| // Copyright 2019 The Fuchsia Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| library fuchsia.identity.account; |
| |
| /// An assessment of whether the account owner is present. |
| type Presence = strict enum { |
| /// The account itself is locked and inaccessible. |
| LOCKED = 1; |
| |
| /// The account owner is marked as absent. |
| ABSENT = 2; |
| |
| /// No information (either affirming or dissenting) is available about the |
| /// current presence of the account owner. |
| PRESENCE_UNKNOWN = 3; |
| |
| /// The account owner is marked as present. |
| PRESENT = 4; |
| }; |
| |
| /// An assessment of whether the account owner is engaged. |
| type Engagement = strict enum { |
| /// The account itself is locked and inaccessible. |
| LOCKED = 1; |
| |
| /// The account owner is marked as disengaged. |
| DISENGAGED = 2; |
| |
| /// No information (either affirming or dissenting) is available about the |
| /// current engagement of the account owner. |
| ENGAGEMENT_UNKNOWN = 3; |
| |
| /// The account owner is marked as engaged. |
| ENGAGED = 4; |
| }; |
| |
| /// A type of attacker to consider when creating authentication states. |
| type ThreatScenario = strict enum { |
| /// No attackers are considered. |
| NONE = 1; |
| |
| /// People that may typically and frequently gain access to a user's device |
| /// are considered. Examples include nefarious roommates, coworkers, |
| /// houseguests, family members, or thieves. We assume limited technical |
| /// skills and/or motivation and commonly available technology. |
| /// |
| /// Additionally, remote abusers performing an (initially untargeted) attack |
| /// are considered. We assume these attackers use the standard tools of |
| /// their trade such as password dumps, phishing toolkits, brute forcing, or |
| /// stolen identities. |
| BASIC_ATTACKER = 2; |
| |
| /// Technologically capable people or organizations who are motivated to |
| /// perform a targeted attack on a user are considered. Examples include |
| /// freelance security professionals, organized crime, law enforcement, and |
| /// government agencies. |
| ADVANCED_ATTACKER = 3; |
| }; |
| |
| /// Defines the context to consider when creating authentication states. |
| @max_handles("0") |
| type Scenario = struct { |
| /// If true, experimental or test authenticators are included when creating |
| /// authentication states and MUST NOT be used to hand out sensitive user |
| /// information. |
| include_test bool; |
| |
| /// Defines the threat scenario to consider when creating |
| /// authentication states. |
| threat_scenario ThreatScenario; |
| }; |
| |
| /// A high level assessment of whether the account owner is present and engaged. |
| type AuthStateSummary = strict enum { |
| |
| /// The account itself is locked and inaccessible. |
| LOCKED = 1; |
| |
| /// The account owner is probably physically close to the device but cannot |
| /// be said to be either actively using the device or be physically close |
| /// it. |
| NOT_KNOWN_TO_BE_PRESENT_OR_ENGAGED = 2; |
| |
| /// The account owner is probably physically close to the device but cannot |
| /// be said to be actively using it. |
| PRESENT_WITHOUT_KNOWN_ENGAGEMENT = 3; |
| |
| /// The account owner is probably actively using the device. |
| ENGAGED = 4; |
| }; |
| |
| /// An assessment of the current presence and engagement of an account owner, |
| /// under the provided scenario, including the system's confidence in that |
| /// assessment and its timeliness. |
| @max_handles("0") |
| type AuthState = struct { |
| /// The scenario that was considered when creating this authentication |
| /// state. |
| scenario Scenario; |
| |
| /// A high level assessment of whether the account owner is present and |
| /// engaged. |
| summary AuthStateSummary; |
| |
| /// An assessment of whether the account owner is present. |
| presence Presence; |
| |
| /// An assessment of whether the account owner is engaged. |
| engagement Engagement; |
| |
| // TODO(jsankey): Add additional fields to express timeliness and |
| // confidence. |
| }; |
| |
| /// An expression of the types of changes to an auth state that should be |
| /// reported over listener interfaces. By default no changes will be reported. |
| @max_handles("0") |
| type AuthChangeGranularity = struct { |
| /// If true, any changes in the `AuthStateSummary` enumeration will be |
| /// reported. |
| summary_changes bool; |
| |
| /// If true, any changes in the `AuthState.presence` enumeration will |
| /// be reported. |
| presence_changes bool; |
| |
| /// If true, any changes in the `AuthState.engagement` enumeration will |
| /// be reported. |
| engagement_changes bool; |
| }; |