From fd4418fad63255020dd00a5a7f586dd933ac3083 Mon Sep 17 00:00:00 2001
From: Tony Mack <tmack@paris.CS.Princeton.EDU>
Date: Mon, 22 Nov 2010 16:06:19 -0500
Subject: [PATCH] add credential schema rng files
---
sfa/trust/credential.rng | 197 ++++++++++++++++++++++
sfa/trust/protogeni-rspec-common.rng | 239 +++++++++++++++++++++++++++
sfa/trust/top.rng | 217 ++++++++++++++++++++++++
3 files changed, 653 insertions(+)
create mode 100644 sfa/trust/credential.rng
create mode 100644 sfa/trust/protogeni-rspec-common.rng
create mode 100644 sfa/trust/top.rng
diff --git a/sfa/trust/credential.rng b/sfa/trust/credential.rng
new file mode 100644
index 00000000..7496c696
--- /dev/null
+++ b/sfa/trust/credential.rng
@@ -0,0 +1,197 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ GENIPUBLIC-COPYRIGHT
+ Copyright (c) 2008-2009 University of Utah and the Flux Group.
+ All rights reserved.
+
+-->
+<!--
+ ProtoGENI credential and privilege specification. The key points:
+
+ * A credential is a set of privileges or a Ticket, each with a flag
+ to indicate delegation is permitted.
+ * A credential is signed and the signature included in the body of the
+ document.
+ * To support delegation, a credential will include its parent, and that
+ blob will be signed. So, there will be multiple signatures in the
+ document, each with a reference to the credential it signs.
+
+ default namespace = "http://www.protogeni.net/resources/credential/0.1"
+-->
+<grammar xmlns:a="http://relaxng.org/ns/compatibility/annotations/1.0" xmlns:sig="http://www.w3.org/2000/09/xmldsig#" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+ <define name="anyelementbody">
+ <zeroOrMore>
+ <choice>
+ <attribute>
+ <anyName/>
+ </attribute>
+ <text/>
+ <element>
+ <anyName/>
+ <ref name="anyelementbody"/>
+ </element>
+ </choice>
+ </zeroOrMore>
+ </define>
+ <!-- This is where we get the definition of RSpec from -->
+ <include href="protogeni-rspec-common.rng"/>
+ <define name="PrivilegeSpec">
+ <a:documentation>Representation of a single privileges. </a:documentation>
+ <element name="privilege">
+ <!-- Name of the privilege. -->
+ <element name="name">
+ <data type="string">
+ <param name="minLength">1</param>
+ </data>
+ </element>
+ <!-- Flag indicating this privilege can be delegated -->
+ <element name="can_delegate">
+ <data type="boolean"/>
+ </element>
+ </element>
+ </define>
+ <define name="PrivilegesSpec">
+ <a:documentation>A set of privileges.</a:documentation>
+ <element name="privileges">
+ <zeroOrMore>
+ <ref name="PrivilegeSpec"/>
+ </zeroOrMore>
+ </element>
+ </define>
+ <define name="CapabilitySpec">
+ <a:documentation>Backwards compat my original credential spec.</a:documentation>
+ <element name="capability">
+ <!-- Name of the capability. -->
+ <element name="name">
+ <data type="string">
+ <param name="minLength">1</param>
+ </data>
+ </element>
+ <!-- Flag indicating this capability can be delegated -->
+ <element name="can_delegate">
+ <choice>
+ <value>0</value>
+ <value>1</value>
+ </choice>
+ </element>
+ </element>
+ </define>
+ <define name="CapabilitiesSpec">
+ <a:documentation>Backwards compat my original credential spec.</a:documentation>
+ <element name="capabilities">
+ <zeroOrMore>
+ <ref name="CapabilitySpec"/>
+ </zeroOrMore>
+ </element>
+ </define>
+ <define name="TicketSpec">
+ <a:documentation>Define a stub for future ticket.</a:documentation>
+ <element name="ticket">
+ <element name="can_delegate">
+ <a:documentation>Can the ticket be delegated?</a:documentation>
+ <data type="boolean"/>
+ </element>
+ <element name="redeem_before">
+ <a:documentation>The ticket must be "cashed in" by this date </a:documentation>
+ <data type="dateTime"/>
+ </element>
+ <!--
+ Note: What I really want to do here is reference RSpec as being
+ in a separate namespace. But, it's not clear to me how to do this,
+ so we basically just use by inclusion
+ -->
+ <ref name="anyelementbody">
+ <a:documentation>A desciption of the resources that are being promised</a:documentation>
+ </ref>
+ </element>
+ </define>
+ <define name="signatures">
+ <a:documentation>A list of signatures.</a:documentation>
+ <element name="signatures">
+ <oneOrMore>
+ <element name="sig:Signature">
+ <ref name="anyelementbody"/>
+ </element>
+ </oneOrMore>
+ </element>
+ </define>
+ <define name="credentials">
+ <a:documentation>A credential granting privileges or a ticket.</a:documentation>
+ <element name="credential">
+ <attribute name="xml:id">
+ <a:documentation>The ID for signature referencing.</a:documentation>
+ <data type="ID"/>
+ </attribute>
+ <element name="type">
+ <a:documentation>The type of this credential. Currently a Privilege set or a Ticket.</a:documentation>
+ <choice>
+ <value>privilege</value>
+ <value>ticket</value>
+ <value>capability</value>
+ </choice>
+ </element>
+ <element name="serial">
+ <a:documentation>A serial number.</a:documentation>
+ <data type="string"/>
+ </element>
+ <element name="owner_gid">
+ <a:documentation>GID of the owner of this credential. </a:documentation>
+ <data type="string"/>
+ </element>
+ <optional>
+ <element name="owner_urn">
+ <a:documentation>URN of the owner. Not everyone can parse DER</a:documentation>
+ <data type="string"/>
+ </element>
+ </optional>
+ <element name="target_gid">
+ <a:documentation>GID of the target of this credential. </a:documentation>
+ <data type="string"/>
+ </element>
+ <optional>
+ <element name="target_urn">
+ <a:documentation>URN of the target.</a:documentation>
+ <data type="string"/>
+ </element>
+ </optional>
+ <element name="uuid">
+ <a:documentation>UUID of this credential</a:documentation>
+ <data type="string"/>
+ </element>
+ <element name="expires">
+ <a:documentation>Expires on</a:documentation>
+ <data type="dateTime"/>
+ </element>
+ <choice>
+ <a:documentation>Privileges or a ticket</a:documentation>
+ <ref name="PrivilegesSpec"/>
+ <ref name="TicketSpec"/>
+ <ref name="CapabilitiesSpec"/>
+ </choice>
+ <zeroOrMore>
+ <element name="extensions">
+ <a:documentation>Optional Extensions</a:documentation>
+ <ref name="anyelementbody"/>
+ </element>
+ </zeroOrMore>
+ <optional>
+ <element name="parent">
+ <a:documentation>Parent that delegated to us</a:documentation>
+ <ref name="credentials"/>
+ </element>
+ </optional>
+ </element>
+ </define>
+ <define name="SignedCredential">
+ <element name="signed-credential">
+ <ref name="credentials"/>
+ <optional>
+ <ref name="signatures"/>
+ </optional>
+ </element>
+ </define>
+ <start>
+ <ref name="SignedCredential"/>
+ </start>
+</grammar>
diff --git a/sfa/trust/protogeni-rspec-common.rng b/sfa/trust/protogeni-rspec-common.rng
new file mode 100644
index 00000000..a8ad8f2b
--- /dev/null
+++ b/sfa/trust/protogeni-rspec-common.rng
@@ -0,0 +1,239 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<grammar xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+ <!--
+
+ EMULAB-COPYRIGHT
+ Copyright (c) 2008 University of Utah and the Flux Group.
+ All rights reserved.
+
+ -->
+ <!--
+
+ Common definitions for advertisements, requests, and tickets
+
+ -->
+ <include href="top.rng"/>
+ <define name="NodeSpec">
+ <element name="node">
+ <ref name="NodeContents"/>
+ </element>
+ </define>
+ <define name="LinkSpec">
+ <element name="link">
+ <ref name="LinkContents"/>
+ </element>
+ </define>
+ <define name="NodeContents">
+ <interleave>
+ <optional>
+ <!--
+ Each node has exactly one virtualization technology, which we simply
+ enumerate here
+ -->
+ <attribute name="virtualization_type">
+ <choice>
+ <value>raw</value>
+ <value>trellis-vserver</value>
+ <value>planetlab-vserver</value>
+ <value>emulab-vnode</value>
+ <value>bgpmux</value>
+ </choice>
+ </attribute>
+ </optional>
+ <optional>
+ <!--
+ Each node may be the subnode of (physically located within) another.
+ In advertisements, this is the URN of the other component.
+ In requests, this is the virtual_id of the other sliver.
+ -->
+ <element name="subnode_of">
+ <text/>
+ </element>
+ </optional>
+ <!-- Node type list -->
+ <ref name="NodeTypeList"/>
+ <zeroOrMore>
+ <!--
+ List of interfaces on this node. Interfaces are declared here. So
+ all information about a particular interface including types
+ belongs in the declaration. Other references to interfaces
+ should just uniquely identify them and refer back here.
+ -->
+ <element name="interface">
+ <ref name="InterfaceDecl"/>
+ </element>
+ </zeroOrMore>
+ </interleave>
+ </define>
+ <define name="LinkContents">
+ <interleave>
+ <optional>
+ <!--
+ Each link has exactly one virtualization technology, which we simply
+ enumerate here
+ -->
+ <attribute name="virtualization_type">
+ <choice>
+ <value>raw</value>
+ <value>trellis-vserver</value>
+ <value>planetlab-vserver</value>
+ <value>emulab-vnode</value>
+ </choice>
+ </attribute>
+ </optional>
+ <oneOrMore>
+ <!-- Link types -->
+ <ref name="LinkType"/>
+ </oneOrMore>
+ <zeroOrMore>
+ <!-- The interfaces which this link spans. -->
+ <element name="interface_ref">
+ <ref name="InterfaceRef"/>
+ </element>
+ </zeroOrMore>
+ </interleave>
+ </define>
+ <define name="NodeTypeList">
+ <oneOrMore>
+ <ref name="NodeTypeSpec"/>
+ </oneOrMore>
+ </define>
+ <define name="NodeTypeContents" combine="interleave">
+ <zeroOrMore>
+ <ref name="TypeField"/>
+ </zeroOrMore>
+ </define>
+ <define name="LinkType">
+ <element name="link_type">
+ <interleave>
+ <optional>
+ <attribute name="name"/>
+ </optional>
+ <optional>
+ <attribute name="type_name"/>
+ </optional>
+ <zeroOrMore>
+ <ref name="TypeField"/>
+ </zeroOrMore>
+ </interleave>
+ </element>
+ </define>
+ <define name="TypeField">
+ <element name="field">
+ <interleave>
+ <attribute name="key"/>
+ <attribute name="value"/>
+ </interleave>
+ </element>
+ </define>
+ <define name="VirtualName">
+ <attribute name="virtual_id"/>
+ </define>
+ <define name="ComponentName">
+ <interleave>
+ <optional>
+ <!--
+ This is the uuid of the aggregate that this node or link belongs
+ to. It is required in an advertisement.
+ -->
+ <attribute name="component_manager_uuid"/>
+ </optional>
+ <optional>
+ <attribute name="component_manager_urn"/>
+ </optional>
+ <optional>
+ <!-- User-readable name for the component -->
+ <attribute name="component_name"/>
+ </optional>
+ <optional>
+ <!-- The uuid of the physical component. -->
+ <attribute name="component_uuid"/>
+ </optional>
+ <optional>
+ <attribute name="component_urn"/>
+ </optional>
+ </interleave>
+ </define>
+ <define name="ComponentInterfaceDeclName">
+ <attribute name="component_id"/>
+ </define>
+ <define name="ComponentInterfaceRefName">
+ <interleave>
+ <optional>
+ <attribute name="component_node_uuid"/>
+ </optional>
+ <optional>
+ <attribute name="component_node_urn"/>
+ </optional>
+ <attribute name="component_interface_id"/>
+ </interleave>
+ </define>
+ <define name="InterfaceDecl">
+ <empty/>
+ </define>
+ <define name="InterfaceRef">
+ <empty/>
+ </define>
+ <define name="Location">
+ <element name="location">
+ <interleave>
+ <!-- The two-letter ISO 3166 code for the country the node is in. -->
+ <attribute name="country"/>
+ <optional>
+ <!--
+ Longitude and Latitude coordinates of the node using the
+ WGS 84 standard.
+ -->
+ <attribute name="longitude"/>
+ </optional>
+ <optional>
+ <attribute name="latitude"/>
+ </optional>
+ </interleave>
+ </element>
+ </define>
+ <define name="RSpec">
+ <element name="rspec">
+ <ref name="RSpecContents"/>
+ </element>
+ </define>
+ <define name="RSpecContents">
+ <interleave>
+ <optional>
+ <!--
+ When this RSpec was generated - optional, can be used for determining
+ staleness
+ -->
+ <attribute name="generated">
+ <data type="dateTime"/>
+ </attribute>
+ </optional>
+ <optional>
+ <!--
+ Who/what generated the rspec. This is purely informative and
+ should not be used for any policy consideration. The format is
+ not fixed.
+ -->
+ <attribute name="generated_by"/>
+ </optional>
+ <optional>
+ <!--
+ How long this rspec is valid - in the case of a ticket, this indicates
+ how long the holder may use the resources. For a resource request, it's
+ how long we want the resources. For an advertisement, it might be a hint
+ as to how long it's okay to cache this rspec.
+ -->
+ <attribute name="valid_until">
+ <data type="dateTime"/>
+ </attribute>
+ </optional>
+ <zeroOrMore>
+ <!-- One or more nodes/links -->
+ <ref name="NodeSpec"/>
+ </zeroOrMore>
+ <zeroOrMore>
+ <ref name="LinkSpec"/>
+ </zeroOrMore>
+ </interleave>
+ </define>
+</grammar>
diff --git a/sfa/trust/top.rng b/sfa/trust/top.rng
new file mode 100644
index 00000000..302dbafc
--- /dev/null
+++ b/sfa/trust/top.rng
@@ -0,0 +1,217 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<grammar xmlns:a="http://relaxng.org/ns/compatibility/annotations/1.0" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+ <!--
+
+ EMULAB-COPYRIGHT
+ Copyright (c) 2005-2007 University of Utah and the Flux Group.
+ All rights reserved.
+
+ -->
+ <!--
+
+ Definition of common data structures used for representing topologies -
+ shared between vtop (virtual topology) and ptop (physical topology)
+ formats.
+
+ -->
+ <define name="NodeTypeSpec">
+ <a:documentation>Representation of a single node type</a:documentation>
+ <element name="node_type">
+ <interleave>
+ <attribute name="type_name">
+ <a:documentation>Name of the type - will almost certainly not be unique</a:documentation>
+ </attribute>
+ <attribute name="type_slots">
+ <a:documentation>How many virtual nodes of this type this physical node can
+handle.</a:documentation>
+ <choice>
+ <data type="integer">
+ <param name="minInclusive">0</param>
+ </data>
+ <value>unlimited</value>
+ </choice>
+ </attribute>
+ <optional>
+ <attribute name="static">
+ <a:documentation>element unlimited { empty }?,
+A flag that indicates that this physical node *always*
+has this type - a node is only allowed to have one dynamic
+(ie. not flagged as static) type at a time, but any number
+of static types at a time
+element static { empty }?</a:documentation>
+ <value>true</value>
+ </attribute>
+ </optional>
+ <ref name="NodeTypeContents"/>
+ </interleave>
+ </element>
+ </define>
+ <define name="NodeTypeContents">
+ <empty/>
+ </define>
+ <define name="LinkTypeSpec">
+ <a:documentation>Link types are currently just a siple string. They will almost certainly
+have to get more complicated, for two reasons:
+ First, I want to allow virtual links to specify more than one type, so
+ that we can ask for links that are, say, 'ethernet or loopback'
+ Second, I want to have a lot more control over links that get mapped to
+ multi-hop paths
+TODO: MAYBE this should be combined with NodeTypeSpec</a:documentation>
+ <element name="link_type">
+ <attribute name="type_name"/>
+ </element>
+ </define>
+ <define name="LinkEndPoints">
+ <a:documentation>A link has two endpoints. Right now, they are order
+independent. But they might become order-dependant later.</a:documentation>
+ <element name="source_interface">
+ <a:documentation>First interface for this link</a:documentation>
+ <ref name="InterfaceSpec"/>
+ </element>
+ <element name="destination_interface">
+ <a:documentation>Second interface for this link</a:documentation>
+ <ref name="InterfaceSpec"/>
+ </element>
+ </define>
+ <define name="LinkCharacteristics">
+ <a:documentation>Link characterstics which affect traffic.
+TODO: In the future, the bandwidth, latency, and packet loss will be
+moved to features and/or properties</a:documentation>
+ <element name="bandwidth">
+ <a:documentation>Bandwidth of the link in kbps</a:documentation>
+ <data type="float">
+ <param name="minExclusive">0.0</param>
+ </data>
+ </element>
+ <element name="latency">
+ <a:documentation>Latency of the link in ms</a:documentation>
+ <data type="float">
+ <param name="minInclusive">0.0</param>
+ </data>
+ </element>
+ <element name="packet_loss">
+ <a:documentation>Static packet loss probability of the link as a fraction
+(ie. 0.01 == 1%)</a:documentation>
+ <data type="float">
+ <param name="minInclusive">0.0</param>
+ </data>
+ </element>
+ </define>
+ <define name="FeatureDesireSpec">
+ <a:documentation>"Legacy" assign features and desires - will be phased out in favor of
+properties</a:documentation>
+ <element name="fd">
+ <attribute name="fd_name">
+ <a:documentation>Name of this feature or desire
+element fd_name { text },</a:documentation>
+ </attribute>
+ <attribute name="fd_weight">
+ <a:documentation>Weight assocated with the feature or desire
+element fd_weight { xsd:float },</a:documentation>
+ </attribute>
+ <optional>
+ <attribute name="violatable">
+ <a:documentation>A flag indicating whether or not a failure to match the desire with a
+a feature is a constraint violation
+element violatable { empty }?,</a:documentation>
+ <value>true</value>
+ </attribute>
+ </optional>
+ <optional>
+ <choice>
+ <a:documentation>Type information expressed in features and desires</a:documentation>
+ <ref name="GlobalSpec"/>
+ <ref name="LocalSpec"/>
+ </choice>
+ </optional>
+ </element>
+ </define>
+ <define name="GlobalSpec">
+ <a:documentation>GlobalSpec = element global {
+ element operator { "OnceOnly" | "FirstFree" }
+}</a:documentation>
+ <attribute name="global_operator">
+ <choice>
+ <value>OnceOnly</value>
+ <value>FirstFree</value>
+ </choice>
+ </attribute>
+ </define>
+ <define name="LocalSpec">
+ <a:documentation>LocalSpec = element local {
+ element operator { "+" }
+ attribute local_operator { "+" }
+}</a:documentation>
+ <attribute name="local_operator">
+ <value>+</value>
+ </attribute>
+ </define>
+ <define name="InterfaceSpec">
+ <a:documentation>Interfaces
+InterfaceSpec = element interface { InterfaceContents }</a:documentation>
+ <attribute name="node_name"/>
+ <attribute name="interface_name"/>
+ <optional>
+ <attribute name="physical_node_name"/>
+ </optional>
+ <optional>
+ <attribute name="physical_interface_name"/>
+ </optional>
+ <zeroOrMore>
+ <ref name="PropertySpec"/>
+ </zeroOrMore>
+ </define>
+ <define name="InterfaceContents">
+ <element name="node_name">
+ <a:documentation>Name of the node, which must match one of the nodes in this topology</a:documentation>
+ <text/>
+ </element>
+ <element name="interface_name">
+ <a:documentation>Name of the interface itself</a:documentation>
+ <text/>
+ </element>
+ <zeroOrMore>
+ <ref name="PropertySpec">
+ <a:documentation>Properties of the interface</a:documentation>
+ </ref>
+ </zeroOrMore>
+ </define>
+ <define name="PropertySpec">
+ <a:documentation>Properties - new: replacements for features and desires. Not yet implemented
+in assign, and not yet fully fleshed out in this schema.</a:documentation>
+ <element name="property">
+ <element name="property_name">
+ <a:documentation>Name of this property</a:documentation>
+ <text/>
+ </element>
+ <element name="property_value">
+ <a:documentation>Value associated with this property
+TODO: Add ranges and other types from rspec</a:documentation>
+ <choice>
+ <text/>
+ <data type="float"/>
+ </choice>
+ </element>
+ <element name="property_penalty">
+ <a:documentation>The penalty associated with this property</a:documentation>
+ <data type="float">
+ <param name="minInclusive">0.0</param>
+ </data>
+ </element>
+ <optional>
+ <element name="violatable">
+ <a:documentation>If this flag is present, not having the property is considered a violation</a:documentation>
+ <empty/>
+ </element>
+ </optional>
+ <optional>
+ <choice>
+ <a:documentation>TODO: Add more operators - equality, range test, etc
+Flags for special types of operators</a:documentation>
+ <ref name="GlobalSpec"/>
+ <ref name="LocalSpec"/>
+ </choice>
+ </optional>
+ </element>
+ </define>
+</grammar>
--
2.47.0