sdk/fidl/fuchsia.identity.account/common.fidl - fuchsia - Git at Google

 // Copyright 2018 The Fuchsia Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 library fuchsia.identity.account;
 using fuchsia.sys;

 /// The maximum number of Fuchsia accounts that may be simultaneously
 /// provisioned on a device. This number may be increased in the future.
 const uint32 MAX_ACCOUNTS_PER_DEVICE = 128;

 /// The maximum number of personae that may be simultaneously defined within a
 /// Fuchsia account. This number may be increased in the future.
 const uint32 MAX_PERSONAE_PER_ACCOUNT = 128;

 /// The maximum length of the global Fuchsia account and persona identifiers,
 /// in bytes.
 const uint32 MAX_ID_SIZE = 256;

 /// The maximum length of the (UTF-8 encoded) human readable names, in bytes.
 const uint32 MAX_NAME_SIZE = 128;

 /// The maximum length of an (UTF-8 encoded) auth provider type, in bytes.
 const uint32 MAX_AUTH_PROVIDER_TYPE_SIZE = 128;

 /// The maximum number of authentication mechanisms that can be registered
 /// for a device.
 const uint32 MAX_AUTH_MECHANISMS = 16;

 /// The maximum number of authentication mechanism enrollments that may be
 /// simultaneously defined within a Fuchsia account.
 const uint32 MAX_AUTH_MECHANISM_ENROLLMENTS = 32;

 /// Provides an upper bound to how long a Fuchsia account can live on the
 /// current device.
 enum Lifetime : uint8 {
     /// The account lives at the longest to the end of the power cycle it
     /// was created in.
     EPHEMERAL = 1;
     /// The account lives on the device until it is removed.
     PERSISTENT = 2;
 };

 /// A globally unique identifier for a Fuchsia account that is constant across
 /// the devices that the account is provisioned on. Identifiers are not human
 /// readable.
 alias GlobalAccountId = bytes:MAX_ID_SIZE;

 /// A unique identifier for a Fuchsia account on the current device. If the
 /// account is removed and re-added it will receive a different LocalAccountId.
 /// The same account will have different LocalAccountIds on different devices
 /// and a particular LocalAccountId value may refer to different accounts on
 /// different devices.
 alias LocalAccountId = uint64;

 /// A unique identifier for a Persona of a Fuchsia account on the current
 /// device. If the account is removed and re-added its personae will receive
 /// different LocalPersonaIds. A particular LocalPersonaId value may refer to
 /// different personae and/or different accounts on different devices. The
 /// LocalAccountId for an account cannot be derived from the LocalPersonaId of
 /// its personae.
 alias LocalPersonaId = uint64;

 /// Specifies the reason that a fuchsia.identity.account method failed.
 enum Error {
     /// Some other problem occurred that cannot be classified using one of the
     /// more specific statuses. Retry is optional.
     UNKNOWN = 1;

     /// An internal error occurred. This usually indicates a bug within the
     /// account system itself. Retry is optional.
     INTERNAL = 2;

     /// The requested operation is not supported. This generally indicates that
     /// implementation of a new feature is not yet complete. The request should
     /// not be retried.
     UNSUPPORTED_OPERATION = 3;

     /// The request was malformed in some way, such as using an empty string for
     /// auth_provider_type. The request should not be retried.
     INVALID_REQUEST = 4;

     /// A local resource error occurred such as I/O, FIDL, or memory allocation
     /// failure. Retry, after a delay, is recommended.
     RESOURCE = 5;

     /// A network error occurred while communicating with an auth server.
     /// Retry, after a delay, is recommended.
     NETWORK = 6;

     /// The requested account or persona is not present on the current device.
     /// The request should not be retried.
     NOT_FOUND = 7;

     /// The request cannot be processed due to an ongoing account or persona
     /// removal. The removal is not guaranteed to suceed and so retry, after
     /// a delay, is recommended.
     REMOVAL_IN_PROGRESS = 8;

     /// The server is not in the state required to perform the requested
     /// operation. The request should not be retried unless the server state
     /// has been corrected before the retry.
     FAILED_PRECONDITION = 9;

     /// The request cannot be processed due to a rejected authentication
     /// attempt. User consent or input is required before any retry.
     FAILED_AUTHENTICATION = 10;

     // This enumeration may expand to include additional statuses in the future.
     // Examples are likely to include: MAX_LISTENERS, NO_SUITABLE_AUTHENTICATOR,
     // INVALID_AUTH_PROVIDER,
 };

 /// A fuchsia component URI pointing to a component containing an authentication
 /// mechanism. It acts as a unique, stable identifier representing an
 /// authentication mechanism.
 // TODO(dnordstrom): Allow multiple authentication mechanisms in the same
 // component.
 // TODO(fxb/65218): Replace with an alias.
 using AuthMechanismId = fuchsia.sys.component_url;

 /// Properties describing the authentication mechanism.
 struct AuthMechanismProperties {
     /// A unique identifier for the authentication mechanism.
     AuthMechanismId id;

     /// If true, the authentication mechanism can be used for storage unlock.
     bool storage_unlock;

     // TODO(dnordstrom): Add more properties as they become useful to clients.
 };

 /// An identifier for an enrollment of an authentication mechanism. It is
 /// unique within an account and an authentication mechanism.
 alias AuthMechanismEnrollmentId = uint64;

 /// Metadata about an enrollment, such as a human readable name.
 struct AuthMechanismEnrollmentMetadata {
     /// A unique identifier associated with the enrollment.
     AuthMechanismEnrollmentId id;

     /// A short text describing the enrollment, e.g. "right thumb" for a
     /// fingerprint authenticator.
     string:MAX_NAME_SIZE name;

     // TODO(dnordstrom): Add field for date created.
 };
	// Copyright 2018 The Fuchsia Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	library fuchsia.identity.account;
	using fuchsia.sys;

	/// The maximum number of Fuchsia accounts that may be simultaneously
	/// provisioned on a device. This number may be increased in the future.
	const uint32 MAX_ACCOUNTS_PER_DEVICE = 128;

	/// The maximum number of personae that may be simultaneously defined within a
	/// Fuchsia account. This number may be increased in the future.
	const uint32 MAX_PERSONAE_PER_ACCOUNT = 128;

	/// The maximum length of the global Fuchsia account and persona identifiers,
	/// in bytes.
	const uint32 MAX_ID_SIZE = 256;

	/// The maximum length of the (UTF-8 encoded) human readable names, in bytes.
	const uint32 MAX_NAME_SIZE = 128;

	/// The maximum length of an (UTF-8 encoded) auth provider type, in bytes.
	const uint32 MAX_AUTH_PROVIDER_TYPE_SIZE = 128;

	/// The maximum number of authentication mechanisms that can be registered
	/// for a device.
	const uint32 MAX_AUTH_MECHANISMS = 16;

	/// The maximum number of authentication mechanism enrollments that may be
	/// simultaneously defined within a Fuchsia account.
	const uint32 MAX_AUTH_MECHANISM_ENROLLMENTS = 32;

	/// Provides an upper bound to how long a Fuchsia account can live on the
	/// current device.
	enum Lifetime : uint8 {
	/// The account lives at the longest to the end of the power cycle it
	/// was created in.
	EPHEMERAL = 1;
	/// The account lives on the device until it is removed.
	PERSISTENT = 2;
	};

	/// A globally unique identifier for a Fuchsia account that is constant across
	/// the devices that the account is provisioned on. Identifiers are not human
	/// readable.
	alias GlobalAccountId = bytes:MAX_ID_SIZE;

	/// A unique identifier for a Fuchsia account on the current device. If the
	/// account is removed and re-added it will receive a different LocalAccountId.
	/// The same account will have different LocalAccountIds on different devices
	/// and a particular LocalAccountId value may refer to different accounts on
	/// different devices.
	alias LocalAccountId = uint64;

	/// A unique identifier for a Persona of a Fuchsia account on the current
	/// device. If the account is removed and re-added its personae will receive
	/// different LocalPersonaIds. A particular LocalPersonaId value may refer to
	/// different personae and/or different accounts on different devices. The
	/// LocalAccountId for an account cannot be derived from the LocalPersonaId of
	/// its personae.
	alias LocalPersonaId = uint64;

	/// Specifies the reason that a fuchsia.identity.account method failed.
	enum Error {
	/// Some other problem occurred that cannot be classified using one of the
	/// more specific statuses. Retry is optional.
	UNKNOWN = 1;

	/// An internal error occurred. This usually indicates a bug within the
	/// account system itself. Retry is optional.
	INTERNAL = 2;

	/// The requested operation is not supported. This generally indicates that
	/// implementation of a new feature is not yet complete. The request should
	/// not be retried.
	UNSUPPORTED_OPERATION = 3;

	/// The request was malformed in some way, such as using an empty string for
	/// auth_provider_type. The request should not be retried.
	INVALID_REQUEST = 4;

	/// A local resource error occurred such as I/O, FIDL, or memory allocation
	/// failure. Retry, after a delay, is recommended.
	RESOURCE = 5;

	/// A network error occurred while communicating with an auth server.
	/// Retry, after a delay, is recommended.
	NETWORK = 6;

	/// The requested account or persona is not present on the current device.
	/// The request should not be retried.
	NOT_FOUND = 7;

	/// The request cannot be processed due to an ongoing account or persona
	/// removal. The removal is not guaranteed to suceed and so retry, after
	/// a delay, is recommended.
	REMOVAL_IN_PROGRESS = 8;

	/// The server is not in the state required to perform the requested
	/// operation. The request should not be retried unless the server state
	/// has been corrected before the retry.
	FAILED_PRECONDITION = 9;

	/// The request cannot be processed due to a rejected authentication
	/// attempt. User consent or input is required before any retry.
	FAILED_AUTHENTICATION = 10;

	// This enumeration may expand to include additional statuses in the future.
	// Examples are likely to include: MAX_LISTENERS, NO_SUITABLE_AUTHENTICATOR,
	// INVALID_AUTH_PROVIDER,
	};

	/// A fuchsia component URI pointing to a component containing an authentication
	/// mechanism. It acts as a unique, stable identifier representing an
	/// authentication mechanism.
	// TODO(dnordstrom): Allow multiple authentication mechanisms in the same
	// component.
	// TODO(fxb/65218): Replace with an alias.
	using AuthMechanismId = fuchsia.sys.component_url;

	/// Properties describing the authentication mechanism.
	struct AuthMechanismProperties {
	/// A unique identifier for the authentication mechanism.
	AuthMechanismId id;

	/// If true, the authentication mechanism can be used for storage unlock.
	bool storage_unlock;

	// TODO(dnordstrom): Add more properties as they become useful to clients.
	};

	/// An identifier for an enrollment of an authentication mechanism. It is
	/// unique within an account and an authentication mechanism.
	alias AuthMechanismEnrollmentId = uint64;

	/// Metadata about an enrollment, such as a human readable name.
	struct AuthMechanismEnrollmentMetadata {
	/// A unique identifier associated with the enrollment.
	AuthMechanismEnrollmentId id;

	/// A short text describing the enrollment, e.g. "right thumb" for a
	/// fingerprint authenticator.
	string:MAX_NAME_SIZE name;

	// TODO(dnordstrom): Add field for date created.
	};