6.2 Health CertificateRequestV3 Schema

<?xml version="1.0" encoding="UTF-8"?>
<xs:schema id="HealthCertificateRequest"
           xmlns:xs="http://www.w3.org/2001/XMLSchema"
           xmlns="http://schemas.microsoft.com/windows/security/healthcertificate/request/v3"
           targetNamespace="http://schemas.microsoft.com/windows/security/healthcertificate/request/v3"
           elementFormDefault="qualified">
 
  <xs:element name="HealthCertificateRequest"   type="HealthCertificateRequest_T"/>
 
  <xs:complexType name="HealthCertificateRequest_T">
    <xs:annotation>
      <xs:documentation>
          A request for a Health Certificate.
          AIKCertificate, RSASigningKey and EKCertificates are mutually exclusive.
          Each represents one of the three supported ways of obtaining a Health Certificate
      </xs:documentation>
    </xs:annotation>
    <xs:sequence>
      <xs:element name="Claims"           type="NonEmptyBase64Binary"/>
      
      <xs:element name="AIKCertificate"   type="NonEmptyBase64Binary" minOccurs="0" maxOccurs="1"/>
      <xs:element name="AIKPublic"        type="NonEmptyBase64Binary" minOccurs="0" maxOccurs="1"/>
      <xs:element name="EKCertificates"   type="EKCertificates_T"     minOccurs="0" maxOccurs="1"/>
    </xs:sequence>
    <xs:attribute name="ProtocolVersion" use="required">
      <xs:simpleType>
        <xs:restriction base="xs:int">
          <xs:minInclusive value="3"/>
        </xs:restriction>
      </xs:simpleType>
    </xs:attribute>
  </xs:complexType>
 
  <xs:complexType name="EKCertificates_T">
    <xs:annotation>
      <xs:documentation>
          A set of EK certificates (leaf and intermediates) as retrieved from the client TPM.
      </xs:documentation>
    </xs:annotation>
    <xs:sequence>
      <xs:element name="EKCertificate"      type="NonEmptyBase64Binary" minOccurs="1" maxOccurs="1"/>
      <xs:element name="EKIntermediateCA"   type="NonEmptyBase64Binary" minOccurs="0" maxOccurs="10"/>
    </xs:sequence>
    <xs:attribute name="KAClaim" use="required">
      <xs:simpleType>
        <xs:restriction base="NonEmptyBase64Binary"/>
      </xs:simpleType>
    </xs:attribute>
    <xs:attribute name="AIKPublic" use="required">
      <xs:simpleType>
        <xs:restriction base="NonEmptyBase64Binary"/>
      </xs:simpleType>
    </xs:attribute>
  </xs:complexType>
  
  <xs:simpleType name="NonEmptyBase64Binary">
    <xs:restriction base="xs:base64Binary">
      <xs:minLength value="1"/>
    </xs:restriction>
  </xs:simpleType>
 
</xs:schema>