, null, null);
         System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
         fail(this.getName() + " hat KEINE FEHLER geworfen");
       }
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java
index 6ebb3cf3e..d9cd13259 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java
@@ -598,7 +598,7 @@ public class Test300VerifyAuthBlock extends AbnahmeTestCase {
     authData.setMinorVersion(0);
     authData.setAssertionID(Random.nextRandom());
     authData.setIssuer(session.getAuthURL());
-    authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
+    authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance(), false));
     String vpkBase64 = new BPKBuilder().buildBPK(
       identityLink.getIdentificationValue(), session.getTarget());
     authData.setBPK(vpkBase64);
@@ -619,7 +619,7 @@ public class Test300VerifyAuthBlock extends AbnahmeTestCase {
         oaParam.getProvideIdentityLink() ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) : "";
       String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : "";
       String samlAssertion = new AuthenticationDataAssertionBuilder().build(
-        authData, prPerson, authBlock, ilAssertion, session.getBkuURL(), "", false, null);
+        authData, prPerson, authBlock, ilAssertion, session.getBkuURL(), "", false, null, null);
       authData.setSamlAssertion(samlAssertion);
       return authData;
     }
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java
index a66e6072c..fab258e09 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java
@@ -228,7 +228,7 @@ public class Test600GetAuthenticationDataService extends AbnahmeTestCase {
       String request =       
       "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"" +
       moaSessionID + "\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"" +
-      DateTimeUtils.buildDateTime(Calendar.getInstance())+"\">" +
+      DateTimeUtils.buildDateTime(Calendar.getInstance(), false)+"\">" +
       "</samlp:Request>";
       
       Element samlPRequest = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
index 69f33f82c..8e38c7673 100644
--- a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
+++ b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
@@ -142,7 +142,7 @@ public class AbnahmeTestCase extends MOAIDTestCase {
       null,
       null,
       null,
-      null);
+      null, null);
     String sessionID = parseSessionIDFromForm(htmlForm);
     return sessionID;
   }
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
index 052c1fed4..187f577a3 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
@@ -54,7 +54,7 @@ public class AuthenticationServerTest extends UnitTestCase {
   public void doTest(String testdataDirectory, String authURL, String target, String oaURL, String bkuURL, String templateURL) throws Exception {
   	String testdataRoot = TESTDATA_ROOT + "xmldata/" + testdataDirectory + "/";
   	AuthenticationServer server = AuthenticationServer.getInstance();
-  	String htmlForm = server.startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, null, null, null);
+  	String htmlForm = server.startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, null, null, null, null);
   	String sessionID = parseSessionIDFromForm(htmlForm);
   	String infoboxReadResponse = readFile(TESTDATA_ROOT + "xmldata/testperson1/" + "InfoboxReadResponse.xml");
     HashMap parameters = new HashMap(1);
-- 
cgit v1.2.3