coulomb/flex-auth
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement canonical schema foundation
Some checks failed
CI / Build and Test (push) Has been cancelled
Details
CI / Lint (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Bernd Worsch
2026-05-17 04:59:18 +02:00
parent dd0b9663c4
commit 7fdf6d63d5
29 changed files with 1905 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
schemas/decision_envelope.schema.json Normal file
View File

@@ -0,0 +1,74 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://flex-auth.netkingdom/schemas/decision_envelope.schema.json",
"title": "DecisionEnvelope",
"type": "object",
"additionalProperties": false,
"required": ["id", "effect", "resource", "subject", "provenance"],
"properties": {
"id": {"type": "string", "minLength": 1},
"request_id": {"type": "string", "minLength": 1},
"effect": {"enum": ["allow", "deny", "redact", "audit_only", "not_applicable"]},
"reason": {"type": "string"},
"matched_policy_version": {"type": "string", "minLength": 1},
"matched_rule": {"type": "string", "minLength": 1},
"resource": {"$ref": "https://flex-auth.netkingdom/schemas/check_request.schema.json#/$defs/resource_ref"},
"subject": {"$ref": "https://flex-auth.netkingdom/schemas/check_request.schema.json#/$defs/subject_ref"},
"obligations": {"type": "array", "items": {"$ref": "#/$defs/obligation"}},
"diagnostics": {"type": "object", "additionalProperties": true},
"provenance": {"$ref": "#/$defs/provenance"},
"caring": {"$ref": "#/$defs/caring_decision_metadata"}
},
"$defs": {
"obligation": {
"type": "object",
"additionalProperties": false,
"required": ["type"],
"properties": {
"type": {"type": "string", "minLength": 1},
"parameters": {"type": "object", "additionalProperties": true}
}
},
"provenance": {
"type": "object",
"additionalProperties": false,
"required": ["evaluator", "mode"],
"properties": {
"evaluator": {"type": "string", "minLength": 1},
"mode": {"type": "string", "minLength": 1},
"policy_package": {"type": "string", "minLength": 1},
"policy_version": {"type": "string", "minLength": 1},
"directory_etag": {"type": "string", "minLength": 1},
"decision_time": {"type": "string", "minLength": 1}
}
},
"caring_decision_metadata": {
"type": "object",
"additionalProperties": false,
"required": ["profile"],
"properties": {
"profile": {"const": "caring-0.4.0-rc2"},
"descriptor": {"$ref": "https://flex-auth.netkingdom/schemas/caring_access_descriptor.schema.json"},
"restrictions_evaluated": {
"type": "array",
"items": {"$ref": "https://flex-auth.netkingdom/schemas/caring_access_descriptor.schema.json#/$defs/restriction"},
"uniqueItems": true
},
"exposure_modes": {
"type": "array",
"items": {"$ref": "https://flex-auth.netkingdom/schemas/caring_access_descriptor.schema.json#/$defs/exposure_mode"},
"uniqueItems": true
},
"derived_capabilities": {
"type": "array",
"items": {"$ref": "https://flex-auth.netkingdom/schemas/caring_access_descriptor.schema.json#/$defs/derived_capability"}
},
"conformance_findings": {
"type": "array",
"items": {"$ref": "https://flex-auth.netkingdom/schemas/caring_access_descriptor.schema.json#/$defs/conformance_finding"}
},
"exposure_event": {"$ref": "https://flex-auth.netkingdom/schemas/caring_access_descriptor.schema.json#/$defs/exposure_event"}
}
}
}
}