Add signing of Identifiables

documentation/IDTA-01002-3/modules/ROOT/pages/http-rest-api/http-rest-api.adoc

@@ -531,6 +531,8 @@ path-suffix=$reference or no suffix normal
 |DeleteAssetAdministrationShellById |DELETE |/shells/\{aasIdentifier} |base64url-encoded identifier
 s|AasInterface s|* s|/shells/\{aasIdentifier}/* s|superpath as defined in Service Specification or Profile
 |QueryAssetAdministrationShells |POST |/query/shells a| Input query in the request body
+|GetAssetAdministrationShellByIdSigned |GET |/shells/\{aasIdentifier}/$signed a|
+base64url-encoded identifier
 
 4+h|Submodel Repository Interface
 |GetAllSubmodels |GET |/submodels a|
@@ -563,6 +565,8 @@ base64url-encoded identifier
 |DeleteSubmodelById |DELETE |/submodels/\{submodelIdentifier} |base64url-encoded identifier
 s|SubmodelInterface s|* s|/submodels/\{submodelIdentifier}/* s|superpath as defined in service specification or profile
 |QuerySubmodels |POST |/query/submodels a| Input query in the request body
+|GetSubmodelByIdSigned |GET |/submodels/\{submodelIdentifier}/$signed a|
+base64url-encoded identifier
 
 4+h|Concept Description Repository Interface
 |GetAllConceptDescriptions |GET |/concept-descriptions |Pagination
@@ -587,6 +591,8 @@ Pagination
 |PutConceptDescriptionById |PUT |/concept-descriptions/\{cdIdentifier} |base64url-encoded identifier
 |DeleteConceptDescriptionById |DELETE |/concept-descriptions/\{cdIdentifier} |base64url-encoded identifier
 |QueryConceptDescriptions |POST |/query/concept-descriptions a| Input query in the request body
+|GetConceptDescriptionByIdSigned |GET |/concept-descriptions/\{cdIdentifier}/$signed a|
+base64url-encoded identifier
 
 4+h|AASX File Server Interface
 |GetAllAASXPackageIds |GET |/packages a|

documentation/IDTA-01002-3/modules/ROOT/pages/http-rest-api/service-specifications-and-profiles.adoc

@@ -674,6 +674,7 @@ h|Service Specification / Profiles h|Description
 |<<asset-administration-shell-repository-service-specification-service-specification-ssp-001,AssetAdministrationShellRepositoryServiceSpecification/SSP-001>> |Full feature set
 |<<asset-administration-shell-repository-service-specification-service-specification-ssp-002,AssetAdministrationShellRepositoryServiceSpecification/SSP-002>> |Only read operations; is included in the profile AssetAdministrationShellRepositoryServiceSpecification/SSP-001
 |<<asset-administration-shell-repository-service-specification-service-specification-ssp-003,AssetAdministrationShellRepositoryServiceSpecification/SSP-003>> |Query operations
+|<<asset-administration-shell-repository-service-specification-ssp-004,AssetAdministrationShellRepositoryServiceSpecification/SSP-004>> |Signature operations
 |===
 
 [#asset-administration-shell-repository-service-specification-service-specification-ssp-001]
@@ -825,6 +826,28 @@ xref:specification/interfaces.adoc#GetSelfDescription[GetDescription]
 See: https://app.swaggerhub.com/apis/Plattform_i40/AssetAdministrationShellRepositoryServiceSpecification/V3.2.0_SSP-003
 
 
+[[asset-administration-shell-repository-service-specification-ssp-004]]
+=== Asset Administration Shell Repository Service Specification – Signature Profile
+
+[%autowidth, width="100%", cols="30%,70%",options="header",]
+|===
+h|Name: h|AAS Repository Signature Profile
+h|Profile Identifier: |`\https://admin-shell.io/aas/API/3/2/AssetAdministrationShellRepositoryServiceSpecification/SSP-004`
+h|Feature h|Appearance
+|API and API Operations a|
+_AAS Repository API:_ +
+xref:specification/interfaces.adoc#GetAssetAdministrationShellByIdSigned[GetAssetAdministrationShellByIdSigned]
+
+_Description API:_ +
+xref:specification/interfaces.adoc#GetSelfDescription[GetDescription]
+
+|xref:specification/interfaces-operation-parameters.adoc#SerializationModifier[SerializationModifier] a| not applicable 
+|SerializationFormat |JSON
+|xref:http-rest-api/http-rest-api.adoc#pagination[Pagination] | supported
+|===
+
+See: https://app.swaggerhub.com/apis/Plattform_i40/AssetAdministrationShellRepositoryServiceSpecification/V3.2.0_SSP-004
+
 [[submodel-repository-service-specification]]
 == Submodel Repository Service Specification
 
@@ -836,6 +859,7 @@ h|Service Specification / Profiles h|Description
 |<<submodel-repository-service-specification-ssp-003,SubmodelRepositoryServiceSpecification/SSP-003>> |Profile for a Submodel Repository which only contains Submodels with kind=Template; is _not_ included in the profile SubmodelRepositoryServiceSpecification/SSP-001 or the profile SubmodelRepositoryServiceSpecification/SSP-002
 |<<submodel-repository-service-specification-ssp-004,SubmodelRepositoryServiceSpecification/SSP-004>> |Only read operations for a Submodel Repository which only contains Submodels with kind=Template; is included in the profile SubmodelRepositoryServiceSpecification/SSP-003 but _not_ in the profile SubmodelRepositoryServiceSpecification/SSP-001 or the profile SubmodelRepositoryService Specification/SSP-002
 |<<submodel-repository-service-specification-ssp-005,SubmodelRepositoryServiceSpecification/SSP-005>>|Query operations
+|<<submodel-repository-service-specification-ssp-006,SubmodelRepositoryServiceSpecification/SSP-006>>|Signature operations
 |===
 
 [[submodel-repository-service-specification-ssp-001]]
@@ -1069,6 +1093,28 @@ xref:specification/interfaces.adoc#GetSelfDescription[GetDescription]
 
 See: https://app.swaggerhub.com/apis/Plattform_i40/SubmodelRepositoryServiceSpecification/V3.2.0_SSP-005
 
+[[submodel-repository-service-specification-ssp-006]]
+=== Submodel Repository Service Specification – Signature Profile
+
+[%autowidth, width="100%", cols="30%,70%",options="header",]
+|===
+h|Name: h|Submodel Repository Signature Profile
+h|Profile Identifier: |`\https://admin-shell.io/aas/API/3/2/SubmodelRepositoryServiceSpecification/SSP-006`
+h|Feature h|Appearance
+|API and API Operations a|
+_AAS Repository API:_ +
+xref:specification/interfaces.adoc#GetSubmodelByIdSigned[GetSubmodelByIdSigned]
+
+_Description API:_ +
+xref:specification/interfaces.adoc#GetSelfDescription[GetDescription]
+
+|xref:specification/interfaces-operation-parameters.adoc#SerializationModifier[SerializationModifier] a| not applicable 
+|SerializationFormat |JSON
+|xref:http-rest-api/http-rest-api.adoc#pagination[Pagination] | supported
+|===
+
+See: https://app.swaggerhub.com/apis/Plattform_i40/SubmodelRepositoryServiceSpecification/V3.2.0_SSP-006
+
 [#concept-description-repository-service-specification-service-specification]
 == Concept Description Repository Service Specification
 
@@ -1077,6 +1123,7 @@ See: https://app.swaggerhub.com/apis/Plattform_i40/SubmodelRepositoryServiceSpec
 h|Service Specification / Profiles h|Description
 |<<concept-description-repository-service-specification-service-specification-ssp-001,ConceptDescriptionRepositoryServiceSpecification/SSP-001>> |Full feature set
 |<<concept-description-repository-service-specification-service-specification-ssp-002,ConceptDescriptionRepositoryServiceSpecification/SSP-002>> |Query operations
+|<<concept-description-repository-service-specification-service-specification-ssp-002,ConceptDescriptionRepositoryServiceSpecification/SSP-003>> |Signature operations
 |===
 
 [#concept-description-repository-service-specification-service-specification-ssp-001]
@@ -1133,3 +1180,24 @@ xref:specification/interfaces.adoc#GetSelfDescription[GetDescription]
 
 See: https://app.swaggerhub.com/apis/Plattform_i40/ConceptDescriptionRepositoryServiceSpecification/V3.2.0_SSP-002
 
+[#concept-description-repository-service-specification-service-specification-ssp-003]
+=== Concept Description Repository Service Specification – Signature Profile
+
+[%autowidth, width="100%", cols="30%,70%",options="header",]
+|===
+h|Name: h|Concept Description Repository Signature Profile
+h|Profile Identifier: |`\https://admin-shell.io/aas/API/3/2/ConceptDescriptionRepositoryServiceSpecification/SSP-003`
+h|Feature h|Appearance
+|API and API Operations a|
+_ConceptDescription Repository API:_ +
+xref:specification/interfaces.adoc#GetConceptDescriptionByIdSigned[GetConceptDescriptionByIdSigned]
+
+_Description API:_ +
+xref:specification/interfaces.adoc#GetSelfDescription[GetDescription]
+
+|xref:specification/interfaces-operation-parameters.adoc#SerializationModifier[SerializationModifier] |not applicable
+|SerializationFormat |JSON
+|xref:http-rest-api/http-rest-api.adoc#pagination[Pagination] | supported
+|===
+
+See: https://app.swaggerhub.com/apis/Plattform_i40/ConceptDescriptionRepositoryServiceSpecification/V3.2.0_SSP-003

documentation/IDTA-01002-3/modules/ROOT/pages/signatures.adoc

@@ -0,0 +1,57 @@
+////
+Copyright (c) 2023 Industrial Digital Twin Association
+
+This work is licensed under a [Creative Commons Attribution 4.0 International License](
+https://creativecommons.org/licenses/by/4.0/).
+
+SPDX-License-Identifier: CC-BY-4.0
+
+////
+
+[#signatures]
+= Signatures
+
+Some use cases of the Asset Administration Shell require the proof that data has not been changed and that it is still the original data of the AAS originator.
+An example is a device manufacturer supplying to an integrator supplying to a plant operator. The plant operator wants to check the remained integrity of the device manufacturer's AAS.
+
+The AASX package format includes the possibility of signing an AASX package, but this is seldomly used. AASX packages can also not be protected by AAS security and access rules. This is why signatures are needed as part of the API.
+
+Different levels of API signatures have been investigated by the IDTA TF Security, including JWS (JSON Web Signature) or JAdES (JSON advanced digital signature). This version explains and defines new endpoints /$signed for AAS, Submodel and ConecptDescription, which provide a plain text JWS.
+
+JWS ist defined in RFC 7515 (https://datatracker.ietf.org/doc/html/rfc7515).
+
+AAS signatures include the AAS JSON content as embedded payload in the JWS. The following header parameters are used: 
+
+- alg: The "alg" (algorithm) Header Parameter identifies the cryptographic algorithm used to secure the JWS (see RFC 7515 4.1.1). Currently only RS256 is used.
+- typ: The "typ" (type) Header Parameter is used by JWS applications to declare the media type [IANA.MediaTypes] of this complete JWS (see RFC 7515 4.1.9). Currently only JWS is used.
+- x5c: The "x5c" (X.509 certificate chain) Header Parameter contains the X.509 public key certificate or certificate chain [RFC5280] corresponding to the key used to digitally sign the JWS (see RFC 7515 4.1.6). This may be a single certificate or certificate chain. The related root certificate must be exchanged by the business partners by an additional secure channel.
+- sigT: The "sigT" (signature timestamp) Header Parameter contains the ISO‑8601 timestamp when the JWS was created. This may be used to check for newer content and if certificates have been valid at signature time.
+- sid: The "sid" (signature identifier) Header Parameter contains a unique GUID to make the storage of JWS easier.
+
+JWS can be decoded by jwt.io. A JWS example and its decoded content can be seen below.
+
+JWS:
+
+eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXUyIsInNpZ1QiOiIyMDI1LTEyLTE4VDA2OjU4OjIwLjA5MjkxMTVaIiwic2lkIjoiMGRhMTAyOTMtOWVmNi00MmEwLWE3NjQtYTI3ZTFmNmZiNWFlIiwieDVjIjpbIk1JSURLakNDQWhLZ0F3SUJBZ0lJUU1tdnNxNEhSQTB3RFFZSktvWklodmNOQVFFTEJRQXdQakVMTUFrR0ExVUVCaE1DUkVVeEVUQVBCZ05WQkFvVENFazBNQ0JVWlhOME1Sd3dHZ1lEVlFRREV4TkpOREFnVUdodlpXNXBlQ0JEYjI1MFlXTjBNQjRYRFRJME1EWXhNREEzTURnd01Gb1hEVEkyTURZeE1EQTNNRGd3TUZvd2JERUxNQWtHQTFVRUJoTUNSRVV4RVRBUEJnTlZCQW9UQ0VrME1DQlVaWE4wTVIwd0d3WURWUVFERXhSSk5EQWdRVzVrY21WaGN5QlBjbnBsYkhOcmFURXJNQ2tHQ1NxR1NJYjNEUUVKQVJZY1lXOXllbVZzYzJ0cFFIQm9iMlZ1YVhoamIyNTBZV04wTG1OdmJUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUpQV3JuZ0Z0eHBKNzVnR0xoTjJuYTRMS3FiZnkycGNoYWV6Y094bDVZaFVEM0xQWFJ1RUJOSmI1YWRhZzJHQW5Sd1VLYlJXSTEwZGloOUdieWVTMzZ0L3Y3TTRKZ243ZWZSOW84Z0NFa2lkRnpaVWZ2L3NoQzlPVzlQZCtUeVVmOVdPbi9pNzgrMkJOeERITGZUR2YzU2FPNFptVWx4NEJOK0lLODBRZ3d1eGI3YjFTSTdMQUVPUU52NlQ3Q2NnQ3FKOUtaamozaVFkVXFGcEhHMmVSSG5jU0IwbGVFa3ZtdGxTM1BDMFY4VVB3L3M5T3lLV056YUtMZTlOUCtaV3FHUmRSeloxc0YrdDIzbnpkVTVhM3l5RGVkVE90MVRuMjFWYVArSXJwS2lKRE1NWXJ0akM2VzFsNkRiaU4yMS9nTFdqR3haS29hd3pJd2V0MkZyaXlkMENBd0VBQVRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUJwNit2REhIaCtjVDFEQmE4MHZjaE8wUlg0UUFWWUc4OHBkMEVzRzdtK1k3ZkFPdXMvNlcvZmpHTnZLbDNHKzVzZ1JKeSsvaGdKWHhQajVrUzM4YkxRWGhybWFySGNDSm5Rc1NCNWNTZG02RE5ZQTFQNnlFcmVmREtJdTFtZzN0WHAwUjBsaWcwQzRDbk84bHhVV0c2Z2VhZjdHUGF2Y0pnRXdudjRobWtZaUo5YWpwaXFLbnZFcE1KVlRnVFdHaXJhV2VZN1V0RzNHd0pPeEVmUDF5aUxpU3UxOGtKbVpDa3VOQ21LMm1NUWZNbTd3MDZIa0tNMFVudC9FU1ZDYkdsSmJxODJ4bDZSUytML2ZhaVFmWkZqUHpEWThTK0NNcE1PZ3ZSNTU3TFgraHZFTE1CUFI4VUFmalJoT0Y5QnhxTzJCWnNkRHYzY1pMclk1T3l6NUVjdz09IiwiTUlJRGFqQ0NBbEtnQXdJQkFnSUlZaHM4Uk5uaHBoZ3dEUVlKS29aSWh2Y05BUUVMQlFBd09ERUxNQWtHQTFVRUJoTUNSRVV4RVRBUEJnTlZCQW9UQ0VrME1DQlVaWE4wTVJZd0ZBWURWUVFERXcxSk5EQWdWR1Z6ZENCU2IyOTBNQjRYRFRJd01UQXdNVEE0TlRRd01Gb1hEVE13TVRBd01UQTROVFF3TUZvd1BqRUxNQWtHQTFVRUJoTUNSRVV4RVRBUEJnTlZCQW9UQ0VrME1DQlVaWE4wTVJ3d0dnWURWUVFERXhOSk5EQWdVR2h2Wlc1cGVDQkRiMjUwWVdOME1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBc01kRzNLdE1lMHlEbHJ2a0tMYnpuQ2RKK0hTZEgrRmNZZW5qenlTaDBDdmVsRmplcXkzckVGbHpuOHNnNis3Szg1M1MrNTBMM1RxM0tZOTRxSDVmNnkvakhPcFh4Z2FybXp0TWVBRWxaaCt5bDNhbURCclZ6QW9UTmt1SmxScGNiekVJcmp2T3g4bzNkZjRmOStCUHZENzd0TmdFK1V1RVRoUlFYRmFld0VYWlZjeDNoMmxEeWpxaVJ1eVovS21kOTBPZTBkK0Y5MGlXSFpGdWhGS2RReEFpK0I4aEcrN1dZNnZMMDJCODUyNkpVOHpsMlNudCtTQy8vV1p5Z2VEU29GcEhoeU5PWm04OFRnSmhxbkdoTTM2QjNXL29PQjV4cUdzQWJuOUw5amlha05rVzRMUG1NcHo4SFQ3WGpKWld0RnpaQmswRVVMcWxDR20yeEpJRGF3SURBUUFCbzNJd2NEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCUVQ3bm85SDBQR0ZvVC9qSnl5ODFyK3BtWHZuREFMQmdOVkhROEVCQU1DQVFZd0VRWUpZSVpJQVliNFFnRUJCQVFEQWdBSE1CNEdDV0NHU0FHRytFSUJEUVFSRmc5NFkyRWdZMlZ5ZEdsbWFXTmhkR1V3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUxBVmdzclZISUJ0TmFxSnBkdVQ5b1Bia0ttaVRxcVZXb0pUemdEbGpVVGozOXlTeXFPbytML2RLZ1pxVnkxK2FDUXNnS1d4a014OWx1Nkw1YXgrUDd2dGR0NzVOQ0JnM3JOZndHeGFWeWhOZmtpYW9GT2hGSTFjU3phN3puTlg2L3NKZXlVUkN1OExQazIwL0lDOHY5ZXVLOUZKTWxhQmIrYklSRjZzektvU3JiUWE2bTJDakc0dUJmV3NGbnJKeTBVcmtLa0huS0ZHWDM2SzViS0VxRTIxaHJBUzZqbnJWcVpHZFBZY2lqR0MxMks3clN5K2FMYTkyb1orcnRJbnlGa3RzT01tZERDQk12bFJXTlVtdi9SZEx3SG4zSWEzM3V0R0drNW9hUFkvbitubUtQQm1ERUd0K216T1lpSWxNWGMyQXZyUVllMDBlSFhHK3lFMjhTYz0iLCJNSUlEWkRDQ0FreWdBd0lCQWdJSUhGSDNqeGVHWm5Zd0RRWUpLb1pJaHZjTkFRRUxCUUF3T0RFTE1Ba0dBMVVFQmhNQ1JFVXhFVEFQQmdOVkJBb1RDRWswTUNCVVpYTjBNUll3RkFZRFZRUURFdzFKTkRBZ1ZHVnpkQ0JTYjI5ME1CNFhEVEl3TVRBd01UQTRNemt3TUZvWERUTXdNVEF3TVRBNE16a3dNRm93T0RFTE1Ba0dBMVVFQmhNQ1JFVXhFVEFQQmdOVkJBb1RDRWswTUNCVVpYTjBNUll3RkFZRFZRUURFdzFKTkRBZ1ZHVnpkQ0JTYjI5ME1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdGhKeElDYml2SmlhUTJDcjRYNS9SWVkxZVk3OTY1Uklad1VUNEpGdnJndnR4Y0tuNzFLUWlybC9qajhsRGtYY2xxbjV4UXZlbW1iQUNyTjAwVzZ1QVZNSTFMbFZYVHU2SU1BeVN5RkMrQkk1TkJYdGdWSGdvM1d1VGVUSWN6UEF2WStmMnQ2ZTBrQm1CRWZSMGpKSEZDL0VGRFo3U1pTZk5KVkhObjhQTVF0Sitid3hUQmp3aGNWaUs3UmxjSmNoMjEzam1Iai9EMXRlZUtiSENZNll3aVlsYk5adVoxSnJtdktZZlR2TTZTRUlmaE9waWRGWFpybXpnUG9pUmVxL3ZJKzc3SFRUaEIzSFJmL1B1OHZNK2pMZjlCRWR5K3NHMm9KRHRqcm1VNTRtbEcvOW5WSVpoTHhpdm82NnViRG8vOWRDdXhzSExTZGVGY2J1UHNxZlVRSURBUUFCbzNJd2NEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCVGF5VkhvRzZ4a29EZ25KWllrem9pZ0FPRm5aekFMQmdOVkhROEVCQU1DQVFZd0VRWUpZSVpJQVliNFFnRUJCQVFEQWdBSE1CNEdDV0NHU0FHRytFSUJEUVFSRmc5NFkyRWdZMlZ5ZEdsbWFXTmhkR1V3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUVoZnJ4cGd5a0ozbWUrVzZqc0dtUElVdnV6ZDlSNnJYRkovRFhUQStnLzQwMmtpTmZWY0ptUmIwbjBEZFpUQm5uWFN0UWN6Zy9LRFBtK3V5S0M1SWtMMm5lUlpXMnN1Mk16UmhwSGFRRUtaeXQvUXlrODJkcEtpcjMySmpnV1ROSTI0MTlLUi84Ykt3Q1duemRieEhBVkd0V2QwS29ZN3dMVFBSQ1gzQno3WURmVHVDMWV4bFNLRkpCOTVoWkVsNWtpREUyK2t1TTRNWmZYZno4bjJMbHk4K2RwV1hWdld0TnNHRWpla09oTWV1Smdyazd4dGlNbkErNlAwRGNyeXFxQUYzWW5INWJxSEJnTndvc3c5b2U5ZzI3YnJnK2paak8wK3JWbVF3bTlrR1hSaTRxMFJYbk1tQTVTWlgvSmM3ZDllLzZBUkNveGpONmwxTTU0UjdwVT0iXX0
+
+Decoded JWS:
+
+{
+
+  "alg": "RS256",
+
+  "typ": "JWS",
+
+  "sigT": "2025-12-18T06:58:20.0929115Z",
+
+  "sid": "0da10293-9ef6-42a0-a764-a27e1f6fb5ae",
+
+  "x5c": [
+    "MIIDKjCCAhKgAwIBAgIIQMmvsq4HRA0wDQYJKoZIhvcNAQELBQAwPjELMAkGA1UEBhMCREUxETAPBgNVBAoTCEk0MCBUZXN0MRwwGgYDVQQDExNJNDAgUGhvZW5peCBDb250YWN0MB4XDTI0MDYxMDA3MDgwMFoXDTI2MDYxMDA3MDgwMFowbDELMAkGA1UEBhMCREUxETAPBgNVBAoTCEk0MCBUZXN0MR0wGwYDVQQDExRJNDAgQW5kcmVhcyBPcnplbHNraTErMCkGCSqGSIb3DQEJARYcYW9yemVsc2tpQHBob2VuaXhjb250YWN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJPWrngFtxpJ75gGLhN2na4LKqbfy2pchaezcOxl5YhUD3LPXRuEBNJb5adag2GAnRwUKbRWI10dih9GbyeS36t/v7M4Jgn7efR9o8gCEkidFzZUfv/shC9OW9Pd+TyUf9WOn/i78+2BNxDHLfTGf3SaO4ZmUlx4BN+IK80Qgwuxb7b1SI7LAEOQNv6T7CcgCqJ9KZjj3iQdUqFpHG2eRHncSB0leEkvmtlS3PC0V8UPw/s9OyKWNzaKLe9NP+ZWqGRdRzZ1sF+t23nzdU5a3yyDedTOt1Tn21VaP+IrpKiJDMMYrtjC6W1l6DbiN21/gLWjGxZKoawzIwet2Friyd0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEABp6+vDHHh+cT1DBa80vchO0RX4QAVYG88pd0EsG7m+Y7fAOus/6W/fjGNvKl3G+5sgRJy+/hgJXxPj5kS38bLQXhrmarHcCJnQsSB5cSdm6DNYA1P6yErefDKIu1mg3tXp0R0lig0C4CnO8lxUWG6geaf7GPavcJgEwnv4hmkYiJ9ajpiqKnvEpMJVTgTWGiraWeY7UtG3GwJOxEfP1yiLiSu18kJmZCkuNCmK2mMQfMm7w06HkKM0Unt/ESVCbGlJbq82xl6RS+L/faiQfZFjPzDY8S+CMpMOgvR557LX+hvELMBPR8UAfjRhOF9BxqO2BZsdDv3cZLrY5Oyz5Ecw==",
+"MIIDajCCAlKgAwIBAgIIYhs8RNnhphgwDQYJKoZIhvcNAQELBQAwODELMAkGA1UEBhMCREUxETAPBgNVBAoTCEk0MCBUZXN0MRYwFAYDVQQDEw1JNDAgVGVzdCBSb290MB4XDTIwMTAwMTA4NTQwMFoXDTMwMTAwMTA4NTQwMFowPjELMAkGA1UEBhMCREUxETAPBgNVBAoTCEk0MCBUZXN0MRwwGgYDVQQDExNJNDAgUGhvZW5peCBDb250YWN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMdG3KtMe0yDlrvkKLbznCdJ+HSdH+FcYenjzySh0CvelFjeqy3rEFlzn8sg6+7K853S+50L3Tq3KY94qH5f6y/jHOpXxgarmztMeAElZh+yl3amDBrVzAoTNkuJlRpcbzEIrjvOx8o3df4f9+BPvD77tNgE+UuEThRQXFaewEXZVcx3h2lDyjqiRuyZ/Kmd90Oe0d+F90iWHZFuhFKdQxAi+B8hG+7WY6vL02B8526JU8zl2Snt+SC//WZygeDSoFpHhyNOZm88TgJhqnGhM36B3W/oOB5xqGsAbn9L9jiakNkW4LPmMpz8HT7XjJZWtFzZBk0EULqlCGm2xJIDawIDAQABo3IwcDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQT7no9H0PGFoT/jJyy81r+pmXvnDALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4GCWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwDQYJKoZIhvcNAQELBQADggEBALAVgsrVHIBtNaqJpduT9oPbkKmiTqqVWoJTzgDljUTj39ySyqOo+L/dKgZqVy1+aCQsgKWxkMx9lu6L5ax+P7vtdt75NCBg3rNfwGxaVyhNfkiaoFOhFI1cSza7znNX6/sJeyURCu8LPk20/IC8v9euK9FJMlaBb+bIRF6szKoSrbQa6m2CjG4uBfWsFnrJy0UrkKkHnKFGX36K5bKEqE21hrAS6jnrVqZGdPYcijGC12K7rSy+aLa92oZ+rtInyFktsOMmdDCBMvlRWNUmv/RdLwHn3Ia33utGGk5oaPY/n+nmKPBmDEGt+mzOYiIlMXc2AvrQYe00eHXG+yE28Sc=",
+"MIIDZDCCAkygAwIBAgIIHFH3jxeGZnYwDQYJKoZIhvcNAQELBQAwODELMAkGA1UEBhMCREUxETAPBgNVBAoTCEk0MCBUZXN0MRYwFAYDVQQDEw1JNDAgVGVzdCBSb290MB4XDTIwMTAwMTA4MzkwMFoXDTMwMTAwMTA4MzkwMFowODELMAkGA1UEBhMCREUxETAPBgNVBAoTCEk0MCBUZXN0MRYwFAYDVQQDEw1JNDAgVGVzdCBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthJxICbivJiaQ2Cr4X5/RYY1eY7965RIZwUT4JFvrgvtxcKn71KQirl/jj8lDkXclqn5xQvemmbACrN00W6uAVMI1LlVXTu6IMAySyFC+BI5NBXtgVHgo3WuTeTIczPAvY+f2t6e0kBmBEfR0jJHFC/EFDZ7SZSfNJVHNn8PMQtJ+bwxTBjwhcViK7RlcJch213jmHj/D1teeKbHCY6YwiYlbNZuZ1JrmvKYfTvM6SEIfhOpidFXZrmzgPoiReq/vI+77HTThB3HRf/Pu8vM+jLf9BEdy+sG2oJDtjrmU54mlG/9nVIZhLxivo66ubDo/9dCuxsHLSdeFcbuPsqfUQIDAQABo3IwcDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTayVHoG6xkoDgnJZYkzoigAOFnZzALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4GCWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwDQYJKoZIhvcNAQELBQADggEBAEhfrxpgykJ3me+W6jsGmPIUvuzd9R6rXFJ/DXTA+g/402kiNfVcJmRb0n0DdZTBnnXStQczg/KDPm+uyKC5IkL2neRZW2su2MzRhpHaQEKZyt/Qyk82dpKir32JjgWTNI2419KR/8bKwCWnzdbxHAVGtWd0KoY7wLTPRCX3Bz7YDfTuC1exlSKFJB95hZEl5kiDE2+kuM4MZfXfz8n2Lly8+dpWXVvWtNsGEjekOhMeuJgrk7xtiMnA+6P0DcryqqAF3YnH5bqHBgNwosw9oe9g27brg+jZjO0+rVmQwm9kGXRi4q0RXnMmA5SZX/Jc7d9e/6ARCoxjN6l1M54R7pU="
+  ]
+
+}
+
+(JSON Payload of example Submodel)