coulomb/flex-auth
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
3247f5d357571a1c1bb21217b9b7de05a0418db0
flex-auth/schemas/decision_envelope.schema.json
tegwick 7fdf6d63d5
Some checks failed
CI / Build and Test (push) Has been cancelled
Details
CI / Lint (push) Has been cancelled
Details
Implement canonical schema foundation
2026-05-17 04:59:18 +02:00

75 lines
3.2 KiB
JSON
Raw Blame History

{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://flex-auth.netkingdom/schemas/decision_envelope.schema.json",
"title": "DecisionEnvelope",
"type": "object",
"additionalProperties": false,
"required": ["id", "effect", "resource", "subject", "provenance"],
"properties": {
"id": {"type": "string", "minLength": 1},
"request_id": {"type": "string", "minLength": 1},
"effect": {"enum": ["allow", "deny", "redact", "audit_only", "not_applicable"]},
"reason": {"type": "string"},
"matched_policy_version": {"type": "string", "minLength": 1},
"matched_rule": {"type": "string", "minLength": 1},
"resource": {"$ref": "https://flex-auth.netkingdom/schemas/check_request.schema.json#/$defs/resource_ref"},
"subject": {"$ref": "https://flex-auth.netkingdom/schemas/check_request.schema.json#/$defs/subject_ref"},
"obligations": {"type": "array", "items": {"$ref": "#/$defs/obligation"}},
"diagnostics": {"type": "object", "additionalProperties": true},
"provenance": {"$ref": "#/$defs/provenance"},
"caring": {"$ref": "#/$defs/caring_decision_metadata"}
},
"$defs": {
"obligation": {
"type": "object",
"additionalProperties": false,
"required": ["type"],
"properties": {
"type": {"type": "string", "minLength": 1},
"parameters": {"type": "object", "additionalProperties": true}
}
},
"provenance": {
"type": "object",
"additionalProperties": false,
"required": ["evaluator", "mode"],
"properties": {
"evaluator": {"type": "string", "minLength": 1},
"mode": {"type": "string", "minLength": 1},
"policy_package": {"type": "string", "minLength": 1},
"policy_version": {"type": "string", "minLength": 1},
"directory_etag": {"type": "string", "minLength": 1},
"decision_time": {"type": "string", "minLength": 1}
}
},
"caring_decision_metadata": {
"type": "object",
"additionalProperties": false,
"required": ["profile"],
"properties": {
"profile": {"const": "caring-0.4.0-rc2"},
"descriptor": {"$ref": "https://flex-auth.netkingdom/schemas/caring_access_descriptor.schema.json"},
"restrictions_evaluated": {
"type": "array",
"items": {"$ref": "https://flex-auth.netkingdom/schemas/caring_access_descriptor.schema.json#/$defs/restriction"},
"uniqueItems": true
},
"exposure_modes": {
"type": "array",
"items": {"$ref": "https://flex-auth.netkingdom/schemas/caring_access_descriptor.schema.json#/$defs/exposure_mode"},
"uniqueItems": true
},
"derived_capabilities": {
"type": "array",
"items": {"$ref": "https://flex-auth.netkingdom/schemas/caring_access_descriptor.schema.json#/$defs/derived_capability"}
},
"conformance_findings": {
"type": "array",
"items": {"$ref": "https://flex-auth.netkingdom/schemas/caring_access_descriptor.schema.json#/$defs/conformance_finding"}
},
"exposure_event": {"$ref": "https://flex-auth.netkingdom/schemas/caring_access_descriptor.schema.json#/$defs/exposure_event"}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink