module aaa-authn-model { yang-version 1; namespace "urn:aaa:yang:authn:claims"; prefix "authn"; organization "TBD"; contact "wdec@cisco.com"; revision 2014-10-29 { description "Initial revision."; } //Main module begins // Following container provides the AuthN Claims data-structure container tokencache { config false; list claims { key "token"; leaf token { type string; description "Token"; } leaf clientId { type string; description "id of the authorized client, or null if anonymous"; } leaf userId { type string; description "Unique user-id. User IDs are system-created"; } leaf user { type string; description "User name"; } leaf domain { type string; description "Fully-qualified domain name"; } leaf-list roles { type string; description "Assigned user roles"; } } } container token_cache_times { list token_list { key userId; leaf userId { //TODO: Change to instance-ref type string; } list user_tokens { key tokenid; leaf tokenid { type leafref {path "/tokencache/claims/token";} } leaf timestamp { type uint64; } leaf expiration { type int64; description "Expiration milliseconds since start of UTC epoch"; } } } } //authentication model is for generating objects to be stores in the //data store for all the prev idm model objects. container authentication{ list domain{ key domainid; leaf domainid { type string; } leaf name { type string; } leaf description { type string; } leaf enabled { type boolean; } } list user { key userid; leaf userid { type string; } leaf name { type string; } leaf description { type string; } leaf enabled { type boolean; } leaf email { type string; } leaf password { type string; } leaf salt { type string; } leaf domainid { type string; } } list role { key roleid; leaf roleid { type string; } leaf name { type string; } leaf description { type string; } leaf domainid { type string; } } list grant { key grantid; leaf grantid { type string; } leaf domainid { type string; } leaf userid { type string; } leaf roleid { type string; } } } }