This protocol transfers the following information:
- the original request
- authenticated user info (e.g. email address or username)
It is sent to a service that can decide whether the request is authorized or not for the user described by the user info.
Response can also include a new O-MI request that is intended to be used when user has partial permissions and the request is wanted to automatically get the result of the partial permissions (e.g. get all objects).
- Request is a O-MI write request (because it contains values)
- Request is xml escaped string and inserted as the value of InfoItem
Objects/AuthorizationRequest/OriginalRequest
: - User info is in InfoItem
Objects/AuthorizationRequest/UserInfo
<?xml version="1.0"?>
<omi:omiEnvelope xmlns:xs="http://www.w3.org/2001/XMLSchema-instance" xmlns:omi="omi.xsd" version="1.0" ttl="0">
<write xmlns="omi.xsd" msgformat="odf">
<omi:msg>
<Objects xmlns="odf.xsd">
<Object>
<id>AuthorizationRequest</id>
<InfoItem name="OriginalRequest">
<value type="omi.xsd">
<?xml version="1.0"?>
<omi:omiEnvelope xmlns:xs="http://www.w3.org/2001/XMLSchema-instance" xmlns:omi="omi.xsd" version="1.0" ttl="0">
<write xmlns="omi.xsd" msgformat="odf">
<omi:msg>
<Objects xmlns="odf.xsd">
<Object>
<id>SmartHouse</id>
<InfoItem name="FrontDoor">
<value>VALUE_PLACEHOLDER</value>
</InfoItem>
<InfoItem name="BackDoor">
<value>VALUE_PLACEHOLDER</value>
</InfoItem>
</Object>
</Objects>
</omi:msg>
</write>
</omi:omiEnvelope>
</value>
</InfoItem>
<InfoItem name="UserInfo">
<value type="xs:string">user@email.com</value>
</InfoItem>
</Object>
</Objects>
</omi:msg>
</write>
</omi:omiEnvelope>
returnCode="200"
: AuthorizedreturnCode="401"
: Fully unauthorizedreturnCode="206"
: Partially authorized, modified request given in the value ofObjects/AuthorizationResponse/AuthorizedPartialRequest
as escaped xml string
<omi:omiEnvelope ttl="1.0" version="1.0" xmlns="odf.xsd" xmlns:omi="omi.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<omi:response>
<omi:result>
<omi:return returnCode="200"/>
</omi:result>
</omi:response>
</omi:omiEnvelope>
<omi:omiEnvelope ttl="1.0" version="1.0" xmlns="odf.xsd" xmlns:omi="omi.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<omi:response>
<omi:result>
<omi:return returnCode="401"/>
</omi:result>
</omi:response>
</omi:omiEnvelope>
<omi:omiEnvelope ttl="1.0" version="1.0" xmlns="odf.xsd" xmlns:omi="omi.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<omi:response>
<omi:result msgformat="odf">
<omi:return returnCode="206">
</omi:return>
<omi:msg>
<Objects>
<Object>
<id>AuthorizationResponse</id>
<InfoItem name="AuthorizedPartialRequest">
<value type="omi.xsd">
<?xml version="1.0"?>
<omi:omiEnvelope xmlns:xs="http://www.w3.org/2001/XMLSchema-instance" xmlns:omi="omi.xsd" version="1.0" ttl="0">
<write xmlns="omi.xsd" msgformat="odf">
<omi:msg>
<Objects xmlns="odf.xsd">
<Object>
<id>SmartHouse</id>
<InfoItem name="FrontDoor">
<value>VALUE_PLACEHOLDER</value>
</InfoItem>
</Object>
</Objects>
</omi:msg>
</write>
</omi:omiEnvelope>
</value>
</InfoItem>
</Object>
</Objects>
</omi:msg>
</omi:result>
</omi:response>
</omi:omiEnvelope>