syntax = "proto3";
package carrier.certificate.v1;

message ClaimOne{
    bytes   target                  = 1;
    repeated string  resources      = 2;
}

message ClaimAll{
    bytes   shadow                  = 1;
    repeated string  resources      = 2;
}

message Revoker {
    bytes   identity  = 1;
}

enum ClaimOpt {
    INVALID     = 0;
    DELEGATION  = 1;
}

message Claim {
    oneof claim {
        ClaimOpt        opt             = 1;
        ClaimOne        one             = 2;
        ClaimAll        all             = 3;
        Revoker         revoker         = 4;
    }
}

message Certificate {
    uint32  last_valid_epoch    = 1;
    bytes   identity            = 2;
    bytes   authority           = 3;
    uint64  serial              = 4;
    repeated Claim  claims      = 5;
}

message CertificateRequest {
    uint32  last_valid_epoch     = 1;
    bytes   identity        = 2;
    repeated Claim  claims  = 3;
}




message Authorization {
    string identity = 1;
    string resource = 2;
}

message AuthorizationList {
    repeated Authorization a = 1;
}