Sent by one entity to another when it needs to get the public key of the other. Expected response element: publicKey Contains a public key. Public keys corresponding to available methods to create signatures. Sent by a client in an iq set to a Trust Provider, to apply for a pairing between the online identity (bare JID) of the sender and a Legal Identity. Expected response element: identity Note: The approval process is taken care of out-of-band. Note: Whenever the state of the legal identity is changed on the server, a message is sent to the bare JID of the account, containing the identity, in an identity element. Identities should only be accepted by clients, if the provider corresponds to the sender, and if the server signature is valid, and corresponds to the public key of the server. The legal identity the client wishes to assign to the account. Element containing information about a legal identity. Public keys corresponding to available methods to create signatures. An identity consists of a sequence of properties. Name of the property. Predefined names: FIRST = First name MIDDLE = Middle name LAST = Last name FULLNAME = Full name. Can be used instead of FIRST, MIDDLE and LAST. PNR = Personal number ADDR = Address ADDR2 = Address, second line ZIP = Zip or postal code AREA = Area CITY = City REGION = Region, state COUNTRY = Country NATIONALITY = Nationality BDAY = Birth Day BMONTH = Birth Month BYEAR = Birth Year GENDER = Gender (M or F) PHONE = Phone number, international phone number format. EMAIL = E-mail address. JID = XMPP address (Jabber ID). DOMAIN = If the ID represents the legal representative of a domain. PSEUDONYM = Lists which properties are pseudonymous. Comma-separated list. ORGNAME = Name of organization ORGNR = Organization number ORGDEPT = Organization department, where person works. ORGROLE = Role of person in organization. ORGADDR = Address of organization. ORGADDR2 = Address of organization, second line ORGZIP = Zip or postal code of organization ORGAREA = Area of organization. ORGCITY = City of organization. ORGREGION = Region or state of organization. ORGCOUNTRY = Country code of organization. Value of the property. Client signature of the identity. The signature is calculated on the identity element excluding the id attribute and the clientSignature, status and serverSignature elements. All text nodes and attribute values contain XML-encoded normalized Unicode text (in NFC). XML is normalized. Unnecessary white space removed. Space characters only allowed whitespace. The normalized XML, with attributes in alphabetical order, using double quotes, xmlns attributes only when required, &, <, >, " and ' consistently escaped, empty elements are closed using />, and no space when ending empty element, is UTF-8 encoded before being signed. The identity element never includes the xmlns attribute when calculating the signature. Note: The purpose of the signature, is for the server to validate that the client has access to the private keys corresponding to the public keys registered with the trust provider, and that the contents of the identity is consistent over time. Note: Legal identities are updated by the client regularly. Check with the server to get the most recent legal identity, if needed. Digital signature created using the corresponding client public-key algorithm. Any attached items associated with the identity. The status object is created and managed by the Trust Provider. Anyone can get the latest version of the legal identity by requesting it from the trust provider, given the id of the legal identity. JID of Trust Provider validating the correctness of the identity. Contains information about the current statue of the legal identity registration. When the legal identity was first created. When the legal identity was last updated. From what date (inclusive) the legal identity can be used. To what date (inclusive) the legal identity can be used. Server signature of the identity. The signature is calculated on the identity element excluding the serverSignature element. All text nodes and attribute values contain XML-encoded normalized Unicode text (in NFC). XML is normalized. Unnecessary white space removed. Space characters only allowed whitespace. The normalized XML, with attributes in alphabetical order, using double quotes, xmlns attributes only when required, &, <, >, " and ' consistently escaped, empty elements are closed using />, and no space when ending empty element, is UTF-8 encoded before being signed. The identity element never includes the xmlns attribute when calculating the signature. Note: The purpose of the server signature, is to validate the legal identity to other clients that have access to the server public keys. Note: Server keys may change over time. If a signature does not validate, make sure to get the most recent public key from the server and check signature again. Digital signature created using the corresponding server public-key algorithm. Any downloadable references to attachments assigned to the legal identity. As references might change over time, they are not included in signatures. All meta-data necessary to assert the validity and integrity of attachments are provided using attachment elements above. An identifier assigned to the legal identity. The identifier is formed as a JID, but is not a JID. The domain part corresponds to the domain of the Trust Provider. A client must not include an identifier when it applies for a legal identity pairing with the Trust Provider. Note: Legal IDs are case insensitive in searches and references. Lists recognized legal identity states. An application has been received and is pending confirmation out-of-band. The legal identity has been rejected. The legal identity is authenticated and approved by the Trust Provider. The legal identity has been explicitly obsoleted by its owner, or by the Trust Provider. The legal identity has been reported compromised by its owner, or by the Trust Provider. Sent by a client in an iq get to a Trust Provider, to retrieve a list (possibly empty) of legal identities registered with the provider. Expected response element: identities Contains a set of legal identities. A legal identity. Sent by a client in an iq get to a Trust Provider, to retrieve a specific legal identity given its ID. The server should only return legal identities belonging to the same account. Expected response element: identity Note: To get the legal identity from a signature, see validateSignature. Note: To get the legal identities related to contracts, see getLegalIdentities element in the smart contracts namespace. Identifier of the legal identity to retrieve. Sent by a client in an iq get to a Trust Provider, to validate a client signature from a legal identity hosted by the provider. If valid, the information about the corresponding legal identity is returned. If signature is not valid, a forbidden error will be returned. Expected response element: identity Note: If neither id or bareJid are provided, current approved legal identities for the sender will be used to verify the signature. Identifier of the legal identity to retrieve. Bare JID of account on the Trust Provider. Current approved legal identities for this account will be used to verify the signature. Binary data claimed to be signed. Digital signature to validate. May contain a Bare JID of entity for which the signature was presented. Sent by a client in an iq set to a Trust Provider, to obsolete one of its legal identities. Expected response element: identity Identifier of the legal identity to obsolete. Note: Obsoleting an application automatically turns it to Rejected. Note: Trying to obsolete a rejected or compromised identity returns a forbidden error. Sent by a client in an iq set to a Trust Provider, to report one of its legal identities as compromised. Expected response element: identity Identifier of the legal identity to report as compromised. Note: Reporting an application as compromised automatically turns it to Rejected. Note: Trying to report a rejected identity as compromised returns a forbidden error. Sent by a client in an iq set to a Trust Provider to petition for the information related to a legal identity managed by the Trust Provider. The request must be signed using an approved and valid legal identity of the caller. Invalid requests must be rejected. The Trust Provider will forward the petition to the corresponding client(s) using a normal message containing a petitionIdentityMsg element. Expect an empty response on success. Identifier of the legal identity hosted by the Trust Provider, to which the caller requests access. Optional element specifying what properties will be forwarded to party making the request. Name of one property that will be forwarded. Optional element specifying what attachments will be forwarded to party making the request. Name of one attachment that will be forwarded, without file extension. A petition ID. This identity will follow the petition. A string containing the purpose of the request. This string can be shown to the owner of the identity. A nonce value, generated by a cryptographic pseudo random number generator. Used to introduce sufficient entropy in the request. Digital signature of the request using the legal identity (or one of the approved legal identities) of the caller. The signature is calculated on the following data: UTF8Encode(pid + ":" + id + ":" + purpose + ":" + nonce + ":" + fromBareJid), where fromBareJid is the Bare JID of the sender. Note: If a sender has multiple approved legal identities associated with it, the Trust Provider uses the signature to identify which identity has been used to form the signature. It is this identity that is later forwarded to the owner of the requested identity. The legal identity of the entity making the petition. This information can be used by the recipient of the message to make an informed decision on wether to accept, deny or ignore the request. Optional element that can provide machine-readable context for petition. The Bare JID of the entity requesting the information. Sent in a normal message stanza from a Trust Provider to a client, when the Trust Provider has received a petition for a legal identity owned by the recipient of this message. The recipient can choose to ignore the message, and respond in its own time, sending an petitionIdentityResponse element with the response in an IQ set stanza back to the Trust Provider. Sent by a client in an iq set to a Trust Provider as an active response to a previous petition for information related to a legal identity owned by the client. Expect an empty response on success. A successfull request will forward the response, and the referenced legal identity if approved, to the entity making the request, by sending a petitionIdentityResponseMsg element in a normal message stanza. Optional element that can provide machine-readable context for petition response. Identifier of the legal identity referred to by the petition. A petition ID. This identity will follow the petition. Bare JID of the entity making the petition. If the Trust Provider can share the legal identity information with the entity making the petition. Sent in a normal message stanza from a Trust Provider to a client, when the Trust Provider has received a response on a petition made by the client for a legal identity. The legal identity requested, if available, and the owner of the identity consented in sharing the information. This information must only be used for the purposes described in the original petition. Optional element that can provide machine-readable context for petition response. A petition ID. This identity will follow the petition. If the Trust Provider can share the legal identity information with the entity making the petition. Sent by a client in an iq set to a Trust Provider to petition a client for a digital signature. The request must be signed using an approved and valid legal identity of the caller. Invalid requests must be rejected. The Trust Provider will forward the petition to the corresponding client(s) using a normal message containing a petitionSignatureMsg element. Expect an empty response on success. A binary random string that the recipient of the signature needs to sign, if approving the request. Optional element that can provide machine-readable context for petition. Identifier of the legal identity hosted by the Trust Provider, from which the caller requests a digital signature. Sent in a normal message stanza from a Trust Provider to a client, when the Trust Provider has received a petition for a digital signature from the recipient of this message. The recipient can choose to ignore the message, and respond in its own time, sending an petitionSignatureResponse element with the response in an IQ set stanza back to the Trust Provider. A binary random string that the recipient of the signature needs to sign, if approving the request. Optional element that can provide machine-readable context for petition. Sent by a client in an iq set to a Trust Provider as an active response to a previous petition for information related to a legal identity owned by the client. Expect an empty response on success. A successfull request will forward the response, and the referenced legal identity if approved, to the entity making the request, by sending a petitionIdentityResponseMsg element in a normal message stanza. Sent in a normal message stanza from a Trust Provider to a client, when the Trust Provider has received a response on a petition made by the client for a legal identity. Sent in an iq set stanza from a client to a Trust Provider, to add an attachment to a legal identity that is yet to be approved. Attachments can be photos, documents, or other types of objects that have a well-defined Internet Content Type. The contents of the attachment may have been uploaded to the Trust Provider using HTTP File Upload (XEP-0363) before this command is sent. After the file has been registered as an attachment, it must be removed, after first giving time for lost messages and retries, from the temporary storage of the HTTP File Upload service by the Trust Provider, for privacy reasons. Access privileges to legal identities or smart contracts, automatically infer access privileges to any attachments associated with them. Expected response element: identity Legal identity to which the attachment is to be assigned. The URL of the content. It may previously have been uploaded using HTTP File Upload (XEP-0363). Signature of the content assigned to the legal identity. The signature must be made by the private key of the legal identity to which the attachment is to be assigned. Sent in an iq set stanza from a client to a Trust Provider, to remove an attachment from a legal identity that is yet to be approved. A client can only remove attachments from its own identities. Expected response element: identity Identity of attachment to remove. Represents an attachment. An attachment can be assigned to legal identities. The identity of the attachment. Internet Content-Type of attachment. Filename of attachment. Signature of attachment, made by the uploader. Timestamp of attachment upload. Includes information on how to download an attachment. The ID of the attachment referenced to. An URL to download the attachment. Attachments must be protected using the Neuro.Foundation.Sign WWW-authentication mechanism to make sure only authorized clients can access the attachment. Contains information message about an identity application. The default message text is available in the message body, not in the element itself. A machine-readable code corresponding to the message for localization purposes. Different services can use their own different codes. If a code is not recognized, the default message should be displayed. Type of validation error message. Contains information about an identity review. Contains detailed information about the processing of an identity application. Contains information about a claim that was determined invalid. Identity claim key. Default message text explaining the reason for invalidating the claim. A machine-readable key for localization of message text. Reference to service where message originated. Contains information about a photo that was determined invalid. File name of photo. Default message text explaining the reason for invalidating the photo. A machine-readable key for localization of message text. Reference to service where message originated. Contains information about a processing error. Name of a meta-data tag. Value of a meta-data tag. XML Data Type of the encoded value in the value attribute. Default message text explaining the reason for invalidating the photo. Type of validation error message. A machine-readable key for localization of message text. Reference to service where message originated. Contains information about a claim that was determined valid. Identity claim key. Contains information about a photo that was determined valid. File name of photo. Contains information about a claim that has not been processed for validation. Identity claim key. Contains information about a photo that has not been processed for validation. File name of photo. Identifier of the referenced legal identity. Error caused by the client. Error caused by the server. Error caused by a service. Sent by one entity to another when it needs to get the chain of trust of a broker. Expected response element: trustChain Sent in response to a request of a brokers trust chain. Contains a sequence of parent brokers, from the trust anchor (root) down to the broker itself. The domain name of the broker. Sent by one broker to another broker in an iq get stanza, when it needs to get references to valid legal identities used by a JID on the recipient. Expected response element: identityReferences Note: Sender and Recipient must be the domain names of the brokers, not the corresponding legal components.