2.2.2.2.10.7 IdentityPolicy Object
The following specifies the IdentityPolicy object schema:
-
<xs:schema xmlns:g="urn:groove.net" attributeFormDefault="unqualified" elementFormDefault="qualified" targetNamespace="urn:groove.net" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:element name="fragment"> <xs:complexType> <xs:sequence> <xs:element name="ManagedObject"> <xs:complexType> <xs:sequence> <xs:element name="Header" type="ObjectHeaderType"/> <xs:element name="Body"> <xs:complexType> <xs:sequence> <xs:element name="Policy"> <xs:complexType> <xs:sequence> <xs:element name="Contact"> <xs:complexType> <xs:sequence> <xs:element name="VCard" minOccurs="0"> <xs:complexType> <xs:attribute name="ChangeFlags" type="xs:int" default="2"/> </xs:complexType> </xs:element> <xs:element name="Policies" minOccurs="0"> <xs:complexType> <xs:sequence> <xs:element name="DirectoryListings" minOccurs="0"> <xs:complexType> <xs:sequence> <xs:element name="DirectoryListing" minOccurs="0" maxOccurs="unbounded"> <xs:complexType> <xs:attribute name="Name" type="xs:string" use="required"/> <xs:attribute name="Value" type="xs:string" use="required"/> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="Backup" minOccurs="0"> <xs:complexType> <xs:attribute name="Interval" type="xs:double" use="required"/> </xs:complexType> </xs:element> <xs:element name="Telespaces" minOccurs="0"> <xs:complexType> <xs:attribute name="DefaultTemplateComponentResourceURL" type="xs:string"/> <xs:attribute name="MinimumTemplateComponentResourceURL" type="xs:string"/> </xs:complexType> </xs:element> <xs:element name="PKI" type="PKIPolicyType" minOccurs="0"/> <xs:element name="DeviceManagement" minOccurs="0" maxOccurs="unbounded"> <xs:complexType> <xs:sequence> <xs:element name="ManagementDomain" minOccurs="0" maxOccurs="unbounded"> <xs:complexType> <xs:attribute name="Certificate" type="xs:base64Binary"/> <xs:attribute name="DisplayName" type="xs:string"/> <xs:attribute name="Name" type="xs:string"/> <xs:attribute name="ReportingInterval" type="xs:int"/> <xs:attribute name="ReportingPolicy" type="xs:string"/> <xs:attribute name="ServerURL" type="xs:string"/> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType> </xs:element> </xs:sequence> <xs:attribute name="BlockedFileTypes" type="xs:string"/> <xs:attribute name="Flags" type="xs:int"/> <xs:attribute name="PeerAuthenticationLevel" type="xs:int"/> <xs:attribute name="RestrictedForestNames" type="xs:string" /> </xs:complexType> </xs:element> </xs:sequence> <xs:attribute name="ComponentResourceURL" type="xs:string" use="required"/> </xs:complexType> </xs:element> <xs:element name="Signatures"> <xs:complexType> <xs:sequence> <xs:element name="Signature" type="ObjectSignatureType"/> </xs:sequence> </xs:complexType> </xs:element> </xs:sequence> <xs:attribute name="Version" type="xs:string" use="required"/> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType> </xs:element> </xs:schema>
The ObjectHeaderType and the ObjectSignatureType are specified in sections 2.2.2.2.12 and 2.2.2.2.13. The PKIPolicyType is specified in section 2.2.2.2.14.
The following table describes the elements and attributes:
|
XPath |
Description |
|---|---|
|
/fragment |
Fragment element |
|
/fragment/ManagedObject/@Version |
The attribute MUST be "0,0,0,0". |
|
/fragment/ManagedObject/Header |
Object header element |
|
/fragment/ManagedObject/Body |
Object body element |
|
/fragment/ManagedObject/Body/@ComponentResourceURL |
The value MUST be "http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.SystemComponents.GrooveAccountMgr_DLL&Version=0&Factory=IdenityPolicy". |
|
/fragment/ManagedObject/Body/Policy |
Policy element |
|
/fragment/ManagedObject/Body/Policy/@BlockedFileTypes |
MAY contain a comma delimited list of blocked file types. |
|
/fragment/ManagedObject/Body/Policy/@RestrictedForestNames |
MAY contain a space delimited list of operating system login forest names. |
|
/fragment/ManagedObject/Body/Policy/@Flags |
The value MUST be one of following values or a value produced by using bitwise OR operator on two or more of the following values : 0x0: Do not apply any of the following options. 0x1: Identity can only be used on devices managed by identity's management domain. 0x2: Automatically manage devices at account configuration. |
|
/fragment/ManagedObject/Body/Policy/@PeerAuthenticationLevel |
The value MUST be one of the following values: 0: Do not warn or restrict members when communicating with any contact. 1: Warn users when communicating with unauthenticated contacts. 2: Restrict users from communicating with unauthenticated contacts. |
|
/fragment/ManagedObject/Body/Policy/Contact |
Contact element |
|
/fragment/ManagedObject/Body/Policy/Contact/VCard |
vCard element. Omit if no vCard policy. |
|
/fragment/ManagedObject/Body/Policy/Contact/VCard/@ChangeFlags |
The value MUST be: 0x02: Member cannot change vCard content. |
|
/fragment/ManagedObject/Body/Policy/Contact/Policies |
Policies element. Omit if no policies. |
|
/fragment/ManagedObject/Body/Policy/Contact/Policies/DirectoryListings |
Directory listings element. Omit if no directory listing polices. |
|
/fragment/ManagedObject/Body/Policy/Contact/Policies/DirectoryListings/DirectoryListing |
Directory listing element. Omit if no directory listing police. |
|
/fragment/ManagedObject/Body/Policy/Contact/Policies/DirectoryListings/DirectoryListing/@Name |
The value MUST be one of the following contact directory values: "$GrooveNet" : public domain contact directory. "$ManagementDomain" : management domain’s contact directory. |
|
/fragment/ManagedObject/Body/Policy/Contact/Policies/DirectoryListings/DirectoryListing/@Value |
MUST be one of the following value: 0: User can decide to publish or not to publish vCard. 1: Automatically publish vCard. 2: Never publish vCard. |
|
/fragment/ManagedObject/Body/Policy/Backup |
Backup policy element. Omit if no backup policy. |
|
/fragment/ManagedObject/Body/Policy/Backup/@Interval |
Backup Interval value in milliseconds. |
|
/fragment/ManagedObject/Body/Policy/Telespaces |
Telespaces element. Omit if no telespace policy. |
|
/fragment/ManagedObject/Body/Policy/Telespaces/@DefaultTemplateComponentResouceURL |
Default telespace template component resource URL |
|
ManagedObject/Body/Policy/Telespaces/@MinimumTemplateComponentResouceURL |
Minimum version of telespace template component resource URL.
|
|
ManagedObject/Body/Policy/PKI |
public key infrastructure (PKI) element. Omit if no PKI policy. |
|
ManagedObject/Body/Policy/DeviceManagement |
Device management element. Omit if no device management policies. |
|
ManagedObject/Body/Policy/DeviceManagement/ManagementDomain |
Device management domain element. MUST contain same domain information as the identity’s domain. Omit if no management domain. |
|
ManagedObject/Body/Policy/DeviceManagement/ManagementDomain /@Certificate |
Domain certificate |
|
ManagedObject/Body/Policy/DeviceManagement/ManagementDomain/@DisplayName |
Domain display name |
|
ManagedObject/Body/Policy/DeviceManagement/ManagementDomain/@Name |
Domain GUID |
|
ManagedObject/Body/Policy/DeviceManagement/ManagementDomain /@ReportingInterval |
The value MUST be "60". |
|
ManagedObject/Body/Policy/DeviceManagement/ManagementDomain /@ServerURL |
Domain server URL |
|
/fragment/ManagedObject/Header/ManagementDomain/@ReportingPolicy |
The value MUST be "Management". |
|
/fragment/ManagedObject/Signatures |
Signatures element |
|
/fragment/ManagedObject/Signatures/Signature |
Signature element |