1 <!ENTITY % Object.ANY ''>
2 <!ENTITY % Method.ANY ''>
3 <!ENTITY % Transform.ANY ''>
4 <!ENTITY % SignatureProperty.ANY ''>
5 <!ENTITY % KeyInfo.ANY ''>
6 <!ENTITY % KeyValue.ANY ''> <!-- TODO ECDSA IS NOT HANDLED YET -->
7 <!ENTITY % PGPData.ANY ''>
8 <!ENTITY % X509Data.ANY ''>
9 <!ENTITY % SPKIData.ANY ''>
12 <!ELEMENT signed-policy (Signature, ( policy-set | policy )* ) >
13 <!-- Start Core Signature declarations, these should NOT be altered -->
15 <!ELEMENT Signature (SignedInfo, SignatureValue, KeyInfo?, Object*) >
17 xmlns CDATA #FIXED 'http://www.w3.org/2000/09/xmldsig#'
20 <!ELEMENT SignatureValue (#PCDATA) >
21 <!ATTLIST SignatureValue
24 <!ELEMENT SignedInfo (CanonicalizationMethod,
25 SignatureMethod, Reference+) >
30 <!ELEMENT CanonicalizationMethod (#PCDATA %Method.ANY;)* >
31 <!ATTLIST CanonicalizationMethod
32 Algorithm CDATA #REQUIRED >
34 <!ELEMENT SignatureMethod (#PCDATA|HMACOutputLength %Method.ANY;)* >
35 <!ATTLIST SignatureMethod
36 Algorithm CDATA #REQUIRED >
38 <!ELEMENT Reference (DigestMethod, DigestValue) >
45 <!ELEMENT XPath (#PCDATA) >
47 <!ELEMENT DigestMethod (#PCDATA %Method.ANY;)* >
48 <!ATTLIST DigestMethod
49 Algorithm CDATA #REQUIRED >
51 <!ELEMENT DigestValue (#PCDATA) >
53 <!ELEMENT KeyInfo (#PCDATA|KeyName|KeyValue|RetrievalMethod|
54 X509Data|PGPData|SPKIData|MgmtData %KeyInfo.ANY;)* >
58 <!-- Key Information -->
60 <!ELEMENT KeyName (#PCDATA) >
61 <!ELEMENT KeyValue (#PCDATA|DSAKeyValue|RSAKeyValue %KeyValue.ANY;)* >
62 <!ELEMENT MgmtData (#PCDATA) >
64 <!ELEMENT RetrievalMethod EMPTY>
65 <!ATTLIST RetrievalMethod
71 <!ELEMENT X509Data ((X509IssuerSerial | X509SKI | X509SubjectName |
72 X509Certificate | X509CRL )+ %X509Data.ANY;)>
73 <!ELEMENT X509IssuerSerial (X509IssuerName, X509SerialNumber) >
74 <!ELEMENT X509IssuerName (#PCDATA) >
75 <!ELEMENT X509SubjectName (#PCDATA) >
76 <!ELEMENT X509SerialNumber (#PCDATA) >
77 <!ELEMENT X509SKI (#PCDATA) >
78 <!ELEMENT X509Certificate (#PCDATA) >
79 <!ELEMENT X509CRL (#PCDATA) >
83 <!ELEMENT PGPData ((PGPKeyID, PGPKeyPacket?) | (PGPKeyPacket) %PGPData.ANY;) >
84 <!ELEMENT PGPKeyPacket (#PCDATA) >
85 <!ELEMENT PGPKeyID (#PCDATA) >
89 <!ELEMENT SPKIData (SPKISexp %SPKIData.ANY;) >
90 <!ELEMENT SPKISexp (#PCDATA) >
92 <!-- Extensible Content -->
94 <!ELEMENT Object (#PCDATA|Signature|SignatureProperties|Manifest %Object.ANY;)* >
97 MimeType CDATA #IMPLIED
98 Encoding CDATA #IMPLIED >
100 <!ELEMENT Manifest (Reference+) >
104 <!ELEMENT SignatureProperties (SignatureProperty+) >
105 <!ATTLIST SignatureProperties
108 <!ELEMENT SignatureProperty (#PCDATA %SignatureProperty.ANY;)* >
109 <!ATTLIST SignatureProperty
110 Target CDATA #REQUIRED
113 <!-- Algorithm Parameters -->
115 <!ELEMENT HMACOutputLength (#PCDATA) >
117 <!ELEMENT DSAKeyValue ((P, Q)?, G?, Y, J?, (Seed, PgenCounter)?) >
118 <!ELEMENT P (#PCDATA) >
119 <!ELEMENT Q (#PCDATA) >
120 <!ELEMENT G (#PCDATA) >
121 <!ELEMENT Y (#PCDATA) >
122 <!ELEMENT J (#PCDATA) >
123 <!ELEMENT Seed (#PCDATA) >
124 <!ELEMENT PgenCounter (#PCDATA) >
126 <!ELEMENT RSAKeyValue (Modulus, Exponent) >
127 <!ELEMENT Modulus (#PCDATA) >
128 <!ELEMENT Exponent (#PCDATA) >
137 <!ELEMENT policy-set (target?, assert*, (policy-set | policy)*) >
139 combine (deny-overrides|permit-overrides|first-matching-target) "deny-overrides"
143 <!ELEMENT policy (target?, assert*, rule*) >
145 combine (deny-overrides|permit-overrides|first-applicable) "deny-overrides"
146 description CDATA #IMPLIED
150 <!ELEMENT assert (condition?, set*) >
152 <!ELEMENT set EMPTY >
153 <!ATTLIST set attr CDATA #REQUIRED >
154 <!ATTLIST set value CDATA #REQUIRED >
156 <!ELEMENT rule (condition?) >
158 effect (permit|prompt-blanket|prompt-session|prompt-oneshot|deny) "permit"
161 <!ELEMENT target (subject+) >
163 <!ELEMENT subject (subject-match+) >
165 <!ELEMENT condition ((condition | subject-match | resource-match | environment-match)+) >
167 combine (and|or) "and"
170 <!ENTITY % match-attrs '
173 func (equal|glob|regexp) "glob"
176 <!ELEMENT subject-match (#PCDATA)>
177 <!ATTLIST subject-match %match-attrs; >
179 <!ENTITY % match-model '
180 (#PCDATA | subject-attr | resource-attr | environment-attr)*
183 <!ELEMENT resource-match %match-model;>
184 <!ATTLIST resource-match %match-attrs;>
186 <!ELEMENT environment-match %match-model;>
187 <!ATTLIST environment-match %match-attrs;>
189 <!ENTITY % attr-attrs 'attr CDATA #REQUIRED'>
191 <!ELEMENT subject-attr EMPTY>
192 <!ATTLIST subject-attr %attr-attrs;>
194 <!ELEMENT resource-attr EMPTY>
195 <!ATTLIST resource-attr %attr-attrs;>
197 <!ELEMENT environment-attr EMPTY>
198 <!ATTLIST environment-attr %attr-attrs;>