/usr/share/arc/schema/arguspdpclient.xsd is in libarccommon3 4.0.0-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 | <?xml version="1.0" encoding="UTF-8"?>
<xsd:schema
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
targetNamespace="http://www.nordugrid.org/schemas/arguspdp/2009/10"
xmlns="http://www.nordugrid.org/schemas/arguspep/2010/10"
elementFormDefault="qualified"
attributeFormDefault="unqualified">
<!--See link: https://twiki.cern.ch/twiki/bin/view/EGEE/AuthorizationFramework
for the deployment topology of argus service.-->
<xsd:element name="PDPD" type="xsd:anyURI"/>
<xsd:element name="Conversion">
<xsd:simpleType>
<xsd:annotation>
<xsd:documentation xml:lang="en">
This element defines how to compose message to PDPD service.
The "subject" option means only X.509 subject will be sent
using predefined XACML attribute. This is default behavior.
The "cream" will cause this handler emulate CREAM CE.
And "emi" will make it use common EMI XACML profile.
</xsd:documentation>
</xsd:annotation>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="subject"/>
<xsd:enumeration value="cream"/>
<xsd:enumeration value="emi"/>
</xsd:restriction>
</xsd:simpleType>
</xsd:element>
<xsd:element name="Filter">
<xsd:complexType>
<xsd:annotation>
<xsd:documentation xml:lang="en">
This element defines Security Attributes to select and reject.
If there are no Select elements all Attributes are used except
those listed in Reject elements.
</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="Select" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
<xsd:element name="Reject" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<!--Argus PDP is configurable about using TLS/SSL or not, therefore if the TLS/SSL is
required by PDP server, then CertificatePath/KeyPath or ProxyPath, and CACertificatesDir
should be configured, if the TLS/SSL is not required, then only CertificatePath or ProxyPath
should be configured, in order to retrive the dn for saml:Issuer attribute of
xacml-samlp:XACMLAuthzDecisionQuery element-->
<xsd:element name="KeyPath" type="xsd:string" default="/etc/grid-security/hostkey.pem">
<xsd:annotation>
<xsd:documentation xml:lang="en">
Location of private key used for connecting PDP server.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="CertificatePath" type="xsd:string" default="/etc/grid-security/hostcert.pem">
<xsd:annotation>
<xsd:documentation xml:lang="en">
Location of public certificate used for connecting PDP server.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="ProxyPath" type="xsd:string">
<xsd:annotation>
<xsd:documentation xml:lang="en">
Location of proxy credentials used for connecting PDP server.
If present KeyPath and CertificatePath are not needed.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="CACertificatesDir" type="xsd:string">
<xsd:annotation>
<xsd:documentation xml:lang="en">
Directory containing certificates of accepted CAs.
</xsd:annotation>
</xsd:element>
<xsd:element name="AcceptMapping" type="xsd:boolean">
<xsd:annotation>
<xsd:documentation xml:lang="en">
Specify if local account name returned by Argus is to be used.
Default is not to apply local account provided by Argus.
</xsd:annotation>
</xsd:element>
<xsd:element name="AcceptNotApplicable" type="xsd:boolean">
<xsd:annotation>
<xsd:documentation xml:lang="en">
Specify if the "NotApplicable" decision returned by Argus
PDP is treated as reason to deny request.
Default is false, which treats "NotApplicable" as reson to deny request.
</xsd:annotation>
</xsd:element>
</xsd:schema>
|