fix: sync discovery schema/spec with IETF-RFC.md

- Fix Appendix D Provider diagram tokens/fields to match the draft
  (tokenEndPoint, http-sig, http-request-signatures, publicKeys[])
- Align spec.yaml wording/examples with the draft (capability tokens, accessTypes,
  tokenEndPoint URL vs inviteAcceptDialog path)
- Move discovery schema to schemas/ocm-discovery.jsonc with draft-strict URL rules

Signed-off-by: Mahdi Baghbani <[email protected]>

Author: MahdiBaghbani

IETF-RFC.md

@@ -1677,23 +1677,27 @@ OCM Providers.
             | - inviteAcceptDialog  |
             | - provider            |
             | - publicKey           |
-            | - tokenEndpoint       |
+            | - publicKeys[]        |
+            | - tokenEndPoint       |
             +-----------------------+
                    |
                    | exposes
                    |
          +---------+---------+----------------------+
          |                   |                      |
          v                   v                      v
-+------------------+  +------------------+   +------------------+
-| ResourceTypes[]  |  | Capabilities[]   |   |    Criteria[]    |
-+------------------+  +------------------+   +------------------+
-| - name           |  | - enforce-mfa    |   | - allowlist      |
-| - shareTypes[]   |  | - exchange-token |   | - denylist       |
-| - protocols{}    |  | - invite-wayf    |   | - http-signatures|
-+------------------+  | - invites        |   | - invite         |
-       |              | - webdav-uri     |   | - token-exchange |
-       |              +------------------+   +------------------+
++------------------+  +------------------+   +--------------------------+
+| ResourceTypes[]  |  | Capabilities[]   |   |    Criteria[]            |
++------------------+  +------------------+   +--------------------------+
+| - name           |  | - enforce-mfa    |   | - allowlist              |
+| - shareTypes[]   |  | - exchange-token |   | - denylist               |
+| - protocols{}    |  | - http-sig       |   | - http-request-signatures|
++------------------+  | - invites        |   | - invite                 |
+       |              | - notifications  |   | - token-exchange         |
+       |              | - protocol-object|   +--------------------------+
+       |              | - webdav-uri     |
+       |              +------------------+
+       |
        | supports
        v
 +------------------+

schemas/ocm-discovery.json

@@ -0,0 +1,88 @@
+{
+  // Discovery schema for OCM API Discovery (JSON Schema, JSONC for comments).
+  //
+  // Content source of truth: IETF-RFC.md (this repo).
+  //
+  // Mixed URL forms (per draft wording):
+  // - inviteAcceptDialog is a URL path (starts with "/"), resolved at the server origin.
+  // - tokenEndPoint is a URL (typically https://...) of the token exchange endpoint.
+  //
+  "title": "OCM API Discovery",
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "type": "object",
+  "properties": {
+    "enabled": { "type": "boolean" },
+    "apiVersion": { "type": "string" },
+    "endPoint": { "type": "string", "format": "uri" },
+    "provider": { "type": "string" },
+    "resourceTypes": {
+      "type": "array",
+      "items": { "$ref": "#/$defs/resourceType" }
+    },
+    "capabilities": {
+      "type": "array",
+      "description": "Optional capability tokens (for example: enforce-mfa, exchange-token, http-sig, invites, invite-wayf, notifications, protocol-object, webdav-uri).",
+      "items": { "type": "string" }
+    },
+    "criteria": {
+      "type": "array",
+      "description": "Optional criteria tokens (for example: http-request-signatures, token-exchange, denylist, allowlist, invite).",
+      "items": { "type": "string" }
+    },
+    "publicKey": { "$ref": "#/$defs/publicKeyLegacy" },
+    "publicKeys": {
+      "type": "array",
+      "description": "Optional public keys for RFC 9421 HTTP Message Signatures (see IETF-RFC.md).",
+      "items": { "$ref": "#/$defs/publicKeyRfc9421" }
+    },
+    "inviteAcceptDialog": {
+      "type": "string",
+      "pattern": "^/",
+      "description": "URL path of a web page where a user can accept an invite (see IETF-RFC.md)."
+    },
+    "tokenEndPoint": {
+      "type": "string",
+      "format": "uri",
+      "pattern": "^https?://",
+      "description": "URL of the token exchange endpoint (see IETF-RFC.md)."
+    }
+  },
+  "required": ["enabled", "apiVersion", "endPoint", "resourceTypes"],
+  "$defs": {
+    "resourceType": {
+      "properties": {
+        "name": { "type": "string" },
+        "shareTypes": { "type": "array" },
+        "protocols": { "$ref": "#/$defs/protocols" }
+      },
+      "required": ["name", "shareTypes", "protocols"]
+    },
+    "protocols": {
+      "type": "object",
+      "minProperties": 1,
+      "description": "Additional protocols besides 'webdav', 'webapp' and 'ssh' may be defined.",
+      "properties": {
+        "webdav": { "type": "string", "pattern": "^/" },
+        "webapp": { "type": "string", "pattern": "^/" },
+        "ssh": { "type": "string" }
+      }
+    },
+    "publicKeyLegacy": {
+      "type": "object",
+      "properties": {
+        "keyId": { "type": "string" },
+        "publicKeyPem": { "type": "string" }
+      },
+      "required": ["keyId", "publicKeyPem"]
+    },
+    "publicKeyRfc9421": {
+      "type": "object",
+      "properties": {
+        "keyId": { "type": "string" },
+        "publicKeyPem": { "type": "string" },
+        "algorithm": { "type": "string" }
+      },
+      "required": ["keyId", "publicKeyPem", "algorithm"]
+    }
+  }
+}