-
Notifications
You must be signed in to change notification settings - Fork 2
/
tls-fed-metadata.yaml
134 lines (132 loc) · 3.38 KB
/
tls-fed-metadata.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
---
$schema: https://json-schema.org/draft/2020-12/schema
$id: https://www.fedtls.se/schema/fedtls-metadata-schema.json
title: JSON Schema for Federated TLS Authentication
description: "Version: 1.0.0"
type: object
additionalProperties: true
required:
- version
- entities
properties:
version:
title: Metadata schema version
description: Schema version follows semantic versioning (https://semver.org)
type: string
pattern: "^\\d+\\.\\d+\\.\\d+$"
examples:
- "1.0.0"
cache_ttl:
title: Metadata cache TTL
description: >-
How long (in seconds) to cache metadata.
Effective maximum TTL is the minimum of HTTP Expire and TTL
type: integer
minimum: 0
examples:
- 3600
entities:
type: array
items:
$ref: '#/components/entity'
components:
entity:
type: object
additionalProperties: true
required:
- entity_id
- issuers
properties:
entity_id:
title: Entity identifier
description: Globally unique identifier for the entity.
type: string
format: uri
examples:
- "https://example.com"
organization:
title: Name of entity organization
description: >-
Name identifying the organization that the entity's
metadata represents.
type: string
examples:
- "Example Org"
issuers:
title: Entity certificate issuers
description: >-
A list of certificate issuers that are allowed to issue certificates
for the entity's endpoints. For each issuer, the issuer's root CA
certificate is included in the x509certificate property (PEM-encoded).
type: array
items:
$ref: '#/components/cert_issuers'
servers:
type: array
items:
$ref: '#/components/endpoint'
clients:
type: array
items:
$ref: '#/components/endpoint'
endpoint:
type: object
additionalProperties: true
required:
- pins
properties:
description:
title: Endpoint description
type: string
examples:
- "SCIM Server 1"
tags:
title: Endpoint tags
description: >-
A list of strings that describe the endpoint's capabilities.
type: array
items:
type: string
pattern: "^[a-z0-9]{1,64}$"
examples:
- "xyzzy"
base_uri:
title: Endpoint base URI
type: string
format: uri
examples:
- "https://scim.example.com"
pins:
title: Certificate pin set
type: array
items:
$ref: '#/components/pin_directive'
cert_issuers:
title: Certificate issuers
type: object
additionalProperties: false
properties:
x509certificate:
title: X.509 Certificate (PEM)
type: string
pin_directive:
title: RFC 7469 pin directive
type: object
additionalProperties: false
required:
- alg
- digest
properties:
alg:
title: Directive name
type: string
enum:
- sha256
examples:
- sha256
digest:
title: Directive value (Base64)
type: string
pattern: "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$"
examples:
- "HiMkrb4phPSP+OvGqmZd6sGvy7AUn4k3XEe8OMBrzt8="