jsonschema/policy.json - gerrit/www.eclipse.org/ditto - Git at Google

 {
   "$schema": "http://json-schema.org/draft-04/schema#",
   "type": "object",
   "description": "A Policy enables developers to configure fine-grained access control for Things.",
   "title": "Policy",
   "properties": {
     "policyId": {
       "type": "string",
       "description": "Unique identifier representing the Policy, has to conform to the namespaced entity ID notation (see [Ditto documentation on namespaced entity IDs](https://www.eclipse.org/ditto/basic-namespaces-and-names.html#namespaced-id)).\n\nExamples for a valid Policy ID:\n * `org.eclipse.ditto:xdk_policy_53`\n * `foo:xdk_53`\n * `org.eclipse.vorto_42:xdk_policy`"
     },
     "entries": {
       "title": "PolicyEntries",
       "type": "object",
       "description": "PolicyEntries containing one PolicyEntry for each arbitrary `label` key.",
       "properties": {
         "additionalProperties": {
           "title": "Label",
           "type": "object",
           "description": "Single Policy entry containing Subjects and Resources.",
           "properties": {
             "subjects": {
               "title": "Subjects",
               "type": "object",
               "description": "Subjects defining who is addressed.",
               "additionalProperties": {
                 "title": "SubjectEntry",
                 "type": "object",
                 "description": "Single (Authorization) Subject entry holding its type. The key is the actual subject identifier.",
                 "properties": {
                   "type": {
                     "type": "string",
                     "title": "SubjectType",
                     "description": "The type of the (Authorization) Subject. This string can take an arbitrary value and is intended for documentational purposes, e.g. in order to document when it was created or with which purpose."
                   },
                   "expiry": {
                     "type": "string",
                     "description": "The optional expiry timestamp (formatted in ISO-8601) indicates how long this subject should be considered before it is automatically deleted from the Policy.",
                     "format": "date-time"
                   }
                 },
                 "required": [
                   "type"
                 ]
               }
             },
             "resources": {
               "title": "Resources",
               "type": "object",
               "description": "Resources containing one or many ResourceEntries.",
               "additionalProperties": {
                 "title": "ResourceEntry",
                 "type": "object",
                 "description": "Single Resource entry defining permissions per effect. The keys must be in the format `type:path` with `type` being one of the following `thing`, `policy` or `message` resources. See [Policy documentation](../basic-policy.html#which-resources-can-be-controlled) for detailed information.",
                 "properties": {
                   "grant": {
                     "type": "array",
                     "items": {
                       "type": "string",
                       "description": "All subjects specified in this Policy entry are granted read/write permission on the resources specified in the path, and all subsequent paths, except they are revoked at a subsequent policy label.",
                       "enum": [
                         "READ",
                         "WRITE"
                       ]
                     }
                   },
                   "revoke": {
                     "type": "array",
                     "items": {
                       "type": "string",
                       "description": "All subjects specified in this Policy entry are prohibited to read/write on the resources specified in the path, and all subsequent paths, except they are granted again such permission at a subsequent policy label.",
                       "enum": [
                         "READ",
                         "WRITE"
                       ]
                     }
                   }
                 },
                 "required": [
                   "grant", "revoke"
                 ]
               }
             }
           },
           "required": [
             "subjects", "resources"
           ]
         }
       }
     }
   },
   "required": [
     "policyId", "entries"
   ]
 }
	{
	"$schema": "http://json-schema.org/draft-04/schema#",
	"type": "object",
	"description": "A Policy enables developers to configure fine-grained access control for Things.",
	"title": "Policy",
	"properties": {
	"policyId": {
	"type": "string",
	"description": "Unique identifier representing the Policy, has to conform to the namespaced entity ID notation (see [Ditto documentation on namespaced entity IDs](https://www.eclipse.org/ditto/basic-namespaces-and-names.html#namespaced-id)).\n\nExamples for a valid Policy ID:\n * `org.eclipse.ditto:xdk_policy_53`\n * `foo:xdk_53`\n * `org.eclipse.vorto_42:xdk_policy`"
	},
	"entries": {
	"title": "PolicyEntries",
	"type": "object",
	"description": "PolicyEntries containing one PolicyEntry for each arbitrary `label` key.",
	"properties": {
	"additionalProperties": {
	"title": "Label",
	"type": "object",
	"description": "Single Policy entry containing Subjects and Resources.",
	"properties": {
	"subjects": {
	"title": "Subjects",
	"type": "object",
	"description": "Subjects defining who is addressed.",
	"additionalProperties": {
	"title": "SubjectEntry",
	"type": "object",
	"description": "Single (Authorization) Subject entry holding its type. The key is the actual subject identifier.",
	"properties": {
	"type": {
	"type": "string",
	"title": "SubjectType",
	"description": "The type of the (Authorization) Subject. This string can take an arbitrary value and is intended for documentational purposes, e.g. in order to document when it was created or with which purpose."
	},
	"expiry": {
	"type": "string",
	"description": "The optional expiry timestamp (formatted in ISO-8601) indicates how long this subject should be considered before it is automatically deleted from the Policy.",
	"format": "date-time"
	}
	},
	"required": [
	"type"
	]
	}
	},
	"resources": {
	"title": "Resources",
	"type": "object",
	"description": "Resources containing one or many ResourceEntries.",
	"additionalProperties": {
	"title": "ResourceEntry",
	"type": "object",
	"description": "Single Resource entry defining permissions per effect. The keys must be in the format `type:path` with `type` being one of the following `thing`, `policy` or `message` resources. See [Policy documentation](../basic-policy.html#which-resources-can-be-controlled) for detailed information.",
	"properties": {
	"grant": {
	"type": "array",
	"items": {
	"type": "string",
	"description": "All subjects specified in this Policy entry are granted read/write permission on the resources specified in the path, and all subsequent paths, except they are revoked at a subsequent policy label.",
	"enum": [
	"READ",
	"WRITE"
	]
	}
	},
	"revoke": {
	"type": "array",
	"items": {
	"type": "string",
	"description": "All subjects specified in this Policy entry are prohibited to read/write on the resources specified in the path, and all subsequent paths, except they are granted again such permission at a subsequent policy label.",
	"enum": [
	"READ",
	"WRITE"
	]
	}
	}
	},
	"required": [
	"grant", "revoke"
	]
	}
	}
	},
	"required": [
	"subjects", "resources"
	]
	}
	}
	}
	},
	"required": [
	"policyId", "entries"
	]
	}