{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://mtlsfed.se/schema/matf-metadata-schema.json", "title": "JSON Schema for Mutually Authenticating TLS in the context of Federations,", "description": "Version: 1.0.0", "type": "object", "additionalProperties": true, "required": [ "version", "entities" ], "properties": { "version": { "title": "Metadata schema version", "description": "Schema version follows semantic versioning (https://semver.org)", "type": "string", "pattern": "^\\d+\\.\\d+\\.\\d+$", "examples": [ "1.0.0" ] }, "cache_ttl": { "title": "Metadata cache TTL", "description": "How long (in seconds) to cache metadata. Effective maximum TTL is the minimum of HTTP Expire and TTL", "type": "integer", "minimum": 0, "examples": [ 3600 ] }, "entities": { "type": "array", "items": { "$ref": "#/$defs/entity" } } }, "$defs": { "entity": { "type": "object", "additionalProperties": true, "required": [ "entity_id", "issuers" ], "properties": { "entity_id": { "title": "Entity identifier", "description": "Globally unique identifier for the entity.", "type": "string", "format": "uri", "examples": [ "https://example.com" ] }, "organization": { "title": "Name of entity organization", "description": "Name identifying the organization that the entity's metadata represents.", "type": "string", "examples": [ "Example Org" ] }, "issuers": { "title": "Entity certificate issuers", "description": "A list of certificate issuers that are allowed to issue certificates for the entity's endpoints. For each issuer, the issuer's root CA certificate is included in the x509certificate property (PEM-encoded).", "type": "array", "items": { "$ref": "#/$defs/cert_issuers" } }, "servers": { "type": "array", "items": { "$ref": "#/$defs/endpoint" } }, "clients": { "type": "array", "items": { "$ref": "#/$defs/endpoint" } } } }, "endpoint": { "type": "object", "additionalProperties": true, "required": [ "pins" ], "properties": { "description": { "title": "Endpoint description", "type": "string", "examples": [ "SCIM Server 1" ] }, "tags": { "title": "Endpoint tags", "description": "A list of strings that describe the endpoint's capabilities.", "type": "array", "items": { "type": "string", "pattern": "^[a-z0-9]{1,64}$", "examples": [ "xyzzy" ] } }, "base_uri": { "title": "Endpoint base URI", "type": "string", "format": "uri", "examples": [ "https://scim.example.com" ] }, "pins": { "title": "Certificate pin set", "type": "array", "items": { "$ref": "#/$defs/pin_directive" } } } }, "cert_issuers": { "title": "Certificate issuers", "type": "object", "additionalProperties": false, "properties": { "x509certificate": { "title": "X.509 Certificate (PEM)", "type": "string" } } }, "pin_directive": { "title": "RFC 7469 pin directive", "type": "object", "additionalProperties": false, "required": [ "alg", "digest" ], "properties": { "alg": { "title": "Directive name", "type": "string", "enum": [ "sha256" ], "examples": [ "sha256" ] }, "digest": { "title": "Directive value (Base64)", "type": "string", "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$", "examples": [ "HiMkrb4phPSP+OvGqmZd6sGvy7AUn4k3XEe8OMBrzt8=" ] } } } } }