2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 xmlns:xs="http://www.w3.org/2001/XMLSchema"
23 xmlns:aaf="urn:aaf:v2_0"
24 targetNamespace="urn:aaf:v2_0"
25 elementFormDefault="qualified">
28 June 2, 2017, adding Roles, Perms, etc to NSRequest for Onboarding purposes.
30 Note: jan 22, 2015. Deprecating the "force" element in the "Request" Structure. Do that
37 Note: This Error Structure has been made to conform to the AT&T TSS Policies
39 <xs:element name="error">
43 Unique message identifier of the format ‘ABCnnnn’ where ‘ABC’ is
44 either ‘SVC’ for Service Exceptions or ‘POL’ for Policy Exception.
45 Exception numbers may be in the range of 0001 to 9999 where :
46 * 0001 to 0199 are reserved for common exception messages
47 * 0200 to 0999 are reserved for Parlay Web Services specification use
48 * 1000-9999 are available for exceptions
50 <xs:element name="messageId" type="xs:string" minOccurs="1" maxOccurs="1"/>
53 Message text, with replacement
54 variables marked with %n, where n is
55 an index into the list of <variables>
56 elements, starting at 1
58 <xs:element name="text" type="xs:string" minOccurs="1" maxOccurs="1"/>
61 List of zero or more strings that
62 represent the contents of the variables
63 used by the message text. -->
64 <xs:element name="variables" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
72 <xs:complexType name="Request">
74 <xs:element name="start" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
75 <xs:element name="end" type="xs:dateTime" minOccurs="1" maxOccurs="1"/>
76 <!-- Deprecated. Use Query Command
77 <xs:element name="force" type="xs:string" minOccurs="1" maxOccurs="1" default="false"/>
85 <xs:element name="keys">
88 <xs:element name="key" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
97 <xs:complexType name = "pkey">
99 <xs:element name="type" type="xs:string"/>
100 <xs:element name="instance" type="xs:string"/>
101 <xs:element name="action" type="xs:string"/>
105 <xs:element name="permKey">
108 <xs:extension base="aaf:pkey" />
113 <xs:element name="perm">
116 <xs:extension base="aaf:pkey">
118 <xs:element name="roles" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
119 <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
120 <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
121 <!-- This data not filled in unless Requested -->
122 <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/>
129 <xs:element name="perms">
132 <xs:element ref="aaf:perm" minOccurs="0" maxOccurs="unbounded"/>
137 <xs:element name="permRequest">
140 <xs:extension base="aaf:Request">
142 <xs:element name="type" type="xs:string"/>
143 <xs:element name="instance" type="xs:string"/>
144 <xs:element name="action" type="xs:string"/>
145 <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
146 <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
157 <xs:complexType name="rkey">
159 <xs:element name="name" type="xs:string"/>
163 <xs:element name="roleKey">
166 <xs:extension base="aaf:rkey" />
171 <xs:element name="role">
174 <xs:extension base="aaf:rkey">
176 <xs:element name="perms" type="aaf:pkey" minOccurs="0" maxOccurs="unbounded"/>
177 <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
178 <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
179 <!-- This data not filled in unless Requested -->
180 <xs:element name="ns" type="xs:string" minOccurs="0" maxOccurs="1"/>
187 <xs:element name="roles">
190 <xs:element ref="aaf:role" minOccurs="0" maxOccurs="unbounded"/>
195 <xs:element name="roleRequest">
198 <xs:extension base="aaf:Request">
200 <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
201 <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
202 <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
209 <!-- Added userRole return types jg1555 9/16/2015 -->
210 <xs:element name="userRole">
213 <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
214 <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/>
215 <xs:element name="expires" type="xs:date" minOccurs="1" maxOccurs="1" />
220 <!-- Added userRoles return types jg1555 9/16/2015 -->
221 <xs:element name="userRoles">
224 <xs:element ref="aaf:userRole" minOccurs="0" maxOccurs="unbounded"/>
229 <xs:element name="userRoleRequest">
232 <xs:extension base="aaf:Request">
234 <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
235 <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/>
242 <xs:element name="rolePermRequest">
245 <xs:extension base="aaf:Request">
247 <xs:element name="perm" type="aaf:pkey" minOccurs="1" maxOccurs="1"/>
248 <xs:element name="role" type="xs:string" minOccurs="1" maxOccurs="1"/>
255 <xs:element name="nsRequest">
258 <xs:extension base="aaf:Request">
260 <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
261 <xs:element name="admin" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
262 <xs:element name="responsible" type="xs:string" minOccurs="1" maxOccurs="unbounded"/>
263 <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
264 <xs:element name="description" type="xs:string" minOccurs="0" maxOccurs="1"/>
265 <!-- Note: dec 11, 2015. Request-able NS Type JG -->
266 <xs:element name="type" type="xs:string" minOccurs="0" maxOccurs="1"/>
268 <!-- "scope" is deprecated and unused as of AAF 2.0.11. It will be removed in future versions
269 <xs:element name="scope" type="xs:int" minOccurs="0" maxOccurs="1"/>
272 <xs:element ref="aaf:roleRequest" minOccurs="0" maxOccurs="unbounded"/>
273 <xs:element ref="aaf:permRequest" minOccurs="0" maxOccurs="unbounded"/>
274 <xs:element name="aaf_id" type="xs:string" minOccurs="0" maxOccurs="1"/>
275 <xs:element ref="aaf:userRoleRequest" minOccurs="0" maxOccurs="unbounded"/>
276 <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded">
279 <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/>
280 <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/>
293 <xs:element name="nsAttribRequest">
296 <xs:extension base="aaf:Request">
298 <xs:element name="ns" type="xs:string" minOccurs="1" maxOccurs="1"/>
299 <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded">
302 <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/>
303 <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/>
313 <xs:element name = "nss">
316 <xs:element name = "ns" minOccurs="0" maxOccurs="unbounded">
319 <xs:element name = "name" type = "xs:string" minOccurs="1" maxOccurs="1"/>
320 <xs:element name = "responsible" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/>
321 <xs:element name = "admin" type = "xs:string" minOccurs="0" maxOccurs="unbounded"/>
322 <!-- Note: feb 23, 2015. Added description field. Verify backward compatibility. JR -->
323 <xs:element name = "description" type = "xs:string" minOccurs="0" maxOccurs="1"/>
324 <!-- Note: Dec 16, 2015. Added description field. Verify backward compatibility. JG -->
325 <xs:element name = "attrib" minOccurs="0" maxOccurs="unbounded">
328 <xs:element name = "key" type="xs:string" minOccurs="1" maxOccurs="1"/>
329 <xs:element name = "value" type="xs:string" minOccurs="0" maxOccurs="1"/>
343 <xs:element name="users">
346 <xs:element name="user" minOccurs="0" maxOccurs="unbounded">
349 <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" />
350 <!-- Changed type to dateTime, because of importance of Certs -->
351 <xs:element name="expires" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
352 <!-- need to differentiate User Cred Types, jg1555 5/20/2015
353 This Return Object is shared by multiple functions:
354 Type is not returned for "UserRole", but only "Cred"
356 <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1" />
366 Added jg1555 5/20/2015 to support identifying Certificate based Services
368 <xs:element name="certs">
371 <xs:element name="cert" minOccurs="0" maxOccurs="unbounded">
374 <xs:element name="id" type="xs:string" minOccurs="1" maxOccurs="1" />
375 <xs:element name="x500" type="xs:string" minOccurs="1" maxOccurs="1" />
376 <xs:element name="expires" type="xs:dateTime" minOccurs="1" maxOccurs="1" />
377 <xs:element name="fingerprint" type="xs:hexBinary" minOccurs="1" maxOccurs="1" />
388 <xs:element name="credRequest">
391 <xs:extension base="aaf:Request">
393 <xs:element name="id" type="xs:string"/>
394 <xs:element name="type" type="xs:int" minOccurs="0" maxOccurs="1"/>
396 <xs:element name="password" type="xs:string" />
397 <xs:element name="entry" type="xs:string" />
409 <xs:element name="multiRequest">
412 <xs:extension base="aaf:Request">
414 <xs:element ref="aaf:nsRequest" minOccurs="0" maxOccurs="1"/>
415 <xs:element ref="aaf:nsAttribRequest" minOccurs="0" maxOccurs="unbounded"/>
416 <xs:element ref="aaf:roleRequest" minOccurs="0" maxOccurs="unbounded"/>
417 <xs:element ref="aaf:permRequest" minOccurs="0" maxOccurs="unbounded"/>
418 <xs:element ref="aaf:credRequest" minOccurs="0" maxOccurs="unbounded"/>
419 <xs:element ref="aaf:userRoleRequest" minOccurs="0" maxOccurs="unbounded"/>
420 <xs:element ref="aaf:rolePermRequest" minOccurs="0" maxOccurs="unbounded"/>
430 <xs:element name="history">
433 <xs:element name="item" minOccurs="0" maxOccurs="unbounded">
436 <xs:element name="YYYYMM" type="xs:string" minOccurs="1" maxOccurs="1"/>
437 <xs:element name="timestamp" type="xs:dateTime" minOccurs="1" maxOccurs="1"/>
438 <xs:element name="subject" type="xs:string" minOccurs="1" maxOccurs="1"/>
439 <xs:element name="target" type = "xs:string" minOccurs="1" maxOccurs="1"/>
440 <xs:element name="action" type="xs:string" minOccurs="1" maxOccurs="1"/>
441 <xs:element name="memo" type="xs:string" minOccurs="1" maxOccurs="1"/>
442 <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
453 <xs:complexType name="approval">
455 <!-- Note, id is set by system -->
456 <xs:element name="id" type="xs:string" minOccurs="0" maxOccurs="1"/>
457 <xs:element name="ticket" type="xs:string"/>
458 <xs:element name="user" type="xs:string"/>
459 <xs:element name="approver" type="xs:string"/>
460 <xs:element name="type" type="xs:string"/>
461 <xs:element name="memo" type="xs:string"/>
462 <xs:element name="updated" type="xs:dateTime"/>
463 <xs:element name="status">
465 <xs:restriction base="xs:string">
466 <xs:enumeration value="approve"/>
467 <xs:enumeration value="reject"/>
468 <xs:enumeration value="pending"/>
472 <xs:element name="operation">
474 <xs:restriction base="xs:string">
475 <xs:enumeration value="C"/>
476 <xs:enumeration value="U"/>
477 <xs:enumeration value="D"/>
478 <xs:enumeration value="G"/>
479 <xs:enumeration value="UG"/>
485 <xs:element name="approvals">
488 <xs:element name="approvals" type="aaf:approval" minOccurs="1" maxOccurs="unbounded"/>
496 <xs:complexType name="delg">
498 <xs:element name="user" type="xs:string"/>
499 <xs:element name="delegate" type="xs:string"/>
500 <xs:element name="expires" type="xs:date"/>
504 <xs:element name="delgRequest">
507 <xs:extension base="aaf:Request">
509 <xs:element name="user" type="xs:string" minOccurs="1" maxOccurs="1"/>
510 <xs:element name="delegate" type="xs:string" minOccurs="1" maxOccurs="1"/>
517 <xs:element name="delgs">
520 <xs:element name="delgs" type="aaf:delg" minOccurs="0" maxOccurs="unbounded"/>
525 <!-- jg 3/11/2015 New for 2.0.8 -->
526 <xs:element name="api">
529 <xs:element name="route" minOccurs="0" maxOccurs="unbounded">
532 <xs:element name="meth" type="xs:string" minOccurs="1" maxOccurs="1"/>
533 <xs:element name="path" type="xs:string" minOccurs="1" maxOccurs="1"/>
534 <xs:element name="param" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
535 <xs:element name="desc" type="xs:string" minOccurs="1" maxOccurs="1"/>
536 <xs:element name="comments" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
537 <xs:element name="contentType" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
538 <xs:element name="expected" type="xs:int" minOccurs="1" maxOccurs="1"/>
539 <xs:element name="explicitErr" type="xs:int" minOccurs="0" maxOccurs="unbounded"/>
Code Review / aaf / authz.git / blob