/usr/share/arc/schema/ArcAuthZ.xsd is in libarccommon1 1.1.1-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 | <?xml version="1.0" encoding="UTF-8"?>
<xsd:schema
xmlns:authz="http://www.nordugrid.org/schemas/arcauthz/2009/08"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
targetNamespace="http://www.nordugrid.org/schemas/arcauthz/2009/08"
elementFormDefault="qualified"
attributeFormDefault="unqualified">
<!-- This schema defines elements which are accepted by ArcAuthZ
SecHandler. See mcc.xsd for general information about SecHandler
elements. ArcAuthZ plugin is expected to be used to evaluate
authorization decision by combaining multiple PDP plugins.
Then called it delegates all security processing to specified PDPs.
Those are called sequentially till positive answer obtained or list
is exausted. -->
<xsd:complexType name="PluginsType">
<!-- This element is used to load PDP plugins. There may be multiple
or none such element. -->
<xsd:sequence>
<!-- Name of library containing PDP plugins -->
<xsd:element name="Name" type="xsd:string"/>
</xsd:sequence>
</xsd:complexType>
<xsd:element name="Plugins" type="authz:PluginsType"/>
<xsd:complexType name="PDPType">
<!-- This element contains configuration of PDP to be used. There may be
multiple or none such element. This element will be passed to PDP
plugin during initialization. -->
<xsd:sequence>
<xsd:any namespace="##other" processContents="strict" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
<!-- Attribute 'name' contains name of plugin as defined in one of
loaded libraries. -->
<xsd:attribute name="name" type="xsd:string" use="required"/>
<!-- Attribute 'id' contains identifier which is used to distinguish
among plugins. -->
<xsd:attribute name="id" type="xsd:string" use="optional"/>
<!-- Attribute 'action' defines behavior after obtaining results from
each PDP. Possible values and their meanings are:
breakOnDeny - stop processing in case of negative result.
Result of SecHandler is negative too. In case of positive
result continue to next PDP.
breakOnAllow - stop processing in case of positive result.
Result of SecHandler is positive too. In case of negative
result continue to next PDP.
breakAlways - stop processing immediately and use obtained
result as result of SecHandler.
breakNever - continue to next PDP.
In any case if there is no next PDP in chain last result is
used as result of SecHandler. Default behavior is breakOnAllow.
-->
<xsd:attribute name="action" use="optional" default="breakOnDeny">
<xsd:simpleType>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="breakOnDeny"/>
<xsd:enumeration value="breakOnAllow"/>
<xsd:enumeration value="breakAlways"/>
<xsd:enumeration value="breakNever"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:attribute>
<xsd:anyAttribute namespace="##other" processContents="strict"/>
</xsd:complexType>
<xsd:element name="PDP" type="authz:PDPType"/>
</xsd:schema>
|