宣告轉換規則語言Claims Transformation Rules Language

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

跨樹系宣告轉換功能可讓您橋接器宣告動態存取控制跨樹系邊界跨樹系信任上設定宣告轉換原則。The across-forest claims transformation feature enables you to bridge claims for Dynamic Access Control across forest boundaries by setting claims transformation policies on across-forest trusts. 主要的所有原則元件是規則宣告轉換規則語言中所撰寫。The primary component of all policies is rules that are written in claims transformation rules language. 本主題提供這種語言詳細資料,並提供關於製作宣告轉換規則指導方針。This topic provides details about this language and provides guidance about authoring claims transformation rules.

跨樹系轉換原則的 Windows PowerShell cmdlet 信任選項,將簡單原則設定需要共同案例。The Windows PowerShell cmdlets for transformation policies on across-forest trusts have options to set simple policies that are required in common scenarios. 下列 cmdlet 原則和宣告轉換規則語言,規則的使用者輸入的翻譯,然後規定的格式將它們儲存在 Active Directory 中。These cmdlets translate the user input into policies and rules in the claims transformation rules language, and then store them in Active Directory in the prescribed format. 如需宣告轉換 cmdlet 的詳細資訊,請查看適用於動態存取控制 AD DS CmdletFor more information about cmdlets for claims transformation, see the AD DS Cmdlets for Dynamic Access Control.

根據您的宣告設定和放在您的 Active Directory 森林中的跨樹系信任的需求,宣告轉換原則可能會比 Windows PowerShell cmdlet Active Directory 的支援原則更複雜。Depending on the claims configuration and the requirements placed on the across-forest trust in your Active Directory forests, your claims transformation policies may have to be more complex than the policies supported by the Windows PowerShell cmdlets for Active Directory. 有效撰寫此類原則,請務必宣告轉換規則語言語法和語意了解。To effectively author such policies, it is essential to understand the claims transformation rules language syntax and semantics. 這宣告 Active Directory 中的轉換規則語言(「語言」)是使用的語言子集Active Directory 同盟服務類似的用途,並具有非常相似語法和語意的。This claims transformation rules language ("the language") in Active Directory is a subset of the language that is used by Active Directory Federation Services for similar purposes, and it has a very similar syntax and semantics. 但是,有較少的作業,允許和其他語法限制位於的語言 Active Directory 版本。However, there are fewer operations allowed, and additional syntax restrictions are placed in the Active Directory version of the language.

本主題短暫解釋語法和語意的 Active Directory 和考量製作原則時所宣告轉換規則語言。This topic briefly explains the syntax and semantics of the claims transformation rules language in Active Directory and considerations to be made when authoring policies. 它會提供多組規則範例可協助您開始使用,並正確語法和他們產生,可協助您解密的錯誤訊息,當您撰寫規則訊息的範例。It provides several sets of example rules to get you started, and examples of incorrect syntax and the messages they generate, to help you decipher error messages when you author the rules.

工具製作宣告轉換原則Tools for authoring claims transformation policies

Windows PowerShell cmdlet Active Directory 的:這是撰寫和轉換原則設定宣告慣用與建議的方法。Windows PowerShell cmdlets for Active Directory: This is the preferred and recommended way to author and set claims transformation policies. 這些 cmdlet 提供簡單原則切換,並確認規則複雜的原則設定。These cmdlets provide switches for simple policies and verify rules that are set for more complex policies.

LDAP:宣告轉換原則可以在 Active Directory 透過輕量型 Directory 存取通訊協定 (LDAP) 編輯。LDAP: Claims transformation policies can be edited in Active Directory through Lightweight Directory Access Protocol (LDAP). 不過,建議您不要原則會有數個複雜元件,因為它寫入 Active Directory 之前,您所使用的工具可能不驗證原則。However, this is not recommended because the policies have several complex components, and the tools you use may not validate the policy before writing it to Active Directory. 接下來,這可能需要大量的時間來診斷的問題。This may subsequently require a considerable amount of time to diagnose problems.

Active Directory 宣告轉換規則語言Active Directory claims transformation rules language

語法概觀Syntax overview

以下是概觀語法語意的語言:Here is a brief overview of the syntax and semantics of the language:

  • 宣告轉換規則組合包含或多個規則。The claims transformation rule set consists of zero or more rules. 每個規則具有兩個使用的部分:選擇條件清單規則動作Each rule has two active parts: Select Condition List and Rule Action. 如果選擇條件清單為 TRUE,會執行規則對應的動作。If the Select Condition List evaluates to TRUE, the corresponding rule action is executed.

  • 條件] 清單中選取 [已經零或更多選取條件Select Condition List has zero or more Select Conditions. 所有的選取條件為 TRUE 必須評估清單中選取條件為 TRUE 評估。All of the Select Conditions must evaluate to TRUE for the Select Condition List to evaluate to TRUE.

  • 每個選擇條件有一組零或更多的符合的條件Each Select Condition has a set of zero or more Matching Conditions. 所有符合的條件設為 TRUE 選取條件為 TRUE 評估必須評估。All the Matching Conditions must evaluate to TRUE for the Select Condition to evaluate to TRUE. 所有的條件被評估單一理賠要求。All of these conditions are evaluated against a single claim. 理賠要求符合選取條件可以標記,識別碼中,規則動作A claim that matches a Select Condition can be tagged by an Identifier and referred to in the Rule Action.

  • 每個符合的條件指定要符合的條件輸入值鍵入理賠要求使用不同的條件電信業者字串文字Each Matching Condition specifies the condition to match the Type or Value or ValueType of a claim by using different Condition Operators and String Literals.

    • 當您指定符合的條件,您還必須指定符合的條件特定值鍵入,反之亦然。When you specify a Matching Condition for a Value, you must also specify a Matching Condition for a specific ValueType and vice versa. 這些條件語法必須彼此旁邊。These conditions must be next to each other in the syntax.

    • 值鍵入符合的條件必須使用特定值鍵入只文字。ValueType matching conditions must use specific ValueType literals only.

  • A規則動作可以複製一個宣告標記的識別碼或發行一個宣告根據標記的識別字理賠要求和(或)提供字串文字。A Rule Action can copy one claim that is tagged with an Identifier or issue one claim based on a claim that is tagged with an Identifier and/or given String Literals.

範例規則Example rule

此範例可用於翻譯輸入宣告之間兩個樹系,提供,他們使用的相同宣告 Valuetype 並具有相同解譯為此類型宣告值規則。This example shows a rule that can be used to translate the claims Type between two forests, provided that they use the same claims ValueTypes and have the same interpretations for claims Values for this type. 規則有一個符合的條件,並使用字串文字和符合宣告參考問題聲明。The rule has one matching condition and an Issue statement that uses String Literals and a matching claims reference.

C1: [TYPE=="EmployeeType"]    
                 => ISSUE (TYPE= "EmpType", VALUE = C1.VALUE, VALUETYPE = C1.VALUETYPE);  
[TYPE=="EmployeeType"] == Select Condition List with one Matching Condition for claims Type.  
ISSUE (TYPE= "EmpType", VALUE = C1.VALUE, VALUETYPE = C1.VALUETYPE) == Rule Action that issues a claims using string literal and matching claim referred with the Identifier.  

執行階段作業Runtime operation

請務必以了解執行階段操作宣告轉換撰寫規則有效。It is important to understand the runtime operation of claims transformations to author the rules effectively. 執行階段作業使用宣告的三個設定:The runtime operation uses three sets of claims:

  1. 輸入宣告設定:索賠項目,會提供給宣告轉換操作輸入的設定。Input claims set: The input set of claims that are given to the claims transformation operation.

  2. 工作宣告設定:中等從讀取和寫入宣告轉換期間宣告。Working claims set: Intermediate claims that are read from and written to during the claims transformation.

  3. 輸出宣告設定:宣告轉換作業的輸出。Output claims set: Output of the claims transformation operation.

以下是執行階段宣告轉換操作簡短的概觀:Here is a brief overview of the runtime claims transformation operation:

  1. 宣告轉換輸入的宣告用於初始化運作宣告設定。Input claims for claims transformation are used to initialize the working claims set.

    1. 當處理每個規則,工作宣告集適用於輸入宣告。When processing each rule, the working claims set is used for the input claims.

    2. 選擇在規則條件清單符合所有可能集,從 [工作宣告集索賠項目。The Selection Condition List in a rule is matched against all possible sets of claims from the working claims set.

    3. 每個設定的符合宣告用來執行動作該規則。Each set of matching claims is used to run the action in that rule.

    4. 執行一個宣告規則動作結果,這附加至輸出宣告設定和工作主張。Running a rule action results in one claim, which is appended to the output claims set and the working claims set. 因此,從規則輸出做為規則集中後續規則輸入。Thus, the output from a rule is used as input for subsequent rules in the rule set.

  2. 順序從的第一個規則的處理規則集中規則。The rules in the rule set are processed in sequential order starting with the first rule.

  3. 移除重複宣告處理整個規則設定時,處理輸出宣告設定,以及 issues.The 結果宣告是宣告轉換程序的輸出。When the entire rule set is processed, the output claims set is processed to remove duplicate claims and for other security issues.The resulting claims are the output of the claims transformation process.

就可以撰寫複雜宣告轉換根據之前執行階段的行為。It is possible to write complex claims transformations based on the previous runtime behavior.

範例:執行階段作業Example: Runtime operation

此範例中顯示使用兩規則宣告轉換執行階段的作業。This example shows the runtime operation of a claims transformation that uses two rules.


     C1:[Type=="EmpType", Value=="FullTime",ValueType=="string"] =>  
                Issue(Type=="EmployeeType", Value=="FullTime",ValueType=="string");  
     [Type=="EmployeeType"] =>   
               Issue(Type=="AccessType", Value=="Privileged", ValueType=="string");  
Input claims and Initial Evaluation Context:  
  {(Type= "EmpType"),(Value="FullTime"),(ValueType="String")}  
{(Type= "Organization"),(Value="Marketing"),(ValueType="String")}  
After Processing Rule 1:  
 Evaluation Context:  
  {(Type= "EmpType"),(Value="FullTime"),(ValueType="String")}  
{(Type= "Organization"), (Value="Marketing"),(ValueType="String")}  
  {(Type= "EmployeeType"),(Value="FullTime"),(ValueType="String")}  
Output Context:  
  {(Type= "EmployeeType"),(Value="FullTime"),(ValueType="String")}  

After Processing Rule 2:  
Evaluation Context:  
  {(Type= "EmpType"),(Value="FullTime"),(ValueType="String")}  
{(Type= "Organization"),(Value="Marketing"),(ValueType="String")}  
  {(Type= "EmployeeType"),(Value="FullTime"),(ValueType="String")}  
  {(Type= "AccessType"),(Value="Privileged"),(ValueType="String")}  
Output Context:  
  {(Type= "EmployeeType"),(Value="FullTime"),(ValueType="String")}  
  {(Type= "AccessType"),(Value="Privileged"),(ValueType="String")}  

Final Output:  
  {(Type= "EmployeeType"),(Value="FullTime"),(ValueType="String")}  
  {(Type= "AccessType"),(Value="Privileged"),(ValueType="String")}  

語意特殊規則Special rules semantics

以下是特殊語法的規則:The following are special syntax for rules:

  1. 清空規則設定 = 不輸出宣告Empty Rule Set == No Output Claims

  2. 清空清單中選取條件 = 條件清單選取 [每次理賠要求相符項目Empty Select Condition List == Every Claim matches the Select Condition List

    範例:空白選取條件清單Example: Empty Select Condition List

    下列規則符合工作集中每個理賠要求。The following rule matches every claim in the working set.

    => Issue (Type = "UserType", Value = "External", ValueType = "string")  
    
  3. 清空選取相符清單 = 選取條件清單中的每個理賠要求相符項目Empty Select Matching List == Every claim matches the Select Condition List

    範例:空白符合的條件Example: Empty Matching Conditions

    下列規則符合工作集中每個理賠要求。The following rule matches every claim in the working set. 如果單獨使用,是基本 [允許所有」規則。This is the basic "Allow-all" rule if it is used alone.

    C1:[] => Issule (claim = C1);  
    

安全性考量Security considerations

輸入樹系的宣告Claims that enter a forest

需要完全檢查以確保我們允許或發出只正確宣告宣告出示傳入的樹系的原則。The claims presented by principals that are incoming to a forest need to be inspected thoroughly to ensure that we allow or issue only the correct claims. 不當宣告可能會造成損害的樹系安全性,並製作宣告輸入樹系的轉換原則時,這應該是最考量。Improper claims can compromise the forest security, and this should be a top consideration when authoring transformation policies for claims that enter a forest.

Active Directory 具有避免宣告輸入樹系的錯誤下列功能:Active Directory has the following features to prevent misconfiguration of claims that enter a forest:

  • 如果您信任的樹系已設定的樹系基於安全性考量,請輸入宣告不宣告轉換原則 Active Directory 卸除輸入樹系的所有主體宣告。If a forest trust has no claims transformation policy set for the claims that enter a forest, for security purposes, Active Directory drops all the principal claims that enter the forest.

  • 設定宣告進入宣告不定義森林中的樹系結果規則執行的是,如果定義的宣告會卸除從輸出主張。If running the rule set on claims that enters a forest results in claims that are not defined in the forest, the undefined claims are dropped from the output claims.

離開樹系的宣告Claims that leave a forest

離開樹系的宣告顯示較少安全性考量,樹系比輸入樹系宣告。Claims that leave a forest present a lesser security concern for the forest than the claims that enter the forest. 宣告允許離開樹系-甚至時,不對應宣告轉換原則中的位置。Claims are allowed to leave the forest as-is even when there is no corresponding claims transformation policy in place. 它也可發行宣告未定義的樹系的轉換宣告離開樹系的一部分。It is also possible to issue claims that are not defined in the forest as part of transforming claims that leave the forest. 這是輕鬆跨樹系信任宣告的設定。This is to easily set up across-forest trusts with claims. 系統管理員可以判斷若宣告輸入樹系的轉換及設定適當的原則。An administrator can determine if claims that enter the forest need to be transformed, and set up the appropriate policy. 例如,是否需要隱藏避免資訊洩漏理賠要求系統管理員的身分可能會設定原則。For example, an administrator could set a policy if there is a need to hide a claim to prevent information disclosure.

宣告轉換規則語法錯誤Syntax errors in claims transformation rules

如果指定的宣告轉換原則語法不正確的規則集合,或是否有其他語法或儲存空間問題,請原則會被視為無效。If a given claims transformation policy has a rules set that is syntactically incorrect or if there are other syntax or storage issues, the policy is considered invalid. 這不同預設條件先前所提及都會被視為。This is treated differently than the default conditions mentioned earlier.

Active Directory 無法判斷意圖這種情形下,並且會進入防止失敗的模式,其中不輸出宣告專信任 + 周遊方向上。Active Directory is unable to determine the intent in this case and goes into a fail-safe mode, where no output claims are generated on that trust+direction of traversal. 若要修正這個問題被需要系統管理員操作。Administrator intervention is required to correct the issue. 如果 LDAP 來編輯宣告轉換原則,這可能會發生。This could happen if LDAP is used to edit the claims transformation policy. Active Directory 的 Windows PowerShell cmdlet 已驗證的地方,以防止撰寫語法問題的原則。Windows PowerShell cmdlets for Active Directory have validation in place to prevent writing a policy with syntax issues.

其他語言的注意事項Other language considerations

  1. 有數字鍵或(稱為終端)這個語言特殊字元。There are several key words or characters that are special in this language (referred to as terminals). 這會出現在語言終端稍後表格本主題。These are presented in the Language terminals table later in this topic. 錯誤訊息的澄清這些終端使用標記。The error messages use the tags for these terminals for disambiguation.

  2. 有時候可使用終端為字串文字。Terminals can sometimes be used as string literals. 不過,這類可能使用的語言定義衝突或已非預期的結果。However, such usage may conflict with the language definition or have unintended consequences. 不建議這樣的使用量。This kind of usage is not recommended.

  3. 將規則動作無法執行任何類型轉換值,並且包含的此類規則動作規則將會被視為無效。The rule action cannot perform any type conversions on claim Values, and a rule set that contains such a rule action is considered invalid. 這會造成 [執行階段錯誤,並不輸出宣告的查看。This would cause a runtime error, and no output claims are produced.

  4. 如果規則動作參考識別字規則的清單中選取條件部分未使用時,可能會是無效使用。If a rule action refers to an Identifier that was not used in the Select Condition List portion of the rule, it is an invalid usage. 這會造成語法錯誤。This would cause a syntax error.

    範例:正確識別碼參考資料Example: Incorrect Identifier reference
    下列規則示範規則控制項目] 中所使用的正確 Id。The following rule illustrates an incorrect Identifier used in rule action.

    C1:[] => Issue (claim = C2);  
    

範例轉換規則Sample transformation rules

  • 允許特定類型的所有宣告Allow all claims of a certain type

    正確輸入Exact type

    C1:[type=="XYZ"] => Issue (claim = C1);  
    

    使用 RegexUsing Regex

    C1: [type =~ "XYZ*"] => Issue (claim = C1);  
    
  • 不允許的特定宣告類型Disallow a certain claim type
    正確輸入Exact type

    C1:[type != "XYZ"] => Issue (claim=C1);  
    

    使用 RegexUsing Regex

    C1:[Type !~ "XYZ?"] => Issue (claim=C1);  
    

規則剖析器的錯誤範例Examples of rules parser errors

若要檢查語法錯誤自訂剖析器剖析宣告轉換規則。Claims transformation rules are parsed by a custom parser to check for syntax errors. 此剖析器之前儲存規則 Active Directory 中相關的 Windows PowerShell cmdlet 來執行。This parser is run by related Windows PowerShell cmdlets before storing rules in Active Directory. 任何錯誤剖析規則,包括語法錯誤,會在主機上進行列印。Any errors in parsing the rules, including syntax errors, are printed on the console. 網域控制站也剖析器之前轉換宣告,使用規則和他們登入事件登入的錯誤(新增事件登入號碼)。Domain controllers also run the parser before using the rules for transforming claims, and they log errors in the event log (add event log numbers).

本章節示範規則錯誤由剖析器正確語法與對應語法所撰寫的一些事情。This section illustrates some examples of rules that are written with incorrect syntax and the corresponding syntax errors that are generated by the parser.

  1. 範例:Example:

    c1;[]=>Issue(claim=c1);  
    

    此範例中具有正確使用的分號來分號取代。This example has an incorrectly used semicolon in place of a colon.
    錯誤訊息:Error message:
    POLICY0002:無法剖析原則的資料。POLICY0002: Could not parse policy data.
    行號:,使用 1 欄數字:2,錯誤預付碼:;。Line number: 1, Column number: 2, Error token: ;. 這一行︰ ' c1;= > Issue(claim=c1);'。Line: 'c1;[]=>Issue(claim=c1);'.
    剖析器錯誤: ' POLICY0030:語法錯誤、未預期 ';',必須有下列其中一項: ':'。]Parser error: 'POLICY0030: Syntax error, unexpected ';', expecting one of the following: ':' .'

  2. 範例:Example:

    c1:[]=>Issue(claim=c2);  
    

    在此範例中,識別碼標記複製發行聲明中的未定義。In this example, the Identifier tag in the copy issuance statement is undefined.
    錯誤訊息:Error message:
    POLICY0011:不在理賠要求規則條件符合的條件標記 CopyIssuanceStatement 中指定: 'c2'。POLICY0011: No conditions in the claim rule match the condition tag specified in the CopyIssuanceStatement: 'c2'.

  3. 範例:Example:

    c1:[type=="x1", value=="1", valuetype=="bool"]=>Issue(claim=c1)  
    

    「bool」車票的語言,並不是有效的值鍵入。"bool" is not a Terminal in the language, and it is not a valid ValueType. 有效終端詳列於下列錯誤訊息。Valid terminals are listed in the following error message.
    錯誤訊息:Error message:
    POLICY0002:無法剖析原則的資料。POLICY0002: Could not parse policy data.
    行號:,使用 1 欄數:39,錯誤預付碼:「bool」。Line number: 1, Column number: 39, Error token: "bool". 一行︰ ' c1: [類型 =」x1」,值 =」1「值鍵入 =」bool」] = > Issue(claim=c1);'。Line: 'c1:[type=="x1", value=="1",valuetype=="bool"]=>Issue(claim=c1);'.
    剖析器錯誤: ' POLICY0030:語法錯誤,而非預期 '字串' 預期下列其中一個動作: 'INT64_TYPE' 'UINT64_TYPE' 'STRING_TYPE' 'BOOLEAN_TYPE' 'IDENTIFIER'Parser error: 'POLICY0030: Syntax error, unexpected 'STRING', expecting one of the following: 'INT64_TYPE' 'UINT64_TYPE' 'STRING_TYPE' 'BOOLEAN_TYPE' 'IDENTIFIER'

  4. 範例:Example:

    c1:[type=="x1", value==1, valuetype=="boolean"]=>Issue(claim=c1);  
    

    數字1在此範例中權杖有效的語言,並不符合的條件不允許這類使用量。The numeral 1 in this example is not a valid token in the language, and such usage is not allowed in a matching condition. 其會包含在雙引號,讓它字串。It has to be enclosed in double quotes to make it a string.
    錯誤訊息:Error message:
    POLICY0002:無法剖析原則的資料。POLICY0002: Could not parse policy data.
    行號:,使用 1 欄數:23 日錯誤預付碼:1。行: ' c1: [輸入「x1」,值 = = = 1 值鍵入 =」bool」] = > Issue(claim=c1);'。剖析器錯誤: ' POLICY0029:意外的輸入。Line number: 1, Column number: 23, Error token: 1. Line: 'c1:[type=="x1", value==1, valuetype=="bool"]=>Issue(claim=c1);'.Parser error: 'POLICY0029: Unexpected input.

  5. 範例:Example:

    c1:[type == "x1", value == "1", valuetype == "boolean"] =>   
    
         Issue(type = c1.type, value="0", valuetype == "boolean");  
    

    此範例中使用雙等號(= =),而不是一個單一等號(=)。This example used a double equal sign (==) instead of a single equal sign (=).
    錯誤訊息:Error message:
    POLICY0002:無法剖析原則的資料。POLICY0002: Could not parse policy data.
    行號:,使用 1 欄數:91,錯誤預付碼: =。Line number: 1, Column number: 91, Error token: ==. 一行︰ ' c1: [輸入 =」x1」,值 =」1」,Line: 'c1:[type=="x1", value=="1",
    值鍵入 =」布林值「] = > 問題 (type=c1.type、值 =」0」,值鍵入 =」布林值「);'。valuetype=="boolean"]=>Issue(type=c1.type, value="0", valuetype=="boolean");'.
    剖析器錯誤: ' POLICY0030:語法錯誤、未預期 '=',必須要有下列其中一個動作: ='Parser error: 'POLICY0030: Syntax error, unexpected '==', expecting one of the following: '='

  6. 範例:Example:

    c1:[type=="x1", value=="boolean", valuetype=="string"] =>   
    
          Issue(type=c1.type, value=c1.value, valuetype = "string");  
    

    此範例中為語法與語意正確。This example is syntactically and semantically correct. 不過,使用「布林值「字串值繫結至,造成混淆,它應該避免使用。However, using "boolean" as a string value is bound to cause confusion, and it should be avoided. 如同之前所述,宣告值應該盡可能避免使用的語言終端。As previously mentioned, using language terminals as claims values should be avoided where possible.

語言終端Language terminals

下表列出一組完整的終端字串和相關的語言終端宣告轉換規則語言中使用。The following table lists the complete set of terminal strings and the associated language terminals that are used in the claims transformation rules language. 這些定義使用區分大小寫 UTF-16 字串。These definitions use case-insensitive UTF-16 strings.

字串String 車票Terminal
"=>""=>" 表示IMPLY
";"";" 分號SEMICOLON
":"":" 分號COLON
",""," 逗點COMMA
".""." DOT
"[""[" O_SQ_BRACKETO_SQ_BRACKET
"]""]" C_SQ_BRACKETC_SQ_BRACKET
"(""(" O_BRACKETO_BRACKET
")"")" C_BRACKETC_BRACKET
"==""==" EQEQ
"!=""!=" NEQNEQ
"=~""=~" REGEXP_MATCHREGEXP_MATCH
"!~""!~" REGEXP_NOT_MATCHREGEXP_NOT_MATCH
"=""=" 指派ASSIGN
"&&""&&" AND
「問題]"issue" 問題ISSUE
[輸入]"type" 輸入TYPE
[值]"value" 值。VALUE
「值鍵入」"valuetype" VALUE_TYPEVALUE_TYPE
「宣告」"claim" 宣告CLAIM
「[_A-Za-z][_A-Za-z0-9]"[_A-Za-z][_A-Za-z0-9]" 識別碼IDENTIFIER
"\"[^\"\n]\"""\"[^\"\n]\"" 字串STRING
「uint64」"uint64" UINT64_TYPEUINT64_TYPE
「int64」"int64" INT64_TYPEINT64_TYPE
「字串」"string" STRING_TYPESTRING_TYPE
「布林」"boolean" BOOLEAN_TYPEBOOLEAN_TYPE

語言語法Language syntax

ABNF 表單中指定下列宣告轉換規則語言。The following claims transformation rules language is specified in ABNF form. 此合約進行定義會使用此定義 ABNF 解析除了一個表格中所指定終端。This definition uses the terminals that are specified in the previous table in addition to the ABNF productions defined here. 必須在 utf-16,編碼規則,必須為區分大小寫處理字串比較。The rules must be encoded in UTF-16, and the string comparisons must be treated as case insensitive.

Rule_set        = ;/*Empty*/  
             / Rules  
Rules         = Rule  
             / Rule Rules  
Rule          = Rule_body  
Rule_body       = (Conditions IMPLY Rule_action SEMICOLON)  
Conditions       = ;/*Empty*/  
             / Sel_condition_list  
Sel_condition_list   = Sel_condition  
             / (Sel_condition_list AND Sel_condition)  
Sel_condition     = Sel_condition_body  
             / (IDENTIFIER COLON Sel_condition_body)  
Sel_condition_body   = O_SQ_BRACKET Opt_cond_list C_SQ_BRACKET  
Opt_cond_list     = /*Empty*/  
             / Cond_list  
Cond_list       = Cond  
             / (Cond_list COMMA Cond)  
Cond          = Value_cond  
             / Type_cond  
Type_cond       = TYPE Cond_oper Literal_expr  
Value_cond       = (Val_cond COMMA Val_type_cond)  
             /(Val_type_cond COMMA Val_cond)  
Val_cond        = VALUE Cond_oper Literal_expr  
Val_type_cond     = VALUE_TYPE Cond_oper Value_type_literal  
claim_prop       = TYPE  
             / VALUE  
Cond_oper       = EQ  
             / NEQ  
             / REGEXP_MATCH  
             / REGEXP_NOT_MATCH  
Literal_expr      = Literal  
             / Value_type_literal  

Expr          = Literal  
             / Value_type_expr  
             / (IDENTIFIER DOT claim_prop)  
Value_type_expr    = Value_type_literal  
             /(IDENTIFIER DOT VALUE_TYPE)  
Value_type_literal   = INT64_TYPE  
             / UINT64_TYPE  
             / STRING_TYPE  
             / BOOLEAN_TYPE  
Literal        = STRING  
Rule_action      = ISSUE O_BRACKET Issue_params C_BRACKET  
Issue_params      = claim_copy  
             / claim_new  
claim_copy       = CLAIM ASSIGN IDENTIFIER  
claim_new       = claim_prop_assign_list  
claim_prop_assign_list = (claim_value_assign COMMA claim_type_assign)  
             /(claim_type_assign COMMA claim_value_assign)  
claim_value_assign   = (claim_val_assign COMMA claim_val_type_assign)  
             /(claim_val_type_assign COMMA claim_val_assign)  
claim_val_assign    = VALUE ASSIGN Expr  
claim_val_type_assign = VALUE_TYPE ASSIGN Value_type_expr  
Claim_type_assign   = TYPE ASSIGN Expr