Delegation Policy
The Delegation policy request endpoint is an API endpoint that receives policy creation requests. The POST body accepts a JWT token: the Policy Creation Request Token.
POST /delegationPolicy HTTP/1.1
Host: isharetest.net
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 39
{
"delegationPolicyRequestToken": "text"
}
No content
Request
Headers
Authorization
String. (Required) OAuth 2.0 authorization based on bearer token. MUST contain “Bearer “ + access token value. How to retrieve the access token can be found at Access Token Endpoint section.Content-Type
String. Defines request body content type. MUST be equal to application/json.
Parameters
The body of the request contains iSHARE Compliant JWT delegationPolicyRequestToken. Besides the default attributes (iss, sub, aud, etc.), it contains the following attributes. The model of the delegationPolicyRequestToken is available on the iSHARE OpenAPI documentation. For convenience the model is also described below.
delegationPolicyRequest
Object. Root level. (Required) Contains information about the delegation policy that is requested to create.notBefore
Integer. Contained indelegationPolicyRequest
. (Required) Unix timestamp in UTC indicating the start of validity period of the requested delegation policy.notOnOrAfter
Integer. Contained indelegationPolicyRequest
. Unix timestamp in UTC indicating the end of validity period of the requested delegation policy.policyRequestor
String. Contained indelegationPolicyRequest
. (Required) Identifier of the the party to which the right is delegated.policyIssuer
String. Contained indelegationPolicyRequest
. (Required) Identifier of the delegator, also know as the delegating entity.target
Object. Contained indelegationPolicyRequest
. (Required) MUST for the root level contain an accessSubject. No other elements are allowed. It makes the entire requested delegation policy applicable only to this accessSubject.accessSubject
Object. Contained intarget
. (Required) Identifier of the delegate, also known as the entity that receives the delegated rights. It should be a party identifier for M2M cases or human pseudonym for H2M cases. This would usually hold the same value as policyRequestor.
policySets
Array of Objects. Contained indelegationPolicyRequest
. (Required) Container for one or more objects containing policy elements with an indication for further delegation. Note that policySet elements within one delegationPolicyRequest MUST not restrict each other, but rather offer a mechanism to express additional rights. They will be evaluated by the Authorization Registry in a permit-override manner, allowing a Permit if only one of the policySet elements evaluates to Permit.maxDelegationDepth
Integer. Contained inpolicySets
. Optional. Optional element that, if present, indicates that further delegation of the rights, conveyed in the policy elements that are part of this PolicySet, is allowed. The value indicates the delegation steps that are allowed after this step in order to evaluate the entire delegation path to Permit.target
Object. Contained in
policySets
.Contains
environment
.environment
Object. Contained in
target
.Contains
licenses
.licenses
Array of Strings and Objects. Contained in
environment
.Array which describes which iSHARE licenses apply to this policySet. Please refer to the Licenses model for more information about structuring this array.
policies
Array of Objects. Contained in
policySets
. (Required)Used to express the actual rights for which evidence is being provided. Note that policies within one policySets object MUST not restrict each other, but rather offer a mechanism to express additional rights. They will be evaluated in a permit-override manner, allowing a Permit if only one of the policy elements evaluates to Permit.
target
Object. Contained inpolicies
. (Required) Describes the target, in terms of resource and action, this request applies to. It is also the scope that is permitted through the default rule.resource
Object. Contained intarget
. (Required) Containstype
,identifiers
andattributes
.type
String. Contained inresource
. (Required) String which describes the type of resource to which the rules apply.identifiers
Array of Strings. Contained inresource
. Optional. Optional array of strings containing one or more resource identifiers.attributes
Array of Strings. Contained inresource
. Optional. Optional array of attributes of the resources the delegated rights apply to.
actions
Array of Strings. Contained intarget
. (Required) Array of actions that apply to this policy.environment
Object. Contained intarget
. Optional field that containsserviceProviders
.serviceProviders
Array of Strings. Contained inenvironment
. Optional. Array which lists the iSHARE client ID’s of serviceProviders which are allowed to provide services to the accessSubject as described within this policy.
rules
Array of Objects. Contained inpolicies
. (Required)effect
String. Contained inrules
. Value must be equal to Permit or Deny. (Required)
Response
HTTP status codes
200 OK
When the creation of the delegation policy was succesfull, OK result should be returned.
Last updated