Merge pull request #38 from admin-shell-io/aorzelski/extensionsWG24

Aorzelski/extensions wg24

Author: aorzelskiGH

README.md

@@ -28,12 +28,19 @@ The following release contains the latest version of the AAS schemas
  (see also the [releases](https://github.com/admin-shell-io/aas-specs-security/releases) 
 section of this repository):
 
-* [3.0.0](https://github.com/admin-shell-io/aas-specs-security/releases/tag/v3.0.0)
-is the latest release for the `V3.0.0` version of the AAS Security, 
+* [3.0.1](https://github.com/admin-shell-io/aas-specs-security/releases/tag/v3.0.1)
+is the latest bugfix release for the `V3.0.1` version of the AAS Security, 
 containing the normative sources for the published document
- "Specification of the Asset Administration Shell: Part 4 - **Version 3.0.0**". 
+ "Specification of the Asset Administration Shell: Part 4 - **Version 3.0.1**". 
 *Use this release if you want to work with the latest specified AAS version.*
 
+Previous releases:
+
+* [3.0.0](https://github.com/admin-shell-io/aas-specs-security/releases/tag/v3.0.0)
+is the first release for the `V3.0` version of the AAS Security, 
+containing the normative sources for the published document
+ "Specification of the Asset Administration Shell: Part 4 - Version 3.0.0". 
+
 ## Contributing
 
 Feature requests, reports about inconsistencies, mistakes *etc.* are highly

documentation/IDTA-01004/modules/ROOT/pages/access-rule-model.adoc

@@ -174,8 +174,6 @@ Global Attributes are:
 
 * *ANONYMOUS* - Tag for anonymous and non-authenticated user, i.e. no access token
 
-References in ReferenceAttributes are defined in Section xref:access-rule-model.adoc#text-serialization-of-values-of-type-reference[Text Serialization of Values of Type Reference].
-
 
 ==== Objects
 
@@ -188,8 +186,6 @@ Objects to be protected are either API Routes, Identifiables (e.g. AAS or Submod
 
 Routes may use * or end with a *, which means that all routes with a given prefix are valid.
 
-References to IdentifiableObjects, ReferableObjects, FragmentObjects and DescriptorObjects are defined in Section xref:access-rule-model.adoc#text-serialization-of-values-of-type-reference[Text Serialization of Values of Type Reference].
-
 An Object Group defines a list of single objects and/or a list of names of other object groups.
 
 ==== Formulas
@@ -218,18 +214,6 @@ This enables access rules related to week days or specific times in the year.
 An important special operation is $match, which can be used with any element containing a list of elements, e.g. semanticId[], specificAssetId[], SubmodelElementList or SubmodelElementCollection.
 The list element is written with [] to express, that $match shall check if a certain expression is true for at least one element in the list.
 
-[[text-serialization-of-values-of-type-reference]]
-==== Text Serialization of Values of Type Reference
-
-References are used in ReferenceAttributes, IdentifiableObjects, ReferableObjects, FragmentObjects and DescriptorObjects for the corresponding ReferenceLiterals, IdentifiableLiterals, ReferableLiterals, FragmentLiterals and DescriptorLiterals.
-
-Such references use the link:https://industrialdigitaltwin.io/aas-specifications/IDTA-01001/v3.1/mappings/mappings.html#reference-serialization[Part 1 Mapping in Section "Text Serialization of Values of Type Reference"] for specific instances of elements, e.g. an AAS, a Submodel, a ConceptDescription or a specific SubmodelElement.
-
-Access Rules may also be defined for all Identifiables of the Keytypes AssetAdministrationShell, Submodel or ConceptDescription.
-In this case an IdentifiableLiteral uses the format "(AssetAdministrationShell)\*", "(Submodel)*" and "(ConceptDescription)*".
-
-Access Rules extend the Keytypes of Part 1 by "(aasDesc)" for AAS Descriptors and "(smdesc)" for submodel descriptors.
-To define all descriptors "(aasDesc)\*" or "(smdesc)*" may be used in DescriptorLiterals accordingly.
 
 [[json-serialization]]
 == JSON Serialization of Access Rule Model

documentation/IDTA-01004/modules/ROOT/pages/annex/text-access-rule-examples.adoc

@@ -61,6 +61,7 @@ include::partial$examples/bpn.bnf[]
 include::partial$examples/allow-read-all-users-of-company-for-submodel.bnf[]
 ----
 
+[[allow-read-submodels-id-pattern]]
 == Allow READ to all Submodels with ID pattern for all authenticated users of a company for submodels with Nameplate and TechnicalData from 9:00-17:00
 
 [source,bnf,linenums]

documentation/IDTA-01004/modules/ROOT/pages/changelog.adoc

@@ -8,6 +8,30 @@ SPDX-License-Identifier: CC-BY-4.0
 
 ////
 
+[[change-notes]]
 = Change Notes
 
-This is the first Release.
+== Changes w.r.t. V3.1 vs. V3.0.1
+
+*changed: <ReferenceAttribute> with more detailed definition in BNF Grammar and JSON Schema
+*changed: <IdentifiableObject>, <ReferableObject>, <FragmentObject>, <DescriptorObject> with more detailed definition in BNF Grammar and JSON Schema
+
+
+== Changes w.r.t. V3.0.1 vs. V3.0
+
+Bugfixes:
+
+* changed: Removed incorrect but required whitespaces from grammar and examples [#477 of API](https://github.com/admin-shell-io/aas-specs-api/issues/477)
+* changed: fixed idShortPath definition in the BNF Grammar for the Query Language [#34](https://github.com/admin-shell-io/aas-specs-security/issues/34)
+* changed:  xref:access-rule-model.adoc#text-serialization-of-values-of-type-reference[text serialization of Reference]  does not follow text serialization of Part 1 of References, the updated grammar will be added in the V3.1 [#33](https://github.com/admin-shell-io/aas-specs-security/issues/33)
+
+
+Minor Changes:
+
+* changed: correct xref:annex/text-access-rule-examples.adoc#allow-read-submodels-id-pattern[example] in Annex
+* removed: remove <FieldIdentifierString> in grammar and use <FieldIdentifier> directly
+
+
+== Changes V3.0
+
+This is the first release

documentation/IDTA-01004/modules/ROOT/pages/index.adoc

@@ -18,31 +18,37 @@ This specification is part of the https://industrialdigitaltwin.org/en/content-h
 
 == Version
 
-This is version 3.0 of the specification IDTA-01004.
+This is version 3.0.1 of the specification IDTA-01004.
+
+Previous version: 3.0.
 
 [#metamodel-versions]
 == Metamodel Versions
 
-This document (version 3.0) uses the following parts of the “Specification of the Asset Administration Shell” series:
+This document uses the following parts and versions of the “Specification of the Asset Administration Shell” series:
 
 * IDTA-01001 Part 1: Metamodel in version 3.1 xref:bibliography.adoc#bib1[[1\]]
 * IDTA-01002 Part 2: Application Programming Interfaces in version 3.1 xref:bibliography.adoc#bib2[[2\]]
 * IDTA-01003-a Part 3a: Data Specification – IEC 61360 in version 3.1 xref:bibliography.adoc#bib3[[3\]]
 
+If there are bugfixes of the parts, these shall be used.
+
 == Notice
 
 Copyright: Industrial Digital Twin Association e.V. (IDTA)
 
-DOI: https://doi.org/10.62628/IDTA.01004-3-0
+DOI: https://doi.org/10.62628/IDTA.01004-3-0-1
+
+IDTA Number: IDTA-01004
 
-IDTA Document Number: IDTA-01004-3-0
+Version: 3.0.1
 
 This work is licensed under a
 https://creativecommons.org/licenses/by/4.0/[Creative Commons Attribution 4.0 International License].
 
 SPDX-License-Identifier: CC-BY-4.0
 
-May 2025
+July 2025
 
 == How to Get in Contact
 

documentation/IDTA-01004/modules/ROOT/partials/bnf/access-rules.bnf

@@ -41,7 +41,12 @@
     "GLOBAL" <ws> "(" <ws> ( "LOCALNOW" | "UTCNOW" | "CLIENTNOW" | "ANONYMOUS" ) <ws> ")"
 
 <ReferenceAttribute> ::=
-    "REFERENCE" <ws> "(" <ws> <ReferenceLiteral> <ws> ")"
+    "REFERENCE(" (
+    ("$aas" <IdentifierInstance> "#" <FieldsAAS> ) |
+    ("$sm" <IdentifierInstance> "#" <FieldsSM> ) |
+    ("$cd" <IdentifierInstance> "#" <FieldsCD> ) |
+    ("$sme" <IdentifierInstance> "." <idShortPath> "#" <FieldsSME> )
+    ) ")"
 
 <AttributeGroup> ::=
     ( <SingleAttribute> <ws> )*
@@ -56,17 +61,20 @@
 <RouteObject> ::=
     "ROUTE" <ws> <RouteLiteral> <ws>
 
+<IdentifierInstance> ::= "(" <StringLiteral> ")"
+<IdentifierInstanceOrAll> ::= <IdentifierInstance> | "(\"*\")"
+
 <IdentifiableObject> ::=
-    "IDENTIFIABLE" <ws> <IdentifiableLiteral> <ws>
+    "IDENTIFIABLE" <ws> ("$aas" | "$sm" | "$cd") <IdentifierInstanceOrAll>
 
 <ReferableObject> ::=
-    "REFERABLE" <ws> <ReferableLiteral> <ws>
+    "REFERABLE" <ws> "$sme" <IdentifierInstanceOrAll> "." <idShortPath>
 
 <FragmentObject> ::=
-    "FRAGMENT" <ws> <FragmentLiteral> <ws>
-
+    "FRAGMENT" <ws> "$sme" <IdentifierInstanceOrAll> "." <idShortPath> ( <ws> <StringLiteral> )+
+ 
 <DescriptorObject> ::=
-    "DESCRIPTOR" <ws> <DescriptorLiteral> <ws>
+    "DESCRIPTOR" <ws> ("$aasdesc" | "$smdesc") <IdentifierInstanceOrAll>
 
 <ObjectGroup> ::=
     ( <SingleObject> <ws> )*
@@ -103,13 +111,13 @@
 <stringComparison> ::=
     ( ( "$starts-with" | "$ends-with" | "$contains" | "$regex") <ws> "(" <ws> <stringOperand> <ws> "," <ws> <stringOperand> <ws> ")" <ws> ) |
     ( <stringOperand> <ws> <allComparisons> <ws> <stringOperand> <ws> ) |
-    ( <stringOperand> <ws> <allComparisons> <ws> <FieldIdentifierString> <ws> ) |
-    ( <FieldIdentifierString> <ws> <allComparisons> <ws> <stringOperand> <ws> )
+    ( <stringOperand> <ws> <allComparisons> <ws> <FieldIdentifier> <ws> ) |
+    ( <FieldIdentifier> <ws> <allComparisons> <ws> <stringOperand> <ws> )
 
 <numericalComparison> ::=
     ( <numericalOperand> <ws> <allComparisons> <ws> <numericalOperand> <ws> ) |
-    ( <numericalOperand> <ws> <allComparisons> <ws> <FieldIdentifierString> <ws> ) |
-    ( <FieldIdentifierString> <ws> <allComparisons> <ws> <numericalOperand> <ws> )
+    ( <numericalOperand> <ws> <allComparisons> <ws> <FieldIdentifier> <ws> ) |
+    ( <FieldIdentifier> <ws> <allComparisons> <ws> <numericalOperand> <ws> )
 
 <hexComparison> ::=
     <hexOperand> <ws> <allComparisons> <ws> <hexOperand> <ws>
@@ -129,7 +137,7 @@
 <operand> ::= <stringOperand> | <numericalOperand> | <hexOperand> | <boolOperand> | <dateTimeOperand> | <timeOperand>
 
 <stringOperand> ::=
-    <FieldIdentifierString> | <StringLiteral> | <castToString> | <SingleAttribute>
+    <FieldIdentifier> | <StringLiteral> | <castToString> | <SingleAttribute>
 
 <numericalOperand> ::=
     <NumericalLiteral> | <castToNumerical> | <dateTimeToNum>
@@ -164,25 +172,23 @@
 <castToTime> ::=
     "time" <ws> "(" <ws> ( <stringOperand> | <dateTimeOperand> ) <ws> ")" <ws>
 
-
 <DateTimeLiteral> ::= <datetime> <ws>
 <TimeLiteral> ::= <time> <ws>
-<datetime> ::= <date> <ws> ( "T" | " " ) <ws> <time> <ws> ( <timezone> <ws> )?
-<date> ::= <year> <ws> "-" <ws> <month> <ws> "-" <ws> <day> <ws>
-<year> ::= <digit> <ws> <digit> <ws> <digit> <ws> <digit> <ws>
-<month> ::= <digit> <ws> <digit> <ws>
-<day> ::= <digit> <ws> <digit> <ws>
-<time> ::= <hour> <ws> ":" <ws> <minute> <ws> ( ":" <ws> <second> <ws> )? ( "." <ws> <fraction> <ws> )?
-<timezone> ::= ( "Z" | ( "+" | "-" ) <ws> <hour> <ws> ":" <ws> <minute> <ws> )
-<hour> ::= <digit> <ws> <digit> <ws>
-<minute> ::= <digit> <ws> <digit> <ws>
-<second> ::= <digit> <ws> <digit> <ws>
-<fraction> ::= <digit>+ <ws>
-
-<digit> ::= [0-9] <ws>
+<datetime> ::= <date> ( "T" | "" ) <time> ( <timezone> )?
+<date> ::= <year> "-" <month> "-" <day>
+<year> ::= <digit> <digit> <digit> <digit>
+<month> ::= <digit> <digit>
+<day> ::= <digit> <digit>
+<time> ::= <hour> ":" <minute> ( ":" <second> )? ( "." <fraction> )?
+<timezone> ::= ( "Z" | ( "+" | "-" ) <hour> ":" <minute> )
+<hour> ::= <digit> <digit>
+<minute> ::= <digit> <digit>
+<second> ::= <digit> <digit>
+<fraction> ::= <digit>+
+ 
+<digit> ::= [0-9]
 <StringLiteral> ::= "\"" ( [A-Z] | [a-z] | [0-9] | "/" | "*" | "[" | "]" | "(" | ")" | " " | "_" | "@" | "#" | "\\" | "+" | "-" | "." | "," | ":" | "$" | "^" )+ "\""
 <ClaimLiteral> ::= <StringLiteral>
-<ReferenceLiteral> ::= <StringLiteral>
 <RouteLiteral> ::= <StringLiteral>
 <IdentifiableLiteral> ::= <StringLiteral>
 <ReferableLiteral> ::= <StringLiteral>
@@ -191,12 +197,16 @@
 <NumericalLiteral> ::= ( "+" | "-" )? ( [0-9]+ ( "." [0-9]* )? | "." [0-9]+ ) ( ( "e" | "E" )? [0-9]+ )
 <HexLiteral> ::= "16#" ( [0-9] | [A-F] )+
 <BoolLiteral> ::= "true" | "false"
-<FieldIdentifier> ::= <FieldIdentifierString>
-<FieldIdentifierString> ::= <FieldIdentifierAAS> | <FieldIdentifierSM> | <FieldIdentifierSME> | <FieldIdentifierCD> | <FieldIdentifierAasDescriptor> | <FieldIdentifierSmDescriptor>
-<FieldIdentifierAAS> ::= "$aas#" ( "idShort" | "id" | "assetInformation.assetKind" | "assetInformation.assetType" | "assetInformation.globalAssetId" | "assetInformation." <SpecificAssetIdsClause> | "submodels." <ReferenceClause> )
-<FieldIdentifierSM> ::= "$sm#" ( <SemanticIdClause> | "idShort" | "id" )
-<FieldIdentifierSME> ::= "$sme" ( "." <idShortPath> )? "#" ( <SemanticIdClause> | "idShort" | "value" | "valueType" | "language" )
-<FieldIdentifierCD> ::= "$cd#" ( "idShort" | "id" ) <ws>
+
+<FieldIdentifier> ::= <FieldIdentifierAAS> | <FieldIdentifierSM> | <FieldIdentifierSME> | <FieldIdentifierCD> | <FieldIdentifierAasDescriptor> | <FieldIdentifierSmDescriptor>
+<FieldIdentifierAAS> ::= "$aas#" <FieldsAAS>
+<FieldsAAS> ::= "idShort" | "id" | "assetInformation.assetKind" | "assetInformation.assetType" | "assetInformation.globalAssetId" | "assetInformation." <SpecificAssetIdsClause> | "submodels." <ReferenceClause>
+<FieldIdentifierSM> ::= "$sm#" <FieldsSM>
+<FieldsSM> ::= <SemanticIdClause> | "idShort" | "id"
+<FieldIdentifierCD> ::= "$cd#" <FieldsCD>
+<FieldsCD> ::= "idShort" | "id"
+<FieldIdentifierSME> ::= "$sme" ( "." <idShortPath> )? "#" <FieldsSME>
+<FieldsSME> ::= <SemanticIdClause> | "idShort" | "value" | "valueType" | "language"
 <FieldIdentifierAasDescriptor> ::= "$aasdesc#" ( "idShort" | "id" | "assetKind" | "assetType" | "globalAssetId" | <SpecificAssetIdsClause>  | "endpoints" ( "[" ( [0-9]* ) "]" ) "." <EndpointClause> | "submodelDescriptors" ( "[" ( [0-9]* ) "]" ) "." <SmDescriptorClause> )
 <FieldIdentifierSmDescriptor> ::= "$smdesc#" <SmDescriptorClause>
 <SmDescriptorClause> ::= ( <SemanticIdClause> | "idShort" | "id" | "endpoints" ( "[" ( [0-9]* ) "]" ) "." <EndpointClause> )
@@ -205,7 +215,7 @@
 <ReferenceClause> ::= ( "type" | "keys" ( "[" ( [0-9]* ) "]" ) ( ".type" | ".value" ) )
 <SemanticIdClause> ::= ( "semanticId" | "semanticId." <ReferenceClause> )
 <SpecificAssetIdsClause> ::=  ( "specificAssetIds" ( "[" ( [0-9]* ) "]" ) ( ".name" | ".value" | ".externalSubjectId" | ".externalSubjectId." <ReferenceClause> ) )
-<idShortPath> ::= ( <idShort> ("[" ( [0-9]* ) "]" ) ( "." <idShortPath> )* )
-<idShort> ::= ( ( [a-z] | [A-Z] ) ( [a-z] | [A-Z] | [0-9] | "_" )* )
+<idShortPath> ::= ( <idShort> ("[" ( [0-9]* ) "]" )* ( "." <idShortPath> )* )
+<idShort> ::= ( ( [a-z] | [A-Z] ) (( [a-z] | [A-Z] | [0-9] | "_"   | "-" )* ( [a-z] | [A-Z] | [0-9] | "_" ) )? )
 
-<ws> ::= ( " " | "\t" | "\r" | "\n" )+
+<ws> ::= ( " " | "\t" | "\r" | "\n" )*

documentation/IDTA-01004/modules/ROOT/partials/bnf/attributes.bnf

@@ -8,7 +8,12 @@
     "GLOBAL" <ws> "(" <ws> ( "LOCALNOW" | "UTCNOW" | "CLIENTNOW" | "ANONYMOUS" ) <ws> ")"
 
 <ReferenceAttribute> ::=
-    "REFERENCE" <ws> "(" <ws> <ReferenceLiteral> <ws> ")"
+    "REFERENCE(" (
+    ("$aas" <IdentifierInstance> "#" <FieldsAAS> ) |
+    ("$sm" <IdentifierInstance> "#" <FieldsSM> ) |
+    ("$cd" <IdentifierInstance> "#" <FieldsCD> ) |
+    ("$sme" <IdentifierInstance> "." <idShortPath> "#" <FieldsSME> )
+    ) ")"
 
 <AttributeGroup> ::=
     ( <SingleAttribute> <ws> )*

documentation/IDTA-01004/modules/ROOT/partials/bnf/objects.bnf

@@ -4,17 +4,20 @@
 <RouteObject> ::=
     "ROUTE" <ws> <RouteLiteral> <ws>
 
+<IdentifierInstance> ::= "(" <StringLiteral> ")"
+<IdentifierInstanceOrAll> ::= <IdentifierInstance> | "(\"*\")"
+
 <IdentifiableObject> ::=
-    "IDENTIFIABLE" <ws> <IdentifiableLiteral> <ws>
+    "IDENTIFIABLE" <ws> ("$aas" | "$sm" | "$cd") <IdentifierInstanceOrAll>
 
 <ReferableObject> ::=
-    "REFERABLE" <ws> <ReferableLiteral> <ws>
+    "REFERABLE" <ws> "$sme" <IdentifierInstanceOrAll> "." <idShortPath>
 
 <FragmentObject> ::=
-    "FRAGMENT" <ws> <FragmentLiteral> <ws>
-
+    "FRAGMENT" <ws> "$sme" <IdentifierInstanceOrAll> "." <idShortPath> ( <ws> <StringLiteral> )+
+ 
 <DescriptorObject> ::=
-    "DESCRIPTOR" <ws> <DescriptorLiteral> <ws>
+    "DESCRIPTOR" <ws> ("$aasdesc" | "$smdesc") <IdentifierInstanceOrAll>
 
 <ObjectGroup> ::=
     ( <SingleObject> <ws> )*

documentation/IDTA-01004/modules/ROOT/partials/examples/allow-read-all-users-of-company-for-submodel.bnf

@@ -4,7 +4,7 @@ ACCESSRULE:
   RIGHTS: READ
   ACCESS: ALLOW
   OBJECTS:
-    IDENTIFIABLE "(Submodel)*"
+    IDENTIFIABLE $sm("*")
   FORMULA:
     $and(
       $or(

documentation/IDTA-01004/modules/ROOT/partials/examples/allow-read-all-users-of-company-for-submodel.json

@@ -15,7 +15,7 @@
         },
         "OBJECTS": [
           {
-            "IDENTIFIABLE": "(Submodel)*"
+            "IDENTIFIABLE": "$sm(\"*\")"
           }
         ],
         "FORMULA": {