From 921f7260914c826ba0b28c986566e9c6dedba159 Mon Sep 17 00:00:00 2001
From: Peter Saint-Andre <stpeter@jabber.org>
Date: Tue, 10 Mar 2009 21:50:59 +0000
Subject: [PATCH] 0.2

git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@2867 4b5297f7-1745-476d-ba37-a9c6900126ab
---
 xep-0258.xml | 459 +++++++++++++++++++++++++++++++--------------------
 1 file changed, 282 insertions(+), 177 deletions(-)

diff --git a/xep-0258.xml b/xep-0258.xml
index 18ddb54c..810a0b74 100644
--- a/xep-0258.xml
+++ b/xep-0258.xml
@@ -7,14 +7,6 @@
   <!ENTITY EQUIVALENTLABEL "&lt;equivalentlabel/&gt;">
   <!ENTITY HEADLINE "&lt;headline/&gt;">
   <!ENTITY IDENTITY "&lt;identity/&gt;">
-  <!ENTITY rfc2634 "<span class='ref'><link url='http://tools.ietf.org/html/rfc2634'>RFC 2634</link></span> <note>RFC 2634: Enhanced Security Services for S/MIME &lt;<link url='http://tools.ietf.org/html/rfc2634'>http://tools.ietf.org/html/rfc2634</link>&gt;.</note>" >
-  <!ENTITY ASN.1 "<span class='ref'><link url='http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf'>ASN.1</link></span> <note>X.680: Abstract Syntax Notation One (ASN.1): Specification of basic notation &lt;<link url='http:://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf'>http:://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf</link>&gt;.</note>" >
-  <!ENTITY BER "<span class='ref'><link url='http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf'>BER</link></span> <note>X.690: ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) &lt;<link url='http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf'>http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf</link>&gt;.</note>" >
-  <!ENTITY X.500 "<span class='ref'><link url='http://www.itu.int/rec/T-REC-X.500-200102-I/en'>X.500</link></span> <note>X.500: The Directory: Overview of concepts, models and service &lt;<link url='http://www.itu.int/rec/T-REC-X.500-200102-I/en'>http://www.itu.int/rec/T-REC-X.500-200102-I/en</link>&gt;.</note>" >
-  <!ENTITY X.841 "<span class='ref'><link url='http://www.itu.int/rec/T-REC-X.841-200010-I/en'>X.841</link></span> <note>X.841: Security techniques - Security information objects for access control &lt;<link url='http://www.itu.int/rec/T-REC-X.841-200010-I/en'>http://www.itu.int/rec/T-REC-X.841-200010-I/en</link>&gt;.</note>" >
-  <!ENTITY SDN.801c "<span class='ref'>SDN.801c</span> <note>SDN.801c: Access Control Concept and Mechanism, US National Security Agency, Revision C, 12 May 1999.</note>" >
-  <!ENTITY IC-ISM "<span class='ref'>IC-ISM</span> <note>Common Information Sharing Standard for Information Security Marking: XML Implementation, Office of the Director of National Intelligence,
-Release 2.0.3, 15 February 2006.</note>" >
 %ents;
 ]>
 <?xml-stylesheet type='text/xsl' href='xep.xsl'?>
@@ -33,7 +25,6 @@ Release 2.0.3, 15 February 2006.</note>" >
   <dependencies>
     <spec>XMPP Core</spec>
     <spec>XEP-0001</spec>
-    <spec>Etc.</spec>
   </dependencies>
   <supersedes/>
   <supersededby/>
@@ -44,6 +35,12 @@ Release 2.0.3, 15 February 2006.</note>" >
     <email>Kurt.Zeilenga@Isode.COM</email>
     <jid>Kurt.Zeilenga@Isode.COM</jid>
   </author>
+  <revision>
+    <version>0.2</version>
+    <date>2009-03-10</date>
+    <initials>kdz</initials>
+    <remark><p>Reworked discovery and various updates.</p></remark>
+  </revision>
   <revision>
     <version>0.1</version>
     <date>2009-01-05</date>
@@ -78,39 +75,42 @@ Release 2.0.3, 15 February 2006.</note>" >
      commonly used in conjunction with &X.500; clearances and either X.841 or &SDN.801c;
      security policies.</p>
   <example caption="Message with ESS Security Label"><![CDATA[
-    <message to='romeo@example.net' from='juliet@example.com/balcony'>
-        <body>This content is classified.</body>
-        <securitylabel xmlns='urn:xmpp:sec-label:0'>
-            <displaymarking fgcolor='black' bgcolor='red'>SECRET</displaymarking>
-            <label><esssecuritylabel xmlns='urn:xmpp:sec-label:ess:0'
-                >MQYCAQIGASk=</esssecurityLabel></label>
-        </securityLabel>
-    </message>
+<message to='romeo@example.net' from='juliet@example.com/balcony'>
+    <body>This content is classified.</body>
+    <securitylabel xmlns='urn:xmpp:sec-label:0'>
+        <displaymarking fgcolor='black' bgcolor='red'>SECRET</displaymarking>
+        <label><esssecuritylabel xmlns='urn:xmpp:sec-label:ess:0'>
+            MQYCAQQGASk=
+        </esssecuritylabel></label>
+    </securitylabel>
+</message>
   ]]></example>
   <example caption="Message with IC-ISM Label"><![CDATA[
-    <message to='romeo@example.net' from='juliet@example.com/balcony'>
-        <body>This content is classified.</body>
-        <securitylabel xmlns='urn:xmpp:sec-label:0'>
-            <displaymarking fgcolor='black' bgcolor='red'>SECRET</displaymarking>
-            <label><icismlabel xmlns='http://example.gov/IC-ISM/0'
-                classification='S' ownerProducer='USA' disseminationControls='FOUO'/></label>
-        </securityLabel>
-    </message>
+<message to='romeo@example.net' from='juliet@example.com/balcony'>
+    <body>This content is classified.</body>
+    <securitylabel xmlns='urn:xmpp:sec-label:0'>
+        <displaymarking fgcolor='black' bgcolor='red'>SECRET</displaymarking>
+        <label><icismlabel xmlns='http://example.gov/IC-ISM/0' classification='S'
+            ownerProducer='USA' disseminationControls='FOUO'/></label>
+    </securitylabel>
+</message>
   ]]></example>
   <p>Note: The &IC-ISM; label example is for <em>illustrative purposes only</em>.</p>
   
   <p>The document details when security label metadata should or should not be provided, and how
      this metadata is to be processed.</p>
-  <p>This document does <em>not</em> (yet?) provide:
+
+  <p>This document does <em>not</em> provide:
      <ul>
-     <li>any mechanism for a client might discover the security policy enforce at its home server,
-         or any other server;</li>
+     <li>any mechanism for a client might discover the security policy
+        enforce at its home server, or any other server;</li>
      <li>any mechanism for a client to discover the user's clearance,
          or the clearance of associated with any resource; nor</li>
-     <li>any administrative mechanism for a client to configure configure policy,
-         clearance, and labels of any resource.</li>
+     <li>any administrative mechanism for a client to configure
+        configure policy, clearance, and labels of any resource.</li>
      </ul>
-     Such mechanisms may be introduced in subsequent documents.</p>
+
+  Such mechanisms may be introduced in subsequent documents.</p>
 </section1>
 
 <section1 topic='Discovering Feature Support' anchor='disco'>
@@ -156,20 +156,20 @@ Release 2.0.3, 15 February 2006.</note>" >
      includes a security label, zero or more equivalent security labels, and optionally display
      marking data.</p>
   <example caption="Labeled Message"><![CDATA[
-        <message to='romeo@example.net' from='juliet@example.com/balcony'>
-            <body>This content is classified.</body>
-            <securitylabel xmlns='urn:xmpp:sec-label:0'>
-                <displaymarking fgcolor='black' bgcolor='red'>SECRET</displaymarking>
-                <label>
-                    <esssecuritylabel xmlns='urn:xmpp:sec-label:0'
-                        >MQYCAQIGASk=</esssecuritylabel>
-                </label>
-                <equivalentlabel>
-                    <esssecuritylabel xmlns='urn:xmpp:sec-label:0'
-                        >MRACAgEABgIpARMGT3Jhbmdl</esssecuritylabel>
-                </equivalentlabel>
-            </securityLabel>
-        </message>
+<message to='romeo@example.net' from='juliet@example.com/balcony'>
+    <body>This content is classified.</body>
+    <securitylabel xmlns='urn:xmpp:sec-label:0'>
+        <displaymarking fgcolor='black' bgcolor='red'>SECRET</displaymarking>
+        <label>
+            <esssecuritylabel xmlns='urn:xmpp:sec-label:ess:0'
+                >MQYCAQIGASk=</esssecuritylabel>
+        </label>
+        <equivalentlabel>
+            <esssecuritylabel xmlns='urn:xmpp:sec-label:ess:0'
+                >MRUCAgD9DA9BcXVhIChvYnNvbGV0ZSk=</esssecuritylabel>
+        </equivalentlabel>
+    </securitylabel>
+</message>
   ]]></example>
   <p>The security label metadata is carried in an &SECURITYLABEL; element.
      The &SECURITYLABEL; element which contains one and only one &LABEL; element,
@@ -193,21 +193,28 @@ Release 2.0.3, 15 February 2006.</note>" >
      colorizing the display marking.</p>
 </section1>
 
-<section1 topic='Label Information Discovery' anchor='label-disco'>
-    <p>It is RECOMMENDED the server publish security label information, including a
-       catalog of labels, for use by clients.</p>
-    <p>The catalog provided should only contain labels for which the client is allowed to use
-       (based upon the user's authorization).   The catalog may not be include the complete
-       set of labels available for the use by the client.</p>
-    <p>As each service domain may have different support for security labels, servers
-       should advertise and clients should perform appropriate discovery lookups on a
-       per service basis.</p>
-    <p>To indicate the support for label information discovery, a server advertises the
-       <tt>urn:xmpp:sec-label:info:0</tt> feature.</p>
-    <example caption="Label Information Feature Discovery request"><![CDATA[
+<section1 topic='Label Catalog Discovery' anchor='label-catalog'>
+    <p>It is RECOMMENDED the server publish a catalogs of security label
+       for use by clients.</p>
+    <p>Each catalog provided should only contain labels for which the client
+       is allowed to use (based upon the user's authorization) in a particular
+       context (such as in chatroom).  A catalog may not be include the
+       complete set of labels available for the use by the client in the
+       context.</p>
+    <blockquote>Note: the single catalog per context approach used here
+       is likely inadequate in enviroments where there are a large number
+       of labels in use.  It is expected that a more sophisticated approach
+       will be introduced in a subsequent revision of this
+       specification.</blockquote>
+    <p>As each service domain may have different support for security labels,
+       servers should advertise and clients should perform appropriate
+       discovery lookups on a per service basis.</p>
+    <p>To indicate the support for label catalog discovery, a server
+       advertises the <tt>urn:xmpp:sec-label:catalog:0</tt> feature.
+       The following pair of examples illustrates this feature discovery.</p>
+    <example caption="Label Catalog Feature Discovery request"><![CDATA[
 <iq type='get'
     from='user@example.com/Work'
-    to='example.com'
     id='disco1'>
   <query xmlns='http://jabber.org/protocol/disco#info'/>
 </iq>
@@ -219,65 +226,56 @@ Release 2.0.3, 15 February 2006.</note>" >
     id='disco1'>
   <query xmlns='http://jabber.org/protocol/disco#info'>
     ...
-    <feature var='urn:xmpp:sec-label:0'/>
-    <feature var='urn:xmpp:sec-label:info:0'/>
+    <feature var='urn:xmpp:sec-label:catalog:0'/>
     ...
   </query>
 </iq>
   ]]></example>
   
-    <p>The following example illustrates catalog discovery.</p>
+    <p>The following example pair illustrates catalog discovery.</p>
 
-      <!-- Hierarchy of labels? -->
-    <example caption="Label Information request"><![CDATA[
-<iq type='get'
-    from='user@example.com/Work'
-    to='example.com'
-    id='catalog1'>
-  <query xmlns='urn:xmpp:sec-label:info:0'/>
+    <example caption="Label Catalog request"><![CDATA[
+<iq type='get' id='cat1'>
+  <catalog xmlns='urn:xmpp:sec-label:catalog:0' to='example.com'/>
 </iq>
   ]]></example>
 
-     <example caption="Label Information response"><![CDATA[
-<iq type='result'
-    from='example.com'
-    to='user@example.com/Work'
-    id='catalog1'>
-  <query xmlns='urn:xmpp:sec-label:info:0'>
-        <labelcatalog>
+     <example caption="Label Catalog Get response"><![CDATA[
+<iq type='result' to='user@example.com/Work' id='cat1'>
+  <catalog xmlns='urn:xmpp:sec-label:catalog:0'
+      to='example.com' name='Default'
+      desc='an example set of labels'/>
             <securitylabel xmlns='urn:xmpp:sec-label:0'>
                 <displaymarking fgcolor='black' bgcolor='red'>SECRET</displaymarking>
                 <label>
-                    <esssecuritylabel xmlns='urn:xmpp:sec-label:0'
+                    <esssecuritylabel xmlns='urn:xmpp:sec-label:ess:0'
                         >MQYCAQQGASk=</esssecuritylabel>
                 </label>
-            </securityLabel>
+            </securitylabel>
             <securitylabel xmlns='urn:xmpp:sec-label:0'>
                 <displaymarking fgcolor='black' bgcolor='navy'>CONFIDENTIAL</displaymarking>
                 <label>
-                    <esssecuritylabel xmlns='urn:xmpp:sec-label:0'
-                        >MQYCAQMGASk=</esssecuritylabel>
+                    <esssecuritylabel xmlns='urn:xmpp:sec-label:ess:0'
+                        >MQYCAQMGASk</esssecuritylabel>
                 </label>
-            </securityLabel>
+            </securitylabel>
             <securitylabel xmlns='urn:xmpp:sec-label:0'>
                 <displaymarking fgcolor='black' bgcolor='aqua'>RESTRICTED</displaymarking>
                 <label>
-                    <esssecuritylabel xmlns='urn:xmpp:sec-label:0'
+                    <esssecuritylabel xmlns='urn:xmpp:sec-label:ess:0'
                         >MQYCAQIGASk=</esssecuritylabel>
                 </label>
-            </securityLabel>
+            </securitylabel>
             <securitylabel xmlns='urn:xmpp:sec-label:0'>
                 <displaymarking fgcolor='black' bgcolor='green'>UNCLASSIFIED</displaymarking>
                 <label>
-                    <esssecuritylabel xmlns='urn:xmpp:sec-label:0'
+                    <esssecuritylabel xmlns='urn:xmpp:sec-label:ess:0'
                         >MQMGASk=</esssecuritylabel>
                 </label>
-            </securityLabel>
-        </labelcatalog>
-  </query>
+            </securitylabel>
+  </catalog>
 </iq>
   ]]></example>
-    <p>The label information may contain other elements.</p>
 </section1>
 
 <section1 topic='Use in XMPP' anchor='xmpp-use'>
@@ -508,9 +506,9 @@ And by opposing end them?
         <securitylabel xmlns='urn:xmpp:sec-label:0'>
             <displaymarking fgcolor='black' bgcolor='green'>UNCLASSIFIED</displaymarking>
             <label>
-                <esssecuritylabel xmlns='urn:xmpp:sec-label:0'>MQMGASk=</esssecuritylabel>
+                <esssecuritylabel xmlns='urn:xmpp:sec-label:ess:0'>MQMGASk=</esssecuritylabel>
             </label>
-        </securityLabel>
+        </securitylabel>
       </item>
     </publish>
   </pubsub>
@@ -540,9 +538,9 @@ And by opposing end them?
         <securitylabel xmlns='urn:xmpp:sec-label:0'>
             <displaymarking fgcolor='black' bgcolor='green'>UNCLASSIFIED</displaymarking>
             <label>
-                <esssecuritylabel xmlns='urn:xmpp:sec-label:0'>MQMGASk=</esssecuritylabel>
+                <esssecuritylabel xmlns='urn:xmpp:sec-label:ess:0'>MQMGASk=</esssecuritylabel>
             </label>
-        </securityLabel>
+        </securitylabel>
       </item>
     </items>
   </event>
@@ -552,6 +550,14 @@ And by opposing end them?
   </section2>
 </section1>
 
+<section1 topic='Extension Considerations' anchor='exts'>
+  <p>
+  This extension is itself is extensible.  In particular, the &LABEL; and &EQUIVALENTLABEL;
+  elements are designed to hold a range of security labels formats.  XML namespaces SHOULD
+  be used to avoid name clashes.
+  </p>
+</section1>
+
 <!--
 <section1 topic='Implementation Notes' anchor='impl'>
   <p>OPTIONAL.</p>
@@ -572,109 +578,208 @@ And by opposing end them?
   <p>This document requires no interaction with &IANA;.</p>
 </section1>
 <section1 topic='XMPP Registrar Considerations' anchor='registrar'>
-  <p>It is requested the &REGISTRAR; add the extension's namespace and schema to
-     appropriate XMPP registries.</p>
-  <p>It is requested the Registrar maintain a registry of label types.  The
-     type string "<tt>ESS</tt>" is reserved for use as described in this document.</p>
+  <p>It is requested the &REGISTRAR; add the extension's namespaces
+     and schemas to appropriate XMPP registries.</p>
 </section1>
 <section1 topic='XML Schemas' anchor='schema'>
-<section2 topic='&lt;securitylabel/&gt; schema' anchor='schema-sl'>
+<section2 topic='Extension Schema' anchor='schema-sl'>
   <p>
     <code><![CDATA[
-    <?xml version='1.0' encoding='UTF-8'?>
-    <xs:schema
-        xmlns:xs='http://www.w3.org/2001/XMLSchema'
-        targetNamespace='urn:xmpp:sec-label:0'
-        xmlns='urn:xmpp:sec-label:0'
-        elementFormDefault='qualified'>
+<?xml version='1.0' encoding='UTF-8'?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="urn:xmpp:sec-label:0"
+    xmlns="urn:xmpp:sec-label:0" elementFormDefault="qualified">
 
+    <xs:annotation>
+        <xs:documentation>The protocol documented by this schema is defined in XEP-0258:
+            http://www.xmpp.org/extensions/xep-0258.html</xs:documentation>
+    </xs:annotation>
+
+    <xs:simpleType name="colorCSS">
         <xs:annotation>
-        <xs:documentation>
-            The protocol documented by this schema is defined in XEP-XXXX:
-            http://www.xmpp.org/extensions/xep-XXXX.html
-        </xs:documentation>
+            <xs:documentation>CSS colors (W3C colors + "orange")</xs:documentation>
+        </xs:annotation>
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="aqua"/>
+            <xs:enumeration value="black"/>
+            <xs:enumeration value="blue"/>
+            <xs:enumeration value="fuschia"/>
+            <xs:enumeration value="gray"/>
+            <xs:enumeration value="green"/>
+            <xs:enumeration value="lime"/>
+            <xs:enumeration value="maroon"/>
+            <xs:enumeration value="navy"/>
+            <xs:enumeration value="olive"/>
+            <xs:enumeration value="purple"/>
+            <xs:enumeration value="red"/>
+            <xs:enumeration value="silver"/>
+            <xs:enumeration value="teal"/>
+            <xs:enumeration value="white"/>
+            <xs:enumeration value="yellow"/>
+            <xs:enumeration value="orange"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:simpleType name="colorRGB">
+        <xs:annotation>
+            <xs:documentation>Hex encoded RGB</xs:documentation>
+        </xs:annotation>
+        <xs:restriction base="xs:string">
+            <xs:pattern value="#[0-9A-Fa-f]{6}"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:simpleType name="color">
+        <xs:annotation>
+            <xs:documentation>Color</xs:documentation>
+        </xs:annotation>
+        <xs:union memberTypes="colorCSS colorRGB"/>
+    </xs:simpleType>
+
+    <xs:complexType name="displaymarking">
+        <xs:annotation>
+            <xs:documentation>Display Marking</xs:documentation>
+            <xs:documentation>String to be prominently displayed along with labeled
+                object.</xs:documentation>
+        </xs:annotation>
+        <xs:simpleContent>
+            <xs:extension base="xs:string">
+                <xs:attribute name="bgcolor" type="color" use="optional" default="white"/>
+                <xs:attribute name="fgcolor" type="color" use="optional" default="black"/>
+            </xs:extension>
+        </xs:simpleContent>
+    </xs:complexType>
+
+    <xs:complexType name="label">
+        <xs:choice minOccurs="0">
+            <xs:any namespace="##other" processContents="lax"/>
+        </xs:choice>
+    </xs:complexType>
+
+    <xs:element name="securitylabel">
+        <xs:annotation>
+            <xs:documentation>A Security Label</xs:documentation>
+        </xs:annotation>
+        <xs:complexType>
+            <xs:sequence>
+                <xs:element name="displaymarking" type="displaymarking">
+                    <xs:annotation>
+                        <xs:documentation>A Display Marking</xs:documentation>
+                        <xs:documentation>To be prominently displayed</xs:documentation>
+                    </xs:annotation>
+                </xs:element>
+                <xs:element name="label" type="label">
+                    <xs:annotation>
+                        <xs:documentation>The Primary Label</xs:documentation>
+                    </xs:annotation>
+                </xs:element>
+                <xs:element name="equivalentlabel" type="label" minOccurs="0" maxOccurs="unbounded">
+                    <xs:annotation>
+                        <xs:documentation>An Equivalent Label</xs:documentation>
+                    </xs:annotation>
+                </xs:element>
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>
+    ]]></code>
+
+    A copy of this schema is available at
+        <link url='http://www.xmpp.org/schemas/sec-label.xsd'>
+        http://www.xmpp.org/schemas/sec-label.xsd</link>.
+  </p>
+</section2>
+<section2 topic='&lt;catalog/&gt; schema' anchor='schema-catalog'>
+    <p>
+      <code><![CDATA[
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:sl="urn:xmpp:sec-label:0"
+    xmlns="urn:xmpp:sec-label:catalog:0" targetNamespace="urn:xmpp:sec-label:catalog:0"
+    elementFormDefault="qualified">
+
+    <xs:annotation>
+        <xs:documentation>The protocol documented by this schema is defined in XEP-0258:
+            http://www.xmpp.org/extensions/xep-0258.html</xs:documentation>
+    </xs:annotation>
+
+    <xs:import schemaLocation="xep258.xsd" namespace="urn:xmpp:sec-label:0"/>
+
+    <xs:attribute name="to" type="xs:string">
+        <xs:annotation>
+            <xs:documentation>Target JabberId</xs:documentation>
+        </xs:annotation>
+    </xs:attribute>
+
+    <xs:attribute name="name" type="xs:string">
+        <xs:annotation>
+            <xs:documentation>Name</xs:documentation>
+        </xs:annotation>
+    </xs:attribute>
+
+    <xs:attribute name="desc" type="xs:string">
+        <xs:annotation>
+            <xs:documentation>Description</xs:documentation>
+        </xs:annotation>
+    </xs:attribute>
+
+    <xs:attribute name="id" type="xs:string">
+        <xs:annotation>
+            <xs:documentation>Identifer for current revision, commonly a hash</xs:documentation>
+        </xs:annotation>
+    </xs:attribute>
+
+    <xs:attribute name="size" type="xs:integer">
+        <xs:annotation>
+            <xs:documentation>Number of items</xs:documentation>
+        </xs:annotation>
+    </xs:attribute>
+
+    <xs:element name="catalog">
+        <xs:annotation>
+            <xs:documentation>A Catalog of Labels</xs:documentation>
         </xs:annotation>
 
-        <xs:element name='securitylabel'>
-            <xs:complexType>
-                <xs:sequence>
-                    <xs:element ref='displaymarking' name='displaymarking'/>
-                    <xs:element ref='label' type='label'/>
-                    <xs:element ref='equivalentlabel' type='label'
-                        minOccurs='0' maxOccurs='unbounded'/>
-                </xs:sequence>
-            <xs:complexType>
-        </xs:element>
-
-        <xs:element name='displaymarking' type='xs:string'>
-            <xs:attribute name='bgcolor' type='xs:string' use='optional'/>
-            <xs:attribute name='fgcolor' type='xs:string' use='optional'/>
-        </xs:element>
-
-        <xs:complexType name='label'/>
-    </xs:schema>
+        <xs:complexType>
+            <xs:sequence>
+                <xs:element ref="sl:securitylabel" maxOccurs="unbounded"/>
+            </xs:sequence>
+            <xs:attribute ref="to" use="optional"/>
+            <xs:attribute ref="name" use="optional"/>
+            <xs:attribute ref="desc" use="optional"/>
+            <xs:attribute ref="id" use="optional"/>
+            <xs:attribute ref="size" use="optional"/>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>
     ]]></code>
-  </p>
+  
+    A copy of this schema is available at
+        <link url='http://www.xmpp.org/schemas/sec-label-catalog.xsd'>
+        http://www.xmpp.org/schemas/sec-label-catalog.xsd</link>.   
+    </p>
 </section2>
 <section2 topic='&lt;esssecuritylabel/&gt; schema' anchor='schema-ess'>
   <p>
     <code><![CDATA[
-    <?xml version='1.0' encoding='UTF-8'?>
-    <xs:schema
-        xmlns:xs='http://www.w3.org/2001/XMLSchema'
-        targetNamespace='urn:xmpp:sec-label:ess:0'
-        xmlns='urn:xmpp:sec-label:ess:0'
-        elementFormDefault='qualified'>
-
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="urn:xmpp:sec-label:ess:0"
+    xmlns="urn:xmpp:sec-label:ess:0" elementFormDefault="qualified">
+    <xs:annotation>
+        <xs:documentation> The protocol documented by this schema is defined in XEP-0258:
+            http://www.xmpp.org/extensions/xep-0258.html </xs:documentation>
+    </xs:annotation>
+    <xs:element name="esssecuritylabel" type="xs:base64Binary">
         <xs:annotation>
-        <xs:documentation>
-            The protocol documented by this schema is defined in XEP-XXXX:
-            http://www.xmpp.org/extensions/xep-XXXX.html
-        </xs:documentation>
+            <xs:documentation>An S/MIME ESS SecurityLabel [RFC2634]</xs:documentation>
+            <xs:documentation>Value is the base64 encoding of the BER/DER encoding of an ASN.1
+                ESSSecurityLabel type as defined in RFC 2634. </xs:documentation>
         </xs:annotation>
-
-        <xs:element name='esssecuritylabel' type=xs:string'/>
-    </xs:schema>
+    </xs:element>
+</xs:schema>
     ]]></code>
-  </p>
-</section2>
-<section2 topic='Label Information schema' anchor='schema-info'>
-  <p>
-    <code><![CDATA[
-    <?xml version='1.0' encoding='UTF-8'?>
-    <xs:schema
-        xmlns:xs='http://www.w3.org/2001/XMLSchema'
-        targetNamespace='urn:xmpp:sec-label:info:0'
-        xmlns='urn:xmpp:sec-label:info:0'
-        elementFormDefault='qualified'>
 
-        <xs:annotation>
-        <xs:documentation>
-            The protocol documented by this schema is defined in XEP-XXXX:
-            http://www.xmpp.org/extensions/xep-XXXX.html
-        </xs:documentation>
-        </xs:annotation>
-
-        <xs:element name='query'>
-            <xs:complexType>
-                <xs:sequence>
-                    <xs:element ref='labelcatalog' name='labelcatalog'
-                        minOccurs='0' maxOccurs='1'/>
-                    <!-- additional elements here -->
-                <xs:sequence>
-            </xs:complexType>
-        </xs:element>
-        
-        <xs:element name='labelcatalog'>
-            <xs:complexType>
-                <xs:element ref='securitylabel' type='securitylabel'
-                    minOccurs='1' maxOccurs='unbounded'/>
-            </xs:complexType>
-        </xs:element>
-        
-        <xs:complexType name='securitylabel'/>
-    </xs:schema>
-    ]]></code>
+    A copy of this schema is available at
+        <link url='http://www.xmpp.org/schemas/sec-label-ess.xsd'>
+        http://www.xmpp.org/schemas/sec-label-ess.xsd</link>.
   </p>
 </section2>
 </section1>