From fd4418fad63255020dd00a5a7f586dd933ac3083 Mon Sep 17 00:00:00 2001
From: Tony Mack <tmack@paris.CS.Princeton.EDU>
Date: Mon, 22 Nov 2010 16:06:19 -0500
Subject: [PATCH] add credential schema rng files

---
 sfa/trust/credential.rng             | 197 ++++++++++++++++++++++
 sfa/trust/protogeni-rspec-common.rng | 239 +++++++++++++++++++++++++++
 sfa/trust/top.rng                    | 217 ++++++++++++++++++++++++
 3 files changed, 653 insertions(+)
 create mode 100644 sfa/trust/credential.rng
 create mode 100644 sfa/trust/protogeni-rspec-common.rng
 create mode 100644 sfa/trust/top.rng

diff --git a/sfa/trust/credential.rng b/sfa/trust/credential.rng
new file mode 100644
index 00000000..7496c696
--- /dev/null
+++ b/sfa/trust/credential.rng
@@ -0,0 +1,197 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  
+  GENIPUBLIC-COPYRIGHT
+  Copyright (c) 2008-2009 University of Utah and the Flux Group.
+  All rights reserved.
+  
+-->
+<!--
+  ProtoGENI credential and privilege specification. The key points:
+  
+  * A credential is a set of privileges or a Ticket, each with a flag
+    to indicate delegation is permitted.
+  * A credential is signed and the signature included in the body of the
+    document.
+  * To support delegation, a credential will include its parent, and that
+    blob will be signed. So, there will be multiple signatures in the
+    document, each with a reference to the credential it signs.
+  
+  default namespace = "http://www.protogeni.net/resources/credential/0.1"
+-->
+<grammar xmlns:a="http://relaxng.org/ns/compatibility/annotations/1.0" xmlns:sig="http://www.w3.org/2000/09/xmldsig#" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+  <define name="anyelementbody">
+    <zeroOrMore>
+      <choice>
+        <attribute>
+          <anyName/>
+        </attribute>
+        <text/>
+        <element>
+          <anyName/>
+          <ref name="anyelementbody"/>
+        </element>
+      </choice>
+    </zeroOrMore>
+  </define>
+  <!-- This is where we get the definition of RSpec from -->
+  <include href="protogeni-rspec-common.rng"/>
+  <define name="PrivilegeSpec">
+    <a:documentation>Representation of a single privileges. </a:documentation>
+    <element name="privilege">
+      <!-- Name of the privilege. -->
+      <element name="name">
+        <data type="string">
+          <param name="minLength">1</param>
+        </data>
+      </element>
+      <!-- Flag indicating this privilege can be delegated -->
+      <element name="can_delegate">
+        <data type="boolean"/>
+      </element>
+    </element>
+  </define>
+  <define name="PrivilegesSpec">
+    <a:documentation>A set of privileges.</a:documentation>
+    <element name="privileges">
+      <zeroOrMore>
+        <ref name="PrivilegeSpec"/>
+      </zeroOrMore>
+    </element>
+  </define>
+  <define name="CapabilitySpec">
+    <a:documentation>Backwards compat my original credential spec.</a:documentation>
+    <element name="capability">
+      <!-- Name of the capability. -->
+      <element name="name">
+        <data type="string">
+          <param name="minLength">1</param>
+        </data>
+      </element>
+      <!-- Flag indicating this capability can be delegated -->
+      <element name="can_delegate">
+        <choice>
+          <value>0</value>
+          <value>1</value>
+        </choice>
+      </element>
+    </element>
+  </define>
+  <define name="CapabilitiesSpec">
+    <a:documentation>Backwards compat my original credential spec.</a:documentation>
+    <element name="capabilities">
+      <zeroOrMore>
+        <ref name="CapabilitySpec"/>
+      </zeroOrMore>
+    </element>
+  </define>
+  <define name="TicketSpec">
+    <a:documentation>Define a stub for future ticket.</a:documentation>
+    <element name="ticket">
+      <element name="can_delegate">
+        <a:documentation>Can the ticket be delegated?</a:documentation>
+        <data type="boolean"/>
+      </element>
+      <element name="redeem_before">
+        <a:documentation>The ticket must be "cashed in" by this date </a:documentation>
+        <data type="dateTime"/>
+      </element>
+      <!--
+        Note: What I really want to do here is reference RSpec as being
+        in a separate namespace. But, it's not clear to me how to do this,
+        so we basically just use by inclusion
+      -->
+      <ref name="anyelementbody">
+        <a:documentation>A desciption of the resources that are being promised</a:documentation>
+      </ref>
+    </element>
+  </define>
+  <define name="signatures">
+    <a:documentation>A list of signatures.</a:documentation>
+    <element name="signatures">
+      <oneOrMore>
+        <element name="sig:Signature">
+          <ref name="anyelementbody"/>
+        </element>
+      </oneOrMore>
+    </element>
+  </define>
+  <define name="credentials">
+    <a:documentation>A credential granting privileges or a ticket.</a:documentation>
+    <element name="credential">
+      <attribute name="xml:id">
+        <a:documentation>The ID for signature referencing.</a:documentation>
+        <data type="ID"/>
+      </attribute>
+      <element name="type">
+        <a:documentation>The type of this credential. Currently a Privilege set or a Ticket.</a:documentation>
+        <choice>
+          <value>privilege</value>
+          <value>ticket</value>
+          <value>capability</value>
+        </choice>
+      </element>
+      <element name="serial">
+        <a:documentation>A serial number.</a:documentation>
+        <data type="string"/>
+      </element>
+      <element name="owner_gid">
+        <a:documentation>GID of the owner of this credential. </a:documentation>
+        <data type="string"/>
+      </element>
+      <optional>
+        <element name="owner_urn">
+          <a:documentation>URN of the owner. Not everyone can parse DER</a:documentation>
+          <data type="string"/>
+        </element>
+      </optional>
+      <element name="target_gid">
+        <a:documentation>GID of the target of this credential. </a:documentation>
+        <data type="string"/>
+      </element>
+      <optional>
+        <element name="target_urn">
+          <a:documentation>URN of the target.</a:documentation>
+          <data type="string"/>
+        </element>
+      </optional>
+      <element name="uuid">
+        <a:documentation>UUID of this credential</a:documentation>
+        <data type="string"/>
+      </element>
+      <element name="expires">
+        <a:documentation>Expires on</a:documentation>
+        <data type="dateTime"/>
+      </element>
+      <choice>
+        <a:documentation>Privileges or a ticket</a:documentation>
+        <ref name="PrivilegesSpec"/>
+        <ref name="TicketSpec"/>
+        <ref name="CapabilitiesSpec"/>
+      </choice>
+      <zeroOrMore>
+        <element name="extensions">
+          <a:documentation>Optional Extensions</a:documentation>
+          <ref name="anyelementbody"/>
+        </element>
+      </zeroOrMore>
+      <optional>
+        <element name="parent">
+          <a:documentation>Parent that delegated to us</a:documentation>
+          <ref name="credentials"/>
+        </element>
+      </optional>
+    </element>
+  </define>
+  <define name="SignedCredential">
+    <element name="signed-credential">
+      <ref name="credentials"/>
+      <optional>
+        <ref name="signatures"/>
+      </optional>
+    </element>
+  </define>
+  <start>
+    <ref name="SignedCredential"/>
+  </start>
+</grammar>
diff --git a/sfa/trust/protogeni-rspec-common.rng b/sfa/trust/protogeni-rspec-common.rng
new file mode 100644
index 00000000..a8ad8f2b
--- /dev/null
+++ b/sfa/trust/protogeni-rspec-common.rng
@@ -0,0 +1,239 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<grammar xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+  <!--
+    
+    EMULAB-COPYRIGHT
+    Copyright (c) 2008 University of Utah and the Flux Group.
+    All rights reserved.
+    
+  -->
+  <!--
+    
+    Common definitions for advertisements, requests, and tickets
+    
+  -->
+  <include href="top.rng"/>
+  <define name="NodeSpec">
+    <element name="node">
+      <ref name="NodeContents"/>
+    </element>
+  </define>
+  <define name="LinkSpec">
+    <element name="link">
+      <ref name="LinkContents"/>
+    </element>
+  </define>
+  <define name="NodeContents">
+    <interleave>
+      <optional>
+        <!--
+          Each node has exactly one virtualization technology, which we simply
+          enumerate here
+        -->
+        <attribute name="virtualization_type">
+          <choice>
+            <value>raw</value>
+            <value>trellis-vserver</value>
+            <value>planetlab-vserver</value>
+            <value>emulab-vnode</value>
+            <value>bgpmux</value>
+          </choice>
+        </attribute>
+      </optional>
+      <optional>
+        <!--
+          Each node may be the subnode of (physically located within) another.
+          In advertisements, this is the URN of the other component.
+          In requests, this is the virtual_id of the other sliver.
+        -->
+        <element name="subnode_of">
+          <text/>
+        </element>
+      </optional>
+      <!-- Node type list -->
+      <ref name="NodeTypeList"/>
+      <zeroOrMore>
+        <!--
+          List of interfaces on this node. Interfaces are declared here. So
+          all information about a particular interface including types
+          belongs in the declaration. Other references to interfaces
+          should just uniquely identify them and refer back here.
+        -->
+        <element name="interface">
+          <ref name="InterfaceDecl"/>
+        </element>
+      </zeroOrMore>
+    </interleave>
+  </define>
+  <define name="LinkContents">
+    <interleave>
+      <optional>
+        <!--
+          Each link has exactly one virtualization technology, which we simply
+          enumerate here
+        -->
+        <attribute name="virtualization_type">
+          <choice>
+            <value>raw</value>
+            <value>trellis-vserver</value>
+            <value>planetlab-vserver</value>
+            <value>emulab-vnode</value>
+          </choice>
+        </attribute>
+      </optional>
+      <oneOrMore>
+        <!-- Link types -->
+        <ref name="LinkType"/>
+      </oneOrMore>
+      <zeroOrMore>
+        <!-- The interfaces which this link spans. -->
+        <element name="interface_ref">
+          <ref name="InterfaceRef"/>
+        </element>
+      </zeroOrMore>
+    </interleave>
+  </define>
+  <define name="NodeTypeList">
+    <oneOrMore>
+      <ref name="NodeTypeSpec"/>
+    </oneOrMore>
+  </define>
+  <define name="NodeTypeContents" combine="interleave">
+    <zeroOrMore>
+      <ref name="TypeField"/>
+    </zeroOrMore>
+  </define>
+  <define name="LinkType">
+    <element name="link_type">
+      <interleave>
+        <optional>
+          <attribute name="name"/>
+        </optional>
+        <optional>
+          <attribute name="type_name"/>
+        </optional>
+        <zeroOrMore>
+          <ref name="TypeField"/>
+        </zeroOrMore>
+      </interleave>
+    </element>
+  </define>
+  <define name="TypeField">
+    <element name="field">
+      <interleave>
+        <attribute name="key"/>
+        <attribute name="value"/>
+      </interleave>
+    </element>
+  </define>
+  <define name="VirtualName">
+    <attribute name="virtual_id"/>
+  </define>
+  <define name="ComponentName">
+    <interleave>
+      <optional>
+        <!--
+          This is the uuid of the aggregate that this node or link belongs
+          to. It is required in an advertisement.
+        -->
+        <attribute name="component_manager_uuid"/>
+      </optional>
+      <optional>
+        <attribute name="component_manager_urn"/>
+      </optional>
+      <optional>
+        <!-- User-readable name for the component -->
+        <attribute name="component_name"/>
+      </optional>
+      <optional>
+        <!-- The uuid of the physical component. -->
+        <attribute name="component_uuid"/>
+      </optional>
+      <optional>
+        <attribute name="component_urn"/>
+      </optional>
+    </interleave>
+  </define>
+  <define name="ComponentInterfaceDeclName">
+    <attribute name="component_id"/>
+  </define>
+  <define name="ComponentInterfaceRefName">
+    <interleave>
+      <optional>
+        <attribute name="component_node_uuid"/>
+      </optional>
+      <optional>
+        <attribute name="component_node_urn"/>
+      </optional>
+      <attribute name="component_interface_id"/>
+    </interleave>
+  </define>
+  <define name="InterfaceDecl">
+    <empty/>
+  </define>
+  <define name="InterfaceRef">
+    <empty/>
+  </define>
+  <define name="Location">
+    <element name="location">
+      <interleave>
+        <!-- The two-letter ISO 3166 code for the country the node is in. -->
+        <attribute name="country"/>
+        <optional>
+          <!--
+            Longitude and Latitude coordinates of the node using the
+            WGS 84 standard.
+          -->
+          <attribute name="longitude"/>
+        </optional>
+        <optional>
+          <attribute name="latitude"/>
+        </optional>
+      </interleave>
+    </element>
+  </define>
+  <define name="RSpec">
+    <element name="rspec">
+      <ref name="RSpecContents"/>
+    </element>
+  </define>
+  <define name="RSpecContents">
+    <interleave>
+      <optional>
+        <!--
+          When this RSpec was generated - optional, can be used for determining
+          staleness
+        -->
+        <attribute name="generated">
+          <data type="dateTime"/>
+        </attribute>
+      </optional>
+      <optional>
+        <!--
+          Who/what generated the rspec. This is purely informative and
+          should not be used for any policy consideration. The format is
+          not fixed.
+        -->
+        <attribute name="generated_by"/>
+      </optional>
+      <optional>
+        <!--
+          How long this rspec is valid - in the case of a ticket, this indicates
+          how long the holder may use the resources. For a resource request, it's
+          how long we want the resources. For an advertisement, it might be a hint
+          as to how long it's okay to cache this rspec.
+        -->
+        <attribute name="valid_until">
+          <data type="dateTime"/>
+        </attribute>
+      </optional>
+      <zeroOrMore>
+        <!-- One or more nodes/links -->
+        <ref name="NodeSpec"/>
+      </zeroOrMore>
+      <zeroOrMore>
+        <ref name="LinkSpec"/>
+      </zeroOrMore>
+    </interleave>
+  </define>
+</grammar>
diff --git a/sfa/trust/top.rng b/sfa/trust/top.rng
new file mode 100644
index 00000000..302dbafc
--- /dev/null
+++ b/sfa/trust/top.rng
@@ -0,0 +1,217 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<grammar xmlns:a="http://relaxng.org/ns/compatibility/annotations/1.0" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+  <!--
+    
+    EMULAB-COPYRIGHT
+    Copyright (c) 2005-2007 University of Utah and the Flux Group.
+    All rights reserved.
+    
+  -->
+  <!--
+    
+    Definition of common data structures used for representing topologies -
+    shared between vtop (virtual topology) and ptop (physical topology)
+    formats.
+    
+  -->
+  <define name="NodeTypeSpec">
+    <a:documentation>Representation of a single node type</a:documentation>
+    <element name="node_type">
+      <interleave>
+        <attribute name="type_name">
+          <a:documentation>Name of the type - will almost certainly not be unique</a:documentation>
+        </attribute>
+        <attribute name="type_slots">
+          <a:documentation>How many virtual nodes of this type this physical node can
+handle.</a:documentation>
+          <choice>
+            <data type="integer">
+              <param name="minInclusive">0</param>
+            </data>
+            <value>unlimited</value>
+          </choice>
+        </attribute>
+        <optional>
+          <attribute name="static">
+            <a:documentation>element unlimited { empty }?,
+A flag that indicates that this physical node *always*
+has this type - a node is only allowed to have one dynamic
+(ie. not flagged as static) type at a time, but any number
+of static types at a time
+element static { empty }?</a:documentation>
+            <value>true</value>
+          </attribute>
+        </optional>
+        <ref name="NodeTypeContents"/>
+      </interleave>
+    </element>
+  </define>
+  <define name="NodeTypeContents">
+    <empty/>
+  </define>
+  <define name="LinkTypeSpec">
+    <a:documentation>Link types are currently just a siple string. They will almost certainly 
+have to get more complicated, for two reasons:
+    First, I want to allow virtual links to specify more than one type, so
+      that we can ask for links that are, say, 'ethernet or loopback'
+    Second, I want to have a lot more control over links that get mapped to
+      multi-hop paths
+TODO: MAYBE this should be combined with NodeTypeSpec</a:documentation>
+    <element name="link_type">
+      <attribute name="type_name"/>
+    </element>
+  </define>
+  <define name="LinkEndPoints">
+    <a:documentation>A link has two endpoints. Right now, they are order
+independent. But they might become order-dependant later.</a:documentation>
+    <element name="source_interface">
+      <a:documentation>First interface for this link</a:documentation>
+      <ref name="InterfaceSpec"/>
+    </element>
+    <element name="destination_interface">
+      <a:documentation>Second interface for this link</a:documentation>
+      <ref name="InterfaceSpec"/>
+    </element>
+  </define>
+  <define name="LinkCharacteristics">
+    <a:documentation>Link characterstics which affect traffic.
+TODO: In the future, the bandwidth, latency, and packet loss will be
+moved to features and/or properties</a:documentation>
+    <element name="bandwidth">
+      <a:documentation>Bandwidth of the link in kbps</a:documentation>
+      <data type="float">
+        <param name="minExclusive">0.0</param>
+      </data>
+    </element>
+    <element name="latency">
+      <a:documentation>Latency of the link in ms</a:documentation>
+      <data type="float">
+        <param name="minInclusive">0.0</param>
+      </data>
+    </element>
+    <element name="packet_loss">
+      <a:documentation>Static packet loss probability of the link as a fraction
+(ie. 0.01 == 1%)</a:documentation>
+      <data type="float">
+        <param name="minInclusive">0.0</param>
+      </data>
+    </element>
+  </define>
+  <define name="FeatureDesireSpec">
+    <a:documentation>"Legacy" assign features and desires - will be phased out in favor of
+properties</a:documentation>
+    <element name="fd">
+      <attribute name="fd_name">
+        <a:documentation>Name of this feature or desire
+element fd_name { text },</a:documentation>
+      </attribute>
+      <attribute name="fd_weight">
+        <a:documentation>Weight assocated with the feature or desire
+element fd_weight { xsd:float },</a:documentation>
+      </attribute>
+      <optional>
+        <attribute name="violatable">
+          <a:documentation>A flag indicating whether or not a failure to match the desire with a
+a feature is a constraint violation
+element violatable { empty }?,</a:documentation>
+          <value>true</value>
+        </attribute>
+      </optional>
+      <optional>
+        <choice>
+          <a:documentation>Type information expressed in features and desires</a:documentation>
+          <ref name="GlobalSpec"/>
+          <ref name="LocalSpec"/>
+        </choice>
+      </optional>
+    </element>
+  </define>
+  <define name="GlobalSpec">
+    <a:documentation>GlobalSpec = element global {
+	element operator { "OnceOnly" | "FirstFree" }
+}</a:documentation>
+    <attribute name="global_operator">
+      <choice>
+        <value>OnceOnly</value>
+        <value>FirstFree</value>
+      </choice>
+    </attribute>
+  </define>
+  <define name="LocalSpec">
+    <a:documentation>LocalSpec = element local {
+	element operator { "+" }
+	attribute local_operator { "+" }
+}</a:documentation>
+    <attribute name="local_operator">
+      <value>+</value>
+    </attribute>
+  </define>
+  <define name="InterfaceSpec">
+    <a:documentation>Interfaces
+InterfaceSpec = element interface { InterfaceContents }</a:documentation>
+    <attribute name="node_name"/>
+    <attribute name="interface_name"/>
+    <optional>
+      <attribute name="physical_node_name"/>
+    </optional>
+    <optional>
+      <attribute name="physical_interface_name"/>
+    </optional>
+    <zeroOrMore>
+      <ref name="PropertySpec"/>
+    </zeroOrMore>
+  </define>
+  <define name="InterfaceContents">
+    <element name="node_name">
+      <a:documentation>Name of the node, which must match one of the nodes in this topology</a:documentation>
+      <text/>
+    </element>
+    <element name="interface_name">
+      <a:documentation>Name of the interface itself</a:documentation>
+      <text/>
+    </element>
+    <zeroOrMore>
+      <ref name="PropertySpec">
+        <a:documentation>Properties of the interface</a:documentation>
+      </ref>
+    </zeroOrMore>
+  </define>
+  <define name="PropertySpec">
+    <a:documentation>Properties - new: replacements for features and desires. Not yet implemented
+in assign, and not yet fully fleshed out in this schema.</a:documentation>
+    <element name="property">
+      <element name="property_name">
+        <a:documentation>Name of this property</a:documentation>
+        <text/>
+      </element>
+      <element name="property_value">
+        <a:documentation>Value associated with this property
+TODO: Add ranges and other types from rspec</a:documentation>
+        <choice>
+          <text/>
+          <data type="float"/>
+        </choice>
+      </element>
+      <element name="property_penalty">
+        <a:documentation>The penalty associated with this property</a:documentation>
+        <data type="float">
+          <param name="minInclusive">0.0</param>
+        </data>
+      </element>
+      <optional>
+        <element name="violatable">
+          <a:documentation>If this flag is present, not having the property is considered a violation</a:documentation>
+          <empty/>
+        </element>
+      </optional>
+      <optional>
+        <choice>
+          <a:documentation>TODO: Add more operators - equality, range test, etc
+Flags for special types of operators</a:documentation>
+          <ref name="GlobalSpec"/>
+          <ref name="LocalSpec"/>
+        </choice>
+      </optional>
+    </element>
+  </define>
+</grammar>
-- 
2.43.0