<?xml version=“1.0” encoding=“UTF-8”?> <!– edited with XMLSpy v2009 sp1 (www.altova.com) by Danske Bank (Danske Bank A/S) –> <xs:schema xmlns:xs=“www.w3.org/2001/XMLSchema” xmlns:ds=“www.w3.org/2000/09/xmldsig#” xmlns:tns=“danskebank.dk/PKI/PKIFactoryService/elements” xmlns:xml=“www.w3.org/XML/1998/namespace” targetNamespace=“danskebank.dk/PKI/PKIFactoryService/elements” elementFormDefault=“qualified” attributeFormDefault=“unqualified”>

<xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
<!--xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="store:///schemas/xmldsig-core-schema.xsd"/-->
<xs:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml_id.xsd"/>
<!-- SHARED TYPES SECTION -->
<!-- GENERIC TYPES -->
<xs:simpleType name="string10">
        <xs:restriction base="xs:string">
                <xs:minLength value="0"/>
                <xs:maxLength value="10"/>
        </xs:restriction>
</xs:simpleType>
<xs:simpleType name="string50">
        <xs:restriction base="xs:string">
                <xs:minLength value="0"/>
                <xs:maxLength value="50"/>
        </xs:restriction>
</xs:simpleType>
<xs:simpleType name="RequestIdType">
        <xs:restriction base="tns:string10"/>
</xs:simpleType>
<xs:simpleType name="ReturncodeType">
        <xs:restriction base="tns:string10"/>
</xs:simpleType>
<xs:simpleType name="ReturnTextType">
        <xs:restriction base="tns:string50"/>
</xs:simpleType>
<xs:simpleType name="AdditionalReturnTextType">
        <xs:restriction base="xs:string">
                <xs:minLength value="0"/>
                <xs:maxLength value="1000"/>
        </xs:restriction>
</xs:simpleType>
<!-- SPECIFIC TYPES -->
<xs:simpleType name="InterfaceVersionType">
        <xs:restriction base="xs:string">
                <xs:minLength value="1"/>
                <xs:maxLength value="10"/>
        </xs:restriction>
</xs:simpleType>
<xs:simpleType name="CRLReasonType">
        <xs:restriction base="xs:integer">
                <xs:enumeration value="0"/>
                <xs:enumeration value="1"/>
                <xs:enumeration value="2"/>
                <xs:enumeration value="3"/>
                <xs:enumeration value="4"/>
                <xs:enumeration value="5"/>
                <xs:enumeration value="9"/>
                <!-- Values taken from X.509v3 specification -->
        </xs:restriction>
</xs:simpleType>
<xs:simpleType name="CertificateIdType">
        <xs:restriction base="xs:string">
                <xs:minLength value="1"/>
                <xs:maxLength value="64"/>
        </xs:restriction>
</xs:simpleType>
<xs:simpleType name="CertificateType">
        <xs:restriction base="xs:base64Binary">
                <xs:minLength value="1"/>
                <xs:maxLength value="10000"/>
        </xs:restriction>
</xs:simpleType>
<xs:simpleType name="Pkcs10requestType">
        <xs:restriction base="xs:base64Binary">
                <xs:minLength value="1"/>
                <xs:maxLength value="10000"/>
        </xs:restriction>
</xs:simpleType>
<xs:simpleType name="CustomerIdType">
        <xs:restriction base="xs:string">
                <xs:minLength value="6"/>
                <xs:maxLength value="6"/>
        </xs:restriction>
</xs:simpleType>
<xs:simpleType name="KeyGeneratorTypeType">
        <xs:annotation>
                <xs:documentation>Indicates the machine (hardware or software) used to create the keys in a certificate request. The value 'HSM' indicates that a Hardware Security Module generated the keys, while the value 'software' indicates that the keys were generated in software.</xs:documentation>
        </xs:annotation>
        <xs:restriction base="xs:string">
                <xs:enumeration value="HSM"/>
                <xs:enumeration value="software"/>
        </xs:restriction>
</xs:simpleType>
<xs:simpleType name="EnvironmentType">
        <xs:restriction base="xs:string">
                <xs:enumeration value="production"/>
                <xs:enumeration value="customertest"/>
                <xs:enumeration value="systemtest"/>
                <xs:enumeration value="test"/>
        </xs:restriction>
</xs:simpleType>
<xs:simpleType name="CertificateTypeType">
        <xs:restriction base="xs:string">
                <xs:enumeration value="signing"/>
                <xs:enumeration value="encryption"/>
        </xs:restriction>
</xs:simpleType>
<xs:complexType name="CertificateStatusType">
        <xs:sequence>
                <xs:element name="CertificateSerialNo" type="tns:CertificateIdType"/>
                <xs:element name="CertificateType" type="tns:CertificateTypeType"/>
                <xs:element name="MatchingCertificateSerialNo" type="tns:CertificateIdType"/>
                <xs:element name="Status">
                        <xs:complexType>
                                <xs:choice>
                                        <xs:element name="good">
                                                <xs:complexType>
                                                        <xs:attribute name="expiryDate" type="xs:dateTime" use="optional"/>
                                                </xs:complexType>
                                        </xs:element>
                                        <xs:element name="expires_soon">
                                                <xs:complexType>
                                                        <xs:attribute name="expiryDate" type="xs:dateTime" use="optional"/>
                                                </xs:complexType>
                                        </xs:element>
                                        <xs:element name="expired">
                                                <xs:complexType>
                                                        <xs:attribute name="expiryDate" type="xs:dateTime" use="optional"/>
                                                </xs:complexType>
                                        </xs:element>
                                        <xs:element name="revoked">
                                                <xs:complexType>
                                                        <xs:attribute name="revocationDate" type="xs:dateTime" use="optional"/>
                                                        <xs:attribute name="CRLReason" type="tns:CRLReasonType" use="optional"/>
                                                </xs:complexType>
                                        </xs:element>
                                </xs:choice>
                        </xs:complexType>
                </xs:element>
        </xs:sequence>
</xs:complexType>
<!-- ELEMENTS SECTION -->
<xs:element name="CreateCertificateRequest">
        <xs:annotation>
                <xs:documentation>Request to create a signing certificate and an encryption certificate for the customer. The customer is identified by an agreement number and a CAID.</xs:documentation>
        </xs:annotation>
        <xs:complexType>
                <xs:sequence>
                        <xs:element name="CustomerId" type="tns:CustomerIdType"/>
                        <xs:element name="KeyGeneratorType" type="tns:KeyGeneratorTypeType"/>
                        <xs:element name="EncryptionCertPKCS10" type="tns:Pkcs10requestType"/>
                        <xs:element name="SigningCertPKCS10" type="tns:Pkcs10requestType"/>
                        <xs:element name="Timestamp" type="xs:dateTime"/>
                        <xs:element name="RequestId" type="tns:RequestIdType"/>
                        <xs:element name="Environment" type="tns:EnvironmentType" minOccurs="0"/>
                        <xs:element name="PIN" type="tns:string10"/>
                </xs:sequence>
                <xs:attribute ref="xml:id"/>
        </xs:complexType>
</xs:element>
<xs:element name="CreateCertificateResponse">
        <xs:annotation>
                <xs:documentation>Response to a CreateCertificateRequest.</xs:documentation>
        </xs:annotation>
        <xs:complexType>
                <xs:sequence>
                        <xs:element name="ReturnCode" type="tns:ReturncodeType"/>
                        <xs:element name="ReturnText" type="tns:ReturnTextType"/>
                        <xs:element name="EncryptionCert" type="tns:CertificateType"/>
                        <xs:element name="SigningCert" type="tns:CertificateType"/>
                        <xs:element name="CACert" type="tns:CertificateType"/>
                        <xs:element name="RequestId" type="tns:RequestIdType"/>
                        <xs:element name="Environment" type="tns:EnvironmentType" minOccurs="0"/>
                        <!-- Enveloped signature, signing the CreateCertificateResponse element -->
                        <xs:element ref="ds:Signature" minOccurs="0"/>
                </xs:sequence>
                <xs:attribute ref="xml:id"/>
        </xs:complexType>
</xs:element>
<xs:element name="RenewCertificateRequest">
        <xs:annotation>
                <xs:documentation>Request to renew a signing certificate and an encryption certificate for the customer. The customer is identified by an agreement number and a name. The request is signed with the customers old signing certificate.</xs:documentation>
        </xs:annotation>
        <xs:complexType>
                <xs:sequence>
                        <xs:element name="CustomerId" type="tns:CustomerIdType"/>
                        <xs:element name="KeyGeneratorType" type="tns:KeyGeneratorTypeType"/>
                        <xs:element name="EncryptionCertPKCS10" type="tns:Pkcs10requestType"/>
                        <xs:element name="SigningCertPKCS10" type="tns:Pkcs10requestType"/>
                        <xs:element name="Timestamp" type="xs:dateTime"/>
                        <xs:element name="RequestId" type="tns:RequestIdType"/>
                        <xs:element name="Environment" type="tns:EnvironmentType" minOccurs="0"/>
                        <!-- Enveloped signature, signing the RenewCertificateRequest element. The signature should be based on the old signing cert -->
                        <xs:element ref="ds:Signature" minOccurs="0"/>
                </xs:sequence>
                <xs:attribute ref="xml:id"/>
        </xs:complexType>
</xs:element>
<xs:element name="RenewCertificateResponse">
        <xs:annotation>
                <xs:documentation>Response to a RenewCertificateRequest.</xs:documentation>
        </xs:annotation>
        <xs:complexType>
                <xs:sequence>
                        <xs:element name="ReturnCode" type="tns:ReturncodeType"/>
                        <xs:element name="ReturnText" type="tns:ReturnTextType"/>
                        <xs:element name="EncryptionCert" type="tns:CertificateType"/>
                        <xs:element name="SigningCert" type="tns:CertificateType"/>
                        <xs:element name="CACert" type="tns:CertificateType"/>
                        <xs:element name="RequestId" type="tns:RequestIdType"/>
                        <xs:element name="Environment" type="tns:EnvironmentType" minOccurs="0"/>
                        <!-- Enveloped signature, signing the RenewCertificateResponse element. -->
                        <xs:element ref="ds:Signature" minOccurs="0"/>
                </xs:sequence>
                <xs:attribute ref="xml:id"/>
        </xs:complexType>
</xs:element>
<xs:element name="RevokeCertificateRequest">
        <xs:complexType>
                <xs:sequence>
                        <xs:element name="KeyGeneratorType" type="tns:KeyGeneratorTypeType"/>
                        <xs:element name="CustomerId" type="tns:CustomerIdType"/>
                        <xs:choice>
                                <xs:element name="RevokeAll">
                                        <xs:complexType>
                                                <xs:sequence>
                                                        <xs:element name="ExceptCertificateSerialNo" minOccurs="0" maxOccurs="10"/>
                                                </xs:sequence>
                                        </xs:complexType>
                                </xs:element>
                                <xs:element name="CertificateSerialNo" type="tns:CertificateIdType" maxOccurs="10"/>
                        </xs:choice>
                        <xs:element name="CRLReason" type="tns:CRLReasonType" minOccurs="0"/>
                        <xs:element name="Timestamp" type="xs:dateTime"/>
                        <xs:element name="RequestId" type="tns:RequestIdType"/>
                        <xs:element name="Environment" type="tns:EnvironmentType" minOccurs="0"/>
                        <!-- Enveloped signature, signing the RevokeCertificateRequest element-->
                        <xs:element ref="ds:Signature" minOccurs="0"/>
                </xs:sequence>
                <xs:attribute ref="xml:id"/>
        </xs:complexType>
</xs:element>
<xs:element name="RevokeCertificateResponse">
        <xs:complexType>
                <xs:sequence>
                        <xs:element name="ReturnCode" type="tns:ReturncodeType"/>
                        <xs:element name="ReturnText" type="tns:ReturnTextType"/>
                        <xs:element name="CertificateSerialNo" type="tns:CertificateIdType" maxOccurs="unbounded"/>
                        <xs:element name="RevocationTime" type="xs:dateTime"/>
                        <xs:element name="RequestId" type="tns:RequestIdType"/>
                        <xs:element name="Environment" type="tns:EnvironmentType" minOccurs="0"/>
                        <!-- Enveloped signature, signing the RevokeCertificateResponse element-->
                        <xs:element ref="ds:Signature" minOccurs="0"/>
                </xs:sequence>
                <xs:attribute ref="xml:id"/>
        </xs:complexType>
</xs:element>
<xs:element name="CertificateStatusRequest">
        <xs:complexType>
                <xs:sequence>
                        <xs:element name="KeyGeneratorType" type="tns:KeyGeneratorTypeType"/>
                        <xs:element name="CertificateSerialNo" type="tns:CertificateIdType" maxOccurs="10"/>
                        <xs:element name="CustomerId" type="tns:CustomerIdType"/>
                        <xs:element name="Timestamp" type="xs:dateTime"/>
                        <xs:element name="RequestId" type="tns:RequestIdType"/>
                        <!-- Enveloped signature, signing the CertificateStatusRequest element-->
                        <xs:element ref="ds:Signature" minOccurs="0"/>
                </xs:sequence>
                <xs:attribute ref="xml:id"/>
        </xs:complexType>
</xs:element>
<xs:element name="CertificateStatusResponse">
        <xs:complexType>
                <xs:sequence>
                        <xs:element name="ReturnCode" type="tns:ReturncodeType"/>
                        <xs:element name="ReturnText" type="tns:ReturnTextType"/>
                        <xs:element name="CertificateStatus" type="tns:CertificateStatusType" maxOccurs="10"/>
                        <xs:element name="Timestamp" type="xs:dateTime"/>
                        <xs:element name="RequestId" type="tns:RequestIdType"/>
                        <!-- Enveloped signature, signing the CertificateStatusResponse element-->
                        <xs:element ref="ds:Signature" minOccurs="0"/>
                </xs:sequence>
                <xs:attribute ref="xml:id"/>
        </xs:complexType>
</xs:element>
<xs:element name="GetOwnCertificateListRequest">
        <xs:complexType>
                <xs:sequence>
                        <xs:element name="KeyGeneratorType" type="tns:KeyGeneratorTypeType"/>
                        <xs:element name="CustomerId" type="tns:CustomerIdType"/>
                        <xs:element name="Timestamp" type="xs:dateTime"/>
                        <xs:element name="RequestId" type="tns:RequestIdType"/>
                        <!-- Enveloped signature, signing the GetCertificateListRequest element-->
                        <xs:element ref="ds:Signature" minOccurs="0"/>
                </xs:sequence>
                <xs:attribute ref="xml:id"/>
        </xs:complexType>
</xs:element>
<xs:element name="GetOwnCertificateListResponse">
        <xs:complexType>
                <xs:sequence>
                        <xs:element name="ReturnCode" type="tns:ReturncodeType"/>
                        <xs:element name="ReturnText" type="tns:ReturnTextType"/>
                        <xs:element name="CertificateStatus" type="tns:CertificateStatusType" minOccurs="0" maxOccurs="unbounded"/>
                        <!-- Enveloped signature, signing the GetCertificateListResponse element-->
                        <xs:element name="RequestId" type="tns:RequestIdType"/>
                        <xs:element ref="ds:Signature" minOccurs="0"/>
                </xs:sequence>
                <xs:attribute ref="xml:id"/>
        </xs:complexType>
</xs:element>
<xs:element name="GetBankCertificateRequest">
        <xs:complexType>
                <xs:sequence>
                        <xs:element name="BankRootCertificateSerialNo" type="tns:CertificateIdType"/>
                        <xs:element name="Timestamp" type="xs:dateTime"/>
                        <xs:element name="RequestId" type="tns:RequestIdType"/>
                </xs:sequence>
                <xs:attribute ref="xml:id"/>
        </xs:complexType>
</xs:element>
<xs:element name="GetBankCertificateResponse">
        <xs:annotation>
                <xs:documentation>Response to a GetBankCertificate request. Contains the relevant bank certificates.</xs:documentation>
        </xs:annotation>
        <xs:complexType>
                <xs:sequence>
                        <xs:element name="ReturnCode" type="tns:ReturncodeType"/>
                        <xs:element name="ReturnText" type="tns:ReturnTextType"/>
                        <xs:element name="BankEncryptionCert" type="tns:CertificateType"/>
                        <xs:element name="BankSigningCert" type="tns:CertificateType"/>
                        <xs:element name="BankRootCert" type="tns:CertificateType"/>
                        <xs:element name="RequestId" type="tns:RequestIdType"/>
                        <!-- Enveloped signature, signing the GetBankCertificateResponse element-->
                        <xs:element ref="ds:Signature" minOccurs="0"/>
                </xs:sequence>
                <xs:attribute ref="xml:id"/>
        </xs:complexType>
</xs:element>

</xs:schema>