Type Reference

Types

asymmetric-key-type
resource
resource-match
alarm-text
Base Type :string
severity
severity-with-clear
writable-operator-state
operator-state
alarm-type-id
alarm-type-qualifier
Base Type :string
any-scope-including-none
script
Base Type :string
scope
endpoint-types
profile-type
base64-encoded-string
token-issuer-type
token-purpose-type
token-credential-verifier-type
jwt-algorithm
elliptic-curve-name
culture
conf-timeout
token-time-to-live
disablable-token-time-to-live
non-empty-string
attribute-path
attribute-name
system-access-token-claim-name
system-id-token-claim-name
system-user-info-endpoint-claim-name
delegation-claim-name

Identities

base:flow identity

base:flow-identity

This is the base for all oauth flows

base:token-endpoint-identity
Base Type :base:flow-identity

This is the base identity for all token endpoint flows

base:oauth-token-authorization-code
Base Type :base:token-endpoint-identity

The Authorization Code flow grant type on the token endpoint

base:oauth-token-client-credentials
Base Type :base:token-endpoint-identity

The Client Credentials grant type on the token endpoint

base:oauth-token-refresh
Base Type :base:token-endpoint-identity

The Refresh token grant type on the token endpoint

base:oauth-token-resource-owner-password-credentials
Base Type :base:token-endpoint-identity

The OAuth Resource Owner Password credentials grant type on the token endpoint

base:oauth-token-token-exchange
Base Type :base:token-endpoint-identity

The Token Exchange grant type on the token endpoint

base:oauth-token-device-code
Base Type :base:token-endpoint-identity

The Device Code grant type on the token endpoint

base:oauth-token-assertion
Base Type :base:token-endpoint-identity

The Assertion grant type on the token endpoint

base:authorize-endpoint-identity
Base Type :base:flow-identity

This is the base identity for all authorize endpoint flows

base:oauth-authorize-authorization-code
Base Type :base:authorize-endpoint-identity

The Authorization Code flow on the authorization endpoint

base:oauth-authorize-implicit
Base Type :base:authorize-endpoint-identity

The Implicit flow on the authorization endpoint

base:openid-authorize-hybrid
Base Type :base:authorize-endpoint-identity

The Hybrid flow on the authorization endpoint

base:introspect-endpoint-identity
Base Type :base:flow-identity

This is the base identity for all introspection endpoint flows

base:oauth-introspect
Base Type :base:introspect-endpoint-identity

The introspect token flow on the introspection endpoint

base:oauth-introspect-application-jwt
Base Type :base:introspect-endpoint-identity

The introspect token flow on the introspection endpoint (serving Content-Type ‘application/jwt’)

base:device-authorization-identity
Base Type :base:flow-identity

This is the base identity for device authorization flow endpoints

base:oauth-device-authorization
Base Type :base:device-authorization-identity

The device code issuance flow of device verification

base:userinfo-endpoint-identity
Base Type :base:flow-identity

This is the base identity for all userinfo endpoint flows

base:openid-userinfo
Base Type :base:userinfo-endpoint-identity

The UserInfo flow on the userinfo endpoint

base:assisted-token-endpoint-identity
Base Type :base:flow-identity

This is the base identity for all assisted token endpoint flows

base:oauth-assisted-token
Base Type :base:assisted-token-endpoint-identity

The Assisted token flow on the assisted token endpoint

base:session-endpoint-identity
Base Type :base:flow-identity

This is the base identity for all the session endpoint flows

base:openid-session-logout
Base Type :base:session-endpoint-identity

The Logout token flow on the session endpoint

al:alarm type id

al:alarm-type-id

Base identity for alarm types. A unique identification of the alarm, not including the resource. Different resources can share alarm types. If the resource reports the same alarm type, it is considered to be the same alarm. The alarm type is a simplification of the different X.733 and 3GPP Alarm IRP correlation mechanisms, and it allows for hierarchical extensions. A string-based qualifier can be used in addition to the identity in order to have different alarm types based on information not known at design time, such as values in textual SNMP Notification varbinds. Standards and vendors can define sub-identities to clearly identify specific alarm types. This identity is abstract and MUST NOT be used for alarms.

alde:external-service
Base Type :al:alarm-type-id

Alarms related to usages of external services

alde:failed-communication
Base Type :alde:external-service

A failure to communicate with an external service

alde:failed-connection
Base Type :alde:external-service

A failure to connect to an external service

alde:slow-connection
Base Type :alde:external-service

Communication with the external service is slower than acceptable

alde:failed-authentication
Base Type :alde:external-service

Authentication failed when establishing a connection to the external service

alde:system
Base Type :al:alarm-type-id

Alarms related to the internals of Curity

alde:expiry
Base Type :alde:system

Expiry (i.e., expiration) of some resource has or will soon occur

sc:profile identity

sc:profile-identity

This is the base identity for all profiles

um:user-management-service
Base Type :sc:profile-identity

The User Management service identity

auth:authentication-service
Base Type :sc:profile-identity

The Authentication service identity

as:oauth-service
Base Type :sc:profile-identity

The OAuth service identity

sc:authorization actions

sc:authorization-actions

All actions that can be authorized by an authorization manager

um:authorization-actions.user-management
Base Type :sc:authorization-actions

All user-management-related actions that can be authorized by an authorization manager

um:authorization-actions.user-management.admin
Base Type :um:authorization-actions.user-management

The actions that an admin may perform in the user management service that an authorization manager may authorize

um:authorization-actions.user-management.admin.read
Base Type :um:authorization-actions.user-management.admin

The action that is used for all read-only operations in the user management service that an authorization manager may authorize

um:authorization-actions.user-management.admin.write
Base Type :um:authorization-actions.user-management.admin

The action that is used for all write operations in the user management service that an authorization manager may authorize

um:authorization-actions.user-management.delegations
Base Type :um:authorization-actions.user-management

The actions that may be performed in the delegations endpoint that an authorization manager may authorize

um:authorization-actions.user-management.delegations.admin
Base Type :um:authorization-actions.user-management.delegations

The actions that an admin may perform in the delegations endpoint that an authorization manager may authorize

um:authorization-actions.user-management.delegations.admin.write
Base Type :um:authorization-actions.user-management.delegations.admin

The actions that is used for all admin write operations in the delegations endpoint that an authorization manager may authorize

um:authorization-actions.user-management.delegations.admin.read
Base Type :um:authorization-actions.user-management.delegations.admin

The actions that is used for all admin read operations in the delegations endpoint that an authorization manager may authorize

um:authorization-actions.user-management.delegations.user
Base Type :um:authorization-actions.user-management.delegations

The action that is used for all read-only operations in the delegations endpoint service that an authorization manager may authorize

um:authorization-actions.user-management.delegations.user.read
Base Type :um:authorization-actions.user-management.delegations.user

The actions that is used for all user read operations in the delegations endpoint that an authorization manager may authorize

um:authorization-actions.user-management.delegations.user.write
Base Type :um:authorization-actions.user-management.delegations.user

The actions that is used for all user write operations in the delegations endpoint that an authorization manager may authorize

um:authorization-actions.user-management.users
Base Type :um:authorization-actions.user-management

The actions that may be performed in the users endpoint that an authorization manager may authorize

um:authorization-actions.user-management.users.admin
Base Type :um:authorization-actions.user-management.users

The actions that an admin may perform in the users endpoint that an authorization manager may authorize

um:authorization-actions.user-management.users.admin.write
Base Type :um:authorization-actions.user-management.users.admin

The actions that is used for all admin write operations in the users endpoint that an authorization manager may authorize

um:authorization-actions.user-management.users.admin.read
Base Type :um:authorization-actions.user-management.users.admin

The actions that is used for all admin read operations in the users endpoint that an authorization manager may authorize

um:authorization-actions.user-management.users.user
Base Type :um:authorization-actions.user-management.users

The action that is used for all read-only operations in the users endpoint service that an authorization manager may authorize

um:authorization-actions.user-management.users.user.read
Base Type :um:authorization-actions.user-management.users.user

The actions that is used for all user read operations in the users endpoint that an authorization manager may authorize

um:authorization-actions.user-management.users.user.write
Base Type :um:authorization-actions.user-management.users.user

The actions that is used for all user write operations in the users endpoint that an authorization manager may authorize

um:authorization-actions.user-management.read
Base Type :sc:authorization-actions

The action that is used for read-only operations for any type of user

um:authorization-actions.user-management.write
Base Type :sc:authorization-actions

The action that is used for write-only operations for any type of user

as:authorization-actions.oauth
Base Type :sc:authorization-actions

All oauth-related actions that can be authorized by an authorization manager

as:authorization-actions.oauth.user-read
Base Type :as:authorization-actions.oauth

The action that is used for all user read operations in the user info endpoint that an authorization manager may authorize