-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathprofileType_schema_noted.json
150 lines (113 loc) · 3.97 KB
/
profileType_schema_noted.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
/*
*
* Author: Francesco Ciaccia
* Date: 07/08/2014
* Project: SECURED
* Name: PROFILE_TYPE JSON Schema
*
* Description:
* JSON schema describing the PROFILE_TYPE resource, retrieved from the NED Orchestration system
* after user authentication.
* The structure of the PROFILE_TYPE file for a policy-driven profile is different.
* The PROFILE_TYPE includes informations regarding the user identity and the set of
* applications enforcing the security controls required by the user.
* The interconnections beetween different security controls enforcing a given PSA
* are given. For each security control an URI to its configuration file resource is linked.
* The PROFILE_TYPE does not include any infrastructural information; the PSC is in charge of
* processing the file and produce the SERVICE_GRAPH to be passed to the Orchestrator so it
* can perform the TVD expansion.
* This specific profile type is for an app-driven profile; this means
* that the file is final and does not need any policy transformation to allow the PSC to
* compute the correct TVD topology.
* This PROFILE_TYPE has been built with a complex-PSA deployment scenario in mind where PSAs
* are actually bundles of multiple application each of them enforcing a security control.
*
*/
{
"title": "user_profile_type",
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "Document name, same as title"
},
"user_id": {
"type": "string"
},
"user_token": {
"type": "string",
"description": "Authentication token"
},
"profile_type": {
"type": "string",
"description": "Field to indicate the profile_type, app-driven (AD) or policy-driven (PD)"
},
"PSASet": {
"type": "array",
"description": "Array of objects; each item represents a PSA",
"items": {
"type": "object",
"description": "This object is an array including all the security service enforced by the PSA",
"properties": {
"id": {
"type": "string",
"description": "Id of the PSA"
},
"security_controls": {
"type": "array",
"description": "This array includes all the security services which the PSA enforces; it is a vertex list for the complex PSA internal graph",
"items": {
"type": "object",
"description": "Each object is a simple PSA (a security control), including its configuration URI specific for the user",
"properties": {
"imgName": {
"type": "string",
"description": "PSA repo name"
},
"conf": {
"type": "string",
"description": "URI to user's PSA configuration file in the repo"
}
},
"required": ["imgName", "conf"]
}
},
"set_ingress_flow": {
"type": "array",
"description": "Adjancency list of interconnected security controls enforced by the PSA; ingress traffic flow",
"items": {
"type": "integer",
"description": "Edge's list for the PSA's security controls graph"
}
},
"set_egress_flow": {
"type": "array",
"description": "Adjancency list of interconnected security controls enforced by the PSA; egress traffic flow",
"items": {
"type": "integer",
"description": "Edge's list for the PSA's security controls graph"
}
}
},
"required": ["name", "security_controls"]
}
}, // end PSAset
"ingress_flow": {
"type": "array",
"description": "Adjancency list of interconnected PSAs; ingress traffic flow",
"items": {
"type": "string",
"description": "Edge's list for the PSA's service graph"
}
},
"egress_flow": {
"type": "array",
"description": "Adjancency list of interconnected PSAs; egress traffic flow",
"items": {
"type": "string",
"description": "Id's list for the PSA's service graph"
}
}
}, // end user_profile_type
"required": ["name", "user_id", "user_token", "profile_type", "PSASet"]
} //EOF