module ietf-delegated-voucher {
yang-version 1.1;
namespace
"urn:ietf:params:xml:ns:yang:ietf-delegated-voucher";
prefix "delegated";
import ietf-restconf {
prefix rc;
description
"This import statement is only present to access
the yang-data extension defined in RFC 8040.";
reference "RFC 8040: RESTCONF Protocol";
}
// maybe should import from constrained-voucher instead!
import ietf-voucher {
prefix "v";
}
organization
"IETF ANIMA Working Group";
contact
"WG Web:
WG List:
Author: Michael Richardson
";
description
"This module extends the RFC8366 voucher format to provide
a mechanism by which the authority to issue additional vouchers
may be delegated to another entity
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY',
and 'OPTIONAL' in the module text are to be interpreted as
described in BCP 14 RFC 2119, and RFC8174.";
revision "2020-01-06" {
description
"Initial version";
reference
"RFC XXXX: Voucher Profile for Delegation Vouchers";
}
rc:yang-data voucher-delegated-artifact {
// YANG data template for a voucher.
uses voucher-delegated-grouping;
}
// Grouping defined for future usage
grouping voucher-delegated-grouping {
description
"Grouping to allow reuse/extensions in future work.";
uses v:voucher-artifact-grouping {
refine voucher/pinned-domain-cert {
mandatory false;
}
augment "voucher" {
description "Base the delegated voucher
upon the regular one";
leaf delegation-enable-flag {
type boolean;
description
"A global enable flag to the pledge that it can be delegated
(true) or not (false). With default, this flag is false,
which is consistent with the voucher artifact in RFC8366. ";
}
leaf pinned-delegation-cert-authority {
type binary;
description
"An subject-public-key-info for a public key of the
certificate authority that is to be trusted to issue
a delegation voucher to the Registrar.
This is not used by end-vouchers, and only valid
when delegation-enable-flag is true.";
}
leaf pinned-delegation-cert-name {
type binary;
description
"A string for the rfc822Name SubjectAltName contents
which will be trusted to issue delegation vouchers.
This is not used by end-vouchers, and only valid
when delegation-enable-flag is true.";
}
leaf delegation-voucher {
type binary;
description
"The intermediate voucher that delegates
authority to the entity that signs this voucher
is to be included here, and only valid
when delegation-enable-flag is true.";
}
leaf intermediate-identities {
type binary;
description
"A set of identities that will be needed to
validate the chain of vouchers, and only valid
when delegation-enable-flag is true. MAY BE REDUNDANT";
}
leaf delegation-countdown {
type int16;
description
"Number of delegations still available, and only valid
when delegation-enable-flag is true. If zero
or omitted, then this is a terminal voucher and
may not be further delegated";
}
}
}
}
}