<?xml version="1.0" encoding="UTF-8"?>
<xs:schema 
    xmlns:xs="http://www.w3.org/2001/XMLSchema" 
    xmlns:doc="eml://ecoinformatics.org/documentation-2.0.0" 
    xmlns:res="eml://ecoinformatics.org/resource-2.0.0" 
    xmlns="eml://ecoinformatics.org/access-2.0.0" 
    targetNamespace="eml://ecoinformatics.org/access-2.0.0">
  <xs:import namespace="eml://ecoinformatics.org/documentation-2.0.0" 
  schemaLocation="eml-documentation.xsd"/>
  <xs:import namespace="eml://ecoinformatics.org/resource-2.0.0" 
  schemaLocation="eml-resource.xsd"/>
  <xs:annotation>
    <xs:documentation>
       '$RCSfile: eml-access.xsd,v $'
       Copyright: 1997-2002 Regents of the University of California,
                            University of New Mexico, and
                            Arizona State University
        Sponsors: National Center for Ecological Analysis and Synthesis and
                  Partnership for Interdisciplinary Studies of Coastal Oceans,
                     University of California Santa Barbara
                  Long-Term Ecological Research Network Office,
                     University of New Mexico
                  Center for Environmental Studies, Arizona State University
   Other funding: National Science Foundation (see README for details)
                  The David and Lucile Packard Foundation
     For Details: http://knb.ecoinformatics.org/

        '$Author: jones $'
          '$Date: 2002-12-06 22:23:42 $'
      '$Revision: 1.64 $'

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
    </xs:documentation>
    <xs:appinfo>
      <doc:moduleDocs>
        <doc:moduleName>eml-access</doc:moduleName>
        <doc:moduleDescription>
          <section xmlns="">
            <title>
              The eml-access module - Access control rules for resources
            </title>
            <para>
              The eml-access module describes the level of access that is to be
              granted or denied to a resource or a subset of a resource for a
              particular user or group of users. A single eml-access document
              may be used to express access control for many resources, or
              for a given resource (e.g., a dataset or citation ).  The
              eml-access module represents a list of resources to be controlled
              in the context of a particular authentication system. That is, the
              authentication system determines the set of principals (users +
              groups) that can be used, and the membership of users in groups.
              The rules set in this module will determine the level of access to
              a resource for the defined users and groups.  In EML, there are
              two mechanisms for including access control information via the
              eml-access module. 1)  Each top-level resource module
              (eml-dataset, eml-literature, eml-software, and eml-protocol)
              include an optional &lt;access&gt; element directly inline in the
              document.  This is used to define access control at the resource
              level scope.  2) Finer grained access control may be applied to a
              subset of a resource via the &lt;addtionalMetadata&gt; element in
              the eml module.  An access control document may be defined, or
              referenced, from this location, and the &lt;describes&gt; element
              is used to point to the subset of the resource that is to be
              controlled via its "id" attribute.  Applications that
              process EML documents must implement the access control rules from
              both mechanisms.  Note that, although access control may be bound
              to any element with an "id" attribute, the processing
              involved may be very costly.  For instance, it would not be
              recommended to apply access control to a column of a data file
              (eml-attribute), since every read/write operation on that column
              may not proceed until access is verified.
            </para>
            <para>
              The eml-access module, like other modules, may be
              "referenced" via the &lt;references&gt; tag.  This
              allows an access control document to be described once, and then
              used as a reference in other locations within the EML document
              via it's ID.
            </para>
          </section>
        </doc:moduleDescription>
        <doc:recommendedUsage>all data where controlling user access to the
        dataset is an issue</doc:recommendedUsage>
        <doc:standAlone>yes</doc:standAlone>
      </doc:moduleDocs>
    </xs:appinfo>
  </xs:annotation>
  <xs:element name="access" type="AccessType">
    <xs:annotation>
      <xs:appinfo>
        <doc:tooltip>Access control rules</doc:tooltip>
        <doc:summary>The rules defined in this element will determine the level
        of access to a resource for the defined users and groups.</doc:summary>
        <doc:description>The access element contains a list of rules that define
        the level of access for a given resource, be it a dataset or another
        metadata document.  Because the access element is declared to be of
        complex type 'AccessType', an instance must contain the elements defined
        for accessType.</doc:description>
        <doc:example>See the description of individual elements defined in
        AccessType to review each component element's rules.</doc:example>
        
      </xs:appinfo>
    </xs:annotation>
  </xs:element>
  <xs:complexType name="AccessType">
    <xs:annotation>
      <xs:appinfo>
        <doc:tooltip>Access control rules</doc:tooltip>
        <doc:summary>The rules defined in this element will determine the level
        of access to a resource for the defined users and groups.</doc:summary>
        <doc:description>The access element contains a list of rules that define
        the level of access for a given resource, either a dataset or another
        metadata document. The access element must contain the elements defined
        in the AccessType type.</doc:description>

        
      </xs:appinfo>
    </xs:annotation>
    <xs:choice>
      <xs:choice maxOccurs="unbounded">
        <xs:element name="allow" type="AccessRule">
          <xs:annotation>
            <xs:appinfo>
              <doc:tooltip>Allow permission</doc:tooltip>
              <doc:summary>The permission that grants access to a permission
              type.</doc:summary>
              <doc:description>The allow element indicates that a particular
              user or group is able to execute the defined
              permission.</doc:description>
              <doc:example>allow</doc:example>
              
            </xs:appinfo>
          </xs:annotation>
        </xs:element>
        <xs:element name="deny" type="AccessRule">
          <xs:annotation>
            <xs:appinfo>
              <doc:tooltip>Deny permission</doc:tooltip>
              <doc:summary>The permission that denies access to a permission
              type.</doc:summary>
              <doc:description>The deny element indicates that a particular
              user or group is not able to execute the defined
              permission.</doc:description>
              <doc:example>deny</doc:example>
              
            </xs:appinfo>
          </xs:annotation>
        </xs:element>
      </xs:choice>
      <xs:group ref="res:ReferencesGroup"/>
    </xs:choice>
    <xs:attribute name="id" type="res:IDType" use="optional"/>
    <xs:attribute name="system" type="res:SystemType" use="optional"/>
    <xs:attribute name="scope" type="res:ScopeType" use="optional" default="document"/>
    <xs:attribute name="order" use="optional" default="allowFirst">
      <xs:annotation>
        <xs:appinfo>
          <doc:tooltip>Permission order</doc:tooltip>
          <doc:summary>The order in which the permission rules should be
          applied.</doc:summary>
          <doc:description>The order attribute defines which rule should be
          applied first to obtain the desired access control. The acceptable
          values are defined in a list of 'allowFirst' and
          'denyFirst'.</doc:description>
          <doc:example>allowFirst</doc:example>
          
        </xs:appinfo>
      </xs:annotation>
      <xs:simpleType>
        <xs:restriction base="xs:string">
          <xs:enumeration value="allowFirst"/>
          <xs:enumeration value="denyFirst"/>
        </xs:restriction>
      </xs:simpleType>
    </xs:attribute>
    <xs:attribute name="authSystem" type="xs:string" use="required">
      <xs:annotation>
        <xs:appinfo>
          <doc:tooltip>Authentication system</doc:tooltip>
          <doc:summary>The authentication system is used to verify the user or
          group to whom access is allowed or denied.</doc:summary>
          <doc:description>The authentication system determines the set of
          principals (users + groups) that can be used in the access control
          list, and the membership of users in groups. This element is intended
          to provide a reference to the authentication system that is used to
    verify the user or group. This reference is typically in the form
    of a URI, which includes the connection protocol, Internet host, and
    path to the authentication mechanism.</doc:description>
          <doc:example>
          ldap://directory.nceas.ucsb.edu:389/o=nceas,c=us</doc:example>
          
        </xs:appinfo>
      </xs:annotation>
    </xs:attribute>
  </xs:complexType>
  <xs:complexType name="AccessRule">
    <xs:annotation>
      <xs:appinfo>
        <doc:tooltip>Access Rule</doc:tooltip>
        <doc:summary>Access Rules define a user's access to a
        resource.</doc:summary>
        <doc:description>The AccessRule type defines a list of users that are
        derived from a particular authentication system (such as an LDAP
        directory), whether the user or group is allowed or denied access, the
        extent of their access (write access, or only read
        access).</doc:description>

        
      </xs:appinfo>
    </xs:annotation>
    <xs:sequence>
      <xs:element name="principal" type="xs:string" maxOccurs="unbounded">
        <xs:annotation>
          <xs:appinfo>
            <doc:tooltip>User or group</doc:tooltip>
            <doc:summary>The user or group (principal) for which the access
            control applies.</doc:summary>
            <doc:description>The principal element defines the user or group to
            which the access control rule applies. The users and groups must be
            defined in the authentication system described in the authSystem
            element.</doc:description>
            <doc:example>berkley</doc:example>
            
          </xs:appinfo>
        </xs:annotation>
      </xs:element>
      <xs:element name="permission" maxOccurs="unbounded">
        <xs:annotation>
          <xs:appinfo>
            <doc:tooltip>Type of permission</doc:tooltip>
            <doc:summary>The type of permission being granted or denied for the
            resource.</doc:summary>
            <doc:description>The permission that is being granted or denied to
            a particular user or group for a given resource. The list of
            permissions come from a predetermined list (applicable to an LDAP
      authentication system): (allow/deny viewing of the resource), 'write'
      (allow/deny modification of the resource), 'changePermission'
      (ability to modify access restrictions) and 'all' (allow read/write,
      and the changePermission). This element also allows other
      permissions that may be applicable to some other authentication
      system.</doc:description>
            <doc:example>read</doc:example>
            
          </xs:appinfo>
        </xs:annotation>
        <xs:simpleType>
          <xs:union>
            <xs:simpleType>
              <xs:restriction base="xs:string">
                <xs:enumeration value="read"/>
                <xs:enumeration value="write"/>
                <xs:enumeration value="changePermission"/>
                <xs:enumeration value="all"/>
              </xs:restriction>
            </xs:simpleType>
            <xs:simpleType>
              <xs:restriction base="xs:string"/>
            </xs:simpleType>
          </xs:union>
        </xs:simpleType>
      </xs:element>
    </xs:sequence>
  </xs:complexType>
</xs:schema>