6.2 XML Schema
For ease of implementation, the XML Schema is provided as follows.
-
<?xml version="1.0" encoding="utf-8"?> <xs:schema targetNamespace="http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy" elementFormDefault="qualified" xmlns:xcep="http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:element name="commonName" type="xs:string" /> <xs:element name="GetPolicies"> <xs:complexType> <xs:sequence> <xs:element name="client" type="xcep:Client" /> <xs:element name="requestFilter" nillable="true" type="xcep:RequestFilter" /> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="GetPoliciesResponse"> <xs:complexType> <xs:sequence> <xs:element name="response" nillable="true" type="xcep:Response" /> <xs:element name="cAs" nillable="true" type="xcep:CACollection" /> <xs:element name="oIDs" nillable="true" type="xcep:OIDCollection" /> </xs:sequence> </xs:complexType> </xs:element> <xs:complexType name="Attributes"> <xs:sequence> <xs:element ref="xcep:commonName" /> <xs:element name="policySchema" type="xs:unsignedInt" /> <xs:element name="certificateValidity" type="xcep:CertificateValidity" /> <xs:element name="permission" type="xcep:EnrollmentPermission" /> <xs:element name="privateKeyAttributes" type="xcep:PrivateKeyAttributes" /> <xs:element name="revision" type="xcep:Revision" /> <xs:element name="supersededPolicies" type="xcep:SupersededPolicies" nillable="true" /> <xs:element name="privateKeyFlags" type="xs:unsignedInt" nillable="true" /> <xs:element name="subjectNameFlags" type="xs:unsignedInt" nillable="true" /> <xs:element name="enrollmentFlags" type="xs:unsignedInt" nillable="true" /> <xs:element name="generalFlags" type="xs:unsignedInt" nillable="true" /> <xs:element name="hashAlgorithmOIDReference" type="xs:int" nillable="true" /> <xs:element name="rARequirements" type="xcep:RARequirements" nillable="true" /> <xs:element name="keyArchivalAttributes" type="xcep:KeyArchivalAttributes" nillable="true" /> <xs:element name="extensions" type="xcep:ExtensionCollection" nillable="true" /> <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> <xs:complexType name="CA"> <xs:sequence> <xs:element name="uris" type="xcep:CAURICollection" /> <xs:element name="certificate" type="xs:base64Binary" /> <xs:element name="enrollPermission" type="xs:boolean" /> <xs:element name="cAReferenceID" type="xs:int" /> <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> <xs:complexType name="CACollection"> <xs:sequence> <xs:element name="cA" type="xcep:CA" minOccurs="1" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> <xs:complexType name="CAReferenceCollection"> <xs:sequence> <xs:element name="cAReference" type="xs:int" minOccurs="1" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> <xs:complexType name="CAURI"> <xs:sequence> <xs:element name="clientAuthentication" type="xs:unsignedInt" /> <xs:element name="uri" type="xs:anyURI" /> <xs:element name="priority" type="xs:unsignedInt" nillable="true" /> <xs:element name="renewalOnly" type ="xs:boolean" /> <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> <xs:complexType name="CAURICollection"> <xs:sequence> <xs:element name="cAURI" type="xcep:CAURI" minOccurs="1" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> <xs:complexType name="CertificateEnrollmentPolicy"> <xs:sequence> <xs:element name="policyOIDReference" type="xs:int" /> <xs:element name="cAs" type="xcep:CAReferenceCollection" nillable="true" /> <xs:element name="attributes" type="xcep:Attributes" /> <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> <xs:complexType name="CertificateValidity"> <xs:sequence> <xs:element name="validityPeriodSeconds" type="xs:unsignedLong" /> <xs:element name="renewalPeriodSeconds" type="xs:unsignedLong" /> </xs:sequence> </xs:complexType> <xs:complexType name="Client"> <xs:sequence> <xs:element name="lastUpdate" type="xs:dateTime" nillable="true" /> <xs:element name="preferredLanguage" type="xs:language" nillable="true" /> <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> <xs:complexType name="CryptoProviders"> <xs:sequence> <xs:element name="provider" type="xs:string" minOccurs="1" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> <xs:complexType name="EnrollmentPermission"> <xs:sequence> <xs:element name="enroll" type="xs:boolean" /> <xs:element name="autoEnroll" type="xs:boolean" /> </xs:sequence> </xs:complexType> <xs:complexType name="Extension"> <xs:sequence> <xs:element name="oIDReference" type="xs:int" /> <xs:element name="critical" type="xs:boolean" /> <xs:element name="value" type="xs:base64Binary" nillable="true" /> </xs:sequence> </xs:complexType> <xs:complexType name="ExtensionCollection"> <xs:sequence> <xs:element name="extension" type="xcep:Extension" minOccurs="1" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> <xs:complexType name="FilterOIDCollection"> <xs:sequence> <xs:element name="oid" type="xs:string" minOccurs="1" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> <xs:complexType name="KeyArchivalAttributes"> <xs:sequence> <xs:element name="symmetricAlgorithmOIDReference" type="xs:int" /> <xs:element name="symmetricAlgorithmKeyLength" type="xs:unsignedInt" /> </xs:sequence> </xs:complexType> <xs:complexType name="OID"> <xs:sequence> <xs:element name="value" type="xs:string" /> <xs:element name="group" type="xs:unsignedInt" /> <xs:element name="oIDReferenceID" type="xs:int" /> <xs:element name="defaultName" type="xs:string" nillable="true" /> <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> <xs:complexType name="OIDCollection"> <xs:sequence> <xs:element name="oID" type="xcep:OID" minOccurs="1" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> <xs:complexType name="OIDReferenceCollection"> <xs:sequence> <xs:element name="oIDReference" type="xs:int" minOccurs="1" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> <xs:complexType name="PolicyCollection"> <xs:sequence> <xs:element name="policy" type="xcep:CertificateEnrollmentPolicy" minOccurs="1" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> <xs:complexType name="PrivateKeyAttributes"> <xs:sequence> <xs:element name="minimalKeyLength" type="xs:unsignedInt" /> <xs:element name="keySpec" type="xs:unsignedInt" nillable="true" /> <xs:element name="keyUsageProperty" type="xs:unsignedInt" nillable="true" /> <xs:element name="permissions" type="xs:string" nillable="true" /> <xs:element name="algorithmOIDReference" type="xs:int" nillable="true" /> <xs:element name="cryptoProviders" type="xcep:CryptoProviders" nillable="true" /> </xs:sequence> </xs:complexType> <xs:complexType name="RARequirements"> <xs:sequence> <xs:element name="rASignatures" type="xs:unsignedInt" /> <xs:element name="rAEKUs" type="xcep:OIDReferenceCollection" nillable="true" /> <xs:element name="rAPolicies" type="xcep:OIDReferenceCollection" nillable="true" /> </xs:sequence> </xs:complexType> <xs:complexType name="RequestFilter"> <xs:sequence> <xs:element name="policyOIDs" type="xcep:FilterOIDCollection" nillable="true" /> <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> <xs:complexType name="Response"> <xs:sequence> <xs:element name="policyID" type="xs:string" nillable="false" /> <xs:element name="policyFriendlyName" type="xs:string" nillable="true" /> <xs:element name="nextUpdateHours" type="xs:unsignedInt" nillable="true" /> <xs:element name="policiesNotChanged" type="xs:boolean" nillable="true" /> <xs:element name="policies" type="xcep:PolicyCollection" nillable="true" /> <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> <xs:complexType name="Revision"> <xs:sequence> <xs:element name="majorRevision" type="xs:unsignedInt" /> <xs:element name="minorRevision" type="xs:unsignedInt" /> </xs:sequence> </xs:complexType> <xs:complexType name="SupersededPolicies"> <xs:sequence> <xs:element ref="xcep:commonName" minOccurs="1" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> </xs:schema>