diff options
author | DUVAL Thomas <thomas.duval@orange.com> | 2016-06-16 13:08:32 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@172.30.200.206> | 2016-06-16 13:08:32 +0000 |
commit | 9bdc327fd67e2189b6088f83f7d7470efc859acb (patch) | |
tree | 7ee82b65535696e1f004ab2a2de16ced0ac8b6d5 /odl-aaa-moon/aaa/aaa-authn-mdsal-store/aaa-authn-mdsal-api/src/main | |
parent | 2cadaf72d814b8f8c243855c65ba43d3b9a701cc (diff) | |
parent | adf7e6616c2a8d6f60207059288423f693509928 (diff) |
Merge "Add new version of aaa"
Diffstat (limited to 'odl-aaa-moon/aaa/aaa-authn-mdsal-store/aaa-authn-mdsal-api/src/main')
-rw-r--r-- | odl-aaa-moon/aaa/aaa-authn-mdsal-store/aaa-authn-mdsal-api/src/main/yang/aaa-authn-model.yang | 154 |
1 files changed, 154 insertions, 0 deletions
diff --git a/odl-aaa-moon/aaa/aaa-authn-mdsal-store/aaa-authn-mdsal-api/src/main/yang/aaa-authn-model.yang b/odl-aaa-moon/aaa/aaa-authn-mdsal-store/aaa-authn-mdsal-api/src/main/yang/aaa-authn-model.yang new file mode 100644 index 00000000..227cb313 --- /dev/null +++ b/odl-aaa-moon/aaa/aaa-authn-mdsal-store/aaa-authn-mdsal-api/src/main/yang/aaa-authn-model.yang @@ -0,0 +1,154 @@ +module aaa-authn-model { + yang-version 1; + namespace "urn:aaa:yang:authn:claims"; + prefix "authn"; + organization "TBD"; + + contact "wdec@cisco.com"; + + revision 2014-10-29 { + description + "Initial revision."; + } + +//Main module begins + +// Following container provides the AuthN Claims data-structure + + container tokencache { + config false; + list claims { + key "token"; + + leaf token { + type string; + description "Token"; + } + leaf clientId { + type string; + description "id of the authorized client, or null if anonymous"; + } + leaf userId { + type string; + description "Unique user-id. User IDs are system-created"; + } + leaf user { + type string; + description "User name"; + } + leaf domain { + type string; + description "Fully-qualified domain name"; + } + leaf-list roles { + type string; + description "Assigned user roles"; + } + } + } + + container token_cache_times { + + list token_list { + key userId; + + leaf userId { + //TODO: Change to instance-ref + type string; + } + + list user_tokens { + key tokenid; + leaf tokenid { + type leafref {path "/tokencache/claims/token";} + } + leaf timestamp { + type uint64; + } + leaf expiration { + type int64; + description "Expiration milliseconds since start of UTC epoch"; + } + } + } + } + + //authentication model is for generating objects to be stores in the + //data store for all the prev idm model objects. + container authentication{ + list domain{ + key domainid; + leaf domainid { + type string; + } + leaf name { + type string; + } + leaf description { + type string; + } + leaf enabled { + type boolean; + } + } + + list user { + key userid; + leaf userid { + type string; + } + leaf name { + type string; + } + leaf description { + type string; + } + leaf enabled { + type boolean; + } + leaf email { + type string; + } + leaf password { + type string; + } + leaf salt { + type string; + } + leaf domainid { + type string; + } + } + list role { + key roleid; + leaf roleid { + type string; + } + leaf name { + type string; + } + leaf description { + type string; + } + leaf domainid { + type string; + } + } + + list grant { + key grantid; + leaf grantid { + type string; + } + leaf domainid { + type string; + } + leaf userid { + type string; + } + leaf roleid { + type string; + } + } + } +} |