Product Documentation
The following schema (V3) defines the structure of SKFS Policy definitions. To learn more about JSON schema, please visit https://json-schema.org/ and Understanding JSON Schema.
If you are planning to define your own policy definitions, it is strongly recommended that you validate your policy definition against this schema file before attempting to load it into SKFS. Any errors in the policy definition will cause errors and will render the policy useless as SKFS attempts to parse through the policy—SKFS is likely to throw runtime exceptions.
You are welcome to use any JSON schema validation tool, but this site is particularly useful—all you have to do is paste the JSON schema file on the left side and your policy definition/changes on the right. If everything is accurate, you will see positive confirmation immediately.
{
"$schema": "http://json-schema.org/schema#",
"FidoPolicy": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"copyright": {
"type": "string"
},
"version": {
"type": "string"
},
"startDate": {
"type": "string"
},
"endDate": {
"type": "string"
},
"system": {
"type": "object",
"properties": {
"did": {
"type": "number",
"minimum": 1
},
"requireCounter": {
"type": "string",
"enum": ["mandatory", "optional"]
},
"integritySignatures": {
"type": "boolean"
},
"userVerification": {
"type": "array",
"items": {
"type": "string",
"enum": ["required", "preferred", "discouraged"]
},
"uniqueItems": true,
"minItems": 1,
"maxItems": 3
},
"userPresenceTimeout": {
"type": "number",
"minimum": 0
},
"allowedAaguids": {
"type": "array",
"items": {
"type": "string"
},
"uniqueItems": true,
"minItems": 1
},
"transport": {
"type": "array",
"items": {
"type": "string",
"enum": ["usb", "nfc", "ble", "internal"]
},
"uniqueItems": true,
"minItems": 1,
"maxItems": 4
}
},
"required": ["did",
"requireCounter",
"integritySignatures",
"userVerification",
"userPresenceTimeout",
"allowedAaguids"
],
"additionalProperties": false
},
"crossOrigin": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean"
},
"allowedOrigins": {
"type": "array",
"items": {
"type": "string"
},
"uniqueItems": true,
"minItems": 1
}
}
},
"algorithms": {
"type": "object",
"properties": {
"curves": {
"type": "array",
"items": {
"type": "string",
"enum": ["none", "secp256r1", "secp384r1", "secp521r1", "curve25519"]
},
"uniqueItems": true,
"minItems": 1,
"maxItems": 5
},
"rsa": {
"type": "array",
"items": {
"type": "string",
"enum": ["none", "RS256", "RS384", "RS512", "PS256", "PS384", "PS384"]
},
"uniqueItems": true,
"minItems": 1,
"maxItems": 6
},
"signatures": {
"type": "array",
"items": {
"type": "string",
"enum": ["none", "ES256", "ES384", "ES512", "EdDSA", "ES256K"]
},
"uniqueItems": true,
"minItems": 1,
"maxItems": 5
}
},
"required": ["curves", "rsa", "signatures"],
"additionalProperties": false
},
"attestation": {
"type": "object",
"properties": {
"conveyance": {
"type": "array",
"items": {
"type": "string",
"enum": ["none", "indirect", "direct", "enterprise"]
},
"uniqueItems": true,
"minItems": 1,
"maxItems": 4
},
"formats": {
"type": "array",
"items": {
"type": "string",
"enum": ["fido-u2f", "packed", "tpm", "android-key", "android-safetynet", "apple", "none"]
},
"uniqueItems": true,
"minItems": 1,
"maxItems": 7
},
"enterprise": {
"type": "object",
"properties": {
"attestationType": {
"type": "string"
},
"authorizedRpid": {
"type": "array",
"items": {
"type": "string"
},
"uniqueItems": true
},
"authorizedTruststore": {
"type": "array",
"items": {
"type": "string"
},
"uniqueItems": true
},
"authorizedSerial": {
"type": "array",
"items": {
"type": "string"
},
"uniqueItems": true
},
"authorizedDN": {
"type": "array",
"items": {
"type": "string"
},
"uniqueItems": true
},
"requiredOID": {
"type": "string"
}
},
"required": ["attestationType", "authorizedRpid", "authorizedTruststore", "authorizedSerial", "authorizedDN", "requiredOID"],
"additionalProperties": false
}
},
"required": ["attestation", "formats"],
"additionalProperties": false
},
"registration": {
"type": "object",
"properties": {
"displayName": {
"type": "string",
"enum": ["required", "optional"]
},
"attachment": {
"type": "array",
"items": {
"type": "string",
"enum": ["platform", "cross-platform"]
},
"uniqueItems": true,
"minItems": 1,
"maxItems": 2
},
"discoverableCredential": {
"type": "array",
"items": {
"type": "string",
"enum": ["required", "preferred", "discouraged"]
},
"uniqueItems": true,
"minItems": 1,
"maxItems": 3
},
"excludeCredentials": {
"type": "string",
"enum": ["enabled", "disabled"]
}
},
"required": ["displayName", "attachment", "discoverableCredential", "excludeCredentials"],
"additionalProperties": false
},
"authentication": {
"type": "object",
"properties": {
"allowCredentials": {
"type": "string",
"enum": ["enabled", "disabled"]
}
},
"required": ["allowCredentials"],
"additionalProperties": false
},
"authorization": {
"type": "object",
"properties": {
"maxdataLength": {
"type": "number",
"minimum": 1
},
"preserve": {
"type": "boolean"
}
},
"required": ["maxdataLength", "preserve"],
"additionalProperties": false
},
"rp": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"required": ["name", "id"],
"additionalProperties": false
},
"extensions": {
"type": "object",
"properties": {
"uvm": {
"type": "object",
"properties": {
"allowedMethods": {
"type": "array",
"items": {
"type": "string",
"enum": ["presence",
"fingerprint",
"passcode",
"voiceprint",
"faceprint",
"location",
"eyeprint",
"pattern",
"handprint",
"all"
]
},
"uniqueItems": true,
"minItems": 1,
"maxItems": 9
},
"allowedKeyProtections": {
"type": "array",
"items": {
"type": "string",
"enum": ["software", "hardware", "tee", "secureElement", "remoteHandle", "all"]
},
"uniqueItems": true,
"minItems": 1,
"maxItems": 5
},
"allowedProtectionTypes": {
"type": "array",
"items": {
"type": "string",
"enum": ["software", "tee", "chip", "all"]
},
"uniqueItems": true,
"minItems": 1,
"maxItems": 3
}
},
"required": ["allowedMethods", "allowedKeyProtections", "allowedProtectionTypes"],
"additionalProperties": "false"
},
"largeBlobSupport": {
"type": "string",
"enum": ["prefered", "required"]
}
},
"additionalProperties": false
},
"mds": {
"type": "object",
"properties": {
"authenticatorStatusReport": {
"type": "array",
"items": {
"type": "object",
"properties": {
"status": {
"type": "string"
},
"priority": {
"type": "string"
},
"decision": {
"type": "string"
}
},
"required": ["status", "priority", "decision"],
"additionalProperties": false
}
}
},
"required": ["authenticatorStatusReport"],
"additionalProperties": false
},
"jwt": {
"type": "object",
"properties": {
"algorithms": {
"type": "array",
"items": {
"type": "string",
"enum": ["ES256", "ES384", "ES521"]
},
"uniqueItems": true,
"minItems": 1,
"maxItems": 3
},
"duration": {
"type": "number",
"minimum": 1
},
"required": {
"type": "array",
"items": {
"type": "string",
"enum": ["rpid", "iat", "exp", "cip", "uname", "agent"]
},
"uniqueItems": true,
"minItems": 1,
"maxItems": 6
}
},
"required": ["algorithms", "duration", "required"],
"additionalProperties": false
},
"signcerts": {
"type": "object",
"properties": {
"rootca": {
"type": "object",
"properties": {
"subjectdn": {
"type": "string"
},
"serialnumber": {
"type": "string"
},
"pemcert": {
"type": "string"
},
"jwtcerts": {
"type": "object",
"properties": {
"default": {
"type": "array",
"items": {
"type": "object",
"properties": {
"subjectdn": {
"type": "string"
},
"serialnumber": {
"type": "string"
},
"pemcert": {
"type": "string"
}
},
"required": ["subjectdn", "serialnumber", "pemcert"],
"additionalProperties": false
}
}
},
"required": ["default"],
"additionalProperties": false
},
"samlcerts": {
"type": "object",
"properties": {
"default": {
"type": "array",
"items": {
"type": "object",
"properties": {
"subjectdn": {
"type": "string"
},
"serialnumber": {
"type": "string"
},
"pemcert": {
"type": "string"
}
},
"required": ["subjectdn", "serialnumber", "pemcert"],
"additionalProperties": false
}
},
"citrixidp": {
"type": "object",
"properties": {
"subjectdn": {
"type": "string"
},
"serialnumber": {
"type": "string"
},
"pemcert": {
"type": "string"
}
},
"required": ["subjectdn", "serialnumber", "pemcert"],
"additionalProperties": false
}
},
"required": ["default", "citrixidp"],
"additionalProperties": false
},
},
"required": ["subjectdn", "serialnumber", "pemcert", "jwtcerts", "samlcerts"],
"additionalProperties": false
}
},
"required": ["rootca"],
"additionalProperties": false
}
},
"required": ["name",
"copyright",
"version",
"startDate",
"endDate",
"system",
"crossOrigin",
"algorithms",
"attestation",
"registration",
"authentication",
"authorization",
"rp",
"extensions",
"jwt",
"signcerts"
],
"additionalProperties": false
}
}