credential.xsd 5.41 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
<?xml version="1.0" encoding="UTF-8"?>
<!--
  
  EMULAB-COPYRIGHT
  Copyright (c) 2008 University of Utah and the Flux Group.
  All rights reserved.
  
-->
<!--
  ProtoGENI credential and capability specification. The key points:
  
  * A credential is a set of capabilities or a Ticket, each with a flag
    to indicate delegation is permitted.
  * A credential is signed and the signature included in the body of the
    document.
  * To support delegation, a credential will include its parent, and that
    blob will be signed. So, there will be multiple signatures in the
    document, each with a reference to the credential it signs.
  
-->
Robert Ricci's avatar
Robert Ricci committed
21
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="http://www.protogeni.net/resources/credential/0.1" xmlns:sig="http://www.w3.org/2000/09/xmldsig#" xmlns:credential="http://www.protogeni.net/resources/credential/0.1">
22
  <xs:include schemaLocation="protogeni-rspec-common.xsd"/>
23 24
  <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="sig.xsd"/>
  <xs:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml.xsd"/>
25
  <xs:complexType name="anyelementbody" mixed="true">
26 27 28 29
    <xs:sequence>
      <xs:any minOccurs="0" maxOccurs="unbounded" processContents="skip"/>
    </xs:sequence>
    <xs:anyAttribute processContents="skip"/>
30 31
  </xs:complexType>
  <!-- This is where we get the definition of RSpec from -->
32 33 34
  <xs:element name="capability">
    <xs:complexType>
      <xs:sequence>
35 36
        <xs:element ref="credential:capability_name"/>
        <xs:element name="can_delegate" type="xs:boolean"/>
37 38 39 40 41 42 43 44 45 46 47 48 49
      </xs:sequence>
    </xs:complexType>
  </xs:element>
  <xs:element name="capability_name">
    <xs:simpleType>
      <xs:restriction base="xs:string">
        <xs:minLength value="1"/>
      </xs:restriction>
    </xs:simpleType>
  </xs:element>
  <xs:element name="capabilities">
    <xs:complexType>
      <xs:sequence>
50
        <xs:element minOccurs="0" maxOccurs="unbounded" ref="credential:capability"/>
51 52 53 54
      </xs:sequence>
    </xs:complexType>
  </xs:element>
  <xs:element name="ticket">
55
    <xs:complexType>
56
      <xs:sequence>
57
        <xs:element name="can_delegate" type="xs:boolean">
58 59 60 61
          <xs:annotation>
            <xs:documentation>Can the ticket be delegated?</xs:documentation>
          </xs:annotation>
        </xs:element>
62 63 64 65 66 67
        <xs:element ref="credential:redeem_before"/>
        <xs:element ref="credential:rspec">
          <xs:annotation>
            <xs:documentation>A desciption of the resources that are being promised</xs:documentation>
          </xs:annotation>
        </xs:element>
68 69 70
      </xs:sequence>
    </xs:complexType>
  </xs:element>
71 72 73 74 75
  <xs:element name="redeem_before" type="xs:dateTime">
    <xs:annotation>
      <xs:documentation>The ticket must be "cashed in" by this date </xs:documentation>
    </xs:annotation>
  </xs:element>
76 77 78 79 80 81 82 83 84 85 86 87
  <xs:element name="signatures">
    <xs:complexType>
      <xs:sequence>
        <xs:element maxOccurs="unbounded" ref="sig:Signature"/>
      </xs:sequence>
    </xs:complexType>
  </xs:element>
  <xs:complexType name="credentials">
    <xs:annotation>
      <xs:documentation>A credential granting capabilities or a ticket.</xs:documentation>
    </xs:annotation>
    <xs:sequence>
88
      <xs:element ref="credential:credential"/>
89 90 91 92 93
    </xs:sequence>
  </xs:complexType>
  <xs:element name="credential">
    <xs:complexType>
      <xs:sequence>
94 95 96 97
        <xs:element ref="credential:type"/>
        <xs:element ref="credential:serial"/>
        <xs:element ref="credential:owner_uuid"/>
        <xs:element ref="credential:this_uuid"/>
98 99 100 101
        <xs:choice>
          <xs:annotation>
            <xs:documentation>Capabilities or a ticket</xs:documentation>
          </xs:annotation>
102 103
          <xs:element ref="credential:capabilities"/>
          <xs:element ref="credential:ticket"/>
104
        </xs:choice>
105
        <xs:element minOccurs="0" ref="credential:parent"/>
106 107 108 109 110 111 112 113 114 115 116 117 118 119 120
      </xs:sequence>
      <xs:attribute ref="xml:id" use="required"/>
    </xs:complexType>
  </xs:element>
  <xs:element name="type">
    <xs:annotation>
      <xs:documentation>The type of this credential. Currently a Capability set or a Ticket.</xs:documentation>
    </xs:annotation>
    <xs:simpleType>
      <xs:restriction base="xs:token">
        <xs:enumeration value="capability"/>
        <xs:enumeration value="ticket"/>
      </xs:restriction>
    </xs:simpleType>
  </xs:element>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
121 122 123 124 125
  <xs:element name="serial" type="xs:string">
    <xs:annotation>
      <xs:documentation>A serial number.</xs:documentation>
    </xs:annotation>
  </xs:element>
126 127 128 129 130 131 132 133 134 135
  <xs:element name="owner_uuid" type="xs:string">
    <xs:annotation>
      <xs:documentation>UUID of the owner of this credential. </xs:documentation>
    </xs:annotation>
  </xs:element>
  <xs:element name="this_uuid" type="xs:string">
    <xs:annotation>
      <xs:documentation>UUID of this credential</xs:documentation>
    </xs:annotation>
  </xs:element>
136
  <xs:element name="parent" type="credential:credentials">
137 138 139 140 141 142 143
    <xs:annotation>
      <xs:documentation>Parent that delegated to us</xs:documentation>
    </xs:annotation>
  </xs:element>
  <xs:element name="signed-credential">
    <xs:complexType>
      <xs:complexContent>
144
        <xs:extension base="credential:credentials">
145
          <xs:sequence>
146
            <xs:element ref="credential:signatures"/>
147 148 149 150 151 152
          </xs:sequence>
        </xs:extension>
      </xs:complexContent>
    </xs:complexType>
  </xs:element>
</xs:schema>