From b232b84093993571da6efa97c25e1724370d6a6d Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 12 Jun 2019 13:47:10 +0200
Subject: update handbook

---
 id/server/doc/handbook_v4/spec/MOA ID 1.x.wsdl     |  41 ++
 id/server/doc/handbook_v4/spec/MOA-SPSS-1.3.pdf    | Bin 0 -> 146062 bytes
 id/server/doc/handbook_v4/spec/MOA-SPSS-2.0.0.pdf  | Bin 0 -> 288576 bytes
 id/server/doc/handbook_v4/spec/MOA-SPSS-2.0.0.wsdl | 128 +++++
 id/server/doc/handbook_v4/spec/MOA-SPSS-2.0.0.xsd  | 572 +++++++++++++++++++++
 .../doc/handbook_v4/spec/MOA_ID_1.2_20040315.pdf   | Bin 0 -> 577309 bytes
 .../doc/handbook_v4/spec/MOA_ID_1.3_20060315.pdf   | Bin 0 -> 355156 bytes
 .../doc/handbook_v4/spec/MOA_ID_1.4_20070802.pdf   | Bin 0 -> 239502 bytes
 .../doc/handbook_v4/spec/MOA_ID_1.4_Anhang.pdf     | Bin 0 -> 286834 bytes
 .../doc/handbook_v4/spec/MOA_ID_1.5_Anhang.pdf     | Bin 0 -> 134176 bytes
 id/server/doc/handbook_v4/spec/OID-1-0-3.pdf       | Bin 0 -> 347041 bytes
 .../spec/cs-sstc-schema-assertion-01.xsd           | 194 +++++++
 .../spec/cs-sstc-schema-protocol-01.xsd            | 127 +++++
 13 files changed, 1062 insertions(+)
 create mode 100644 id/server/doc/handbook_v4/spec/MOA ID 1.x.wsdl
 create mode 100644 id/server/doc/handbook_v4/spec/MOA-SPSS-1.3.pdf
 create mode 100644 id/server/doc/handbook_v4/spec/MOA-SPSS-2.0.0.pdf
 create mode 100644 id/server/doc/handbook_v4/spec/MOA-SPSS-2.0.0.wsdl
 create mode 100644 id/server/doc/handbook_v4/spec/MOA-SPSS-2.0.0.xsd
 create mode 100644 id/server/doc/handbook_v4/spec/MOA_ID_1.2_20040315.pdf
 create mode 100644 id/server/doc/handbook_v4/spec/MOA_ID_1.3_20060315.pdf
 create mode 100644 id/server/doc/handbook_v4/spec/MOA_ID_1.4_20070802.pdf
 create mode 100644 id/server/doc/handbook_v4/spec/MOA_ID_1.4_Anhang.pdf
 create mode 100644 id/server/doc/handbook_v4/spec/MOA_ID_1.5_Anhang.pdf
 create mode 100644 id/server/doc/handbook_v4/spec/OID-1-0-3.pdf
 create mode 100644 id/server/doc/handbook_v4/spec/cs-sstc-schema-assertion-01.xsd
 create mode 100644 id/server/doc/handbook_v4/spec/cs-sstc-schema-protocol-01.xsd

(limited to 'id/server/doc/handbook_v4/spec')

diff --git a/id/server/doc/handbook_v4/spec/MOA ID 1.x.wsdl b/id/server/doc/handbook_v4/spec/MOA ID 1.x.wsdl
new file mode 100644
index 000000000..d83556540
--- /dev/null
+++ b/id/server/doc/handbook_v4/spec/MOA ID 1.x.wsdl	
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XML Spy v4.4 U (http://www.xmlspy.com) by patrick peck (anecon) -->
+<definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/ http://schemas.xmlsoap.org/wsdl/">
+	<import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="MOA-SPSS-2.0.0.xsd"/>
+	<message name="GetAuthenticationDataInput">
+		<part name="body" element="samlp:Request"/>
+	</message>
+	<message name="GetAuthenticationDataOutput">
+		<part name="body" element="samlp:Response"/>
+	</message>
+	<message name="MOAFault">
+		<part name="body" element="moa:ErrorResponse"/>
+	</message>
+	<portType name="IdentificationPortType">
+		<operation name="getAuthenticationData">
+			<input message="tns:GetAuthenticationDataInput"/>
+			<output message="tns:GetAuthenticationDataOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+	</portType>
+	<binding name="IdentificationBinding" type="tns:IdentificationPortType" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/soap/ http://schemas.xmlsoap.org/wsdl/soap/">
+		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+		<operation name="getAuthenticationData">
+			<soap:operation soapAction="urn:GetAuthenticationDataAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="MOAFault" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+	</binding>
+	<service name="GetAuthenticationDataService">
+		<port name="IdentificationPort" binding="tns:IdentificationBinding">
+			<soap:address location="http://localhost/Identification"/>
+		</port>
+	</service>
+</definitions>
diff --git a/id/server/doc/handbook_v4/spec/MOA-SPSS-1.3.pdf b/id/server/doc/handbook_v4/spec/MOA-SPSS-1.3.pdf
new file mode 100644
index 000000000..6709a4081
Binary files /dev/null and b/id/server/doc/handbook_v4/spec/MOA-SPSS-1.3.pdf differ
diff --git a/id/server/doc/handbook_v4/spec/MOA-SPSS-2.0.0.pdf b/id/server/doc/handbook_v4/spec/MOA-SPSS-2.0.0.pdf
new file mode 100644
index 000000000..1e65beca9
Binary files /dev/null and b/id/server/doc/handbook_v4/spec/MOA-SPSS-2.0.0.pdf differ
diff --git a/id/server/doc/handbook_v4/spec/MOA-SPSS-2.0.0.wsdl b/id/server/doc/handbook_v4/spec/MOA-SPSS-2.0.0.wsdl
new file mode 100644
index 000000000..4f9deee38
--- /dev/null
+++ b/id/server/doc/handbook_v4/spec/MOA-SPSS-2.0.0.wsdl
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- 
+  Web Service Description for MOA SP/SS 1.4
+-->
+<definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+	<import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-2.0.0.xsd"/>
+	<message name="CreateCMSSignatureInput">
+		<part name="body" element="moa:CreateCMSSignatureRequest"/>
+	</message>
+	<message name="CreateCMSSignatureOutput">
+		<part name="body" element="moa:CreateCMSSignatureResponse"/>
+	</message>
+	<message name="CreateXMLSignatureInput">
+		<part name="body" element="moa:CreateXMLSignatureRequest"/>
+	</message>
+	<message name="CreateXMLSignatureOutput">
+		<part name="body" element="moa:CreateXMLSignatureResponse"/>
+	</message>
+	<message name="VerifyCMSSignatureInput">
+		<part name="body" element="moa:VerifyCMSSignatureRequest"/>
+	</message>
+	<message name="VerifyCMSSignatureOutput">
+		<part name="body" element="moa:VerifyCMSSignatureResponse"/>
+	</message>
+	<message name="VerifyXMLSignatureInput">
+		<part name="body" element="moa:VerifyXMLSignatureRequest"/>
+	</message>
+	<message name="VerifyXMLSignatureOutput">
+		<part name="body" element="moa:VerifyXMLSignatureResponse"/>
+	</message>
+	<message name="MOAFault">
+		<part name="body" element="moa:ErrorResponse"/>
+	</message>
+	<portType name="SignatureCreationPortType">
+		<operation name="createXMLSignature">
+			<input message="tns:CreateXMLSignatureInput"/>
+			<output message="tns:CreateXMLSignatureOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+		<operation name="createCMSSignature">
+			<input message="tns:CreateCMSSignatureInput"/>
+			<output message="tns:CreateCMSSignatureOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+	</portType>
+	<portType name="SignatureVerificationPortType">
+		<operation name="verifyCMSSignature">
+			<input message="tns:VerifyCMSSignatureInput"/>
+			<output message="tns:VerifyCMSSignatureOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+		<operation name="verifyXMLSignature">
+			<input message="tns:VerifyXMLSignatureInput"/>
+			<output message="tns:VerifyXMLSignatureOutput"/>
+			<fault name="MOAFault" message="tns:MOAFault"/>
+		</operation>
+	</portType>
+	<binding name="SignatureCreationBinding" type="tns:SignatureCreationPortType">
+		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+		<operation name="createXMLSignature">
+			<soap:operation soapAction="urn:CreateXMLSignatureAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+		<operation name="createCMSSignature">
+			<soap:operation soapAction="urn:CreateCMSSignatureAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+	</binding>
+	<binding name="SignatureVerificationBinding" type="tns:SignatureVerificationPortType">
+		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+		<operation name="verifyCMSSignature">
+			<soap:operation soapAction="urn:VerifyCMSSignatureAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+		<operation name="verifyXMLSignature">
+			<soap:operation soapAction="urn:VerifyXMLSignatureAction"/>
+			<input>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</input>
+			<output>
+				<soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</output>
+			<fault name="MOAFault">
+				<soap:fault name="" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+			</fault>
+		</operation>
+	</binding>
+	<service name="SignatureCreationService">
+		<port name="SignatureCreationPort" binding="tns:SignatureCreationBinding">
+			<!--
+        Please note that the location URL must be adapted to the actual service URL.
+      <soap:address location="http://localhost/moa-spss/services/SignatureCreation"/>
+      -->
+		</port>
+	</service>
+	<service name="SignatureVerificationService">
+		<port name="SignatureVerificationPort" binding="tns:SignatureVerificationBinding">
+			<!--
+        Please note that the location URL must be adapted to the actual service URL.
+      <soap:address location="http://localhost/moa-spss/services/SignatureVerification"/>
+      -->
+		</port>
+	</service>
+</definitions>
diff --git a/id/server/doc/handbook_v4/spec/MOA-SPSS-2.0.0.xsd b/id/server/doc/handbook_v4/spec/MOA-SPSS-2.0.0.xsd
new file mode 100644
index 000000000..73d145ecf
--- /dev/null
+++ b/id/server/doc/handbook_v4/spec/MOA-SPSS-2.0.0.xsd
@@ -0,0 +1,572 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  MOA SP/SS 2.0.0 Schema
+-->
+<xsd:schema xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2">
+	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+	<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+	<!--########## Create CMS Signature ###-->
+	<!--### Create CMS Signature Request ###-->
+	<xsd:element name="CreateCMSSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreateCMSSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreateCMSSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="DataObjectInfo">
+							<xsd:complexType>
+								<xsd:complexContent>
+									<xsd:extension base="CMSDataObjectInfoType"/>
+								</xsd:complexContent>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create CMS Signature Response ###-->
+	<xsd:element name="CreateCMSSignatureResponse" type="CreateCMSSignatureResponseType"/>
+	<xsd:complexType name="CreateCMSSignatureResponseType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="CMSSignature" type="xsd:base64Binary">
+				<xsd:annotation>
+					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element ref="ErrorResponse"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<!--########## Create XML Signature ###-->
+	<!--### Create XML Signature Request ###-->
+	<xsd:element name="CreateXMLSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="CreateXMLSignatureRequestType"/>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="CreateXMLSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+			<xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+				<xsd:annotation>
+					<xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="DataObjectInfo" maxOccurs="unbounded">
+							<xsd:complexType>
+								<xsd:complexContent>
+									<xsd:extension base="DataObjectInfoType">
+										<xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>
+									</xsd:extension>
+								</xsd:complexContent>
+							</xsd:complexType>
+						</xsd:element>
+						<xsd:element name="CreateSignatureInfo" minOccurs="0">
+							<xsd:complexType>
+								<xsd:sequence>
+									<xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>
+									<xsd:choice>
+										<xsd:annotation>
+											<xsd:documentation>Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil</xsd:documentation>
+										</xsd:annotation>
+										<xsd:element ref="CreateSignatureEnvironmentProfile"/>
+										<xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>
+									</xsd:choice>
+								</xsd:sequence>
+							</xsd:complexType>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Create XML Signature Response ###-->
+	<xsd:complexType name="CreateXMLSignatureResponseType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="SignatureEnvironment">
+				<xsd:annotation>
+					<xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:any namespace="##any" processContents="lax"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element ref="ErrorResponse"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>
+	<!--########## Verify CMS Signature ###-->
+	<!--### Verifiy CMS Signature Request ###-->
+	<xsd:element name="VerifyCMSSignatureRequest">
+		<xsd:complexType>
+			<xsd:complexContent>
+				<xsd:extension base="VerifyCMSSignatureRequestType">
+					<xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
+				</xsd:extension>
+			</xsd:complexContent>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:complexType name="VerifyCMSSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="CMSSignature" type="xsd:base64Binary"/>
+			<xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify CMS Signature Response ###-->
+	<xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>
+	<xsd:complexType name="VerifyCMSSignatureResponseType">
+		<xsd:sequence maxOccurs="unbounded">
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="SignatureCheck" type="CheckResultType"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Verify XML Signature ###-->
+	<!--### Verify XML Signature Request ###-->
+	<xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>
+	<xsd:complexType name="VerifyXMLSignatureRequestType">
+		<xsd:sequence>
+			<xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+			<xsd:element name="VerifySignatureInfo">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>
+						<xsd:element name="VerifySignatureLocation" type="xsd:token"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:choice minOccurs="0" maxOccurs="unbounded">
+				<xsd:element ref="SupplementProfile"/>
+				<xsd:element name="SupplementProfileID" type="xsd:string"/>
+			</xsd:choice>
+			<xsd:element name="SignatureManifestCheckParams" minOccurs="0">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">
+							<xsd:annotation>
+								<xsd:documentation>Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.</xsd:documentation>
+							</xsd:annotation>
+						</xsd:element>
+					</xsd:sequence>
+					<xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="ReturnHashInputData" minOccurs="0"/>
+			<xsd:element name="TrustProfileID" type="xsd:token">
+				<xsd:annotation>
+					<xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--### Verify XML Signature Response ###-->
+	<xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>
+	<xsd:complexType name="VerifyXMLSignatureResponseType">
+		<xsd:sequence>
+			<xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+				<xsd:annotation>
+					<xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="HashInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="ReferenceInputData" type="InputDataType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
+			<xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
+			<xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
+			<xsd:element name="CertificateCheck" type="CheckResultType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:simpleType name="ProfileIdentifierType">
+		<xsd:restriction base="xsd:token"/>
+	</xsd:simpleType>
+	<xsd:complexType name="InputDataType">
+		<xsd:complexContent>
+			<xsd:extension base="ContentExLocRefBaseType">
+				<xsd:attribute name="PartOf" use="optional" default="SignedInfo">
+					<xsd:simpleType>
+						<xsd:restriction base="xsd:token">
+							<xsd:enumeration value="SignedInfo"/>
+							<xsd:enumeration value="XMLDSIGManifest"/>
+						</xsd:restriction>
+					</xsd:simpleType>
+				</xsd:attribute>
+				<xsd:attribute name="ReferringSigReference" type="xsd:nonNegativeInteger" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="MetaInfoType">
+		<xsd:sequence>
+			<xsd:element name="MimeType" type="MimeTypeType"/>
+			<xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>
+			<xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="FinalDataMetaInfoType">
+		<xsd:complexContent>
+			<xsd:extension base="MetaInfoType">
+				<xsd:sequence>
+					<xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>
+				</xsd:sequence>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="DataObjectInfoType">
+		<xsd:sequence>
+			<xsd:element name="DataObject">
+				<xsd:complexType>
+					<xsd:complexContent>
+						<xsd:extension base="ContentOptionalRefType"/>
+					</xsd:complexContent>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:choice>
+				<xsd:annotation>
+					<xsd:documentation>Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil</xsd:documentation>
+				</xsd:annotation>
+				<xsd:element ref="CreateTransformsInfoProfile"/>
+				<xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>
+			</xsd:choice>
+		</xsd:sequence>
+		<xsd:attribute name="Structure" use="required">
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="detached"/>
+					<xsd:enumeration value="enveloping"/>
+				</xsd:restriction>
+			</xsd:simpleType>
+		</xsd:attribute>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectInfoType">
+		<xsd:sequence>
+			<xsd:element name="DataObject">
+				<xsd:complexType>
+					<xsd:complexContent>
+						<xsd:extension base="CMSDataObjectRequiredMetaType"/>
+					</xsd:complexContent>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:sequence>
+		<xsd:attribute name="Structure" use="required">
+			<xsd:simpleType>
+				<xsd:restriction base="xsd:string">
+					<xsd:enumeration value="detached"/>
+					<xsd:enumeration value="enveloping"/>
+				</xsd:restriction>
+			</xsd:simpleType>
+		</xsd:attribute>
+	</xsd:complexType>
+	<xsd:complexType name="TransformsInfoType">
+		<xsd:sequence>
+			<xsd:element ref="dsig:Transforms" minOccurs="0"/>
+			<xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="XMLDataObjectAssociationType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+			<xsd:element name="Content" type="ContentRequiredRefType"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectOptionalMetaType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+			<xsd:element name="Content" type="CMSContentBaseType"/>
+			<xsd:element name="ExcludedByteRange" type="ExcludedByteRangeType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSDataObjectRequiredMetaType">
+		<xsd:sequence>
+			<xsd:element name="MetaInfo" type="MetaInfoType"/>
+			<xsd:element name="Content" type="CMSContentBaseType"/>
+			<xsd:element name="ExcludedByteRange" type="ExcludedByteRangeType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ExcludedByteRangeType">
+		<xsd:sequence>
+			<xsd:element name="From" type="xsd:unsignedLong"/>
+			<xsd:element name="To" type="xsd:unsignedLong"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="CMSContentBaseType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="CheckResultType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+			<xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="ReferencesCheckResultType">
+		<xsd:complexContent>
+			<xsd:restriction base="CheckResultType">
+				<xsd:sequence>
+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+					<xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">
+		<xsd:complexContent>
+			<xsd:restriction base="AnyChildrenType">
+				<xsd:sequence>
+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ManifestRefsCheckResultType">
+		<xsd:complexContent>
+			<xsd:restriction base="CheckResultType">
+				<xsd:sequence>
+					<xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+					<xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">
+		<xsd:complexContent>
+			<xsd:restriction base="AnyChildrenType">
+				<xsd:sequence>
+					<xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+					<xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>
+				</xsd:sequence>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<!--########## Error Response ###-->
+	<xsd:element name="ErrorResponse" type="ErrorResponseType">
+		<xsd:annotation>
+			<xsd:documentation>Resultat, falls die Signaturerstellung gescheitert ist</xsd:documentation>
+		</xsd:annotation>
+	</xsd:element>
+	<xsd:complexType name="ErrorResponseType">
+		<xsd:sequence>
+			<xsd:element name="ErrorCode" type="xsd:integer"/>
+			<xsd:element name="Info" type="xsd:string"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<!--########## Auxiliary Types ###-->
+	<xsd:simpleType name="KeyIdentifierType">
+		<xsd:restriction base="xsd:string"/>
+	</xsd:simpleType>
+	<xsd:simpleType name="KeyStorageType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="Software"/>
+			<xsd:enumeration value="Hardware"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:simpleType name="MimeTypeType">
+		<xsd:restriction base="xsd:token"/>
+	</xsd:simpleType>
+	<xsd:complexType name="AnyChildrenType" mixed="true">
+		<xsd:sequence>
+			<xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:complexType name="XMLContentType" mixed="true">
+		<xsd:complexContent>
+			<xsd:extension base="AnyChildrenType">
+				<xsd:attribute ref="xml:space" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentBaseType">
+		<xsd:choice minOccurs="0">
+			<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+			<xsd:element name="XMLContent" type="XMLContentType"/>
+			<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:complexType name="ContentExLocRefBaseType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentBaseType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="XMLContent" type="XMLContentType"/>
+				</xsd:choice>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentOptionalRefType">
+		<xsd:complexContent>
+			<xsd:extension base="ContentBaseType">
+				<xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="ContentRequiredRefType">
+		<xsd:complexContent>
+			<xsd:restriction base="ContentOptionalRefType">
+				<xsd:choice minOccurs="0">
+					<xsd:element name="Base64Content" type="xsd:base64Binary"/>
+					<xsd:element name="XMLContent" type="XMLContentType"/>
+					<xsd:element name="LocRefContent" type="xsd:anyURI"/>
+				</xsd:choice>
+				<xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>
+			</xsd:restriction>
+		</xsd:complexContent>
+	</xsd:complexType>
+	<xsd:complexType name="VerifyTransformsDataType">
+		<xsd:choice maxOccurs="unbounded">
+			<xsd:annotation>
+				<xsd:documentation>Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element ref="VerifyTransformsInfoProfile"/>
+			<xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">
+				<xsd:annotation>
+					<xsd:documentation>Profilbezeichner für einen Transformationsweg</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+		</xsd:choice>
+	</xsd:complexType>
+	<xsd:element name="QualifiedCertificate">
+		<xsd:complexType>
+			<xsd:attribute name="source" use="optional">
+				<xsd:simpleType>
+					<xsd:restriction base="xsd:token">
+						<xsd:enumeration value="TSL"/>
+						<xsd:enumeration value="Certificate"/>
+					</xsd:restriction>
+				</xsd:simpleType>
+			</xsd:attribute>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="SecureSignatureCreationDevice">
+		<xsd:complexType>
+			<xsd:attribute name="source" use="optional">
+				<xsd:simpleType>
+					<xsd:restriction base="xsd:token">
+						<xsd:enumeration value="TSL"/>
+						<xsd:enumeration value="Certificate"/>
+					</xsd:restriction>
+				</xsd:simpleType>
+			</xsd:attribute>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="IssuingCountry" type="xsd:token"/>
+	<xsd:element name="PublicAuthority" type="PublicAuthorityType"/>
+	<xsd:complexType name="PublicAuthorityType">
+		<xsd:sequence>
+			<xsd:element name="Code" type="xsd:string" minOccurs="0"/>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:simpleType name="SignatoriesType">
+		<xsd:union memberTypes="AllSignatoriesType">
+			<xsd:simpleType>
+				<xsd:list itemType="xsd:positiveInteger"/>
+			</xsd:simpleType>
+		</xsd:union>
+	</xsd:simpleType>
+	<xsd:simpleType name="AllSignatoriesType">
+		<xsd:restriction base="xsd:string">
+			<xsd:enumeration value="all"/>
+		</xsd:restriction>
+	</xsd:simpleType>
+	<xsd:complexType name="CreateSignatureLocationType">
+		<xsd:simpleContent>
+			<xsd:extension base="xsd:token">
+				<xsd:attribute name="Index" type="xsd:integer" use="required"/>
+			</xsd:extension>
+		</xsd:simpleContent>
+	</xsd:complexType>
+	<xsd:complexType name="TransformParameterType">
+		<xsd:choice minOccurs="0">
+			<xsd:annotation>
+				<xsd:documentation>Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.</xsd:documentation>
+			</xsd:annotation>
+			<xsd:element name="Base64Content" type="xsd:base64Binary">
+				<xsd:annotation>
+					<xsd:documentation>Der Transformationsparameter explizit angegeben.</xsd:documentation>
+				</xsd:annotation>
+			</xsd:element>
+			<xsd:element name="Hash">
+				<xsd:annotation>
+					<xsd:documentation>Der Hashwert des Transformationsparameters.</xsd:documentation>
+				</xsd:annotation>
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element ref="dsig:DigestMethod"/>
+						<xsd:element ref="dsig:DigestValue"/>
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:choice>
+		<xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
+	</xsd:complexType>
+	<xsd:element name="CreateSignatureEnvironmentProfile">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>
+				<xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="VerifyTransformsInfoProfile">
+		<xsd:annotation>
+			<xsd:documentation>Explizite Angabe des Transformationswegs</xsd:documentation>
+		</xsd:annotation>
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element ref="dsig:Transforms" minOccurs="0"/>
+				<xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">
+					<xsd:annotation>
+						<xsd:documentation>Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.</xsd:documentation>
+					</xsd:annotation>
+				</xsd:element>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+	<xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>
+	<xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>
+	<xsd:element name="CreateTransformsInfoProfile">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>
+				<xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>
+			</xsd:sequence>
+		</xsd:complexType>
+	</xsd:element>
+</xsd:schema>
diff --git a/id/server/doc/handbook_v4/spec/MOA_ID_1.2_20040315.pdf b/id/server/doc/handbook_v4/spec/MOA_ID_1.2_20040315.pdf
new file mode 100644
index 000000000..0c89c2730
Binary files /dev/null and b/id/server/doc/handbook_v4/spec/MOA_ID_1.2_20040315.pdf differ
diff --git a/id/server/doc/handbook_v4/spec/MOA_ID_1.3_20060315.pdf b/id/server/doc/handbook_v4/spec/MOA_ID_1.3_20060315.pdf
new file mode 100644
index 000000000..c9b0d160c
Binary files /dev/null and b/id/server/doc/handbook_v4/spec/MOA_ID_1.3_20060315.pdf differ
diff --git a/id/server/doc/handbook_v4/spec/MOA_ID_1.4_20070802.pdf b/id/server/doc/handbook_v4/spec/MOA_ID_1.4_20070802.pdf
new file mode 100644
index 000000000..a3a2f1177
Binary files /dev/null and b/id/server/doc/handbook_v4/spec/MOA_ID_1.4_20070802.pdf differ
diff --git a/id/server/doc/handbook_v4/spec/MOA_ID_1.4_Anhang.pdf b/id/server/doc/handbook_v4/spec/MOA_ID_1.4_Anhang.pdf
new file mode 100644
index 000000000..0c923666f
Binary files /dev/null and b/id/server/doc/handbook_v4/spec/MOA_ID_1.4_Anhang.pdf differ
diff --git a/id/server/doc/handbook_v4/spec/MOA_ID_1.5_Anhang.pdf b/id/server/doc/handbook_v4/spec/MOA_ID_1.5_Anhang.pdf
new file mode 100644
index 000000000..ed2743d3c
Binary files /dev/null and b/id/server/doc/handbook_v4/spec/MOA_ID_1.5_Anhang.pdf differ
diff --git a/id/server/doc/handbook_v4/spec/OID-1-0-3.pdf b/id/server/doc/handbook_v4/spec/OID-1-0-3.pdf
new file mode 100644
index 000000000..4beab3e41
Binary files /dev/null and b/id/server/doc/handbook_v4/spec/OID-1-0-3.pdf differ
diff --git a/id/server/doc/handbook_v4/spec/cs-sstc-schema-assertion-01.xsd b/id/server/doc/handbook_v4/spec/cs-sstc-schema-assertion-01.xsd
new file mode 100644
index 000000000..d41f3e817
--- /dev/null
+++ b/id/server/doc/handbook_v4/spec/cs-sstc-schema-assertion-01.xsd
@@ -0,0 +1,194 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XML Spy v3.5 NT (http://www.xmlspy.com) by Phill Hallam-Baker (VeriSign Inc.) -->
+<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified">
+        <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+        <annotation>
+                <documentation>
+                Document identifier: cs-sstc-schema-assertion-01
+                Location: http://www.oasis-open.org/committees/security/docs/
+                </documentation>
+        </annotation>
+        <simpleType name="IDType">
+                <restriction base="string"/>
+        </simpleType>
+        <simpleType name="IDReferenceType">
+                <restriction base="string"/>
+        </simpleType>
+        <simpleType name="DecisionType">
+                <restriction base="string">
+                        <enumeration value="Permit"/>
+                        <enumeration value="Deny"/>
+                        <enumeration value="Indeterminate"/>
+                </restriction>
+        </simpleType>
+        <element name="AssertionIDReference" type="saml:IDReferenceType"/>
+        <element name="Assertion" type="saml:AssertionType"/>
+        <complexType name="AssertionType">
+                <sequence>
+                        <element ref="saml:Conditions" minOccurs="0"/>
+                        <element ref="saml:Advice" minOccurs="0"/>
+                        <choice maxOccurs="unbounded">
+                                <element ref="saml:Statement"/>
+                                <element ref="saml:SubjectStatement"/>
+                                <element ref="saml:AuthenticationStatement"/>
+                                <element ref="saml:AuthorizationDecisionStatement"/>
+                                <element ref="saml:AttributeStatement"/>
+                        </choice>
+                        <element ref="ds:Signature" minOccurs="0"/>
+                </sequence>
+                <attribute name="MajorVersion" type="integer" use="required"/>
+                <attribute name="MinorVersion" type="integer" use="required"/>
+                <attribute name="AssertionID" type="saml:IDType" use="required"/>
+                <attribute name="Issuer" type="string" use="required"/>
+                <attribute name="IssueInstant" type="dateTime" use="required"/>
+        </complexType>
+        <element name="Conditions" type="saml:ConditionsType"/>
+        <complexType name="ConditionsType">
+                <choice minOccurs="0" maxOccurs="unbounded">
+                        <element ref="saml:AudienceRestrictionCondition"/>
+                        <element ref="saml:Condition"/>
+                </choice>
+                <attribute name="NotBefore" type="dateTime" use="optional"/>
+                <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+        </complexType>
+        <element name="Condition" type="saml:ConditionAbstractType"/>
+        <complexType name="ConditionAbstractType" abstract="true"/>
+        <element name="AudienceRestrictionCondition" type="saml:AudienceRestrictionConditionType"/>
+        <complexType name="AudienceRestrictionConditionType">
+                <complexContent>
+                        <extension base="saml:ConditionAbstractType">
+                                <sequence>
+                                        <element ref="saml:Audience" maxOccurs="unbounded"/>
+                                </sequence>
+                        </extension>
+                </complexContent>
+        </complexType>
+        <element name="Audience" type="anyURI"/>
+        <element name="Advice" type="saml:AdviceType"/>
+        <complexType name="AdviceType">
+                <choice minOccurs="0" maxOccurs="unbounded">
+                        <element ref="saml:AssertionIDReference"/>
+                        <element ref="saml:Assertion"/>
+                        <any namespace="##other" processContents="lax"/>
+                </choice>
+        </complexType>
+        <element name="Statement" type="saml:StatementAbstractType"/>
+        <complexType name="StatementAbstractType" abstract="true"/>
+        <element name="SubjectStatement" type="saml:SubjectStatementAbstractType"/>
+        <complexType name="SubjectStatementAbstractType" abstract="true">
+                <complexContent>
+                        <extension base="saml:StatementAbstractType">
+                                <sequence>
+                                        <element ref="saml:Subject"/>
+                                </sequence>
+                        </extension>
+                </complexContent>
+        </complexType>
+        <element name="Subject" type="saml:SubjectType"/>
+        <complexType name="SubjectType">
+                <choice>
+                        <sequence>
+                                <element ref="saml:NameIdentifier"/>
+                                <element ref="saml:SubjectConfirmation" minOccurs="0"/>
+                        </sequence>
+                        <element ref="saml:SubjectConfirmation"/>
+                </choice>
+        </complexType>
+        <element name="NameIdentifier" type="saml:NameIdentifierType"/>
+        <complexType name="NameIdentifierType">
+                <simpleContent>
+                        <extension base="string">
+                                <attribute name="NameQualifier" type="string" use="optional"/>
+                                <attribute name="Format" type="anyURI" use="optional"/>
+                        </extension>
+                </simpleContent>
+        </complexType>
+        <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
+        <complexType name="SubjectConfirmationType">
+                <sequence>
+                        <element ref="saml:ConfirmationMethod" maxOccurs="unbounded"/>
+                        <element ref="saml:SubjectConfirmationData" minOccurs="0"/>
+                        <element ref="ds:KeyInfo" minOccurs="0"/>
+                </sequence>
+        </complexType>
+        <element name="SubjectConfirmationData" type="anyType"/>
+        <element name="ConfirmationMethod" type="anyURI"/>
+        <element name="AuthenticationStatement" type="saml:AuthenticationStatementType"/>
+        <complexType name="AuthenticationStatementType">
+                <complexContent>
+                        <extension base="saml:SubjectStatementAbstractType">
+                                <sequence>
+                                        <element ref="saml:SubjectLocality" minOccurs="0"/>
+                                        <element ref="saml:AuthorityBinding" minOccurs="0" maxOccurs="unbounded"/>
+                                </sequence>
+                                <attribute name="AuthenticationMethod" type="anyURI" use="required"/>
+                                <attribute name="AuthenticationInstant" type="dateTime" use="required"/>
+                        </extension>
+                </complexContent>
+        </complexType>
+        <element name="SubjectLocality" type="saml:SubjectLocalityType"/>
+        <complexType name="SubjectLocalityType">
+                <attribute name="IPAddress" type="string" use="optional"/>
+                <attribute name="DNSAddress" type="string" use="optional"/>
+        </complexType>
+        <element name="AuthorityBinding" type="saml:AuthorityBindingType"/>
+        <complexType name="AuthorityBindingType">
+                <attribute name="AuthorityKind" type="QName" use="required"/>
+                <attribute name="Location" type="anyURI" use="required"/>
+                <attribute name="Binding" type="anyURI" use="required"/>
+        </complexType>
+        <element name="AuthorizationDecisionStatement" type="saml:AuthorizationDecisionStatementType"/>
+        <complexType name="AuthorizationDecisionStatementType">
+                <complexContent>
+                        <extension base="saml:SubjectStatementAbstractType">
+                                <sequence>
+                                        <element ref="saml:Action" maxOccurs="unbounded"/>
+                                        <element ref="saml:Evidence" minOccurs="0"/>
+                                </sequence>
+                                <attribute name="Resource" type="anyURI" use="required"/>
+                                <attribute name="Decision" type="saml:DecisionType" use="required"/>
+                        </extension>
+                </complexContent>
+        </complexType>
+        <element name="Action" type="saml:ActionType"/>
+        <complexType name="ActionType">
+                <simpleContent>
+                        <extension base="string">
+                                <attribute name="Namespace" type="anyURI"/>
+                        </extension>
+                </simpleContent>
+        </complexType>
+        <element name="Evidence" type="saml:EvidenceType"/>
+        <complexType name="EvidenceType">
+                <choice maxOccurs="unbounded">
+                        <element ref="saml:AssertionIDReference"/>
+                        <element ref="saml:Assertion"/>
+                </choice>
+        </complexType>
+        <element name="AttributeStatement" type="saml:AttributeStatementType"/>
+        <complexType name="AttributeStatementType">
+                <complexContent>
+                        <extension base="saml:SubjectStatementAbstractType">
+                                <sequence>
+                                        <element ref="saml:Attribute" maxOccurs="unbounded"/>
+                                </sequence>
+                        </extension>
+                </complexContent>
+        </complexType>
+        <element name="AttributeDesignator" type="saml:AttributeDesignatorType"/>
+        <complexType name="AttributeDesignatorType">
+                <attribute name="AttributeName" type="string" use="required"/>
+                <attribute name="AttributeNamespace" type="anyURI" use="required"/>
+        </complexType>
+        <element name="Attribute" type="saml:AttributeType"/>
+        <complexType name="AttributeType">
+                <complexContent>
+                        <extension base="saml:AttributeDesignatorType">
+                                <sequence>
+                                        <element ref="saml:AttributeValue" maxOccurs="unbounded"/>
+                                </sequence>
+                        </extension>
+                </complexContent>
+        </complexType>
+        <element name="AttributeValue" type="anyType"/>
+</schema>
diff --git a/id/server/doc/handbook_v4/spec/cs-sstc-schema-protocol-01.xsd b/id/server/doc/handbook_v4/spec/cs-sstc-schema-protocol-01.xsd
new file mode 100644
index 000000000..d939fa732
--- /dev/null
+++ b/id/server/doc/handbook_v4/spec/cs-sstc-schema-protocol-01.xsd
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XML Spy v4.2 U (http://www.xmlspy.com) by Phillip Hallam-Baker (Phillip Hallam-Baker) -->
+<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified">
+        <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-01.xsd"/>
+        <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+        <annotation>
+                <documentation>
+                Document identifier: cs-sstc-schema-protocol-01
+                Location: http://www.oasis-open.org/committees/security/docs/
+                </documentation>
+        </annotation>
+        <complexType name="RequestAbstractType" abstract="true">
+                <sequence>
+                        <element ref="samlp:RespondWith" minOccurs="0" maxOccurs="unbounded"/>
+                        <element ref="ds:Signature" minOccurs="0"/>
+                </sequence>
+                <attribute name="RequestID" type="saml:IDType" use="required"/>
+                <attribute name="MajorVersion" type="integer" use="required"/>
+                <attribute name="MinorVersion" type="integer" use="required"/>
+                <attribute name="IssueInstant" type="dateTime" use="required"/>
+        </complexType>
+        <element name="RespondWith" type="QName"/>
+        <element name="Request" type="samlp:RequestType"/>
+        <complexType name="RequestType">
+                <complexContent>
+                        <extension base="samlp:RequestAbstractType">
+                                <choice>
+                                        <element ref="samlp:Query"/>
+                                        <element ref="samlp:SubjectQuery"/>
+                                        <element ref="samlp:AuthenticationQuery"/>
+                                        <element ref="samlp:AttributeQuery"/>
+                                        <element ref="samlp:AuthorizationDecisionQuery"/>
+                                        <element ref="saml:AssertionIDReference" maxOccurs="unbounded"/>
+                                        <element ref="samlp:AssertionArtifact" maxOccurs="unbounded"/>
+                                </choice>
+                        </extension>
+                </complexContent>
+        </complexType>
+        <element name="AssertionArtifact" type="string"/>
+        <element name="Query" type="samlp:QueryAbstractType"/>
+        <complexType name="QueryAbstractType" abstract="true"/>
+        <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
+        <complexType name="SubjectQueryAbstractType" abstract="true">
+                <complexContent>
+                        <extension base="samlp:QueryAbstractType">
+                                <sequence>
+                                        <element ref="saml:Subject"/>
+                                </sequence>
+                        </extension>
+                </complexContent>
+        </complexType>
+        <element name="AuthenticationQuery" type="samlp:AuthenticationQueryType"/>
+        <complexType name="AuthenticationQueryType">
+                <complexContent>
+                        <extension base="samlp:SubjectQueryAbstractType">
+                                <attribute name="AuthenticationMethod" type="anyURI"/>
+                        </extension>
+                </complexContent>
+        </complexType>
+        <element name="AttributeQuery" type="samlp:AttributeQueryType"/>
+        <complexType name="AttributeQueryType">
+                <complexContent>
+                        <extension base="samlp:SubjectQueryAbstractType">
+                                <sequence>
+                                        <element ref="saml:AttributeDesignator" minOccurs="0" maxOccurs="unbounded"/>
+                                </sequence>
+                                <attribute name="Resource" type="anyURI" use="optional"/>
+                        </extension>
+                </complexContent>
+        </complexType>
+        <element name="AuthorizationDecisionQuery" type="samlp:AuthorizationDecisionQueryType"/>
+        <complexType name="AuthorizationDecisionQueryType">
+                <complexContent>
+                        <extension base="samlp:SubjectQueryAbstractType">
+                                <sequence>
+                                        <element ref="saml:Action" maxOccurs="unbounded"/>
+                                        <element ref="saml:Evidence" minOccurs="0" maxOccurs="1"/>
+                                </sequence>
+                                <attribute name="Resource" type="anyURI" use="required"/>
+                        </extension>
+                </complexContent>
+        </complexType>
+        <complexType name="ResponseAbstractType" abstract="true">
+                <sequence>
+                        <element ref="ds:Signature" minOccurs="0"/>
+                </sequence>
+                <attribute name="ResponseID" type="saml:IDType" use="required"/>
+                <attribute name="InResponseTo" type="saml:IDReferenceType" use="optional"/>
+                <attribute name="MajorVersion" type="integer" use="required"/>
+                <attribute name="MinorVersion" type="integer" use="required"/>
+                <attribute name="IssueInstant" type="dateTime" use="required"/>
+                <attribute name="Recipient" type="anyURI" use="optional"/>
+        </complexType>
+        <element name="Response" type="samlp:ResponseType"/>
+        <complexType name="ResponseType">
+                <complexContent>
+                        <extension base="samlp:ResponseAbstractType">
+                                <sequence>
+                                        <element ref="samlp:Status"/>
+                                        <element ref="saml:Assertion" minOccurs="0" maxOccurs="unbounded"/>
+                                </sequence>
+                        </extension>
+                </complexContent>
+        </complexType>
+        <element name="Status" type="samlp:StatusType"/>
+        <complexType name="StatusType">
+                <sequence>
+                        <element ref="samlp:StatusCode"/>
+                        <element ref="samlp:StatusMessage" minOccurs="0" maxOccurs="1"/>
+                        <element ref="samlp:StatusDetail" minOccurs="0"/>
+                </sequence>
+        </complexType>
+        <element name="StatusCode" type="samlp:StatusCodeType"/>
+        <complexType name="StatusCodeType">
+                <sequence>
+                        <element ref="samlp:StatusCode" minOccurs="0"/>
+                </sequence>
+                <attribute name="Value" type="QName" use="required"/>
+        </complexType>
+        <element name="StatusMessage" type="string"/>
+        <element name="StatusDetail" type="samlp:StatusDetailType"/>
+        <complexType name="StatusDetailType">
+                <sequence>
+                        <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+                </sequence>
+        </complexType>
+</schema>
-- 
cgit v1.2.3