aboutsummaryrefslogtreecommitdiffstats
path: root/odl-aaa-moon/aaa-authn-mdsal-store/aaa-authn-mdsal-api/src
diff options
context:
space:
mode:
Diffstat (limited to 'odl-aaa-moon/aaa-authn-mdsal-store/aaa-authn-mdsal-api/src')
-rw-r--r--odl-aaa-moon/aaa-authn-mdsal-store/aaa-authn-mdsal-api/src/main/yang/aaa-authn-model.yang154
1 files changed, 154 insertions, 0 deletions
diff --git a/odl-aaa-moon/aaa-authn-mdsal-store/aaa-authn-mdsal-api/src/main/yang/aaa-authn-model.yang b/odl-aaa-moon/aaa-authn-mdsal-store/aaa-authn-mdsal-api/src/main/yang/aaa-authn-model.yang
new file mode 100644
index 00000000..227cb313
--- /dev/null
+++ b/odl-aaa-moon/aaa-authn-mdsal-store/aaa-authn-mdsal-api/src/main/yang/aaa-authn-model.yang
@@ -0,0 +1,154 @@
+module aaa-authn-model {
+ yang-version 1;
+ namespace "urn:aaa:yang:authn:claims";
+ prefix "authn";
+ organization "TBD";
+
+ contact "wdec@cisco.com";
+
+ revision 2014-10-29 {
+ description
+ "Initial revision.";
+ }
+
+//Main module begins
+
+// Following container provides the AuthN Claims data-structure
+
+ container tokencache {
+ config false;
+ list claims {
+ key "token";
+
+ leaf token {
+ type string;
+ description "Token";
+ }
+ leaf clientId {
+ type string;
+ description "id of the authorized client, or null if anonymous";
+ }
+ leaf userId {
+ type string;
+ description "Unique user-id. User IDs are system-created";
+ }
+ leaf user {
+ type string;
+ description "User name";
+ }
+ leaf domain {
+ type string;
+ description "Fully-qualified domain name";
+ }
+ leaf-list roles {
+ type string;
+ description "Assigned user roles";
+ }
+ }
+ }
+
+ container token_cache_times {
+
+ list token_list {
+ key userId;
+
+ leaf userId {
+ //TODO: Change to instance-ref
+ type string;
+ }
+
+ list user_tokens {
+ key tokenid;
+ leaf tokenid {
+ type leafref {path "/tokencache/claims/token";}
+ }
+ leaf timestamp {
+ type uint64;
+ }
+ leaf expiration {
+ type int64;
+ description "Expiration milliseconds since start of UTC epoch";
+ }
+ }
+ }
+ }
+
+ //authentication model is for generating objects to be stores in the
+ //data store for all the prev idm model objects.
+ container authentication{
+ list domain{
+ key domainid;
+ leaf domainid {
+ type string;
+ }
+ leaf name {
+ type string;
+ }
+ leaf description {
+ type string;
+ }
+ leaf enabled {
+ type boolean;
+ }
+ }
+
+ list user {
+ key userid;
+ leaf userid {
+ type string;
+ }
+ leaf name {
+ type string;
+ }
+ leaf description {
+ type string;
+ }
+ leaf enabled {
+ type boolean;
+ }
+ leaf email {
+ type string;
+ }
+ leaf password {
+ type string;
+ }
+ leaf salt {
+ type string;
+ }
+ leaf domainid {
+ type string;
+ }
+ }
+ list role {
+ key roleid;
+ leaf roleid {
+ type string;
+ }
+ leaf name {
+ type string;
+ }
+ leaf description {
+ type string;
+ }
+ leaf domainid {
+ type string;
+ }
+ }
+
+ list grant {
+ key grantid;
+ leaf grantid {
+ type string;
+ }
+ leaf domainid {
+ type string;
+ }
+ leaf userid {
+ type string;
+ }
+ leaf roleid {
+ type string;
+ }
+ }
+ }
+}