// Copyright (c) 2005 DMTF. All rights reserved. [Association, Version ( "2.8.0" ), UMLPackagePath ( "CIM::Policy" ), Description ( "This association specifies that a credential management " "service (e.g., CertificateAuthority or Kerberos key " "distribution service) is to be trusted to certify credentials, " "presented at the packet level. The association defines an " "\'approved\' CredentialManagementService that is used for " "validation. \n" "\n" "The use of this class is best explained via an example: \n" "If a CertificateAuthority is specified using this association, " "and a corresponding X509CredentialFilterEntry is also " "associated with a PacketFilterCondition (via the relationship, " "FilterOfPacketCondition), then the credential MUST match the " "FilterEntry data AND be certified by that CA (or one of the " "CredentialManagementServices in its trust hierarchy). " "Otherwise, the X509CredentialFilterEntry is deemed not to " "match. If a credential is certified by a " "CredentialManagementService associated with the " "PacketFilterCondition through the AcceptCredentialFrom " "relationship, but there is no corresponding " "CredentialFilterEntry, then all credentials from the related " "service are considered to match." ), MappingStrings { "IPSP Policy Model.IETF|AcceptCredentialFrom" }] class CIM_AcceptCredentialFrom : CIM_Dependency { [Override ( "Antecedent" ), Description ( "The CredentialManagementService that is issuing the " "credential to be matched in the PacketFilterCondition." ), MappingStrings { "IPSP Policy Model.IETF|AcceptCredentialFrom.Antecedent" }] CIM_CredentialManagementService REF Antecedent; [Override ( "Dependent" ), Description ( "The PacketFilterCondition that associates the " "CredentialManagementService and any " "FilterLists/FilterEntries." ), MappingStrings { "IPSP Policy Model.IETF|AcceptCredentialFrom.Dependent" }] CIM_PacketFilterCondition REF Dependent; };