...
Code Block |
---|
| <xs:element name="Trust" type="TrustType" />
<xs:complexType name="TrustType">
<xs:simpleContent>
<xs:extension base="xs:base64Binary">
<xs:attribute name="crl" type="xs:anyURI" use="optional" />
</xs:extension>
</xs:simpleContent>
</xs:complexType> |
|
...
<xs:attribute name="crlref" type="xs:IDREF" use="optional" />
<xs:attribute name="ocsp" type="xs:anyURI" use="optional" />
<xs:attribute name="ocspref" type="xs:IDREF" use="optional" />
</xs:extension>
</xs:simpleContent>
</xs:complexType> |
|
The <Trust /> element represents a trusted certificate authority. The element contains a Base64-encoded certificate. The element may also contain crl
attribute defining a CRL URL or ocsp
attribute defining an OCSP URL.
Optionally CRL and OCSP URLs can be defined in a separate element <CRL /> and <OCSP /> as child element for <Trust /> element, and refer to them by their id in crlref
and ocspref
attribute in <Trust /> element.
The <CRL /> and <OCSP /> elements
Code Block |
---|
<xs:element name="CRL" type="CRLType" />
<xs:element name="OCSP" type="OCSPType" />
<xs:complexType name="CRLType">
<xs:complexContent>
<xs:extension base="PropertiesType">
<xs:attribute name="uri" type="xs:anyURI" use="required" />
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="OCSPType">
<xs:complexContent>
<xs:extension base="PropertiesType">
<xs:attribute name="uri" type="xs:anyURI" use="required" />
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="PropertiesType" abstract="true">
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="Property" type="PropertyType" />
</xs:sequence>
<xs:attribute name="id" type="xs:ID" use="optional" />
</xs:complexType>
<xs:complexType name="PropertyType">
<xs:simpleContent>
<xs:extension base="xs:string">
<xs:attribute name="name" type="xs:string" use="required" />
</xs:extension>
</xs:simpleContent>
</xs:complexType> |
The <CRL /> and the <OCSP /> element represent a CRL and OCSP endpoint. The endpoint URL is defined in uri
attribute and an identifier in id
attribute. The identifier can be used in a <Trust /> element as value for crlref
or ocspref
attribute to refer to <CRL /> or <OCSP /> element.
For example:
Code Block |
---|
|
<Trust ocspref="gspersonalsign2g2">MIIEVz...7H34U=</Trust>
<OCSP uri="http://ocsp2.globalsign.com/gspersonalsign2g2" id="gspersonalsign2g2"/> |
The <Subject /> element
Code Block |
---|
| <xs:element name="Subject" type="SubjectType" />
<xs:complexType name="SubjectType">
<xs:attribute name="KeyInfoConfirmationData" type="xs:boolean" />
</xs:complexType> |
|
...