CDT-accessControlPolicy-v1_0_0.xsd 10.2 KB
Newer Older
PeterNiblett's avatar
PeterNiblett committed
1 2 3 4 5 6 7 8
<?xml version="1.0" encoding="UTF-8"?>
<!-- 
Copyright Notification

The oneM2M Partners authorize you to copy this document, provided that you retain all copyright and other proprietary notices 
contained in the original materials on any copies of the materials and that you comply strictly with these terms. 
This copyright permission does not constitute an endorsement of the products or services, nor does it encompass the granting of 
any patent rights. The oneM2M Partners assume no responsibility for errors or omissions in this document. 
Peter Niblett's avatar
Peter Niblett committed
9
© 2015, oneM2M Partners Type 1 (ARIB, ATIS, CCSA, ETSI, TIA, TTA, TTC). All rights reserved.
PeterNiblett's avatar
PeterNiblett committed
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

Notice of Disclaimer & Limitation of Liability 

The information provided in this document is directed solely to professionals who have the appropriate degree of experience to understand 
and interpret its contents in accordance with generally accepted engineering or other professional standards and applicable regulations. 
No recommendation as to products or vendors is made or should be implied. 

NO REPRESENTATION OR WARRANTY IS MADE THAT THE INFORMATION IS TECHNICALLY ACCURATE OR SUFFICIENT OR CONFORMS TO ANY STATUTE, 
GOVERNMENTAL RULE OR REGULATION, AND FURTHER, NO REPRESENTATION OR WARRANTY IS MADE OF MERCHANTABILITY OR FITNESS FOR ANY 
PARTICULAR PURPOSE OR AGAINST INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS. 
NO oneM2M PARTNER TYPE 1 SHALL BE LIABLE, BEYOND THE AMOUNT OF ANY SUM RECEIVED IN PAYMENT BY THAT PARTNER FOR THIS DOCUMENT, WITH RESPECT TO 
ANY CLAIM, AND IN NO EVENT SHALL oneM2M BE LIABLE FOR LOST PROFITS OR OTHER INCIDENTAL OR CONSEQUENTIAL DAMAGES. 
oneM2M EXPRESSLY ADVISES ANY AND ALL USE OF OR RELIANCE UPON THIS INFORMATION PROVIDED IN THIS DOCUMENT IS AT THE RISK OF THE USER.

-->
25 26 27 28
<xs:schema xmlns="http://www.w3.org/2001/XMLSchema"
	targetNamespace="http://www.onem2m.org/xml/protocols"
	xmlns:m2m="http://www.onem2m.org/xml/protocols" xmlns:xs="http://www.w3.org/2001/XMLSchema"
	elementFormDefault="unqualified">
PeterNiblett's avatar
PeterNiblett committed
29

Peter Niblett's avatar
Peter Niblett committed
30 31
	<xs:include schemaLocation="CDT-commonTypes-v1_0_0.xsd"/>
	<xs:include schemaLocation="CDT-subscription-v1_0_0.xsd"/>
PeterNiblett's avatar
PeterNiblett committed
32 33 34 35 36 37 38 39

	<xs:element name="accessControlPolicy">
		<xs:complexType>
			<xs:complexContent>
				<!-- Inherit Announceable Attributes from announceableSubordinateResource type -->
				<xs:extension base="m2m:announceableSubordinateResource">
					<xs:sequence>
						<!-- Resource Specific Attributes -->
40 41
						<xs:element name="privileges" type="m2m:setOfAcrs"/>
						<xs:element name="selfPrivileges" type="m2m:setOfAcrs"/>
PeterNiblett's avatar
PeterNiblett committed
42 43 44

						<!-- Child Resources -->
						<xs:choice minOccurs="0" maxOccurs="1">
45 46 47
							<xs:element name="childResource" type="m2m:childResourceRef"
								maxOccurs="unbounded"/>
							<xs:element ref="m2m:subscription" maxOccurs="unbounded"/>
PeterNiblett's avatar
PeterNiblett committed
48 49 50 51 52 53 54 55 56 57 58 59 60 61
						</xs:choice>
					</xs:sequence>
				</xs:extension>
			</xs:complexContent>
		</xs:complexType>
	</xs:element>

	<xs:element name="accessControlPolicyAnnc">
		<xs:complexType>
			<xs:complexContent>
				<!-- Inherit Announceable Attributes from announceableSubordinateResource type -->
				<xs:extension base="m2m:announcedSubordinateResource">
					<xs:sequence>
						<!-- Resource Specific Attributes -->
62 63
						<xs:element name="privileges" type="m2m:setOfAcrs"/>
						<xs:element name="selfPrivileges" type="m2m:setOfAcrs"/>
PeterNiblett's avatar
PeterNiblett committed
64 65 66

						<!-- Child Resources -->
						<xs:choice minOccurs="0" maxOccurs="1">
67 68 69
							<xs:element name="childResource" type="m2m:childResourceRef"
								maxOccurs="unbounded"/>
							<xs:element ref="m2m:subscription" maxOccurs="unbounded"/>
PeterNiblett's avatar
PeterNiblett committed
70 71 72 73 74 75 76
						</xs:choice>
					</xs:sequence>
				</xs:extension>
			</xs:complexContent>
		</xs:complexType>
	</xs:element>

77

Peter Niblett's avatar
Peter Niblett committed
78
	<!-- TODO: define short names for "setOfAcrs" and all its elements names (CR to TS-0004 for next PRO WG meeting)   -->
PeterNiblett's avatar
PeterNiblett committed
79

80
	<xs:complexType name="setOfAcrs">
PeterNiblett's avatar
PeterNiblett committed
81
		<xs:sequence>
82 83
			<xs:element name="accessControlRule" type="m2m:accessControlRule" minOccurs="0"
				maxOccurs="unbounded"/>
PeterNiblett's avatar
PeterNiblett committed
84 85 86 87 88
		</xs:sequence>
	</xs:complexType>

	<xs:complexType name="accessControlRule">
		<xs:sequence>
89 90 91 92 93 94
			<xs:element name="accessControlOriginators" type="m2m:listOfURIs" />

			<!-- accessControlOperations defined as enumerated list 1 ... 63 -->
			<xs:element name="accessControlOperations" type="m2m:accessControlOperations" />

			<!-- TODO: mismatch with TS-0004 where "accessControlContexts" has multiplicity 0..1 -->
95 96 97
			<xs:element name="accessControlContexts" minOccurs="0" maxOccurs="unbounded">
				<xs:complexType>
					<xs:sequence>
98 99
						<!-- TODO: mismatch with TS-0003 where element is called "accessControlTimeWindows" -->
						<!-- TODO: mismatch with TS-0001 where element is called "accessControlTimeWindow" -->
100
						<xs:element name="accessControlWindow" type="m2m:scheduleEntry" minOccurs="0" maxOccurs="unbounded" />
101 102

						<!-- TODO: mismatch with TS-0001: element is called accessControlIpAddress in TS-0001" in TS-0003 -->
103 104 105
						<xs:element name="accessControlIpAddresses" minOccurs="0">
							<xs:complexType>
								<xs:sequence>
106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121
									<!-- TODO: it should be possible to include both IPv6 and IPv4 address. Present text in TS-0004 is ambiguous. Not 
										clear if "or" in TS-0001 is inclusive or exclusive. Below it is interpreted as inclusive. -->
									<!-- TODO: the element names ipv4Addresses and ipv6Addresses are not explicitly mentioned in TS-0004 -->

									<xs:element name="ipv4Addresses" minOccurs="0" maxOccurs="1">
										<!-- space separated list of IPv4 addresses -->
										<xs:simpleType>
											<xs:list itemType="m2m:ipv4" />
										</xs:simpleType>
									</xs:element>
									<xs:element name="ipv6Addresses" minOccurs="0" maxOccurs="1">
										<!-- space separated list of IPv6 addresses -->
										<xs:simpleType>
											<xs:list itemType="m2m:ipv6" />
										</xs:simpleType>
									</xs:element>
122 123 124
								</xs:sequence>
							</xs:complexType>
						</xs:element>
PeterNiblett's avatar
PeterNiblett committed
125

126
						<!-- TODO: mismatch with TS-0003 and TS-0004 where element is called "accessControlLocationRegions" -->
127 128 129
						<!-- TODO: mismatch with TS-0004 where element has multiplicity [0..n] -->
						<xs:element name="accessControlLocationRegion" type="m2m:locationRegion" minOccurs="0" />
					</xs:sequence>
130 131
				</xs:complexType>
			</xs:element>
PeterNiblett's avatar
PeterNiblett committed
132 133 134
		</xs:sequence>
	</xs:complexType>

135
	<xs:complexType name="locationRegion">
136
		<xs:choice>
137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155
			<xs:element name="countryCode">
				<!-- Space separated list of 2-digit country codes -->
				<xs:simpleType>
					<xs:list itemType="m2m:countryCode" />
				</xs:simpleType>
			</xs:element>
			<xs:element name="circRegion">
				<!-- "circularRegion" is an ordered list of following three parameters of data type float ´ 1) longitude in the range 
					+/-180 degrees 2) latitude in the range +/-90 degrees, 3) radius in meters -->
				<xs:simpleType>
					<xs:restriction>
						<xs:simpleType>
							<xs:list itemType="xs:float" />
						</xs:simpleType>
						<xs:minLength value="3" />
						<xs:maxLength value="3" />
					</xs:restriction>
				</xs:simpleType>
			</xs:element>
156
		</xs:choice>
PeterNiblett's avatar
PeterNiblett committed
157 158
	</xs:complexType>

159
	<!-- countryCode as defined in TS-0004 -->
PeterNiblett's avatar
PeterNiblett committed
160 161
	<xs:simpleType name="countryCode">
		<xs:annotation>
Peter Niblett's avatar
Peter Niblett committed
162
			<xs:documentation>2-character country code as defined by ISO-3166</xs:documentation>
PeterNiblett's avatar
PeterNiblett committed
163
		</xs:annotation>
Peter Niblett's avatar
Peter Niblett committed
164
		<xs:restriction base="xs:string">
165
			<xs:pattern value="[A-Z]{2}" />
PeterNiblett's avatar
PeterNiblett committed
166 167 168
		</xs:restriction>
	</xs:simpleType>

169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219

	<!-- Initial IPv4 and IPv6 address representation types were found here:
     http://lists.w3.org/Archives/Public/www-xml-schema-comments/2005OctDec/0138.html, CIDR suffix has been added  -->

	<!--  TODO: Need to add more descriptive text into TS-0004 about structure of IPv4 and IPv6 addresses with optional CIDR suffix -->
	<xs:simpleType name="ipv4">
		<xs:annotation>
			<xs:documentation> An IP version 4 address, with optional CIDR suffix in the range /0
				... /32. </xs:documentation>
		</xs:annotation>
		<xs:restriction base="xs:token">
			<xs:pattern
				value="(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])(/([0-9]|[1-2][0-9]|3[0-2]))?"/>
			<xs:pattern value="[0-9A-Fa-f]{8}(/([0-9]|[1-2][0-9]|3[0-2]))?"/>
		</xs:restriction>
	</xs:simpleType>

	<xs:simpleType name="ipv6">
		<xs:annotation>
			<xs:documentation> An IP version 6 address, based on RFC 1884, with optional CIDR suffix
				in the range /0 ... /128. </xs:documentation>
		</xs:annotation>
		<xs:restriction base="xs:token">
			<!-- Fully specified address -->
			<xs:pattern
				value="[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){7}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
			<!-- Double colon start -->
			<xs:pattern value=":(:[0-9A-Fa-f]{1,4}){1,7}"/>
			<!-- Double colon middle -->
			<xs:pattern
				value="([0-9A-Fa-f]{1,4}:){1,6}(:[0-9A-Fa-f]{1,4}){1}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
			<xs:pattern
				value="([0-9A-Fa-f]{1,4}:){1,5}(:[0-9A-Fa-f]{1,4}){1,2}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
			<xs:pattern
				value="([0-9A-Fa-f]{1,4}:){1,4}(:[0-9A-Fa-f]{1,4}){1,3}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
			<xs:pattern
				value="([0-9A-Fa-f]{1,4}:){1,3}(:[0-9A-Fa-f]{1,4}){1,4}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
			<xs:pattern
				value="([0-9A-Fa-f]{1,4}:){1,2}(:[0-9A-Fa-f]{1,4}){1,5}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
			<xs:pattern
				value="([0-9A-Fa-f]{1,4}:){1}(:[0-9A-Fa-f]{1,4}){1,6}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
			<!-- Double colon end -->
			<xs:pattern value="([0-9A-Fa-f]{1,4}:){1,7}:(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
			<!-- Embedded IPv4 addresses without CIDR suffix. Should IPv4 CIDR suffix be added?-->
			<xs:pattern
				value="((:(:0{1,4}){0,3}(:(0{1,4}|[fF]{4}))?)|(0{1,4}:(:0{1,4}){0,2}(:(0{1,4}|[fF]{4}))?)|((0{1,4}:){2}(:0{1,4})?(:(0{1,4}|[fF]{4}))?)|((0{1,4}:){3}(:(0{1,4}|[fF]{4}))?)|((0{1,4}:){4}(0{1,4}|[fF]{4})?)):(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])"/>
			<!-- The unspecified address -->
			<xs:pattern value="::(/0)?"/>
		</xs:restriction>
	</xs:simpleType>

PeterNiblett's avatar
PeterNiblett committed
220
</xs:schema>