-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmanifest.xsd
202 lines (175 loc) · 11.2 KB
/
manifest.xsd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:ewp="https://github.com/erasmus-without-paper/ewp-specs-architecture/blob/stable-v1/common-types.xsd"
xmlns:r="https://github.com/erasmus-without-paper/ewp-specs-api-registry/tree/stable-v1"
elementFormDefault="qualified"
targetNamespace="https://github.com/erasmus-without-paper/ewp-specs-api-discovery/tree/stable-v5"
xmlns="https://github.com/erasmus-without-paper/ewp-specs-api-discovery/tree/stable-v5"
>
<xs:import
schemaLocation="http://www.w3.org/2001/03/xml.xsd"
namespace="http://www.w3.org/XML/1998/namespace"
/>
<xs:import
schemaLocation="https://raw.githubusercontent.com/erasmus-without-paper/ewp-specs-architecture/stable-v1/common-types.xsd"
namespace="https://github.com/erasmus-without-paper/ewp-specs-architecture/blob/stable-v1/common-types.xsd"
/>
<xs:import
schemaLocation="https://raw.githubusercontent.com/erasmus-without-paper/ewp-specs-api-registry/stable-v1/catalogue.xsd"
namespace="https://github.com/erasmus-without-paper/ewp-specs-api-registry/tree/stable-v1"
/>
<xs:annotation>
<xs:documentation>
This schema is a part of the Erasmus Without Paper project. Before you start
using it, make sure you have read the general rules described here:
http://developers.erasmuswithoutpaper.eu/
</xs:documentation>
</xs:annotation>
<xs:element name="manifest">
<xs:annotation>
<xs:documentation>
EWP Discovery Manifest.
Manifest files describe a set of EWP Hosts. Manifest files are usually read by
the EWP Registry Service only.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element ref="host" minOccurs="0" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="host">
<xs:complexType>
<xs:sequence>
<xs:element ref="ewp:admin-email" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>
RECOMMENDED element. Address of a developer or server administrator who may be
contacted in case of problems (e.g. invalid Manifest file, invalid certificates,
server errors, etc.). Multiple addresses may be provided.
Please note, that additional `admin-email` elements can also be included inside
specific APIs sections (this allows you to add extra admins to specific APIs).
Please also note, that this address SHOULD NOT be associated
with any person because of GDPR. It is RECOMMENDED to use company aliases.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element ref="ewp:admin-notes" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>
Additional information provided by administrators and/or developers of this
host for Registry maintainers and client developers. Must be provided in English.
E.g. "This host is a DEMO server. We plan to keep it online for testing.".
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element ref="r:apis-implemented" minOccurs="0" maxOccurs="1"/>
<xs:element name="institutions-covered" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>
A list of HEIs (Higher Education Institutions) that are covered by this host.
**As of version 5.1.0 this list MUST consist of no more than one HEI**.
In conjunction with `apis-implemented`, enlisting a HEI here indicates that the
partner wants to receive specific HEI-related API queries regarding this HEI,
and that it will be able to understand them.
In conjunction with `client-credentials-in-use`, enlisting a HEI here indicates
that these credentials can be used to request resources "in the name of" this
HEI.
Be advised, that the Registry Service MAY ignore some (or all) of the items
published here, for example if it believes that this HEI does not *want* to be
covered by you. If, for some reason, your items are not being imported, and
you're not sure why, please contact the Registry Service maintainers. You can
also take a look at this thread:
https://github.com/erasmus-without-paper/ewp-specs-api-discovery/issues/12
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element ref="r:hei" minOccurs="0" maxOccurs="1" />
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="client-credentials-in-use" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>
The list of client credentials used by this host to make requests to
other EWP hosts.
You should have this element present if you intend to perform requests within
the EWP Network. However, it's worth noting, that not having it is also valid
(if you want your EWP Host to be "server only").
Be advised, that the Registry Service MAY ignore some (or all) of the
credentials submitted here, for example if it finds they do not meet proper
security standards. If, for some reason, your credentials are not being
imported, and you're not sure why, please contact the Registry Service
administrators.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="certificate" type="xs:base64Binary" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>
Base64-encoded X.509 certificate used by the partner for TLS Client
Authentication, as described here:
https://github.com/erasmus-without-paper/ewp-specs-sec-cliauth-tlscert
If your private key is compromised, you MUST immediately remove all
certificates based on this key from your manifest.
**Certificate MUST be unique in the whole EWP network**.
</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="rsa-public-key" type="xs:base64Binary" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>
Base64-encoded RSA public key used by the partner for HTTP Signature
Client Authentication, as described here:
https://github.com/erasmus-without-paper/ewp-specs-sec-cliauth-httpsig
If your private key is compromised, you MUST immediately remove all
public keys related to this key from your manifest.
**Public key MUST be unique in the whole EWP network**.
</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="server-credentials-in-use" minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>
The list of server credentials used by this host to authenticate its servers
when communicating to other EWP hosts. Note, that only *some* methods of server
authentication make use of these credentials.
As opposed to client authentication, the keys used in server authentication are
bound to specific endpoints (URLs).
This means that - if you create multiple manifests - then each of your
endpoints MAY use a different key for signing its responses. However, in most
cases, you will want to use only a single key for all your APIs and endpoints.
Be advised, that the Registry Service MAY ignore some (or all) of the
credentials submitted here, for example if it finds they do not meet proper
security standards. If, for some reason, your credentials are not being
imported, and you're not sure why, please contact the Registry Service
administrators.
</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:sequence>
<xs:element name="rsa-public-key" type="xs:base64Binary" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>
Base64-encoded RSA public key used by the partner for HTTP Signature
Server Authentication, as described here:
https://github.com/erasmus-without-paper/ewp-specs-sec-cliauth-httpsig
If your private key is compromised, you MUST immediately remove all
public keys related to this key from your manifest.
</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>