Showing:

Annotations
Attributes
Diagrams
Facets
Instances
Model
Properties
Imported schema eml-access.xsd
Namespace https://eml.ecoinformatics.org/access-2.2.0
Annotations
'$RCSfile: eml-access.xsd,v $'
       Copyright: 1997-2002 Regents of the University of California,
                            University of New Mexico, and
                            Arizona State University
        Sponsors: National Center for Ecological Analysis and Synthesis and
                  Partnership for Interdisciplinary Studies of Coastal Oceans,
                     University of California Santa Barbara
                  Long-Term Ecological Research Network Office,
                     University of New Mexico
                  Center for Environmental Studies, Arizona State University
   Other funding: National Science Foundation (see README for details)
                  The David and Lucile Packard Foundation
     For Details: http://knb.ecoinformatics.org/

        '$Author: cjones $'
          '$Date: 2009-03-05 20:08:47 $'
      '$Revision: 1.83 $'

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
moduleName: eml-access

moduleDescription: 
          
            
              The eml-access module - Access control rules for resources
            
          
        

recommendedUsage: all data where controlling user access to the
        dataset is an issue

standAlone: yes
Properties
attribute form default unqualified
element form default unqualified
Element AccessType / allow
Namespace No namespace
Annotations
tooltip: Allow rule

summary: A rule that grants a permission
              type.

description: The allow element indicates that a particular
              user or group is granted the defined permission.

example: allow
Diagram
Diagram eml-access_xsd.tmp#AccessRule_principal eml-access_xsd.tmp#AccessRule_permission eml-access_xsd.tmp#AccessRule
Type AccessRule
Properties
content complex
Model
Children permission, principal
Instance
<allow>
  <principal>{1,unbounded}</principal>
  <permission>{1,unbounded}</permission>
</allow>
Element AccessRule / principal
Namespace No namespace
Annotations
tooltip: User or group

summary: The user or group (principal) for which the access
            control applies.

description: The principal element defines the user or group to
            which the access control rule applies. The users and groups must be
            defined in the authentication system described in the authSystem
            element.  The special principal 'public' can be used to indicate
            that any user or group has a particular access permission, thereby
            making it easier to specify that anonymous access is allowed.
            

example: public

example: uid=alice,o=LTER,dc=ecoinformatics,dc=org
Diagram
Diagram eml-resource_xsd.tmp#NonEmptyStringType
Type NonEmptyStringType
Properties
content simple
maxOccurs unbounded
Facets
minLength 1
pattern [\s]*[\S][\s\S]*
Element AccessRule / permission
Namespace No namespace
Annotations
tooltip: Type of permission

summary: The type of permission being granted or denied.
            

description: 
              
                
            The permission that is being granted or denied
            to a particular user or group for a given resource. The list of
            permissions come from a predetermined list:
            
                'read' - allow or deny viewing of the resource, 
                'write' - allow or deny modification of the resource (except for access rules),  
                'changePermission' - modifications including access rules, and  
                'all' - all of the above. 
                

                This element also allows other permission values that may be applicable to some other authentication systems but are not defined in this specification (if these other values are used, access rule enforcement is indeterminate outside of the originating system).
              
            

example: read
Diagram
Diagram
Type union of(restriction of xs:string, xs:string)
Properties
content simple
maxOccurs unbounded
Element AccessType / deny
Namespace No namespace
Annotations
tooltip: Deny rule

summary: A rule that revokes a permission
              type.

description: The deny element indicates that a particular
              user or group is not granted the defined
              permission.

example: deny
Diagram
Diagram eml-access_xsd.tmp#AccessRule_principal eml-access_xsd.tmp#AccessRule_permission eml-access_xsd.tmp#AccessRule
Type AccessRule
Properties
content complex
Model
Children permission, principal
Instance
<deny>
  <principal>{1,unbounded}</principal>
  <permission>{1,unbounded}</permission>
</deny>
Element access
Namespace https://eml.ecoinformatics.org/access-2.2.0
Annotations
tooltip: Access control rules

summary: The rules defined in this element will determine the level
        of access to a resource for the defined users and groups.

description: The access element contains a list of rules defining
        permissions for this resource. For descriptions of the individual elements,
        see the AccessType.The permission rules defined here can be overridden
         by rules added to an access tree in the PhysicalDistributionType
        at the entity level. 

example: See the description of the AccessType.
Diagram
Diagram eml-access_xsd.tmp#AccessType_id eml-access_xsd.tmp#AccessType_system eml-access_xsd.tmp#AccessType_scope eml-access_xsd.tmp#AccessType_order eml-access_xsd.tmp#AccessType_authSystem eml-access_xsd.tmp#AccessType_allow eml-access_xsd.tmp#AccessType_deny eml-resource_xsd.tmp#ReferencesGroup_references eml-resource_xsd.tmp#ReferencesGroup eml-access_xsd.tmp#AccessType
Type AccessType
Properties
content complex
Model
Children allow, deny, references
Instance
<access authSystem="" id="" order="allowFirst" scope="document" system="" xmlns="https://eml.ecoinformatics.org/access-2.2.0">
  <allow>{1,1}</allow>
  <deny>{1,1}</deny>
  <references system="">{1,1}</references>
</access>
Attributes
QName Type Default Use Annotation
authSystem xs:string required
tooltip: Authentication system

summary: The authentication system is used to verify the user or
          group to whom access is allowed or denied.

description: The authentication system determines the set of
          principals (users + groups) that can be used in the access control
          list, and the membership of users in groups. This element is intended
          to provide a reference to the authentication system that is used to
          verify the user or group. This reference is typically in the form
          of a URI, which includes the connection protocol, Internet host, and
          path to the authentication mechanism.

example: 
          ldap://ldap.ecoinformatics.org:389/dc=ecoinformatics,dc=org
id IDType optional
order restriction of xs:string allowFirst optional
tooltip: Rule order

summary: The order in which the allow and deny rules should be
          applied.

description: To obtain the desired access control, use the order
          attribute to define which rules should be applied first. The acceptable
          values are 'allowFirst' and 'denyFirst'. If 'allowFirst' is
          specified, then all 'allow' rules are processed, and then overridden
          by all 'deny' rules.  If 'denyFirst' is specified, then all 'deny'
          rules are processed, and then overridden by all 'allow' rules.
          

example: allowFirst
scope ScopeType document optional
system SystemType optional
Complex Type AccessType
Namespace https://eml.ecoinformatics.org/access-2.2.0
Annotations
tooltip: Access control rules

summary: The rules defined in this element will determine the level
        of access to a resource for the defined users and groups.

description: The access element contains a list of rules that define
        the level of access for a resource. There are two uses of access trees: to
        control access to either metadata or data. To control access to metadata
        use the eml/access tree. By default, these rules will also apply to the contained
        data. To override the default controls for specific data entities, use the
        access element available in the entity's physical/distribution tree.  A
        combination of access trees and their "order rules" (see description of
        the "order" attribute) allows EML authors
        to have fine control over permissions for individuals and groups.
Diagram
Diagram eml-access_xsd.tmp#AccessType_id eml-access_xsd.tmp#AccessType_system eml-access_xsd.tmp#AccessType_scope eml-access_xsd.tmp#AccessType_order eml-access_xsd.tmp#AccessType_authSystem eml-access_xsd.tmp#AccessType_allow eml-access_xsd.tmp#AccessType_deny eml-resource_xsd.tmp#ReferencesGroup_references eml-resource_xsd.tmp#ReferencesGroup
Model
Children allow, deny, references
Attributes
QName Type Default Use Annotation
authSystem xs:string required
tooltip: Authentication system

summary: The authentication system is used to verify the user or
          group to whom access is allowed or denied.

description: The authentication system determines the set of
          principals (users + groups) that can be used in the access control
          list, and the membership of users in groups. This element is intended
          to provide a reference to the authentication system that is used to
          verify the user or group. This reference is typically in the form
          of a URI, which includes the connection protocol, Internet host, and
          path to the authentication mechanism.

example: 
          ldap://ldap.ecoinformatics.org:389/dc=ecoinformatics,dc=org
id IDType optional
order restriction of xs:string allowFirst optional
tooltip: Rule order

summary: The order in which the allow and deny rules should be
          applied.

description: To obtain the desired access control, use the order
          attribute to define which rules should be applied first. The acceptable
          values are 'allowFirst' and 'denyFirst'. If 'allowFirst' is
          specified, then all 'allow' rules are processed, and then overridden
          by all 'deny' rules.  If 'denyFirst' is specified, then all 'deny'
          rules are processed, and then overridden by all 'allow' rules.
          

example: allowFirst
scope ScopeType document optional
system SystemType optional
Complex Type AccessRule
Namespace https://eml.ecoinformatics.org/access-2.2.0
Annotations
tooltip: Access Rule

summary: Access Rules define a user's access to a
        resource.

description: The AccessRule type defines a list of users that are
        derived from a particular authentication system (such as an LDAP
        directory), whether the user or group is allowed or denied access, the
        extent of their access (read, write , or changePermission
        access).
Diagram
Diagram eml-access_xsd.tmp#AccessRule_principal eml-access_xsd.tmp#AccessRule_permission
Model
Children permission, principal
Attribute AccessType / @id
Namespace No namespace
Type IDType
Properties
use optional
Attribute AccessType / @system
Namespace No namespace
Type SystemType
Properties
use optional
Attribute AccessType / @scope
Namespace No namespace
Type ScopeType
Properties
use optional
default document
Facets
enumeration system
enumeration document
Attribute AccessType / @order
Namespace No namespace
Annotations
tooltip: Rule order

summary: The order in which the allow and deny rules should be
          applied.

description: To obtain the desired access control, use the order
          attribute to define which rules should be applied first. The acceptable
          values are 'allowFirst' and 'denyFirst'. If 'allowFirst' is
          specified, then all 'allow' rules are processed, and then overridden
          by all 'deny' rules.  If 'denyFirst' is specified, then all 'deny'
          rules are processed, and then overridden by all 'allow' rules.
          

example: allowFirst
Type restriction of xs:string
Properties
use optional
default allowFirst
Facets
enumeration allowFirst
enumeration denyFirst
Attribute AccessType / @authSystem
Namespace No namespace
Annotations
tooltip: Authentication system

summary: The authentication system is used to verify the user or
          group to whom access is allowed or denied.

description: The authentication system determines the set of
          principals (users + groups) that can be used in the access control
          list, and the membership of users in groups. This element is intended
          to provide a reference to the authentication system that is used to
          verify the user or group. This reference is typically in the form
          of a URI, which includes the connection protocol, Internet host, and
          path to the authentication mechanism.

example: 
          ldap://ldap.ecoinformatics.org:389/dc=ecoinformatics,dc=org
Type xs:string
Properties
use required