Return to CIM_Identity.mof CVS log | Up to [OMI] / omi / share / networkschema |
File: [OMI] / omi / share / networkschema / CIM_Identity.mof
(download)
Revision: 1.1, Mon Apr 20 17:20:14 2015 UTC (9 years, 2 months ago) by krisbash Branch: MAIN CVS Tags: OMI_1_0_8_2, OMI_1_0_8_1, HEAD OMI 1.0.8-1 |
// Copyright (c) 2008 DMTF. All rights reserved. [Version ( "2.19.0" ), UMLPackagePath ( "CIM::User::Identity" ), Description ( "An instance of an Identity represents a ManagedElement that " "acts as a security principal within the scope in which it is " "defined and authenticated. (Note that the Identity\'s scope is " "specified using the association, CIM_IdentityContext.) " "ManagedElements with Identities can be OrganizationalEntities, " "Services, Systems, etc. The ManagedElement \'behind\' an " "Identity is described using the AssignedIdentity association. \n" "\n" "Within a given security context, an Identity may be imparted a " "level of trust, usually based on its credentials. A trust " "level is defined using the CIM_SecuritySensitivity class, and " "associated with Identity using CIM_ElementSecuritySensitivity. " "Whether an Identity is currently authenticated is evaluated by " "checking the CurrentlyAuthenticated boolean property. This " "property is set and cleared by the security infrastructure, " "and should only be readable within the management " "infrastructure. The conditions which must be met/authenticated " "in order for an Identity\'s CurrentlyAuthenticated Boolean to " "be TRUE are defined using a subclass of PolicyCondition - " "AuthenticationCondition. The inheritance tree for " "AuthenticationCondition is defined in the CIM Policy Model. \n" "\n" "Subclasses of Identity may include specific information " "related to a given AuthenticationService or authority (such as " "a security token or computer hardware port/communication " "details) that more specifically determine the authenticity of " "the Identity. An instance of Identity may be persisted even " "though it is not CurrentlyAuthenticated, in order to maintain " "static relationships to Roles, associations to accounting " "information, and policy data defining authentication " "requirements. Note however, when an Identity is not " "authenticated (CurrentlyAuthenticated = FALSE), then " "Privileges or rights SHOULD NOT be authorized. The lifetime, " "validity, and propagation of the Identity is dependent on a " "security infrastructure\'s policies." )] class CIM_Identity : CIM_ManagedElement { [Key, Override ( "InstanceID" ), Description ( "Within the scope of the instantiating Namespace, " "InstanceID opaquely and uniquely identifies an instance " "of this class. In order to ensure uniqueness within the " "NameSpace, the value of InstanceID SHOULD be constructed " "using the following \'preferred\' algorithm: \n" "<OrgID>:<LocalID> \n" "Where <OrgID> and <LocalID> are separated by a colon " "\':\', and where <OrgID> MUST include a copyrighted, " "trademarked or otherwise unique name that is owned by " "the business entity creating/defining the InstanceID, or " "is a registered ID that is assigned to the business " "entity by a recognized global authority. (This is " "similar to the <Schema Name>_<Class Name> structure of " "Schema class names.) In addition, to ensure uniqueness " "<OrgID> MUST NOT contain a colon (\':\'). When using " "this algorithm, the first colon to appear in InstanceID " "MUST appear between <OrgID> and <LocalID>. \n" "<LocalID> is chosen by the business entity and SHOULD " "not be re-used to identify different underlying " "(real-world) elements. If the above \'preferred\' " "algorithm is not used, the defining entity MUST assure " "that the resultant InstanceID is not re-used across any " "InstanceIDs produced by this or other providers for this " "instance\'s NameSpace. \n" "For DMTF defined instances, the \'preferred\' algorithm " "MUST be used with the <OrgID> set to \'CIM\'." )] string InstanceID; [Description ( "Boolean indicating whether this Identity has been " "authenticated, and is currently known within the scope " "of an AuthenticationService or authority. By default, " "authenticity SHOULD NOT be assumed. This property is set " "and cleared by the security infrastructure, and should " "only be readable within the management infrastructure. " "Note that its value, alone, may not be sufficient to " "determine authentication/ authorization, in that " "properties of an Identity subclass (such as a security " "token or computer hardware port/ communication details) " "may be required by the security infrastructure." )] boolean CurrentlyAuthenticated = false; };
ViewCVS 0.9.2 |