credential.xsd 5.1 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98
<?xml version="1.0" encoding="UTF-8"?>
<!--
  
  EMULAB-COPYRIGHT
  Copyright (c) 2008 University of Utah and the Flux Group.
  All rights reserved.
  
-->
<!--
  ProtoGENI credential and capability specification. The key points:
  
  * A credential is a set of capabilities or a Ticket, each with a flag
    to indicate delegation is permitted.
  * A credential is signed and the signature included in the body of the
    document.
  * To support delegation, a credential will include its parent, and that
    blob will be signed. So, there will be multiple signatures in the
    document, each with a reference to the credential it signs.
  
-->
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" xmlns:sig="http://www.w3.org/2000/09/xmldsig#">
  <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="sig.xsd"/>
  <xs:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml.xsd"/>
  <xs:group name="anyelementbody">
    <xs:sequence>
      <xs:any minOccurs="0" maxOccurs="unbounded" processContents="skip"/>
    </xs:sequence>
  </xs:group>
  <xs:attributeGroup name="anyelementbody">
    <xs:anyAttribute processContents="skip"/>
  </xs:attributeGroup>
  <xs:element name="capability">
    <xs:complexType>
      <xs:sequence>
        <xs:element ref="capability_name"/>
        <xs:element name="can_delegate">
          <xs:simpleType>
            <xs:restriction base="xs:token">
              <xs:enumeration value="0"/>
              <xs:enumeration value="1"/>
            </xs:restriction>
          </xs:simpleType>
        </xs:element>
      </xs:sequence>
    </xs:complexType>
  </xs:element>
  <xs:element name="capability_name">
    <xs:simpleType>
      <xs:restriction base="xs:string">
        <xs:minLength value="1"/>
      </xs:restriction>
    </xs:simpleType>
  </xs:element>
  <xs:element name="capabilities">
    <xs:complexType>
      <xs:sequence>
        <xs:element minOccurs="0" maxOccurs="unbounded" ref="capability"/>
      </xs:sequence>
    </xs:complexType>
  </xs:element>
  <xs:element name="ticket">
    <xs:complexType mixed="true">
      <xs:sequence>
        <xs:element name="can_delegate">
          <xs:annotation>
            <xs:documentation>Can the ticket be delegated?</xs:documentation>
          </xs:annotation>
          <xs:simpleType>
            <xs:restriction base="xs:token">
              <xs:enumeration value="0"/>
              <xs:enumeration value="1"/>
            </xs:restriction>
          </xs:simpleType>
        </xs:element>
        <xs:group ref="anyelementbody"/>
      </xs:sequence>
      <xs:attributeGroup ref="anyelementbody"/>
    </xs:complexType>
  </xs:element>
  <xs:element name="signatures">
    <xs:complexType>
      <xs:sequence>
        <xs:element maxOccurs="unbounded" ref="sig:Signature"/>
      </xs:sequence>
    </xs:complexType>
  </xs:element>
  <xs:complexType name="credentials">
    <xs:annotation>
      <xs:documentation>A credential granting capabilities or a ticket.</xs:documentation>
    </xs:annotation>
    <xs:sequence>
      <xs:element ref="credential"/>
    </xs:sequence>
  </xs:complexType>
  <xs:element name="credential">
    <xs:complexType>
      <xs:sequence>
        <xs:element ref="type"/>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
99
        <xs:element ref="serial"/>
100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124
        <xs:element ref="owner_uuid"/>
        <xs:element ref="this_uuid"/>
        <xs:choice>
          <xs:annotation>
            <xs:documentation>Capabilities or a ticket</xs:documentation>
          </xs:annotation>
          <xs:element ref="capabilities"/>
          <xs:element ref="ticket"/>
        </xs:choice>
        <xs:element minOccurs="0" ref="parent"/>
      </xs:sequence>
      <xs:attribute ref="xml:id" use="required"/>
    </xs:complexType>
  </xs:element>
  <xs:element name="type">
    <xs:annotation>
      <xs:documentation>The type of this credential. Currently a Capability set or a Ticket.</xs:documentation>
    </xs:annotation>
    <xs:simpleType>
      <xs:restriction base="xs:token">
        <xs:enumeration value="capability"/>
        <xs:enumeration value="ticket"/>
      </xs:restriction>
    </xs:simpleType>
  </xs:element>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
125 126 127 128 129
  <xs:element name="serial" type="xs:string">
    <xs:annotation>
      <xs:documentation>A serial number.</xs:documentation>
    </xs:annotation>
  </xs:element>
130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156
  <xs:element name="owner_uuid" type="xs:string">
    <xs:annotation>
      <xs:documentation>UUID of the owner of this credential. </xs:documentation>
    </xs:annotation>
  </xs:element>
  <xs:element name="this_uuid" type="xs:string">
    <xs:annotation>
      <xs:documentation>UUID of this credential</xs:documentation>
    </xs:annotation>
  </xs:element>
  <xs:element name="parent" type="credentials">
    <xs:annotation>
      <xs:documentation>Parent that delegated to us</xs:documentation>
    </xs:annotation>
  </xs:element>
  <xs:element name="signed-credential">
    <xs:complexType>
      <xs:complexContent>
        <xs:extension base="credentials">
          <xs:sequence>
            <xs:element ref="signatures"/>
          </xs:sequence>
        </xs:extension>
      </xs:complexContent>
    </xs:complexType>
  </xs:element>
</xs:schema>