diff options
| author |   DUVAL Thomas <thomas.duval@orange.com> | 2016-06-16 14:50:31 +0200 |
|---|---|---|
| committer | DUVAL Thomas <thomas.duval@orange.com> | 2016-06-16 14:50:31 +0200 |
| commit | adf7e6616c2a8d6f60207059288423f693509928 (patch) | |
| tree | b79848d3b61f28e975f4730de541532c5089c6ed /odl-aaa-moon/aaa/aaa-authn-mdsal-store/aaa-authn-mdsal-api/src/main | |
| parent | 506a1fc1252268fa31ba89882ea55b7665579965 (diff) | |
Add new version of aaa
Change-Id: I94d72011e6019e66c98f46d11436a5cb33ff295d
Diffstat (limited to 'odl-aaa-moon/aaa/aaa-authn-mdsal-store/aaa-authn-mdsal-api/src/main')
| -rw-r--r-- | odl-aaa-moon/aaa/aaa-authn-mdsal-store/aaa-authn-mdsal-api/src/main/yang/aaa-authn-model.yang | 154 |
1 files changed, 154 insertions, 0 deletions
diff --git a/odl-aaa-moon/aaa/aaa-authn-mdsal-store/aaa-authn-mdsal-api/src/main/yang/aaa-authn-model.yang b/odl-aaa-moon/aaa/aaa-authn-mdsal-store/aaa-authn-mdsal-api/src/main/yang/aaa-authn-model.yang new file mode 100644 index 00000000..227cb313 --- /dev/null +++ b/odl-aaa-moon/aaa/aaa-authn-mdsal-store/aaa-authn-mdsal-api/src/main/yang/aaa-authn-model.yang @@ -0,0 +1,154 @@ +module aaa-authn-model { + yang-version 1; + namespace "urn:aaa:yang:authn:claims"; + prefix "authn"; + organization "TBD"; + + contact "wdec@cisco.com"; + + revision 2014-10-29 { + description + "Initial revision."; + } + +//Main module begins + +// Following container provides the AuthN Claims data-structure + + container tokencache { + config false; + list claims { + key "token"; + + leaf token { + type string; + description "Token"; + } + leaf clientId { + type string; + description "id of the authorized client, or null if anonymous"; + } + leaf userId { + type string; + description "Unique user-id. User IDs are system-created"; + } + leaf user { + type string; + description "User name"; + } + leaf domain { + type string; + description "Fully-qualified domain name"; + } + leaf-list roles { + type string; + description "Assigned user roles"; + } + } + } + + container token_cache_times { + + list token_list { + key userId; + + leaf userId { + //TODO: Change to instance-ref + type string; + } + + list user_tokens { + key tokenid; + leaf tokenid { + type leafref {path "/tokencache/claims/token";} + } + leaf timestamp { + type uint64; + } + leaf expiration { + type int64; + description "Expiration milliseconds since start of UTC epoch"; + } + } + } + } + + //authentication model is for generating objects to be stores in the + //data store for all the prev idm model objects. + container authentication{ + list domain{ + key domainid; + leaf domainid { + type string; + } + leaf name { + type string; + } + leaf description { + type string; + } + leaf enabled { + type boolean; + } + } + + list user { + key userid; + leaf userid { + type string; + } + leaf name { + type string; + } + leaf description { + type string; + } + leaf enabled { + type boolean; + } + leaf email { + type string; + } + leaf password { + type string; + } + leaf salt { + type string; + } + leaf domainid { + type string; + } + } + list role { + key roleid; + leaf roleid { + type string; + } + leaf name { + type string; + } + leaf description { + type string; + } + leaf domainid { + type string; + } + } + + list grant { + key grantid; + leaf grantid { + type string; + } + leaf domainid { + type string; + } + leaf userid { + type string; + } + leaf roleid { + type string; + } + } + } +} |