This section includes XML that supports the text in previous sections.
The following XML schema describes the domain-auth element. This schema defines a new namespace: http://sitacs.uow.edu.au/ns/location/held/domain-auth.
<?xml version="1.0"?> <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://sitacs.uow.edu.au/ns/location/held/domain-auth" xmlns="http://sitacs.uow.edu.au/ns/location/held/domain-auth" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="unqualified" attributeFormDefault="unqualified"> <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#"/> <xsd:element name="domain-auth"> <xsd:annotation> <xsd:documentation> The domain authorization that is applied to the PIDF-LO. This element should be included within the scope of a <tuple> element. </xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:restriction base="xsd:anyType"> <xsd:sequence> <xsd:element ref="dsig:Signature"/> <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> <xsd:attribute name="expires" use="required" type="xsd:dateTime"> <xsd:annotation> <xsd:documentation> The expiry time associated with the authorization. </xsd:documentation> </xsd:annotation> </xsd:attribute> </xsd:restriction> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:schema>
The following XPath transform follows the recommendations in Reference 2 to select the elements for signing. This specification defines a new URN for this transform: http://sitacs.uow.edu.au/ns/location/held/domain-auth#PIDF-LO.
<?xml version="1.0"?> <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <dsig:XPath xmlns:pidf="urn:ietf:params:xml:ns:pidf" xmlns:gp="urn:ietf:params:xml:ns:pidf:geopriv10" xmlns:da="urn:urn:ietf:params:xml:ns:pidf:geopriv10:domain-auth"> <!-- Select elements --> ( <!-- The enclosing presence element --> ((count(self::pidf:presence | here()/ancestor::pidf:presence[1]) = 1) <!-- The enclosing pidf:tuple element --> or (count(self::pidf:tuple | here()/ancestor::pidf:tuple[1]) = 1) <!-- enclosing()/pidf:tuple with the following portions ... --> or ((count(ancestor::pidf:tuple[1] | here()/ancestor::pidf:tuple[1]) = 1) <!-- ... pidf:status, pidf:status/pidf:timestamp[/text()] --> and (self::pidf:status or ancestor-or-self::pidf:timestamp <!-- ... gp:geopriv, gp:usage-rules --> or self::gp:geopriv or self::gp:usage-rules <!-- ... gp:location-info and descendants --> or ancestor-or-self::gp:location-info)) <!-- the enclosing da:domain-auth element --> or (count(self::da:domain-auth | here()/ancestor::da:domain-auth[l]) = 1) ) or ( <!-- Select attributes and xmlns for those elements --> (count(self::node() | parent::*/attribute::* | parent::*/namespace::*) < (count(self::node()) + count(parent::*/attribute::*) + count(parent::*/namespace::*))) and parent::*[ <!-- Repeat of element selection --> ((self::pidf:presence and (count(ancestor::pidf:presence) = 0)) or (count(self::pidf:tuple | here()/ancestor::pidf:tuple[l]) = 1) or ((count(ancestor::pidf:tuple[1] | here()/ancestor::pidf:tuple[1]) = 1) and (self::pidf:status or self::gp:geopriv or self::gp:usage-rules)) or (count(self::da:domain-auth | here()/ancestor::da:domain-auth[1]) = 1)) ]) </dsig:XPath> </dsig:Transform>