pdp.xsd 15.3 KB
Newer Older
1
<?xml version="1.0" encoding="UTF-8"?>
2 3 4 5
<!-- Schema version is same as earliest compatible version of authzforce-ce-core -->
<schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="http://authzforce.github.io/core/xmlns/pdp" xmlns:tns="http://authzforce.github.io/core/xmlns/pdp" elementFormDefault="qualified"
	xmlns:authz-ext="http://authzforce.github.io/xmlns/pdp/ext" version="3.5.9">
	<import namespace="http://authzforce.github.io/xmlns/pdp/ext" />
6 7
	<annotation>
		<documentation xml:lang="en">
Romain Ferrari's avatar
Romain Ferrari committed
8 9 10 11 12
			Data model of AuthZForce PDP configuration.
			<p>
				For any such configuration (XML) file (instance of this schema) loaded, AuthZForce PDP
				configuration handler sets the
				global variable 'PARENT_DIR' to the path to the parent directory
13 14
				of this XML
				configuration file, so
Romain Ferrari's avatar
Romain Ferrari committed
15 16 17 18
				that any placeholder ${PARENT_DIR} is replaced with this
				value, and may be used in text nodes to
				specify file paths relative to the configuration file for
				instance.
19 20
				If the
				location to the
Romain Ferrari's avatar
Romain Ferrari committed
21 22 23 24 25 26 27 28 29 30
				configuration file is not resolved to a file on the file system,
				'PARENT_DIR' is undefined.
				You
				may use the colon ':' as a separating character between the
				placeholder variable and an
				associated default value, if PARENT_DIR is initially undefined.
				E.g.
				${PARENT_DIR:/home/foo/conf}
				will be replaced with '/home/foo/conf' if PARENT_DIR is undefined.
			</p>
31 32
		</documentation>
	</annotation>
Romain Ferrari's avatar
Romain Ferrari committed
33
	<element name="pdp">
34 35
		<complexType>
			<sequence>
Romain Ferrari's avatar
Romain Ferrari committed
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
				<element name="attributeDatatype" type="anyURI" minOccurs="0" maxOccurs="unbounded">
					<annotation>
						<documentation>URI of an attribute datatype to be added to supported datatypes. There must be
							one and only one
							Java class - say 'com.example.FooValueFactory' - on the classpath
							implementing
							interface
							'com.thalesgroup.authzforce.core.attr.AttributeValue.Factory' with
							zero-arg constructor,
							such that this URI equals:
							new com.example.FooValueFactory().getId().
						</documentation>
					</annotation>
				</element>
				<element name="function" type="anyURI" minOccurs="0" maxOccurs="unbounded">
					<annotation>
						<documentation>URI of a function to be added to supported functions.
							There must be one and only
							one
							Java class - say 'com.example.FooFunction' - on the classpath implementing
							interface
							'com.sun.xacml.cond.Function' with zero-arg constructor, such that this URI equals:
							new
							com.example.FooFunction().getId(). Whenever possible, extension implementers should
							implement
61 62
							sub-class
							'com.sun.xacml.cond.BaseFunction' actually, instead of implementing
Romain Ferrari's avatar
Romain Ferrari committed
63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84
							'com.sun.xacml.cond.Function' directly.
						</documentation>
					</annotation>
				</element>
				<element name="functionSet" type="anyURI" minOccurs="0" maxOccurs="unbounded">
					<annotation>
						<documentation>URI of a set of functions to be added to supported functions.
							There must be one
							and only one
							Java class - say 'com.example.FooFunctionSet' - on the classpath implementing
							interface
							'com.thalesgroup.authzforce.core.func.FunctionSet' with zero-arg constructor, such
							that this
							URI equals:
							new com.example.FooFunctionSet().getId().
						</documentation>
					</annotation>
				</element>
				<element name="combiningAlgorithm" type="anyURI" minOccurs="0" maxOccurs="unbounded">
					<annotation>
						<documentation>URI of a policy/rule-combining algorithm to be added to supported algorithms.
							There must be one and only one Java class - say 'com.example.FooCombiningAlg' - on the
85 86
							classpath
							implementing
Romain Ferrari's avatar
Romain Ferrari committed
87 88 89 90 91 92
							interface
							'com.sun.xacml.combine.CombiningAlgorithm' with zero-arg
							constructor, such that this URI equals:
							new com.example.FooCombiningAlg().getId().
						</documentation>
					</annotation>
93
				</element>
94
				<element name="attributeProvider" type="authz-ext:AbstractAttributeProvider" maxOccurs="unbounded" minOccurs="0">
Romain Ferrari's avatar
Romain Ferrari committed
95
					<annotation>
96
						<documentation>Attribute Provider that provides attributes not already provided in the XACML
Romain Ferrari's avatar
Romain Ferrari committed
97 98 99
							request by PEP, e.g. from external sources.
							There must be one and only
							one Java class - say
100
							'com.example.FooAttributeProviderModuleFactory' - on the classpath
Romain Ferrari's avatar
Romain Ferrari committed
101 102
							implementing
							interface
103
							'org.ow2.authzforce.core.AttributeProviderModule.Factory&lt;CONF_T&gt;'
Romain Ferrari's avatar
Romain Ferrari committed
104 105
							with zero-arg
							constructor,
106 107
							where CONF_T is
							the JAXB type bound to this XML
Romain Ferrari's avatar
Romain Ferrari committed
108 109
							element type.
							This
110
							attribute Provider
Romain Ferrari's avatar
Romain Ferrari committed
111 112
							may also
							depend on previously defined
113
							'attributeProviders', to find dependency
Romain Ferrari's avatar
Romain Ferrari committed
114 115
							attributes, i.e.
							attributes
116
							that this Provider does not
117
							support itself, but requires to find
Romain Ferrari's avatar
Romain Ferrari committed
118 119 120
							its
							supported
							attributes.
121
							Therefore, if an 'attributeProvider' AFy requires/depends on an attribute A that is
Romain Ferrari's avatar
Romain Ferrari committed
122
							not to be
123
							provided by the PEP, another
124
							'attributeProvider' AFx providing this attribute A must
Romain Ferrari's avatar
Romain Ferrari committed
125 126 127 128 129
							be
							declared
							before X.
						</documentation>
					</annotation>
130
				</element>
131
				<element name="refPolicyProvider" type="authz-ext:AbstractPolicyProvider" minOccurs="0" maxOccurs="1">
Romain Ferrari's avatar
Romain Ferrari committed
132
					<annotation>
133
						<documentation>Referenced policy Provider that resolves Policy(Set)IdReferences.
Romain Ferrari's avatar
Romain Ferrari committed
134 135 136
							There must be
							one
							and only
137
							one Java class - say 'com.example.FooRefPolicyProviderModuleFactory' - on the
Romain Ferrari's avatar
Romain Ferrari committed
138 139 140
							classpath
							implementing
							interface
141
							'com.thalesgroup.authzforce.core.policy.ReferencedPolicyProviderModule.Factory&lt;CONF_T&gt;'
142 143
							with zero-arg constructor, where CONF_T is the JAXB type bound to this XML
							element
Romain Ferrari's avatar
Romain Ferrari committed
144 145
							type.
							This
146
							referenced policy Provider may also use any of the 'refPolicyProvider' previously
Romain Ferrari's avatar
Romain Ferrari committed
147 148
							defined, if any,
							for Policy(Set)IdReference resolution; as some IdReferences may not be
149 150
							supported by
							this
151 152
							Provider.
							This element is not required if root policies found by the 'rootPolicyProvider' are
Romain Ferrari's avatar
Romain Ferrari committed
153 154 155
							always Policy elements, and not PolicySet elements.
						</documentation>
					</annotation>
156
				</element>
157
				<element name="rootPolicyProvider" type="authz-ext:AbstractPolicyProvider">
Romain Ferrari's avatar
Romain Ferrari committed
158
					<annotation>
159
						<documentation>Root/top-level policy Provider that provides the root/top-level Policy(Set) to
Romain Ferrari's avatar
Romain Ferrari committed
160 161 162
							PDP for evaluation.
							There must be one and only
							one Java class - say
163
							'com.example.FooRootPolicyProviderModuleFactory' - on the classpath
Romain Ferrari's avatar
Romain Ferrari committed
164 165
							implementing
							interface
166
							'com.thalesgroup.authzforce.core.policy.RootPolicyProviderModule.Factory&lt;CONF_T&gt;'
Romain Ferrari's avatar
Romain Ferrari committed
167
							with
168 169
							zero-arg
							constructor, where CONF_T is the JAXB type bound to this XML
Romain Ferrari's avatar
Romain Ferrari committed
170 171 172 173
							element type.
							This
							class
							may also implement
174 175 176 177
							'com.thalesgroup.authzforce.core.policy.ReferencedPolicyProviderModule.Factory&lt;CONF_T&gt;'
							to be used as 'refPolicyProvider' as well.
							This policy Provider may also use any of the
							'refPolicyProvider' previously defined, if any, for Policy(Set)IdReference resolution.
Romain Ferrari's avatar
Romain Ferrari committed
178 179 180 181 182 183 184
						</documentation>
					</annotation>
				</element>
				<element name="decisionCache" minOccurs="0" maxOccurs="1" type="authz-ext:AbstractDecisionCache">
					<annotation>
						<documentation>Decision Response cache that, for a given request, provides the XACML response
							from a cache if there is a cached response for the given request. There must be one and only
185 186
							one Java
							class -
Romain Ferrari's avatar
Romain Ferrari committed
187 188 189 190 191 192
							say
							'com.example.FooDecisionCacheFactory' - on the classpath
							implementing
							interface
							'com.thalesgroup.authzforce.core.DecisionCache.Factory&lt;CONF_T&gt;'
							with zero-arg
193 194
							constructor, where
							CONF_T is the JAXB type bound to this XML
Romain Ferrari's avatar
Romain Ferrari committed
195 196 197
							element type.
						</documentation>
					</annotation>
198 199
				</element>
			</sequence>
Romain Ferrari's avatar
Romain Ferrari committed
200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222
			<attribute name="useStandardDatatypes" type="boolean" use="optional" default="true">
				<annotation>
					<documentation>Enable support for XACML core standard mandatory attribute datatypes.
					</documentation>
				</annotation>
			</attribute>
			<attribute name="useStandardFunctions" type="boolean" use="optional" default="true">
				<annotation>
					<documentation>Enable support for XACML core standard mandatory functions.
					</documentation>
				</annotation>
			</attribute>
			<attribute name="useStandardCombiningAlgorithms" type="boolean" use="optional" default="true">
				<annotation>
					<documentation>Enable support for XACML core standard combining algorithms.
					</documentation>
				</annotation>
			</attribute>
			<attribute name="enableAttributeSelectors" type="boolean" use="optional" default="false">
				<annotation>
					<documentation>Enable support for AttributeSelectors. This feature is experimental (not to be
						used in production). Use with caution.
						For your information, AttributeSelector support is
223 224
						marked as
						optional in XACML 3.0 core specification.
Romain Ferrari's avatar
Romain Ferrari committed
225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261
					</documentation>
				</annotation>
			</attribute>
			<attribute name="maxVariableRefDepth" use="optional" default="0">
				<annotation>
					<documentation>
						Maximum depth of Variable reference chaining: VariableDefinition1 -&gt;
						VariableDefinition2 -&gt; ...; where '-&gt;' represents a VariableReference.
					</documentation>
				</annotation>
				<simpleType>
					<restriction base="nonNegativeInteger">
						<minInclusive value="0"></minInclusive>
						<maxInclusive value="100"></maxInclusive>
					</restriction>
				</simpleType>
			</attribute>
			<attribute name="maxPolicySetRefDepth" use="optional" default="0">
				<annotation>
					<documentation>Maximum depth of PolicySet reference chaining: PolicySet1 -&gt; PolicySet2 -&gt;
						...; where '-&gt;' represents a PolicySetIdReference.
					</documentation>
				</annotation>
				<simpleType>
					<restriction base="nonNegativeInteger">
						<minInclusive value="0"></minInclusive>
						<maxInclusive value="100"></maxInclusive>
					</restriction>
				</simpleType>
			</attribute>
			<attribute name="requestFilter" type="anyURI" use="optional">
				<annotation>
					<documentation>
						<p>URI of a XACML Request filter to be enabled. A XACML Request filter is a PDP
							extension
							that
							applies some processing of the request, such as validation and transformation, prior to the
262 263
							policy
							evaluation.
Romain Ferrari's avatar
Romain Ferrari committed
264 265 266
							As an example of validation, a Request
							filter may reject a request containing an
							unsupported XACML element. As an example of transformation, it may support the
267 268
							MultiRequests element,
							and more generally the
Romain Ferrari's avatar
Romain Ferrari committed
269 270 271 272 273 274 275 276
							Multiple
							Decision
							Profile by creating multiple
							Individual Decision Requests (EvaluationCtx) from
							the
							original
							XACML
							request, as defined in
277 278
							XACML Multiple Decision Profile
							specification, section
Romain Ferrari's avatar
Romain Ferrari committed
279 280 281 282 283 284 285 286 287 288
							2; and
							then
							call
							the policy evaluation
							engine for each Individual Decision Request.
							At the end,
							the
							results
							(one per Individual
							Decision
289 290
							Request) may be combined by a
							DecisionCombiner specified
Romain Ferrari's avatar
Romain Ferrari committed
291 292 293 294 295 296 297 298 299 300
							by next
							attribute
							'decisionCombiner'.
						</p>
						<p>There must be one and
							only one Java class - say 'com.example.FooRequestFilter' - on
							the
							classpath implementing
							interface 'com.thalesgroup.authzforce.core.RequestFilter' with
							zero-arg
301 302
							constructor,
							such
Romain Ferrari's avatar
Romain Ferrari committed
303 304 305 306 307 308 309 310 311
							that this URI equals: new
							com.example.FooRequestFilter().getId().</p>
					</documentation>
				</annotation>
			</attribute>
			<attribute name="resultFilter" type="anyURI" use="optional">
				<annotation>
					<documentation>URI of a XACML decision Result filter to be enabled. A decision Result filter is a PDP
						extension
312 313
						that process the result(s) from the policy evaluation before the final XACML Response
						is created (and returned back to the requester).
Romain Ferrari's avatar
Romain Ferrari committed
314 315
						For example, a typical Result filter may combine multiple individual decisions - produced by
						the 'requestFilter' - to a single
316 317
						decision Result if
						and only if the XACML Request's 'CombinedDecision' is set
Romain Ferrari's avatar
Romain Ferrari committed
318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338
						to true,
						as defined in XACML
						Multiple Decision Profile specification,
						section 3.
						There must be one and
						only
						one
						Java class - say
						'com.example.FooDecisionResultFilter'
						- on
						the classpath implementing
						interface
						'com.thalesgroup.authzforce.core.DecisionResultFilter' with
						zero-arg constructor, such
						that this URI
						equals:
						new
						com.example.FooDecisionResultFilter().getId().
					</documentation>
				</annotation>
			</attribute>
339
		</complexType>
Romain Ferrari's avatar
Romain Ferrari committed
340 341 342
		<key name="datatypeKey">
			<selector xpath="tns:attributeDatatype" />
			<field xpath="." />
343
		</key>
Romain Ferrari's avatar
Romain Ferrari committed
344 345 346
		<key name="functionKey">
			<selector xpath="tns:function" />
			<field xpath="." />
347
		</key>
Romain Ferrari's avatar
Romain Ferrari committed
348 349 350
		<key name="functionSetKey">
			<selector xpath="tns:functionSet" />
			<field xpath="." />
351
		</key>
Romain Ferrari's avatar
Romain Ferrari committed
352 353 354 355
		<key name="algorithmKey">
			<selector xpath="tns:combiningAlgorithm" />
			<field xpath="." />
		</key>
356 357
		<key name="refPolicyProviderKey">
			<selector xpath="tns:refPolicyProvider" />
Romain Ferrari's avatar
Romain Ferrari committed
358 359
			<field xpath="@id" />
		</key>
360 361
		<key name="attributeProviderKey">
			<selector xpath="tns:attributeProvider" />
Romain Ferrari's avatar
Romain Ferrari committed
362
			<field xpath="@id" />
363 364 365
		</key>
	</element>

366
	<complexType name="BaseStaticPolicyProvider">
367
		<annotation>
368
			<documentation>PolicyProvider loading policies statically from URLs.</documentation>
369 370
		</annotation>
		<complexContent>
371
			<extension base="authz-ext:AbstractPolicyProvider">
Romain Ferrari's avatar
Romain Ferrari committed
372 373 374 375 376 377
				<attribute name="policyLocation" type="anyURI" use="required">
					<annotation>
						<documentation>
							Location of a XML file that is expected to contain the root (aka top-level)
							Policy or
							PolicySet. Use the global property 'PARENT_DIR' for paths under the parent directory
378 379
							to the XML
							file where this is used.
Romain Ferrari's avatar
Romain Ferrari committed
380 381 382 383
						</documentation>
					</annotation>
				</attribute>
			</extension>
384 385 386
		</complexContent>
	</complexType>

387
	<complexType name="BaseStaticRefPolicyProvider">
388
		<annotation>
389
			<documentation>Policy(Set)IdReference Provider loading policies statically from URLs.
Romain Ferrari's avatar
Romain Ferrari committed
390 391 392
				Any
				PolicyIdReference used in a PolicySet here must refer to a Policy loaded here as well.
				Besides, a
393 394
				PolicySet P1
				must be loaded before any other PolicySet P2 with a reference
Romain Ferrari's avatar
Romain Ferrari committed
395 396
				(PolicySetIdReference) to P1.
				As PolicySets are loaded in the order of declaration of
397 398
				policyLocations, the order matters for
				PolicySetIdReference resolution.
399 400 401
			</documentation>
		</annotation>
		<complexContent>
402
			<extension base="authz-ext:AbstractPolicyProvider">
403
				<sequence>
Romain Ferrari's avatar
Romain Ferrari committed
404
					<element name="policyLocation" type="anyURI" minOccurs="1" maxOccurs="unbounded">
405 406
						<annotation>
							<documentation>
Romain Ferrari's avatar
Romain Ferrari committed
407 408 409
								Location of the XML file that is expected to contain the Policy or
								PolicySet
								element to be referenced by a Policy(Set)IdReference in the root PolicySet loaded by a root
410
								policy
411
								Provider. Use the global property 'PARENT_DIR' for defining - in a generic way - a path
Romain Ferrari's avatar
Romain Ferrari committed
412 413 414
								relative to the parent directory
								to
								the XML file where this is used.
415 416 417 418 419 420 421 422
							</documentation>
						</annotation>
					</element>
				</sequence>
			</extension>
		</complexContent>
	</complexType>
</schema>