diff --git a/IETF-RFC.md b/IETF-RFC.md index 70670b9..9e2a3f5 100644 --- a/IETF-RFC.md +++ b/IETF-RFC.md @@ -1703,6 +1703,12 @@ implementor might find it useful to have a Provider object model to store the discovered information about federation peers or other remote OCM Providers. +The following diagram is illustrative and non-exhaustive. The single +source of truth for Provider properties is the OCM API Discovery Fields +section; for the box contents below, see the Properties subsection and +the normative capability, criteria, and resource type definitions in +that section. + ~~~ +-----------------------+ | Provider | @@ -1714,23 +1720,42 @@ OCM Providers. | - inviteAcceptDialog | | - provider | | - publicKey | - | - tokenEndpoint | + | - tokenEndPoint | + | - ... | +-----------------------+ | | exposes | +---------+---------+----------------------+ | | | - v v v -+------------------+ +------------------+ +------------------+ -| ResourceTypes[] | | Capabilities[] | | Criteria[] | -+------------------+ +------------------+ +------------------+ -| - name | | - enforce-mfa | | - allowlist | -| - shareTypes[] | | - exchange-token | | - denylist | -| - protocols{} | | - invite-wayf | | - http-signatures| -+------------------+ | - invites | | - invite | - | | - webdav-uri | | - token-exchange | - | +------------------+ +------------------+ + v v | ++------------------+ +------------------+ | +| ResourceTypes[] | | Capabilities[] | | ++------------------+ +------------------+ | +| - name | | - enforce-mfa | | +| - shareTypes[] | | - exchange-token | | +| - protocols{} | | - http-sig | | +| - ... | | - invites | | ++------------------+ | - notifications | | + | | - protocol-object| | + | | - webdav-uri | | + | | - ... | | + | +------------------+ | + | | + | +----------------+ + | | + | v + | +--------------------------+ + | | Criteria[] | + | +--------------------------+ + | | - allowlist | + | | - denylist | + | | - http-request-signatures| + | | - invite | + | | - token-exchange | + | | - ... | + | +--------------------------+ + | | supports v +------------------+ diff --git a/schemas/ocm-discovery.json b/schemas/ocm-discovery.json index d0df119..4aeaf83 100644 --- a/schemas/ocm-discovery.json +++ b/schemas/ocm-discovery.json @@ -10,7 +10,7 @@ "type": "string" }, "endPoint": { - "type": "string", + "type": "string", "format": "uri" }, "provider": { @@ -35,7 +35,7 @@ } }, "publicKey": { - "$ref": "#/$defs/publicKey" + "$ref": "#/$defs/publicKey" }, "inviteAcceptDialog": { "type": "string", @@ -47,9 +47,9 @@ } }, "required": [ - "enabled", - "apiVersion", - "endPoint", + "enabled", + "apiVersion", + "endPoint", "resourceTypes" ], "$defs": { @@ -94,8 +94,7 @@ "type": "string" } }, - "required": ["keyId", "publicKeyPem" ] - + "required": ["keyId", "publicKeyPem"] } } -} \ No newline at end of file +} diff --git a/spec.yaml b/spec.yaml index 6c784c2..f8744de 100644 --- a/spec.yaml +++ b/spec.yaml @@ -449,7 +449,7 @@ components: type: string format: uri description: > - Optional URL path of the Token Exchange endpoint to obtain bearer tokens in exchange for codes. + Optional URL of the Token Exchange endpoint to obtain bearer tokens in exchange for codes. If the `exchange-token` capability is exposed, the tokenEndPoint MUST be advertised in the discovery response. **Token Exchange API:** @@ -466,7 +466,7 @@ components: - 400: Token denied (application/json with Error schema) See TokenRequest and TokenResponse schemas for the complete data structure. - example: /index.php/apps/sciencemesh/token + example: https://cloud.example.org/ocm/token inviteAcceptDialog: type: string description: > @@ -756,7 +756,7 @@ components: sharedSecret: hfiuhworzwnur98d3wjiwhr viewMode: read ssh: - accessType: ['datatx'] + accessTypes: ['datatx'] uri: extuser@cloud.example.org:/7c084226-d9a1-11e6-bf26-cec0c932ce01 NewNotification: type: object