2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
23 xmlns:xs="http://www.w3.org/2001/XMLSchema"
24 xmlns:aaf="urn:aaf:v2_0"
25 targetNamespace="urn:aaf:v2_0"
26 elementFormDefault="qualified">
29 June 2, 2017, adding Roles, Perms, etc to NSRequest for Onboarding purposes.
31 Note: jan 22, 2015. Deprecating the "force" element in the "Request" Structure. Do that
38 Note: This Error Structure has been made to conform to the AT&T TSS Policies
40 <xs:element name="error">
44 Unique message identifier of the format ‘ABCnnnn’ where ‘ABC’ is
45 either ‘SVC’ for Service Exceptions or ‘POL’ for Policy Exception.
46 Exception numbers may be in the range of 0001 to 9999 where :
47 * 0001 to 0199 are reserved for common exception messages
48 * 0200 to 0999 are reserved for Parlay Web Services specification use
49 * 1000-9999 are available for exceptions
51 <xs:element name="messageId" type="xs:string" minOccurs="1" maxOccurs="1"/>
54 Message text, with replacement
55 variables marked with %n, where n is
56 an index into the list of <variables>
57 elements, starting at 1
59 <xs:element name="text" type="xs:string" minOccurs="1" maxOccurs="1"/>
62 List of zero or more strings that
63 represent the contents of the variables
64 used by the message text. -->
65 <xs:element name="variables" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
73 <xs:complexType name="Request">
75 <xs:element name="start" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
76 <xs:element name="end" type="xs:dateTime" minOccurs="1" maxOccurs="1"/>
77 <!-- Deprecated. Use Query Command
78 <xs:element name="force" type="xs:string" minOccurs="1" maxOccurs="1" default="false"/>
86 <xs:element name="keys">
89 <xs:element name="key" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
98 <xs:complexType name = "pkey">
100 <xs:element name="type" type="xs:string"/>
101 <xs:element name="instance" type="xs:string"/>
102 <xs:element name="action" type="xs:string"/>
106 <xs:element name="permKey">
109 <xs:extension base="aaf:pkey" />
114 <xs:element name="perm">
117 <xs:extension base="aaf:pkey">
119 <xs:element name="roles" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
120 <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
121 <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
122 <!-- This data not filled in unless Requested -->
123 <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/>
130 <xs:element name="perms">
133 <xs:element ref="aaf:perm" minOccurs="0" maxOccurs="unbounded"/>
138 <xs:element name="permRequest">
141 <xs:extension base="aaf:Request">
143 <xs:element name="type" type="xs:string"/>
144 <xs:element name="instance" type="xs:string"/>
145 <xs:element name="action" type="xs:string"/>
146 <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
147 <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
158 <xs:complexType name="rkey">
160 <xs:element name="name" type="xs:string"/>
164 <xs:element name="roleKey">
167 <xs:extension base="aaf:rkey" />
172 <xs:element name="role">
175 <xs:extension base="aaf:rkey">
177 <xs:element name="perms" type="aaf:pkey" minOccurs="0" maxOccurs="unbounded"/>
178 <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
179 <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
180 <!-- This data not filled in unless Requested -->
181 <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/>
188 <xs:element name="roles">
191 <xs:element ref="aaf:role" minOccurs="0" maxOccurs="unbounded"/>
196 <xs:element name="roleRequest">
199 <xs:extension base="aaf:Request">
201 <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
202 <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
203 <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
210 <!-- Added userRole return types Jonathan 9/16/2015 -->
211 <xs:element name="userRole">
214 <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
215 <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/>
216 <xs:element name="expires" type="xs:date" minOccurs="1" maxOccurs="1" />
221 <!-- Added userRoles return types Jonathan 9/16/2015 -->
222 <xs:element name="userRoles">
225 <xs:element ref="aaf:userRole" minOccurs="0" maxOccurs="unbounded"/>
230 <xs:element name="userRoleRequest">
233 <xs:extension base="aaf:Request">
235 <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
236 <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/>
243 <xs:element name="rolePermRequest">
246 <xs:extension base="aaf:Request">
248 <xs:element name="perm" type="aaf:pkey" minOccurs="1" maxOccurs="1"/>
249 <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/>
256 <xs:element name="nsRequest">
259 <xs:extension base="aaf:Request">
261 <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
262 <xs:element name="admin" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
263 <xs:element name="responsible" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
264 <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
265 <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
266 <!-- Note: dec 11, 2015. Request-able NS Type Jonathan -->
267 <xs:element name="type" type="xs:string" minOccurs="0" maxOccurs="1"/>
269 <!-- "scope" is deprecated and unused as of AAF 2.0.11. It will be removed in future versions
270 <xs:element name="scope" type="xs:int" minOccurs="0" maxOccurs="1"/>
273 <xs:element ref="aaf:roleRequest" minOccurs="0" maxOccurs="unbounded"/>
274 <xs:element ref="aaf:permRequest" minOccurs="0" maxOccurs="unbounded"/>
275 <xs:element name="aaf_id" type="xs:string" minOccurs="0" maxOccurs="1"/>
276 <xs:element ref="aaf:userRoleRequest" minOccurs="0" maxOccurs="unbounded"/>
277 <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded">
280 <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/>
281 <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/>
294 <xs:element name="nsAttribRequest">
297 <xs:extension base="aaf:Request">
299 <xs:element name="ns" type="xs:string" minOccurs="1" maxOccurs="1"/>
300 <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded">
303 <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/>
304 <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/>
314 <xs:element name = "nss">
317 <xs:element name = "ns" minOccurs="0" maxOccurs="unbounded">
320 <xs:element name = "name" type = "xs:string" minOccurs="1" maxOccurs="1"/>
321 <xs:element name = "responsible" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/>
322 <xs:element name = "admin" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/>
323 <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
324 <xs:element name = "description" type = "xs:string" minOccurs="0" maxOccurs="1"/>
325 <!-- Note: Dec 16, 2015. Added description field. Verify backward compatibility. Jonathan -->
326 <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded">
329 <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/>
330 <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/>
344 <xs:element name="users">
347 <xs:element name="user" minOccurs="0" maxOccurs="unbounded">
350 <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" />
351 <!-- Changed type to dateTime, because of importance of Certs -->
352 <xs:element name="expires" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
353 <!-- need to differentiate User Cred Types, Jonathan 5/20/2015
354 This Return Object is shared by multiple functions:
355 Type is not returned for "UserRole", but only "Cred"
357 <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1" />
367 Added Jonathan 5/20/2015 to support identifying Certificate based Services
369 <xs:element name="certs">
372 <xs:element name="cert" minOccurs="0" maxOccurs="unbounded">
375 <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" />
376 <xs:element name="x500" type="xs:string" minOccurs="1" maxOccurs="1" />
377 <xs:element name="expires" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
378 <xs:element name="fingerprint" type="xs:hexBinary" minOccurs="1" maxOccurs="1" />
389 <xs:element name="credRequest">
392 <xs:extension base="aaf:Request">
394 <xs:element name="id" type="xs:string"/>
395 <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1"/>
397 <xs:element name="password" type="xs:string" />
398 <xs:element name="entry" type="xs:string" />
410 <xs:element name="multiRequest">
413 <xs:extension base="aaf:Request">
415 <xs:element ref="aaf:nsRequest" minOccurs="0" maxOccurs="1"/>
416 <xs:element ref="aaf:nsAttribRequest" minOccurs="0" maxOccurs="unbounded"/>
417 <xs:element ref="aaf:roleRequest" minOccurs="0" maxOccurs="unbounded"/>
418 <xs:element ref="aaf:permRequest" minOccurs="0" maxOccurs="unbounded"/>
419 <xs:element ref="aaf:credRequest" minOccurs="0" maxOccurs="unbounded"/>
420 <xs:element ref="aaf:userRoleRequest" minOccurs="0" maxOccurs="unbounded"/>
421 <xs:element ref="aaf:rolePermRequest" minOccurs="0" maxOccurs="unbounded"/>
431 <xs:element name="history">
434 <xs:element name="item" minOccurs="0" maxOccurs="unbounded">
437 <xs:element name="YYYYMM" type="xs:string" minOccurs="1" maxOccurs="1"/>
438 <xs:element name="timestamp" type="xs:dateTime" minOccurs="1" maxOccurs="1"/>
439 <xs:element name="subject" type="xs:string" minOccurs="1" maxOccurs="1"/>
440 <xs:element name="target" type = "xs:string" minOccurs="1" maxOccurs="1"/>
441 <xs:element name="action" type="xs:string" minOccurs="1" maxOccurs="1"/>
442 <xs:element name="memo" type="xs:string" minOccurs="1" maxOccurs="1"/>
443 <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
454 <xs:complexType name="approval">
456 <!-- Note, id is set by system -->
457 <xs:element name="id" type="xs:string" minOccurs="0" maxOccurs="1"/>
458 <xs:element name="ticket" type="xs:string"/>
459 <xs:element name="user" type="xs:string"/>
460 <xs:element name="approver" type="xs:string"/>
461 <xs:element name="type" type="xs:string"/>
462 <xs:element name="memo" type="xs:string"/>
463 <xs:element name="updated" type="xs:dateTime"/>
464 <xs:element name="status">
466 <xs:restriction base="xs:string">
467 <xs:enumeration value="approve"/>
468 <xs:enumeration value="reject"/>
469 <xs:enumeration value="pending"/>
473 <xs:element name="operation">
475 <xs:restriction base="xs:string">
476 <xs:enumeration value="C"/>
477 <xs:enumeration value="U"/>
478 <xs:enumeration value="D"/>
479 <xs:enumeration value="G"/>
480 <xs:enumeration value="UG"/>
486 <xs:element name="approvals">
489 <xs:element name="approvals" type="aaf:approval" minOccurs="1" maxOccurs="unbounded"/>
497 <xs:complexType name="delg">
499 <xs:element name="user" type="xs:string"/>
500 <xs:element name="delegate" type="xs:string"/>
501 <xs:element name="expires" type="xs:date"/>
505 <xs:element name="delgRequest">
508 <xs:extension base="aaf:Request">
510 <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
511 <xs:element name="delegate" type="xs:string" minOccurs="1" maxOccurs="1"/>
518 <xs:element name="delgs">
521 <xs:element name="delgs" type="aaf:delg" minOccurs="0" maxOccurs="unbounded"/>
526 <!-- Jonathan 3/11/2015 New for 2.0.8 -->
527 <xs:element name="api">
530 <xs:element name="route" minOccurs="0" maxOccurs="unbounded">
533 <xs:element name="meth" type="xs:string" minOccurs="1" maxOccurs="1"/>
534 <xs:element name="path" type="xs:string" minOccurs="1" maxOccurs="1"/>
535 <xs:element name="param" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
536 <xs:element name="desc" type="xs:string" minOccurs="1" maxOccurs="1"/>
537 <xs:element name="comments" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
538 <xs:element name="contentType" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
539 <xs:element name="expected" type="xs:int" minOccurs="1" maxOccurs="1"/>
540 <xs:element name="explicitErr" type="xs:int" minOccurs="0" maxOccurs="unbounded"/>
Code Review / aaf / authz.git / blob