git://git.onelab.eu / sfa.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
a little nicer wrt pep8
[sfa.git] / sfa / trust / credential.xsd
1 <?xml version="1.0" encoding="UTF-8"?>
2 <!--
3   
4   GENIPUBLIC-COPYRIGHT
5   Copyright (c) 2008-2009 University of Utah and the Flux Group.
6   All rights reserved.
7   
8 -->
9 <!--
10   PlanetLab credential specification. The key points:
11   
12   * A credential is a set of privileges or a Ticket, each with a flag
13     to indicate delegation is permitted.
14   * A credential is signed and the signature included in the body of the
15     document.
16   * To support delegation, a credential will include its parent, and that
17     blob will be signed. So, there will be multiple signatures in the
18     document, each with a reference to the credential it signs.
19   
20   default namespace = "http://www.planet-lab.org/resources/ext/credential/1"
21 -->
22 <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" xmlns:sig="http://www.w3.org/2000/09/xmldsig#">
23   <xs:include schemaLocation="protogeni-rspec-common.xsd"/>
24   <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="sig.xsd"/>
25   <xs:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml.xsd"/>
26   <xs:group name="anyelementbody">
27     <xs:sequence>
28       <xs:any minOccurs="0" maxOccurs="unbounded" processContents="skip"/>
29     </xs:sequence>
30   </xs:group>
31   <xs:attributeGroup name="anyelementbody">
32     <xs:anyAttribute processContents="skip"/>
33   </xs:attributeGroup>
34   <!-- This is where we get the definition of RSpec from -->
35   <xs:element name="privilege">
36     <xs:complexType>
37       <xs:sequence>
38         <xs:element ref="name"/>
39         <xs:element name="can_delegate" type="xs:boolean"/>
40       </xs:sequence>
41     </xs:complexType>
42   </xs:element>
43   <xs:element name="name">
44     <xs:simpleType>
45       <xs:restriction base="xs:string">
46         <xs:minLength value="1"/>
47       </xs:restriction>
48     </xs:simpleType>
49   </xs:element>
50   <xs:element name="privileges">
51     <xs:complexType>
52       <xs:sequence>
53         <xs:element minOccurs="0" maxOccurs="unbounded" ref="privilege"/>
54       </xs:sequence>
55     </xs:complexType>
56   </xs:element>
57   <xs:element name="capability">
58     <xs:complexType>
59       <xs:sequence>
60         <xs:element ref="name"/>
61         <xs:element name="can_delegate">
62           <xs:simpleType>
63             <xs:restriction base="xs:token">
64               <xs:enumeration value="0"/>
65               <xs:enumeration value="1"/>
66             </xs:restriction>
67           </xs:simpleType>
68         </xs:element>
69       </xs:sequence>
70     </xs:complexType>
71   </xs:element>
72   <xs:element name="capabilities">
73     <xs:complexType>
74       <xs:sequence>
75         <xs:element minOccurs="0" maxOccurs="unbounded" ref="capability"/>
76       </xs:sequence>
77     </xs:complexType>
78   </xs:element>
79   <xs:element name="ticket">
80     <xs:complexType mixed="true">
81       <xs:sequence>
82         <xs:element name="can_delegate" type="xs:boolean">
83           <xs:annotation>
84             <xs:documentation>Can the ticket be delegated?</xs:documentation>
85           </xs:annotation>
86         </xs:element>
87         <xs:element ref="redeem_before"/>
88         <xs:group ref="anyelementbody">
89           <xs:annotation>
90             <xs:documentation>A desciption of the resources that are being promised</xs:documentation>
91           </xs:annotation>
92         </xs:group>
93       </xs:sequence>
94       <xs:attributeGroup ref="anyelementbody"/>
95     </xs:complexType>
96   </xs:element>
97   <xs:element name="redeem_before" type="xs:dateTime">
98     <xs:annotation>
99       <xs:documentation>The ticket must be "cashed in" by this date </xs:documentation>
100     </xs:annotation>
101   </xs:element>
102   <xs:element name="signatures">
103     <xs:complexType>
104       <xs:sequence>
105         <xs:element maxOccurs="unbounded" ref="sig:Signature"/>
106       </xs:sequence>
107     </xs:complexType>
108   </xs:element>
109   <xs:complexType name="credentials">
110     <xs:annotation>
111       <xs:documentation>A credential granting privileges or a ticket.</xs:documentation>
112     </xs:annotation>
113     <xs:sequence>
114       <xs:element ref="credential"/>
115     </xs:sequence>
116   </xs:complexType>
117   <xs:element name="credential">
118     <xs:complexType>
119       <xs:sequence>
120         <xs:element ref="type"/>
121         <xs:element ref="serial"/>
122         <xs:element ref="owner_gid"/>
123         <xs:element minOccurs="0" ref="owner_urn"/>
124         <xs:element ref="target_gid"/>
125         <xs:element minOccurs="0" ref="target_urn"/>
126         <xs:element ref="uuid"/>
127         <xs:element ref="expires"/>
128         <xs:choice>
129           <xs:annotation>
130             <xs:documentation>Privileges or a ticket</xs:documentation>
131           </xs:annotation>
132           <xs:element ref="privileges"/>
133           <xs:element ref="ticket"/>
134           <xs:element ref="capabilities"/>
135         </xs:choice>
136         <xs:element minOccurs="0" maxOccurs="unbounded" ref="extensions"/>
137         <xs:element minOccurs="0" ref="parent"/>
138       </xs:sequence>
139       <xs:attribute ref="xml:id" use="required"/>
140     </xs:complexType>
141   </xs:element>
142   <xs:element name="type">
143     <xs:annotation>
144       <xs:documentation>The type of this credential. Currently a Privilege set or a Ticket.</xs:documentation>
145     </xs:annotation>
146     <xs:simpleType>
147       <xs:restriction base="xs:token">
148         <xs:enumeration value="privilege"/>
149         <xs:enumeration value="ticket"/>
150         <xs:enumeration value="capability"/>
151       </xs:restriction>
152     </xs:simpleType>
153   </xs:element>
154   <xs:element name="serial" type="xs:string">
155     <xs:annotation>
156       <xs:documentation>A serial number.</xs:documentation>
157     </xs:annotation>
158   </xs:element>
159   <xs:element name="owner_gid" type="xs:string">
160     <xs:annotation>
161       <xs:documentation>GID of the owner of this credential. </xs:documentation>
162     </xs:annotation>
163   </xs:element>
164   <xs:element name="owner_urn" type="xs:string">
165     <xs:annotation>
166       <xs:documentation>URN of the owner. Not everyone can parse DER</xs:documentation>
167     </xs:annotation>
168   </xs:element>
169   <xs:element name="target_gid" type="xs:string">
170     <xs:annotation>
171       <xs:documentation>GID of the target of this credential. </xs:documentation>
172     </xs:annotation>
173   </xs:element>
174   <xs:element name="target_urn" type="xs:string">
175     <xs:annotation>
176       <xs:documentation>URN of the target.</xs:documentation>
177     </xs:annotation>
178   </xs:element>
179   <xs:element name="uuid" type="xs:string">
180     <xs:annotation>
181       <xs:documentation>UUID of this credential</xs:documentation>
182     </xs:annotation>
183   </xs:element>
184   <xs:element name="expires" type="xs:dateTime">
185     <xs:annotation>
186       <xs:documentation>Expires on</xs:documentation>
187     </xs:annotation>
188   </xs:element>
189   <xs:element name="extensions">
190     <xs:annotation>
191       <xs:documentation>Optional Extensions</xs:documentation>
192     </xs:annotation>
193     <xs:complexType mixed="true">
194       <xs:group ref="anyelementbody"/>
195       <xs:attributeGroup ref="anyelementbody"/>
196     </xs:complexType>
197   </xs:element>
198   <xs:element name="parent" type="credentials">
199     <xs:annotation>
200       <xs:documentation>Parent that delegated to us</xs:documentation>
201     </xs:annotation>
202   </xs:element>
203   <xs:element name="signed-credential">
204     <xs:complexType>
205       <xs:complexContent>
206         <xs:extension base="credentials">
207           <xs:sequence>
208             <xs:element minOccurs="0" ref="signatures"/>
209           </xs:sequence>
210         </xs:extension>
211       </xs:complexContent>
212     </xs:complexType>
213   </xs:element>
214 </xs:schema>
sfa