-
Notifications
You must be signed in to change notification settings - Fork 11
/
er.plantuml
44 lines (39 loc) · 2.46 KB
/
er.plantuml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
@startuml
skinparam monochrome true
hide circle
entity policy {
id varchar PRIMARY KEY // the id of the provider in the format : domain-of-email/hex-of-sha1-of-email-id in lower case
policy varchar(3145728) NOT NULL // the access control policy in aperture language; base64 encoded
policy_in_json jsonb NOT NULL // the complied version of aperture access control policy in json format
previous_policy varchar(3145728) NOT NULL // the previous access control policy in aperture language; base64 encoded
last_updated timestamp NOT NULL // the time when the policy was last updated
}
entity token {
id varchar NOT NULL // the consumer's email in lower case to whom the token is issued
token varchar NOT NULL // the sha256 hash of the access token
expiry timestamp NOT NULL // token expiry time
request jsonb NOT NULL // the actual request sent by the consumer when this token was requested
cert_serial varchar NOT NULL // the serial number of consumer's certificate which was used to get this token
cert_fingerprint varchar NOT NULL // the sha1 fingerprint of consumer's certificate which was used to get this token
issued_at timestamp NOT NULL // the time at which this token was issued
resource_ids jsonb NOT NULL // the list of resource ids for which this token is valid
introspected boolean NOT NULL // true if ths token has been introspected/checked by a resource server atleast once
revoked boolean NOT NULL // true if the token has been revoked by the consumer
cert_class integer NOT NULL // the certificate class of the consumer which was used to request this token
server_token jsonb NOT NULL // a dictionary of sha256 hashes of server-tokens
providers jsonb NOT NULL // a dictionary of providers for which this token is valid. providers[P] = false if the token was revoked by the provider P
geoip jsonb NOT NULL // the output of geoip lookup using the npm package : geoip-lite
}
entity groups {
id varchar NOT NULL // the id of the provider in the format : domain-of-email/hex-of-sha1-of-email-id in lower case
consumer varchar NOT NULL // the consumer's email in lower case
group_name varchar NOT NULL // the name of the group in lower case
valid_till timestamp NOT NULL // indicates how long a consumer is to be in the group
}
entity crl {
crl jsonb NOT NULL DEFAULT VALUE = '[]'::jsonb // CRL of IUDX CA
}
policy -[hidden]- token
token -[hidden]- groups
groups -[hidden]- crl
@enduml