1 krisbash 1.1 // Copyright (c) 2008 DMTF. All rights reserved.
2 [Version ( "2.19.0" ),
3 UMLPackagePath ( "CIM::User::Identity" ),
4 Description (
5 "An instance of an Identity represents a ManagedElement that "
6 "acts as a security principal within the scope in which it is "
7 "defined and authenticated. (Note that the Identity\'s scope is "
8 "specified using the association, CIM_IdentityContext.) "
9 "ManagedElements with Identities can be OrganizationalEntities, "
10 "Services, Systems, etc. The ManagedElement \'behind\' an "
11 "Identity is described using the AssignedIdentity association. \n"
12 "\n"
13 "Within a given security context, an Identity may be imparted a "
14 "level of trust, usually based on its credentials. A trust "
15 "level is defined using the CIM_SecuritySensitivity class, and "
16 "associated with Identity using CIM_ElementSecuritySensitivity. "
17 "Whether an Identity is currently authenticated is evaluated by "
18 "checking the CurrentlyAuthenticated boolean property. This "
19 "property is set and cleared by the security infrastructure, "
20 "and should only be readable within the management "
21 "infrastructure. The conditions which must be met/authenticated "
22 krisbash 1.1 "in order for an Identity\'s CurrentlyAuthenticated Boolean to "
23 "be TRUE are defined using a subclass of PolicyCondition - "
24 "AuthenticationCondition. The inheritance tree for "
25 "AuthenticationCondition is defined in the CIM Policy Model. \n"
26 "\n"
27 "Subclasses of Identity may include specific information "
28 "related to a given AuthenticationService or authority (such as "
29 "a security token or computer hardware port/communication "
30 "details) that more specifically determine the authenticity of "
31 "the Identity. An instance of Identity may be persisted even "
32 "though it is not CurrentlyAuthenticated, in order to maintain "
33 "static relationships to Roles, associations to accounting "
34 "information, and policy data defining authentication "
35 "requirements. Note however, when an Identity is not "
36 "authenticated (CurrentlyAuthenticated = FALSE), then "
37 "Privileges or rights SHOULD NOT be authorized. The lifetime, "
38 "validity, and propagation of the Identity is dependent on a "
39 "security infrastructure\'s policies." )]
40 class CIM_Identity : CIM_ManagedElement {
41
42 [Key, Override ( "InstanceID" ),
43 krisbash 1.1 Description (
44 "Within the scope of the instantiating Namespace, "
45 "InstanceID opaquely and uniquely identifies an instance "
46 "of this class. In order to ensure uniqueness within the "
47 "NameSpace, the value of InstanceID SHOULD be constructed "
48 "using the following \'preferred\' algorithm: \n"
49 "<OrgID>:<LocalID> \n"
50 "Where <OrgID> and <LocalID> are separated by a colon "
51 "\':\', and where <OrgID> MUST include a copyrighted, "
52 "trademarked or otherwise unique name that is owned by "
53 "the business entity creating/defining the InstanceID, or "
54 "is a registered ID that is assigned to the business "
55 "entity by a recognized global authority. (This is "
56 "similar to the <Schema Name>_<Class Name> structure of "
57 "Schema class names.) In addition, to ensure uniqueness "
58 "<OrgID> MUST NOT contain a colon (\':\'). When using "
59 "this algorithm, the first colon to appear in InstanceID "
60 "MUST appear between <OrgID> and <LocalID>. \n"
61 "<LocalID> is chosen by the business entity and SHOULD "
62 "not be re-used to identify different underlying "
63 "(real-world) elements. If the above \'preferred\' "
64 krisbash 1.1 "algorithm is not used, the defining entity MUST assure "
65 "that the resultant InstanceID is not re-used across any "
66 "InstanceIDs produced by this or other providers for this "
67 "instance\'s NameSpace. \n"
68 "For DMTF defined instances, the \'preferred\' algorithm "
69 "MUST be used with the <OrgID> set to \'CIM\'." )]
70 string InstanceID;
71
72 [Description (
73 "Boolean indicating whether this Identity has been "
74 "authenticated, and is currently known within the scope "
75 "of an AuthenticationService or authority. By default, "
76 "authenticity SHOULD NOT be assumed. This property is set "
77 "and cleared by the security infrastructure, and should "
78 "only be readable within the management infrastructure. "
79 "Note that its value, alone, may not be sufficient to "
80 "determine authentication/ authorization, in that "
81 "properties of an Identity subclass (such as a security "
82 "token or computer hardware port/ communication details) "
83 "may be required by the security infrastructure." )]
84 boolean CurrentlyAuthenticated = false;
85 krisbash 1.1
86
87 };
|