[c546d45] | 1 | <?xml version="1.0"?> |
---|
| 2 | <xsd:schema targetNamespace="http://www.isi.edu/faber/abac_types" |
---|
| 3 | xmlns:xsd="http://www.w3.org/2001/XMLSchema" |
---|
| 4 | xmlns:tns="http://www.isi.edu/faber/abac_types" |
---|
| 5 | xmlns:xsd1="http://www.isi.edu/faber/fedd_types" |
---|
| 6 | xmlns="http://www.w3.org/2000/10/XMLSchema"> |
---|
| 7 | |
---|
| 8 | <xsd:annotation> |
---|
| 9 | <xsd:documentation xml:lang="en"> |
---|
| 10 | Trust negotiation schema for the NAI Labs ABAC Project. |
---|
| 11 | Copyright 2002 Networks Associates Technologies, Inc. |
---|
| 12 | All rights reserved. |
---|
| 13 | </xsd:documentation> |
---|
| 14 | </xsd:annotation> |
---|
| 15 | |
---|
| 16 | <xsd:complexType name="negotiationType"> |
---|
| 17 | <xsd:sequence> |
---|
| 18 | <xsd:element name="observation" type="tns:observationType" |
---|
| 19 | minOccurs="0" maxOccurs="unbounded"/> |
---|
| 20 | </xsd:sequence> |
---|
| 21 | </xsd:complexType> |
---|
| 22 | |
---|
| 23 | <xsd:complexType name="observationType"> |
---|
| 24 | <xsd:choice> |
---|
| 25 | <xsd:element name="SimpleTTNode" type="tns:simpleTTNodeType"/> |
---|
| 26 | <xsd:element name="NodeOp" type="tns:nodeOpType"/> |
---|
| 27 | <xsd:element name="EdgeOp" type="tns:edgeOpType"/> |
---|
| 28 | <xsd:element name="Message" type="tns:messageType"/> |
---|
| 29 | <xsd:element name="Update" type="tns:updateType"/> |
---|
| 30 | </xsd:choice> |
---|
| 31 | <xsd:attribute name="count" type="xsd:decimal"/> |
---|
| 32 | </xsd:complexType> |
---|
[b57df44] | 33 | |
---|
[7a1918e] | 34 | <xsd:complexType name="negotiationRequest"> |
---|
| 35 | <xsd:sequence> |
---|
| 36 | <xsd:element name="context" type="tns:contextInfo" |
---|
| 37 | minOccurs="1" maxOccurs="1"/> |
---|
| 38 | <xsd:element name="goal" type="xsd:string" |
---|
| 39 | minOccurs="1" maxOccurs="1"/> |
---|
| 40 | </xsd:sequence> |
---|
| 41 | </xsd:complexType> |
---|
| 42 | |
---|
| 43 | <xsd:complexType name="negotiationResult"> |
---|
| 44 | <xsd:sequence> |
---|
| 45 | <xsd:element name="goal" type="xsd:string" |
---|
| 46 | minOccurs="1" maxOccurs="1"/> |
---|
| 47 | <xsd:element name="result" type="xsd:string" |
---|
| 48 | minOccurs="1" maxOccurs="1"/> |
---|
| 49 | <xsd:element name="provenance" type="xsd:string" |
---|
| 50 | minOccurs="0" maxOccurs="1"/> |
---|
| 51 | </xsd:sequence> |
---|
| 52 | </xsd:complexType> |
---|
| 53 | |
---|
| 54 | <!--Context info can be: the context data, a file pointing to the data, or |
---|
| 55 | a uid handle to the data--> |
---|
| 56 | <xsd:complexType name="contextInfo"> |
---|
| 57 | <xsd:choice> |
---|
| 58 | <xsd:element name="context" type="tns:negotiationContext"/> |
---|
| 59 | <xsd:element name="contextFile" type="xsd:string"/> |
---|
| 60 | <xsd:element name="contextID" type="xsd:string"/> |
---|
| 61 | </xsd:choice> |
---|
| 62 | </xsd:complexType> |
---|
| 63 | |
---|
[b57df44] | 64 | <xsd:complexType name="negotiationContext"> |
---|
| 65 | <xsd:sequence> |
---|
| 66 | <!-- Who am I --> |
---|
| 67 | <xsd:element name="self" type="xsd:string" |
---|
| 68 | minOccurs="1" maxOccurs="1"/> |
---|
| 69 | <!-- Who is my opponent --> |
---|
| 70 | <xsd:element name="peer" type="xsd:string" |
---|
| 71 | minOccurs="1" maxOccurs="1"/> |
---|
| 72 | <!-- What strategy for graph satisfaction do I use --> |
---|
| 73 | <xsd:element name="strategy" type="xsd:string" |
---|
| 74 | minOccurs="1" maxOccurs="1"/> |
---|
| 75 | <!-- My creddential frontiers --> |
---|
| 76 | <xsd:element name="frontier" type="tns:frontier" |
---|
| 77 | minOccurs="1" maxOccurs="1"/> |
---|
| 78 | <!-- My opponents credential evidence --> |
---|
| 79 | <xsd:element name="oppoCache" type="tns:credentialSet" |
---|
| 80 | minOccurs="1" maxOccurs="1"/> |
---|
| 81 | </xsd:sequence> |
---|
| 82 | </xsd:complexType> |
---|
| 83 | |
---|
| 84 | <xsd:complexType name="frontier"> |
---|
| 85 | <xsd:sequence> |
---|
| 86 | <xsd:element name="oppoCache" type="tns:credentialSet" |
---|
| 87 | minOccurs="0" maxOccurs="unbounded"/> |
---|
| 88 | <xsd:element name="issuerTracesAll" type="tns:roleSet" |
---|
| 89 | minOccurs="0" maxOccurs="unbounded"/> |
---|
| 90 | <xsd:element name="issuerTracesDef" type="tns:roleSet" |
---|
| 91 | minOccurs="0" maxOccurs="unbounded"/> |
---|
| 92 | <xsd:element name="subjectTraceable" type="tns:roleSet" |
---|
| 93 | minOccurs="0" maxOccurs="unbounded"/> |
---|
| 94 | </xsd:sequence> |
---|
| 95 | </xsd:complexType> |
---|
| 96 | |
---|
| 97 | <xsd:complexType name="weightTable"> |
---|
| 98 | <xsd:sequence> |
---|
| 99 | <xsd:element name="entry" type="tns:weightEntry" |
---|
| 100 | minOccurs="0" maxOccurs="unbounded"/> |
---|
| 101 | </xsd:sequence> |
---|
| 102 | </xsd:complexType> |
---|
| 103 | |
---|
| 104 | <xsd:complexType name="weightEntry"> |
---|
| 105 | <xsd:sequence> |
---|
| 106 | <xsd:element name="key" type="tns:entityType" |
---|
| 107 | minOccurs="1" maxOccurs="1"/> |
---|
| 108 | <xsd:element name="value" type="xsd:float" |
---|
| 109 | minOccurs="0" maxOccurs="1"/> |
---|
| 110 | </xsd:sequence> |
---|
| 111 | </xsd:complexType> |
---|
| 112 | |
---|
| 113 | <xsd:complexType name="accessControlPolicy"> |
---|
| 114 | <xsd:sequence> |
---|
| 115 | <xsd:element name="acFact" type="tns:accessControlFact" |
---|
| 116 | minOccurs="0" maxOccurs="unbounded"/> |
---|
| 117 | </xsd:sequence> |
---|
| 118 | </xsd:complexType> |
---|
| 119 | |
---|
| 120 | <xsd:complexType name="accessControlFact"> |
---|
| 121 | <xsd:sequence> |
---|
| 122 | <xsd:element name="credential" type="xsd:string" |
---|
| 123 | minOccurs="1" maxOccurs="1"/> |
---|
| 124 | <xsd:element name="requirement" type="tns:entityType" |
---|
| 125 | minOccurs="1" maxOccurs="1"/> |
---|
| 126 | </xsd:sequence> |
---|
| 127 | </xsd:complexType> |
---|
| 128 | |
---|
| 129 | <xsd:complexType name="acknowledgementPolicy"> |
---|
| 130 | <xsd:sequence> |
---|
| 131 | <xsd:element name="ackFact" type="tns:accessControlFact" |
---|
| 132 | minOccurs="0" maxOccurs="unbounded"/> |
---|
| 133 | </xsd:sequence> |
---|
| 134 | </xsd:complexType> |
---|
| 135 | |
---|
| 136 | <xsd:complexType name="acknowledgementPolicyFact"> |
---|
| 137 | <xsd:sequence> |
---|
| 138 | <xsd:element name="credential" type="xsd:string" |
---|
| 139 | minOccurs="1" maxOccurs="1"/> |
---|
| 140 | <xsd:element name="field" type="xsd:string" |
---|
| 141 | minOccurs="0" maxOccurs="1"/> |
---|
| 142 | <xsd:element name="value" type="xsd:string" |
---|
| 143 | minOccurs="0" maxOccurs="1"/> |
---|
| 144 | <xsd:element name="requirement" type="tns:entityType" |
---|
| 145 | minOccurs="1" maxOccurs="1"/> |
---|
| 146 | </xsd:sequence> |
---|
| 147 | </xsd:complexType> |
---|
| 148 | |
---|
| 149 | <xsd:complexType name="roleSet"> |
---|
| 150 | <xsd:sequence> |
---|
| 151 | <xsd:element name="credential" type="tns:simpleRoleType" |
---|
| 152 | minOccurs="0" maxOccurs="unbounded"/> |
---|
| 153 | </xsd:sequence> |
---|
| 154 | </xsd:complexType> |
---|
| 155 | |
---|
| 156 | <xsd:complexType name="credentialSet"> |
---|
| 157 | <xsd:sequence> |
---|
| 158 | <xsd:element name="credential" type="xsd:string" |
---|
| 159 | minOccurs="0" maxOccurs="unbounded"/> |
---|
| 160 | </xsd:sequence> |
---|
| 161 | </xsd:complexType> |
---|
[c546d45] | 162 | |
---|
| 163 | <xsd:complexType name="updateType"> |
---|
| 164 | <xsd:attribute name="value" type="xsd:string"/> |
---|
| 165 | </xsd:complexType> |
---|
| 166 | |
---|
| 167 | <xsd:complexType name="messageType"> |
---|
| 168 | <xsd:sequence> |
---|
| 169 | <xsd:element name="EdgeOp" type="tns:edgeOpType" minOccurs="0" |
---|
| 170 | maxOccurs="unbounded"/> |
---|
| 171 | <xsd:element name="NodeOp" type="tns:nodeOpType" minOccurs="0" |
---|
| 172 | maxOccurs="unbounded"/> |
---|
| 173 | <xsd:element name="evidence" type="tns:evidenceType"/> |
---|
| 174 | </xsd:sequence> |
---|
| 175 | </xsd:complexType> |
---|
| 176 | |
---|
| 177 | <xsd:complexType name="simpleTTNodeType"> |
---|
| 178 | <xsd:sequence> |
---|
| 179 | <xsd:element name="Goal" type="tns:goalType"/> |
---|
| 180 | <xsd:element name="SatisfactionState" type="xsd:string"/> |
---|
| 181 | <xsd:element name="ProcessingState" type="xsd:string"/> |
---|
| 182 | </xsd:sequence> |
---|
| 183 | <xsd:attribute name="type" type="xsd:string" use="optional"/> |
---|
| 184 | </xsd:complexType> |
---|
| 185 | |
---|
| 186 | <xsd:complexType name="nodeOpType"> |
---|
| 187 | <xsd:sequence> |
---|
| 188 | <xsd:element name="TrustTarget" type="tns:goalType"/> |
---|
| 189 | <xsd:element name="ProcessingState" type="xsd:string"/> |
---|
| 190 | </xsd:sequence> |
---|
| 191 | <xsd:attribute name="type" type="xsd:string" use="optional"/> |
---|
| 192 | </xsd:complexType> |
---|
| 193 | |
---|
| 194 | <xsd:complexType name="edgeOpType"> |
---|
| 195 | <xsd:sequence> |
---|
| 196 | <xsd:element name="Parent" type="tns:goalType"/> |
---|
| 197 | <xsd:element name="Child" type="tns:goalType"/> |
---|
| 198 | <xsd:element name="ProcessingState" type="xsd:string"/> |
---|
| 199 | </xsd:sequence> |
---|
| 200 | <xsd:attribute name="type" type="xsd:string"/> |
---|
| 201 | <xsd:attribute name="newChild" type="xsd:date"/> |
---|
| 202 | </xsd:complexType> |
---|
| 203 | |
---|
| 204 | <xsd:complexType name="goalType"> |
---|
| 205 | <xsd:sequence> |
---|
[5ffd5b9] | 206 | <xsd:element name="Verifier" type="tns:principalType"/> |
---|
[c546d45] | 207 | <xsd:element name="Target" type="tns:entityType"/> |
---|
[5ffd5b9] | 208 | <xsd:element name="Subject" type="tns:principalType"/> |
---|
[c546d45] | 209 | </xsd:sequence> |
---|
| 210 | </xsd:complexType> |
---|
| 211 | |
---|
| 212 | <!-- Here are the new credential descriptions --> |
---|
| 213 | |
---|
| 214 | <xsd:complexType name="entityType"> |
---|
| 215 | <xsd:choice> |
---|
[5ffd5b9] | 216 | <xsd:element name="principal" type="tns:principalType"/> |
---|
[c546d45] | 217 | <xsd:element name="role" type="tns:simpleRoleType"/> |
---|
| 218 | <xsd:element name="linkedrole" type="tns:linkedRoleType"/> |
---|
| 219 | <xsd:element name="intersection" type="tns:intersectionType"/> |
---|
| 220 | </xsd:choice> |
---|
| 221 | </xsd:complexType> |
---|
| 222 | |
---|
| 223 | <xsd:complexType name="roleType"> |
---|
| 224 | <xsd:choice> |
---|
| 225 | <xsd:element name="role" type="tns:simpleRoleType"/> |
---|
| 226 | <xsd:element name="linkedrole" type="tns:linkedRoleType"/> |
---|
| 227 | <xsd:element name="intersection" type="tns:intersectionType"/> |
---|
| 228 | </xsd:choice> |
---|
| 229 | </xsd:complexType> |
---|
| 230 | |
---|
[5ffd5b9] | 231 | <!-- This is a copy of fedd's IDType, included in case we have to expand or |
---|
| 232 | restrict it. XSD isn't wonderful at expressing these kinds of synonyms |
---|
| 233 | between complex types. --> |
---|
| 234 | <xsd:complexType name="principalType"> |
---|
| 235 | <xsd:choice> |
---|
| 236 | <xsd:element name="uuid" type="xsd:base64Binary"/> |
---|
| 237 | <xsd:element name="fedid" type="xsd:base64Binary"/> |
---|
| 238 | <xsd:element name="uri" type="xsd:string"/> |
---|
| 239 | <xsd:element name="localname" type="xsd:string"/> |
---|
| 240 | <xsd:element name="kerberosUsername" type="xsd:string"/> |
---|
| 241 | </xsd:choice> |
---|
| 242 | </xsd:complexType> |
---|
| 243 | |
---|
[c546d45] | 244 | <xsd:complexType name="simpleRoleType"> |
---|
| 245 | <xsd:sequence> |
---|
[5ffd5b9] | 246 | <xsd:element name="principal" type="tns:principalType"/> |
---|
[c546d45] | 247 | <xsd:element name="rolename" type="xsd:string"/> |
---|
| 248 | </xsd:sequence> |
---|
| 249 | </xsd:complexType> |
---|
| 250 | |
---|
| 251 | <xsd:complexType name="linkedRoleType"> |
---|
| 252 | <xsd:sequence> |
---|
| 253 | <xsd:element name="linkingrole" type="tns:simpleRoleType"/> |
---|
| 254 | <xsd:element name="rolename" type="xsd:string"/> |
---|
| 255 | </xsd:sequence> |
---|
| 256 | </xsd:complexType> |
---|
| 257 | |
---|
| 258 | <xsd:complexType name="intersectionType"> |
---|
| 259 | <xsd:sequence> |
---|
| 260 | <xsd:element name="role" type="tns:roleType" minOccurs="2" |
---|
| 261 | maxOccurs="unbounded"/> |
---|
| 262 | </xsd:sequence> |
---|
| 263 | </xsd:complexType> |
---|
| 264 | |
---|
| 265 | <xsd:complexType name="credentialType"> |
---|
| 266 | <xsd:sequence> |
---|
| 267 | <xsd:element name="role" type="tns:roleType"/> |
---|
| 268 | <xsd:element name="requirement" type="tns:entityType"/> |
---|
| 269 | </xsd:sequence> |
---|
| 270 | </xsd:complexType> |
---|
| 271 | |
---|
| 272 | <xsd:complexType name="evidenceType"> |
---|
| 273 | <xsd:sequence> |
---|
| 274 | <xsd:element name="credential" type="tns:credentialType" minOccurs="1" |
---|
| 275 | maxOccurs="unbounded"/> |
---|
| 276 | </xsd:sequence> |
---|
| 277 | </xsd:complexType> |
---|
| 278 | |
---|
| 279 | </xsd:schema> |
---|