{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://flex-auth.netkingdom/schemas/subject_manifest.schema.json",
  "title": "SubjectManifest",
  "type": "object",
  "additionalProperties": false,
  "required": ["id"],
  "properties": {
    "id": {"type": "string", "minLength": 1},
    "subjects": {"type": "array", "items": {"$ref": "#/$defs/subject"}},
    "groups": {"type": "array", "items": {"$ref": "#/$defs/group"}},
    "teams": {"type": "array", "items": {"$ref": "#/$defs/group"}},
    "tenants": {"type": "array", "items": {"$ref": "#/$defs/tenant"}},
    "metadata": {"type": "object", "additionalProperties": true}
  },
  "$defs": {
    "subject": {
      "type": "object",
      "additionalProperties": false,
      "required": ["id", "type"],
      "properties": {
        "id": {"type": "string", "minLength": 1},
        "type": {"$ref": "https://flex-auth.netkingdom/schemas/caring_access_descriptor.schema.json#/$defs/subject_type"},
        "display_name": {"type": "string", "minLength": 1},
        "organization_relation": {"$ref": "https://flex-auth.netkingdom/schemas/caring_access_descriptor.schema.json#/$defs/organization_relation"},
        "roles": {
          "type": "array",
          "items": {"$ref": "https://flex-auth.netkingdom/schemas/caring_access_descriptor.schema.json#/$defs/canonical_role"},
          "uniqueItems": true
        },
        "groups": {"type": "array", "items": {"type": "string", "minLength": 1}},
        "tenant": {"type": "string", "minLength": 1},
        "claims": {"type": "object", "additionalProperties": true},
        "caring_descriptors": {
          "type": "array",
          "items": {"$ref": "https://flex-auth.netkingdom/schemas/caring_access_descriptor.schema.json"}
        },
        "metadata": {"type": "object", "additionalProperties": true}
      }
    },
    "group": {
      "type": "object",
      "additionalProperties": false,
      "required": ["id"],
      "properties": {
        "id": {"type": "string", "minLength": 1},
        "display_name": {"type": "string", "minLength": 1},
        "members": {"type": "array", "items": {"type": "string", "minLength": 1}},
        "tenant": {"type": "string", "minLength": 1},
        "caring_descriptors": {
          "type": "array",
          "items": {"$ref": "https://flex-auth.netkingdom/schemas/caring_access_descriptor.schema.json"}
        },
        "metadata": {"type": "object", "additionalProperties": true}
      }
    },
    "tenant": {
      "type": "object",
      "additionalProperties": false,
      "required": ["id"],
      "properties": {
        "id": {"type": "string", "minLength": 1},
        "name": {"type": "string", "minLength": 1},
        "metadata": {"type": "object", "additionalProperties": true}
      }
    }
  }
}