resource
resource-match
alarm-text
severity
severity-with-clear
writable-operator-state
operator-state
alarm-type-id
alarm-type-qualifier
asymmetric-key-type
any-scope-including-none
script
scope
endpoint-types
profile-type
base64-encoded-string
token-issuer-type
token-purpose-type
token-credential-verifier-type
jwt-algorithm
elliptic-curve-name
culture
conf-timeout
token-time-to-live
disablable-token-time-to-live
non-empty-string
attribute-path
attribute-name
system-access-token-claim-name
system-id-token-claim-name
system-user-info-endpoint-claim-name
system-wrapper-token-claim-name
delegation-claim-name
al:alarm type id
al:alarm-type-id
Base identity for alarm types. A unique identification of the alarm, not including the resource. Different resources can share alarm types. If the resource reports the same alarm type, it is considered to be the same alarm. The alarm type is a simplification of the different X.733 and 3GPP Alarm IRP correlation mechanisms, and it allows for hierarchical extensions. A string-based qualifier can be used in addition to the identity in order to have different alarm types based on information not known at design time, such as values in textual SNMP Notification varbinds. Standards and vendors can define sub-identities to clearly identify specific alarm types. This identity is abstract and MUST NOT be used for alarms.
alde:external-service
Alarms related to usages of external services
alde:failed-communication
A failure to communicate with an external service
alde:failed-connection
A failure to connect to an external service
alde:slow-connection
Communication with the external service is slower than acceptable
alde:failed-authentication
Authentication failed when establishing a connection to the external service
alde:system
Alarms related to the internals of Curity
alde:expiry
Expiry (i.e., expiration) of some resource has or will soon occur
base:flow identity
base:flow-identity
This is the base for all oauth flows
base:token-endpoint-identity
This is the base identity for all token endpoint flows
base:oauth-token-authorization-code
The Authorization Code flow grant type on the token endpoint
base:oauth-token-client-credentials
The Client Credentials grant type on the token endpoint
base:oauth-token-refresh
The Refresh token grant type on the token endpoint
base:oauth-token-resource-owner-password-credentials
The OAuth Resource Owner Password credentials grant type on the token endpoint
base:oauth-token-token-exchange
The Token Exchange grant type on the token endpoint
base:oauth-token-device-code
The Device Code grant type on the token endpoint
base:oauth-token-assertion
The Assertion grant type on the token endpoint
base:oauth-token-backchannel-authentication
The Backchannel Authentication (CIBA) grant type on the token endpoint
base:authorize-endpoint-identity
This is the base identity for all authorize endpoint flows
base:oauth-authorize-authorization-code
The Authorization Code flow on the authorization endpoint
base:oauth-authorize-implicit
The Implicit flow on the authorization endpoint
base:openid-authorize-hybrid
The Hybrid flow on the authorization endpoint
base:introspect-endpoint-identity
This is the base identity for all introspection endpoint flows
base:oauth-introspect
The introspect token flow on the introspection endpoint
base:oauth-introspect-application-jwt
The introspect token flow on the introspection endpoint (serving Content-Type ‘application/jwt’)
base:device-authorization-identity
This is the base identity for device authorization flow endpoints
base:oauth-device-authorization
The device code issuance flow of device verification
base:userinfo-endpoint-identity
This is the base identity for all userinfo endpoint flows
base:openid-userinfo
The UserInfo flow on the userinfo endpoint
base:assisted-token-endpoint-identity
This is the base identity for all assisted token endpoint flows
base:oauth-assisted-token
The Assisted token flow on the assisted token endpoint
base:session-endpoint-identity
This is the base identity for all the session endpoint flows
base:openid-session-logout
The Logout token flow on the session endpoint
base:backchannel-authentication-identity
The is the base identity for backchannel authentication (CIBA) flow endpoints
base:oauth-backchannel-authentication
The backchannel authentication endpoint for initiating a CIBA flow
sc:profile identity
sc:profile-identity
This is the base identity for all profiles
as:oauth-service
The OAuth service identity
auth:authentication-service
The Authentication service identity
um:user-management-service
The User Management service identity
sc:authorization actions
sc:authorization-actions
All actions that can be authorized by an authorization manager
as:authorization-actions.oauth
All oauth-related actions that can be authorized by an authorization manager
as:authorization-actions.oauth.user-read
The action that is used for all user read operations in the user info endpoint that an authorization manager may authorize
um:authorization-actions.user-management
All user-management-related actions that can be authorized by an authorization manager
um:authorization-actions.user-management.admin
The actions that an admin may perform in the user management service that an authorization manager may authorize
um:authorization-actions.user-management.admin.read
The action that is used for all read-only operations in the user management service that an authorization manager may authorize
um:authorization-actions.user-management.admin.write
The action that is used for all write operations in the user management service that an authorization manager may authorize
um:authorization-actions.user-management.delegations
The actions that may be performed in the delegations endpoint that an authorization manager may authorize
um:authorization-actions.user-management.delegations.admin
The actions that an admin may perform in the delegations endpoint that an authorization manager may authorize
um:authorization-actions.user-management.delegations.admin.write
The actions that is used for all admin write operations in the delegations endpoint that an authorization manager may authorize
um:authorization-actions.user-management.delegations.admin.read
The actions that is used for all admin read operations in the delegations endpoint that an authorization manager may authorize
um:authorization-actions.user-management.delegations.user
The action that is used for all read-only operations in the delegations endpoint service that an authorization manager may authorize
um:authorization-actions.user-management.delegations.user.read
The actions that is used for all user read operations in the delegations endpoint that an authorization manager may authorize
um:authorization-actions.user-management.delegations.user.write
The actions that is used for all user write operations in the delegations endpoint that an authorization manager may authorize
um:authorization-actions.user-management.users
The actions that may be performed in the users endpoint that an authorization manager may authorize
um:authorization-actions.user-management.users.admin
The actions that an admin may perform in the users endpoint that an authorization manager may authorize
um:authorization-actions.user-management.users.admin.write
The actions that is used for all admin write operations in the users endpoint that an authorization manager may authorize
um:authorization-actions.user-management.users.admin.read
The actions that is used for all admin read operations in the users endpoint that an authorization manager may authorize
um:authorization-actions.user-management.users.user
The action that is used for all read-only operations in the users endpoint service that an authorization manager may authorize
um:authorization-actions.user-management.users.user.read
The actions that is used for all user read operations in the users endpoint that an authorization manager may authorize
um:authorization-actions.user-management.users.user.write
The actions that is used for all user write operations in the users endpoint that an authorization manager may authorize
um:authorization-actions.user-management.read
The action that is used for read-only operations for any type of user
um:authorization-actions.user-management.write
The action that is used for write-only operations for any type of user