blob: 227cb313c4f2452a42500df46576d3ce26f5f122 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
module aaa-authn-model {
yang-version 1;
namespace "urn:aaa:yang:authn:claims";
prefix "authn";
organization "TBD";
contact "wdec@cisco.com";
revision 2014-10-29 {
description
"Initial revision.";
}
//Main module begins
// Following container provides the AuthN Claims data-structure
container tokencache {
config false;
list claims {
key "token";
leaf token {
type string;
description "Token";
}
leaf clientId {
type string;
description "id of the authorized client, or null if anonymous";
}
leaf userId {
type string;
description "Unique user-id. User IDs are system-created";
}
leaf user {
type string;
description "User name";
}
leaf domain {
type string;
description "Fully-qualified domain name";
}
leaf-list roles {
type string;
description "Assigned user roles";
}
}
}
container token_cache_times {
list token_list {
key userId;
leaf userId {
//TODO: Change to instance-ref
type string;
}
list user_tokens {
key tokenid;
leaf tokenid {
type leafref {path "/tokencache/claims/token";}
}
leaf timestamp {
type uint64;
}
leaf expiration {
type int64;
description "Expiration milliseconds since start of UTC epoch";
}
}
}
}
//authentication model is for generating objects to be stores in the
//data store for all the prev idm model objects.
container authentication{
list domain{
key domainid;
leaf domainid {
type string;
}
leaf name {
type string;
}
leaf description {
type string;
}
leaf enabled {
type boolean;
}
}
list user {
key userid;
leaf userid {
type string;
}
leaf name {
type string;
}
leaf description {
type string;
}
leaf enabled {
type boolean;
}
leaf email {
type string;
}
leaf password {
type string;
}
leaf salt {
type string;
}
leaf domainid {
type string;
}
}
list role {
key roleid;
leaf roleid {
type string;
}
leaf name {
type string;
}
leaf description {
type string;
}
leaf domainid {
type string;
}
}
list grant {
key grantid;
leaf grantid {
type string;
}
leaf domainid {
type string;
}
leaf userid {
type string;
}
leaf roleid {
type string;
}
}
}
}
|
