<?xml version="1.0" encoding="UTF-8"?> <!-- MOA SP/SS 1.3 Configuration Schema --> <xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified" xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/> <xs:element name="MOAConfiguration"> <xs:complexType> <xs:sequence> <xs:element name="Common" minOccurs="0"> <xs:complexType> <xs:sequence> <xs:element name="HardwareCryptoModule" minOccurs="0" maxOccurs="unbounded"> <xs:complexType> <xs:sequence> <xs:element name="Name" type="xs:string"/> <xs:element name="SlotId" type="xs:string" minOccurs="0"/> <xs:element name="UserPIN" type="xs:string"/> </xs:sequence> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="SignatureCreation" minOccurs="0"> <xs:complexType> <xs:sequence> <xs:element name="KeyModules"> <xs:complexType> <xs:choice maxOccurs="unbounded"> <xs:element name="HardwareKeyModule"> <xs:complexType> <xs:sequence> <xs:element name="Id" type="xs:token"/> <xs:element name="Name" type="xs:string"/> <xs:element name="SlotId" type="xs:string" minOccurs="0"/> <xs:element name="UserPIN" type="xs:string"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="SoftwareKeyModule"> <xs:complexType> <xs:sequence> <xs:element name="Id" type="xs:token"/> <xs:element name="FileName" type="xs:string"/> <xs:element name="Password" type="xs:string" minOccurs="0"/> </xs:sequence> </xs:complexType> </xs:element> </xs:choice> </xs:complexType> </xs:element> <xs:element name="KeyGroup" maxOccurs="unbounded"> <xs:complexType> <xs:sequence> <xs:element name="Id" type="xs:token"/> <xs:sequence maxOccurs="unbounded"> <xs:element name="Key"> <xs:complexType> <xs:sequence> <xs:element name="KeyModuleId" type="xs:token"/> <xs:element name="KeyCertIssuerSerial" type="dsig:X509IssuerSerialType"/> </xs:sequence> </xs:complexType> </xs:element> </xs:sequence> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="KeyGroupMapping" maxOccurs="unbounded"> <xs:complexType> <xs:sequence> <xs:element name="CustomerId" type="dsig:X509IssuerSerialType" minOccurs="0"/> <xs:element name="KeyGroupId" type="xs:token" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="XMLDSig"> <xs:complexType> <xs:sequence> <xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" minOccurs="0"/> <xs:element name="DigestMethodAlgorithm" type="xs:anyURI" minOccurs="0"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/> <xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="SignatureVerification" minOccurs="0"> <xs:complexType> <xs:sequence> <xs:element name="CertificateValidation"> <xs:complexType> <xs:sequence> <xs:element name="PathConstruction"> <xs:complexType> <xs:sequence> <xs:element name="AutoAddCertificates" type="xs:boolean"/> <xs:element name="UseAuthorityInformationAccess" type="xs:boolean"/> <xs:element name="CertificateStore"> <xs:complexType> <xs:choice> <xs:element name="DirectoryStore"> <xs:complexType> <xs:sequence> <xs:element name="Location" type="xs:token"/> </xs:sequence> </xs:complexType> </xs:element> </xs:choice> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="PathValidation"> <xs:complexType> <xs:sequence> <xs:element name="ChainingMode"> <xs:complexType> <xs:sequence> <xs:element name="DefaultMode" type="config:ChainingModeType"/> <xs:element name="TrustAnchor" minOccurs="0" maxOccurs="unbounded"> <xs:complexType> <xs:sequence> <xs:element name="Identification" type="dsig:X509IssuerSerialType"/> <xs:element name="Mode" type="config:ChainingModeType"/> </xs:sequence> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="TrustProfile" maxOccurs="unbounded"> <xs:complexType> <xs:sequence> <xs:element name="Id" type="xs:token"/> <xs:element name="TrustAnchorsLocation" type="xs:anyURI"/> <xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/> </xs:sequence> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="RevocationChecking"> <xs:complexType> <xs:sequence> <xs:element name="EnableChecking" type="xs:boolean"/> <xs:element name="MaxRevocationAge" type="xs:integer"/> <xs:element name="ServiceOrder" minOccurs="0"> <xs:complexType> <xs:sequence minOccurs="2" maxOccurs="2"> <xs:element name="Service"> <xs:simpleType> <xs:restriction base="xs:token"> <xs:enumeration value="OCSP"/> <xs:enumeration value="CRL"/> </xs:restriction> </xs:simpleType> </xs:element> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="Archiving"> <xs:complexType> <xs:sequence> <xs:element name="EnableArchiving" type="xs:boolean"/> <xs:element name="ArchiveDuration" type="xs:nonNegativeInteger" minOccurs="0"/> <xs:element name="Archive" minOccurs="0"> <xs:complexType> <xs:choice> <xs:element name="DatabaseArchive"> <xs:complexType> <xs:sequence> <xs:element name="JDBCURL" type="xs:anyURI"/> <xs:element name="JDBCDriverClassName" type="xs:token"/> </xs:sequence> </xs:complexType> </xs:element> </xs:choice> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="DistributionPoint" minOccurs="0" maxOccurs="unbounded"> <xs:complexType> <xs:sequence> <xs:element name="CAIssuerDN" type="xs:token"/> <xs:choice maxOccurs="unbounded"> <xs:element name="CRLDP"> <xs:complexType> <xs:sequence> <xs:element name="IndirectCRLIssuer" type="xs:string" minOccurs="0" maxOccurs="1"/> <xs:element name="Location" type="xs:anyURI"/> <xs:element name="ReasonCode" minOccurs="0" maxOccurs="unbounded"> <xs:simpleType> <xs:restriction base="xs:token"> <xs:enumeration value="unused"/> <xs:enumeration value="keyCompromise"/> <xs:enumeration value="cACompromise"/> <xs:enumeration value="affiliationChanged"/> <xs:enumeration value="superseded"/> <xs:enumeration value="cessationOfOperation"/> <xs:enumeration value="certificateHold"/> <xs:enumeration value="privilegeWithdrawn"/> <xs:enumeration value="aACompromise"/> </xs:restriction> </xs:simpleType> </xs:element> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="OCSPDP"> <xs:complexType> <xs:sequence> <xs:element name="Location" type="xs:anyURI"/> </xs:sequence> </xs:complexType> </xs:element> </xs:choice> </xs:sequence> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="VerifyTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/> <xs:element name="SupplementProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType> </xs:element> <xs:simpleType name="ChainingModeType"> <xs:restriction base="xs:string"> <xs:enumeration value="chaining"/> <xs:enumeration value="pkix"/> </xs:restriction> </xs:simpleType> <xs:complexType name="ProfileType"> <xs:sequence> <xs:element name="Id" type="xs:token"/> <xs:element name="Location" type="xs:anyURI"/> </xs:sequence> </xs:complexType> </xs:schema>