This file is indexed.

/usr/share/arc/schema/DelegationSH.xsd is in libarccommon3 4.0.0-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
<?xml version="1.0" encoding="UTF-8"?>
<xsd:schema
   xmlns:deleg="http://www.nordugrid.org/schemas/delegationsh/2009/08"
   xmlns:xsd="http://www.w3.org/2001/XMLSchema"
   targetNamespace="http://www.nordugrid.org/schemas/delegationsh/2009/08"
   elementFormDefault="qualified"
   attributeFormDefault="unqualified">

  <!-- This schema defines elements which are accepted by Delegation
       SecHandler. See mcc.xsd for general information about SecHandler
       elements. DelegationSH plugin is expected to be used to 
       create delegation credential to delegation service, and acquire 
       delegation credential from delegation service. Delegation handler 
       acts as two different roles: client and service. 
       'client' delegation handler is supposed to be embeded into client's
       configuration, and it is used to create delegation credential;
       'service' delegation handler is supposed to be embeded into service's
       configuration, and it is used to acquire delegation credential.
  -->       

  <xsd:simpleType name="TypeType">
    <xsd:restriction base="xsd:string">
      <xsd:enumeration value="x509"/>
      <xsd:enumeration value="saml"/>
    </xsd:restriction>
  </xsd:simpleType>

  <xsd:simpleType name="RoleType">
    <xsd:restriction base="xsd:string">
      <xsd:enumeration value="client"/>
      <xsd:enumeration value="service"/>
    </xsd:restriction>
  </xsd:simpleType>

  <!-- This element defines the type of delegation credential which
  this sec hanlder will process. -->
  <xsd:element name="Type" type="deleg:TypeType"/>

  <!-- This element defines the 'role' which this sec handler 
   will act as.-->
  <xsd:element name="Role" type="deleg:RoleType"/>


  <!--The following is the credential with which this sec handler will use 
  to contact delegation service, either for aquiring a delegation credential,
  or for creating a delegation credential (in this case, the created delegation
  credential will be based on this configured credential)-->
  <!-- Location of Proxy certificate -->
  <xsd:element name="ProxyPath" type="xsd:string"/>

  <!-- Location of private key -->
  <xsd:element name="KeyPath" type="xsd:string"/>

  <!-- Location of public certificate. -->
  <xsd:element name="CertificatePath" type="xsd:string"/>

  <!-- Location of trusted CA certificate  -->
  <xsd:element name="CACertificatePath" type="xsd:string"/>

  <!-- Directory of trusted CA certificates  -->
  <xsd:element name="CACertificatesDir" type="xsd:string"/>

  <!-- The endpoint of peer functional service to which the client (which
  hosts this sec handler) will contact. This value is only meaningful
  for 'client' role, and it should be the same as the endpoint in the main
  chain.-->
  <xsd:element name="DelegationServiceEndpoint" type="xsd:string"/>

  <!-- The 'Identity' of the delegation credential. This value is an alternative
  of the above credential. The 'service' role delegation handler (embeded in a
  functional service, which in its implementation will also call another client
  to invole another service, together, we can see a service invocation chain) is 
  supposed to acquire delegation credential from a delegation service based on the 
  'DelegationID' and 'DelegationService' values which are sent by the client.
  Once it gets the specified delegation credential, it is supposed to store it 
  into '/tmp/' directory with the name like '5612d050.pem' (5612d050 is the hash
  value of the 'Identity' of this delegation credential).
  Afterwards, the 'client' role delegation handler (embeded in the client
  configuration, and this client is called inside this service implementation)
  will use this stored delegation credential to create one more level delegation.
  So the 'DelegationCredIdentity' value is used for finding this delegation 
  credential in the '/tmp' directory.
  This value is only meaningful for 'client' role.-->
  <xsd:element name="DelegationCredIdentity" type="xsd:string"/>

</xsd:schema>