1*99ebb4caSwyllys<?xml version='1.0' encoding='UTF-8' ?> 2*99ebb4caSwyllys 3*99ebb4caSwyllys<!-- 4*99ebb4caSwyllys Copyright 2006 Sun Microsystems, Inc. All rights reserved. 5*99ebb4caSwyllys Use is subject to license terms. 6*99ebb4caSwyllys 7*99ebb4caSwyllys CDDL HEADER START 8*99ebb4caSwyllys 9*99ebb4caSwyllys The contents of this file are subject to the terms of the 10*99ebb4caSwyllys Common Development and Distribution License (the "License"). 11*99ebb4caSwyllys You may not use this file except in compliance with the License. 12*99ebb4caSwyllys 13*99ebb4caSwyllys You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 14*99ebb4caSwyllys or http://www.opensolaris.org/os/licensing. 15*99ebb4caSwyllys See the License for the specific language governing permissions 16*99ebb4caSwyllys and limitations under the License. 17*99ebb4caSwyllys 18*99ebb4caSwyllys When distributing Covered Code, include this CDDL HEADER in each 19*99ebb4caSwyllys file and include the License file at usr/src/OPENSOLARIS.LICENSE. 20*99ebb4caSwyllys If applicable, add the following below this CDDL HEADER, with the 21*99ebb4caSwyllys fields enclosed by brackets "[]" replaced with your own identifying 22*99ebb4caSwyllys information: Portions Copyright [yyyy] [name of copyright owner] 23*99ebb4caSwyllys 24*99ebb4caSwyllys CDDL HEADER END 25*99ebb4caSwyllys 26*99ebb4caSwyllys ident "%Z%%M% %I% %E% SMI" 27*99ebb4caSwyllys--> 28*99ebb4caSwyllys 29*99ebb4caSwyllys<!--Element Definitions--> 30*99ebb4caSwyllys 31*99ebb4caSwyllys<!ELEMENT kmf-policy-db (kmf-policy*)> 32*99ebb4caSwyllys<!ATTLIST kmf-policy-db allow-local-files (TRUE|FALSE) #IMPLIED> 33*99ebb4caSwyllys 34*99ebb4caSwyllys<!ELEMENT kmf-policy (validation-methods, key-usage-set?, ext-key-usage?)> 35*99ebb4caSwyllys<!ATTLIST kmf-policy name CDATA #REQUIRED> 36*99ebb4caSwyllys<!ATTLIST kmf-policy ignore-date (TRUE|FALSE) #IMPLIED> 37*99ebb4caSwyllys<!ATTLIST kmf-policy ignore-unknown-eku (TRUE|FALSE) #IMPLIED> 38*99ebb4caSwyllys<!ATTLIST kmf-policy ignore-trust-anchor (TRUE|FALSE) #IMPLIED> 39*99ebb4caSwyllys<!ATTLIST kmf-policy validity-adjusttime CDATA #IMPLIED> 40*99ebb4caSwyllys<!ATTLIST kmf-policy ta-name CDATA #IMPLIED> 41*99ebb4caSwyllys<!ATTLIST kmf-policy ta-serial CDATA #IMPLIED> 42*99ebb4caSwyllys 43*99ebb4caSwyllys<!ELEMENT validation-methods (ocsp?, crl?)> 44*99ebb4caSwyllys<!ELEMENT ocsp (ocsp-basic, responder-cert?)> 45*99ebb4caSwyllys 46*99ebb4caSwyllys<!ELEMENT ocsp-basic EMPTY> 47*99ebb4caSwyllys<!ATTLIST ocsp-basic 48*99ebb4caSwyllys responder CDATA #IMPLIED 49*99ebb4caSwyllys proxy CDATA #IMPLIED 50*99ebb4caSwyllys uri-from-cert (TRUE|FALSE) #IMPLIED 51*99ebb4caSwyllys response-lifetime CDATA #IMPLIED 52*99ebb4caSwyllys ignore-response-sign (TRUE|FALSE) #IMPLIED 53*99ebb4caSwyllys> 54*99ebb4caSwyllys 55*99ebb4caSwyllys<!ELEMENT responder-cert EMPTY> 56*99ebb4caSwyllys<!ATTLIST responder-cert 57*99ebb4caSwyllys name CDATA #REQUIRED 58*99ebb4caSwyllys serial CDATA #REQUIRED 59*99ebb4caSwyllys> 60*99ebb4caSwyllys 61*99ebb4caSwyllys<!ELEMENT crl EMPTY> 62*99ebb4caSwyllys<!ATTLIST crl basefilename CDATA #IMPLIED> 63*99ebb4caSwyllys<!ATTLIST crl directory CDATA #IMPLIED> 64*99ebb4caSwyllys<!ATTLIST crl get-crl-uri (TRUE|FALSE) #IMPLIED> 65*99ebb4caSwyllys<!ATTLIST crl proxy CDATA #IMPLIED> 66*99ebb4caSwyllys<!ATTLIST crl ignore-crl-sign (TRUE|FALSE) #IMPLIED> 67*99ebb4caSwyllys<!ATTLIST crl ignore-crl-date (TRUE|FALSE) #IMPLIED> 68*99ebb4caSwyllys 69*99ebb4caSwyllys<!ELEMENT key-usage-set (key-usage+)> 70*99ebb4caSwyllys 71*99ebb4caSwyllys<!ELEMENT key-usage EMPTY> 72*99ebb4caSwyllys<!ATTLIST key-usage use (digitalSignature | nonRepudiation | 73*99ebb4caSwyllys keyEncipherment | dataEncipherment | keyAgreement | 74*99ebb4caSwyllys keyCertSign | cRLSign | encipherOnly | decipherOnly) #IMPLIED> 75*99ebb4caSwyllys 76*99ebb4caSwyllys<!ELEMENT ext-key-usage (eku-name*, eku-oid*)> 77*99ebb4caSwyllys 78*99ebb4caSwyllys<!ELEMENT eku-name EMPTY> 79*99ebb4caSwyllys<!ATTLIST eku-name name (serverAuth | clientAuth | 80*99ebb4caSwyllys codeSigning | emailProtection | 81*99ebb4caSwyllys ipsecEndSystem | ipsecTunnel | ipsecUser | 82*99ebb4caSwyllys timeStamping | OCSPSigning) #IMPLIED > 83*99ebb4caSwyllys<!ELEMENT eku-oid EMPTY> 84*99ebb4caSwyllys<!ATTLIST eku-oid oid CDATA #IMPLIED> 85