// =================================================================== // Title: User-Security MOF Specification 2.6 // Filename: CIM_User26.mof // Version: 2.6.0 // Status: Final // Date: 06/04/2002 // =================================================================== // Copyright 2000-2002 Distributed Management Task Force, Inc. (DMTF). // All rights reserved. // DMTF is a not-for-profit association of industry members dedicated // to promoting enterprise and systems management and interoperability. // DMTF specifications and documents may be reproduced for uses // consistent with this purpose by members and non-members, // provided that correct attribution is given. // As DMTF specifications may be revised from time to time, // the particular version and release date should always be noted. // // Implementation of certain elements of this standard or proposed // standard may be subject to third party patent rights, including // provisional patent rights (herein "patent rights"). DMTF makes // no representations to users of the standard as to the existence // of such rights, and is not responsible to recognize, disclose, or // identify any or all such third party patent right, owners or // claimants, nor for any incomplete or inaccurate identification or // disclosure of such rights, owners or claimants. DMTF shall have no // liability to any party, in any manner or circumstance, under any // legal theory whatsoever, for failure to recognize, disclose, or // identify any such third party patent rights, or for such party’s // reliance on the standard or incorporation thereof in its product, // protocols or testing procedures. DMTF shall have no liability to // any party implementing such standard, whether such implementation // is foreseeable or not, nor to any patent owner or claimant, and shall // have no liability or responsibility for costs or losses incurred if // a standard is withdrawn or modified after publication, and shall be // indemnified and held harmless by any party implementing the // standard from any and all claims of infringement by a patent owner // for such implementations. // // For information about patents held by third-parties which have // notified the DMTF that, in their opinion, such patent may relate to // or impact implementations of DMTF standards, visit // http://www.dmtf.org/about/policies/disclosures.php. // =================================================================== // Description: These object classes define the user and security // model for CIM and include classes needed to represent // users, groups and organizational entities as well as // security services and authentication/authorization // information. // // The object classes below are listed in an order that // avoids forward references. Required objects, defined // by other working groups, are omitted. // =================================================================== // 14 Mar 2000 - Version 2.3 // // 09 Jun 2000 - ERRATA to Version 2.3 creating V2.4 // - CR493a, Correction of Antecedent/Dependent references // References are reversed from the original 2.3 model // - CR497: Corrections to antecedent/dependent references // 1. ElementAsUser should run between an ME and a // UsersAccess. Both references are ME in the MOF. // UsersAccess is the Dependent reference. // // 2. ManagesAccount should subclass from Dependency. // // 3. ServiceUsesSecurityService - antecedent and // dependent are backwards. SecurityService should // be the antecedent and Service the dependent. // // 4. SecurityServiceForSystem - should subclass from // ProvidesServiceToElement. // // 5. UsersCredentials - The antecedent and dependent // references are backwards. The UsersAccess is // dependent on the Credentials - the credentials // are the antecedent. // // 6. The change in UsersCredentials affects // PublicPrivateKeyPair, since it inherits from // UsersCredentials. // // 7. CAHasPublicCertificate - The antecedent and // dependent references are backwards. The CA USES // the public certificate - therefore, it is dependent // on the certificate. // // 8. AuthenticateForUse - The antecedent and // dependent are backwards. The association "provides // an AuthenticationService with the // AuthenticationRequirement it needs to do its job". // AuthenticationService is Dependent on the // Requirement. // // 9. RequireCredentialsFrom - Antecedent and // dependent are backwards. The requirement is for // a specific credential mgmt service - the service // has no dependencies at all on the requirement. // // 10. AuthenticationTarget - Clarification that the // "target" is dependent on the requirement to protect // it. // // 11. AuthorizedUse - The antecedent and dependent // are backwards since the description says that the // association "provides an AuthorizationService // with the AccessControlInformation it needs to do // its job". AuthorizationService is Dependent on the // ACI. // // 21 June 2000 - ERRATA to Version 2.3 creating Version 2.4 // - CR515: CIM Account keys. CIM_Account currently has two // local keys, Name and UserID. // The intent was to have CreationClassName and Name // as keys where name could be set to a value equal to // the UserID or to some other value, e.g., a DN from // a directory. // // 10 Nov 2000 - Changes to Version 2.4 creating V2.5 // - CR544a, Adds classes and properties needed for Network // IPsec submodel. // Classes added are: // CredentialManagementSAP // LocalCredentialManagementService // PublicKeyManagementService // UnsignedPublicKey // NamedSharedIKESecret // TrustHierarchy // LocallyManagedPublicKey // IKESecretIsNamed // Properties added are: // CertificateAuthority.CADistinguishedName // CertificateAuthority.MaxChainLength // CertificateAuthority.CRLRefreshFrequency // - CR560, ERRATA renames KerberosTicket.Type to // KerberosTicket.TicketType and changes it from an // array to a scalar property // // 23 Jan 2001 - ERRATA to Version 2.5 creating V2.6 // - CR591, Corrections to PROPAGATE qualifiers on // Credential Subclasses // // 17 May 2001 - ERRATA to Version 2.5 creating V2.6 // - CR606, Corrections to aggregations to add // 'aggregate' qualifier // // 10 March 2001 - Add Version qualifier to all classes (CR746) // // =================================================================== // =================================================================== // === Pragmas === // =================================================================== #pragma Locale ("en_US") // ================================================================== // === Data class definitions === // ================================================================== // ================================================================== // Group // ================================================================== [Version ("2.6.0"), Description ( "The Group class is used to collect ManagedElements into groups. " "This class is defined so as to incorporate commonly-used LDAP " "attributes to permit implementations to easily derive this " "information from LDAP-accessible directories. This class's " "properties are a subset of a related class, " "OtherGroupInformation, which defines all the group properties " "and in array form for directory compatibility.") ] class CIM_Group : CIM_Collection { [Key, MaxLen (256), Description ( "CreationClassName indicates the name of the class or the " "subclass used in the creation of an instance. When used " "with the other key properties of this class, this property " "allows all instances of this class and its subclasses to " "be uniquely identified.") ] string CreationClassName; [Key, MaxLen (1024), Description ( "The Name property defines the label by which the object is " "known. In the case of an LDAP-derived instance, the Name " "property value may be set to the distinguishedName of the " "LDAP-accessed object instance.") ] string Name; [MaxLen (128), Description ( "The BusinessCategory property may be used to describe the " "kind of business activity performed by the members of the " "group.") ] string BusinessCategory; [Required, Description ( "A Common Name is a (possibly ambiguous) name by which the " "group is commonly known in some limited scope (such as an " "organization) and conforms to the naming conventions of the " "country or culture with which it is associated.") ] string CommonName; }; // ================================================================== // OtherGroupInformation // ================================================================== [Version ("2.6.0"), Description ( "The OtherGroupInformation class provides additional information " "about an associated Group instance. This class is defined so as " "to incorporate commonly-used LDAP attributes to permit " "implementations to easily derive this information from " "LDAP-accessible directories.") ] class CIM_OtherGroupInformation : CIM_ManagedElement { [Key, MaxLen (256), Description ( "CreationClassName indicates the name of the class or the " "subclass used in the creation of an instance. When used " "with the other key properties of this class, this property " "allows all instances of this class and its subclasses to " "be uniquely identified.") ] string CreationClassName; [Key, MaxLen (1024), Description ( "The Name property defines the label by which the object is " "known. In the case of an LDAP-derived instance, the Name " "property value may be set to the distinguishedName of the " "LDAP-accessed object instance.") ] string Name; [Description ( "In the case of an LDAP-derived instance, the ObjectClass " "property value(s) may be set to the objectClass attribute " "values.") ] string ObjectClass[]; [MaxLen (128), Description ( "The BusinessCategory property may be used to describe the " "kind of business activity performed by the members of the " "group.") ] string BusinessCategory[]; [Description ( "A Common Name is a (possibly ambiguous) name by which the " "group is commonly known in some limited scope (such as an " "organization) and conforms to the naming conventions of the " "country or culture with which it is associated.") ] string CommonName[]; [MaxLen (1024), Description ( "The Descriptions property values may contain human-readable " "descriptions of the object. In the case of an LDAP-derived " "instance, the description attribute may have multiple values " "that, therefore, cannot be placed in the inherited " "Description property.") ] string Descriptions[]; [Description ( "The name of an organization related to the group.") ] string OrganizationName[]; [Description ( "The name of an organizational unit related to the group.") ] string OU[]; [Description ( "The Owner property specifies the name of some object that " "has some responsibility for the group. In the case of an " "LDAP-derived instance, a property value for Owner may be a " "distinguishedName of owning persons, groups, roles, etc.") ] string Owner[]; [Description ( "In the case of an LDAP-derived instance, the See Also " "property specifies distinguishedName of other Directory " "objects which may be other aspects (in some sense) of the " "same real world object.") ] string SeeAlso[]; }; // ================================================================== // Role // ================================================================== [Version ("2.6.0"), Description ( "The Role object class is used to represent a position or set of " "responsibilities within an organization, organizational unit or " "system administration scope and is filled by a person or persons " "(or non-human entities represented by ManagedSystemElement " "subclasses) that may be explicitly or implicitly members of this " "collection subclass. The class is defined so as to incorporate " "commonly-used LDAP attributes to permit implementations to " "easily derive this information from LDAP-accessible directories. " "The members of a role are frequently called role occupants. " "This class's properties are a subset of a related class, " "OtherRoleInformation, which defines all the group properties " "and in array form for directory compatibility.") ] class CIM_Role : CIM_Collection { [Key, MaxLen (256), Description ( "CreationClassName indicates the name of the class or the " "subclass used in the creation of an instance. When used " "with the other key properties of this class, this property " "allows all instances of this class and its subclasses to " "be uniquely identified.") ] string CreationClassName; [Key, MaxLen (1024),Description ( "The Name property defines the label by which the object is " "known. In the case of an LDAP-derived instance, the Name " "property value may be set to the distinguishedName of the " "LDAP-accessed object instance.") ] string Name; [MaxLen (128), Description ( "This property may be used to describe the kind of business " "activity performed by the members (role occupants) in the " "position or set of responsibilities represented by the " "Role.") ] string BusinessCategory; [Required, Description ( "A Common Name is a (possibly ambiguous) name by which the " "role is commonly known in some limited scope (such as an " "organization) and conforms to the naming conventions of the " "country or culture with which it is associated.") ] string CommonName; }; // ================================================================== // OtherRoleInformation // ================================================================== [Version ("2.6.0"), Description ( "The OtherRoleInformation class is used to provide additional " "information about an associated Role instance. This class is " "defined so as to incorporate commonly-used LDAP attributes to " "permit implementations to easily derive this information from " "LDAP-accessible directories.") ] class CIM_OtherRoleInformation : CIM_ManagedElement { [Key, MaxLen (256), Description ( "CreationClassName indicates the name of the class or the " "subclass used in the creation of an instance. When used " "with the other key properties of this class, this property " "allows all instances of this class and its subclasses to " "be uniquely identified.") ] string CreationClassName; [Key, MaxLen (1024),Description ( "The Name property defines the label by which the object is " "known. In the case of an LDAP-derived instance, the Name " "property value may be set to the distinguishedName of the " "LDAP-accessed object instance.") ] string Name; [Description ( "In the case of an LDAP-derived instance, the ObjectClass " "property value(s) may be set to the objectClass attribute " "values.") ] string ObjectClass[]; [MaxLen (128), Description ( "This property may be used to describe the kind of business " "activity performed by the members (role occupants) in the " "position or set of responsibilities represented by the " "Role.") ] string BusinessCategory[]; [Description ( "A Common Name is a (possibly ambiguous) name by which the " "role is commonly known in some limited scope (such as an " "organization) and conforms to the naming conventions of the " "country or culture with which it is associated.") ] string CommonName[]; [MaxLen (1024), Description ( "The Descriptions property values may contain human-readable " "descriptions of the object. In the case of an LDAP-derived " "instance, the description attribute may have multiple values " "that, therefore, cannot be placed in the inherited " "Description property.") ] string Descriptions[]; [MaxLen (128), Description ( "This property is used for the role occupants' telegram " "service.") ] string DestinationIndicator[]; [Description ( "The role occupants' facsimile telephone number.") ] string FacsimileTelephoneNumber[]; [MaxLen (16), Description ( "The role occupants' International ISDN number.") ] string InternationaliSDNNumber[]; [Description ( "The name of an organizational unit related to the role.") ] string OU[]; [MaxLen (128), Description ( "The Physical Delivery Office Name property specifies the name " "of the city, village, etc. where a physical delivery office " "is situated.") ] string PhysicalDeliveryOfficeName[]; [Description ( "The Postal Address property values specify the address " "information required for the physical delivery of postal " "messages by the postal authority to the role occupants.") ] string PostalAddress[]; [MaxLen (40), Description ( "The Postal Code property specifies the postal code for the " "role occupants. If this value is present it will be part of " "the object's postal address.") ] string PostalCode[]; [MaxLen (40), Description ( "The Post Office Box property specifies the Post Office Box " "by which the role occupants will receive physical postal " "delivery. If present, the property value is part of the " "object's postal address.") ] string PostOfficeBox[]; [Description ( "The Preferred Delivery Method property specifies the " "role occupants' preferred method to be used for contacting " "them in their role.") ] string PreferredDeliveryMethod; [Description ( "This property specifies a postal address suitable for receipt " "of telegrams or expedited documents, where it is necessary to " "have the recipient accept delivery.") ] string RegisteredAddress[]; [Description ( "In the case of an LDAP-derived instance, the See Also " "property specifies distinguishedName of other Directory " "objects which may be other aspects (in some sense) of the " "same real world object.") ] string SeeAlso[]; [Description ( "The State or Province Name property specifies a state or " "province.") ] string StateOrProvince[]; [MaxLen (128), Description ( "The Street Address property specifies a site for the local " "distribution and physical delivery in a postal address, i.e. " "the street name, place, avenue, and the number.") ] string Street[]; [MaxLen (32), Description ( "The Telephone Number property specifies a telephone number of " "the role occupants, e.g. + 44 582 10101).") ] string TelephoneNumber[]; [Description ( "The Teletex Terminal Identifier property specifies the " "Teletex terminal identifier (and, optionally, parameters) for " "a teletex terminal associated with the role occupants.") ] string TeletexTerminalIdentifier[]; [Description ( "The Telex Number property specifies the telex number, country " "code, and answerback code of a telex terminal for the " "role occupants.") ] string TelexNumber[]; [MaxLen (15), Description ( "An X.121 address for the role occupants.") ] string X121Address[]; }; // ================================================================== // OrganizationalEntity // ================================================================== [Abstract, Version ("2.6.0"), Description ( "OrganizationalEntity is an abstract class from which classes " "that fit into an organizational structure are derived.") ] class CIM_OrganizationalEntity : CIM_ManagedElement { }; // ================================================================== // Organization // ================================================================== [Version ("2.6.0"), Description ( "The Organization class is used to represent an organization such " "as a corporation or other autonomous entity. The class is " "defined so as to incorporate commonly-used LDAP attributes to " "permit implementations to easily derive this information from " "LDAP-accessible directories. This class's properties are a " "subset of a related class, OtherOrganizationInformation, which " "defines all the group properties and in array form for " "directory compatibility.") ] class CIM_Organization : CIM_OrganizationalEntity { [Key, MaxLen (256), Description ( "CreationClassName indicates the name of the class or the " "subclass used in the creation of an instance. When used " "with the other key properties of this class, this property " "allows all instances of this class and its subclasses to " "be uniquely identified.") ] string CreationClassName; [Key, MaxLen (1024),Description ( "The Name property defines the label by which the object is " "known. In the case of an LDAP-derived instance, the Name " "property value may be set to the distinguishedName of the " "LDAP-accessed object instance.") ] string Name; [MaxLen (128), Description ( "This property describes the kind of business performed by an " "organization.") ] string BusinessCategory; [Description ( "The organization's facsimile telephone number.") ] string FacsimileTelephoneNumber; [Description ( "This property contains the name of a locality, such as a " "city, county or other geographic region.") ] string LocalityName; [Description ( "Based on RFC1274, the mail box addresses for the organization " "as defined in RFC822.") ] string Mail; [Required, Description ( "The name of the organization.") ] string OrganizationName; [Description ( "The Postal Address property values specify the address " "information required for the physical delivery of postal " "messages by the postal authority to the organization.") ] string PostalAddress[]; [MaxLen (40), Description ( "The Postal Code property specifies the postal code of the " "organization. If this value is present it will be part of " "the object's postal address.") ] string PostalCode; [Description ( "The State or Province Name property specifies a state or " "province.") ] string StateOrProvince; [MaxLen (32), Description ( "The Telephone Number property specifies a telephone number of " "the organization, e.g. + 44 582 10101).") ] string TelephoneNumber; }; // ================================================================== // OtherOrganizationInformation // ================================================================== [Version ("2.6.0"), Description ( "The OtherOrganizationInformation class is used to provide " "additional information about an associated Organization instance. " "This class is defined so as to incorporate commonly-used LDAP " "attributes to permit implementations to easily derive this " "information from LDAP-accessible directories.") ] class CIM_OtherOrganizationInformation : CIM_ManagedElement { [Key, MaxLen (256), Description ( "CreationClassName indicates the name of the class or the " "subclass used in the creation of an instance. When used " "with the other key properties of this class, this property " "allows all instances of this class and its subclasses to " "be uniquely identified.") ] string CreationClassName; [Key, MaxLen (1024),Description ( "The Name property defines the label by which the object is " "known. In the case of an LDAP-derived instance, the Name " "property value may be set to the distinguishedName of the " "LDAP-accessed object instance.") ] string Name; [Description ( "In the case of an LDAP-derived instance, the ObjectClass " "property value(s) may be set to the objectClass attribute " "values.") ] string ObjectClass[]; [MaxLen (128), Description ( "This property describes the kind of business performed by an " "organization.") ] string BusinessCategory[]; [MaxLen (1024), Description ( "The Descriptions property values may contain human-readable " "descriptions of the object. In the case of an LDAP-derived " "instance, the description attribute may have multiple values " "that, therefore, cannot be placed in the inherited " "Description property.") ] string Descriptions[]; [MaxLen (128), Description ( "This property is used for the organization's telegram " "service.") ] string DestinationIndicator[]; [Description ( "The organization's facsimile telephone number.") ] string FacsimileTelephoneNumber[]; [MaxLen (16), Description ( "The organization's International ISDN number.") ] string InternationaliSDNNumber[]; [Description ( "Uniform Resource Identifier with optional label as defined in " "RFC2079.") ] string LabeledURI[]; [Description ( "This property contains the name of a locality, such as a " "city, county or other geographic region.") ] string LocalityName[]; [Description ( "Based on RFC1274, the mail box addresses for the organization " "as defined in RFC822.") ] string Mail[]; [Description ( "The manager for the organization. In the case of an " "LDAP-derived instance, the Manager property value may contain " "the distinguishedName of the Manager.") ] string Manager[]; [Description ( "The name of the organization.") ] string OrganizationName[]; [Description ( "Based on RFC1274, this property may be used for electronic " "mail box addresses other than RFC822 and X.400.") ] string OtherMailbox[]; [MaxLen (128), Description ( "The Physical Delivery Office Name property specifies the name " "of the city, village, etc. where a physical delivery office " "is situated.") ] string PhysicalDeliveryOfficeName[]; [Description ( "The Postal Address property values specify the address " "information required for the physical delivery of postal " "messages by the postal authority to the organization.") ] string PostalAddress[]; [MaxLen (40), Description ( "The Postal Code property specifies the postal code of the " "organization. If this value is present it will be part of " "the object's postal address.") ] string PostalCode[]; [MaxLen (40), Description ( "The Post Office Box property specifies the Post Office Box " "by which the organization will receive physical postal " "delivery. If present, the property value is part of the " "object's postal address.") ] string PostOfficeBox[]; [Description ( "The Preferred Delivery Method property specifies the " "organization's preferred method to be used for communicating " "with it.") ] string PreferredDeliveryMethod; [Description ( "This property specifies a postal address suitable for receipt " "of telegrams or expedited documents, where it is necessary to " "have the recipient accept delivery.") ] string RegisteredAddress[]; [Description ( "This property value is for use by X.500 clients in " "constructing search filters.") ] string SearchGuide[]; [Description ( "In the case of an LDAP-derived instance, the See Also " "property specifies distinguishedName of other Directory " "objects which may be other aspects (in some sense) of the " "same real world object.") ] string SeeAlso[]; [Description ( "The State or Province Name property specifies a state or " "province.") ] string StateOrProvince[]; [MaxLen (128), Description ( "The Street Address property specifies a site for the local " "distribution and physical delivery in a postal address, i.e. " "the street name, place, avenue, and the number.") ] string Street[]; [MaxLen (32), Description ( "The Telephone Number property specifies a telephone number of " "the organization, e.g. + 44 582 10101).") ] string TelephoneNumber[]; [Description ( "The Teletex Terminal Identifier property specifies the " "Teletex terminal identifier (and, optionally, parameters) for " "a teletex terminal associated with the organization.") ] string TeletexTerminalIdentifier[]; [Description ( "The Telex Number property specifies the telex number, country " "code, and answerback code of a telex terminal for the " "organization.") ] string TelexNumber[]; [Octetstring, Description ( "An image of the organization logo.") ] string ThumbnailLogo[]; [Description ( "A unique identifier that may be assigned in an environment to " "differentiate between uses of a given named organization " "instance.") ] string UniqueIdentifier[]; [Octetstring, Description ( "In the case of an LDAP-derived instance, the UserPassword " "property may contain an encrypted password used to access " "the organization's resources in a directory.") ] string UserPassword[]; [MaxLen (15), Description ( "An X.121 address for the organization.") ] string X121Address[]; }; // ================================================================== // OrgUnit // ================================================================== [Version ("2.6.0"), Description ( "The OrgUnit class is used to represent a sub-unit of an " "organization such a division or department. The class is " "defined so as to incorporate commonly-used LDAP attributes to " "permit implementations to easily derive this information from " "LDAP-accessible directories. This class's properties are a " "subset of a related class, OtherOrgUnitInformation, which " "defines all the group properties and in array form for " "directory compatibility.") ] class CIM_OrgUnit : CIM_OrganizationalEntity { [Key, MaxLen (256), Description ( "CreationClassName indicates the name of the class or the " "subclass used in the creation of an instance. When used " "with the other key properties of this class, this property " "allows all instances of this class and its subclasses to " "be uniquely identified.") ] string CreationClassName; [Key, MaxLen (1024),Description ( "The Name property defines the label by which the object is " "known. In the case of an LDAP-derived instance, the Name " "property value may be set to the distinguishedName of the " "LDAP-accessed object instance.") ] string Name; [MaxLen (128), Description ( "This property describes the kind of business performed by an " "organizational unit.") ] string BusinessCategory; [Description ( "The organizational unit's facsimile telephone number.") ] string FacsimileTelephoneNumber; [Description ( "This property contains the name of a locality, such as a " "city, county or other geographic region.") ] string LocalityName; [Required, Description ( "The name of the organizational unit.") ] string OU; [Description ( "The Postal Address property values specify the address " "information required for the physical delivery of postal " "messages by the postal authority to the organizational " "unit.") ] string PostalAddress[]; [MaxLen (40), Description ( "The Postal Code property specifies the postal code of the " "organizational unit. If this value is present it will be " "part of the object's postal address.") ] string PostalCode; [Description ( "The State or Province Name property specifies a state or " "province.") ] string StateOrProvince; [MaxLen (32), Description ( "The Telephone Number property specifies a telephone number of " "the organizational unit, e.g. + 44 582 10101).") ] string TelephoneNumber; }; // ================================================================== // OtherOrgUnitInformation // ================================================================== [Version ("2.6.0"), Description ( "The OtherOrgUnitInformation class is used to provide " "additional information about an associated OrgUnit instance. " "This class is defined so as to incorporate commonly-used LDAP " "attributes to permit implementations to easily derive this " "information from LDAP-accessible directories.") ] class CIM_OtherOrgUnitInformation : CIM_ManagedElement { [Key, MaxLen (256), Description ( "CreationClassName indicates the name of the class or the " "subclass used in the creation of an instance. When used " "with the other key properties of this class, this property " "allows all instances of this class and its subclasses to " "be uniquely identified.") ] string CreationClassName; [Key, MaxLen (1024),Description ( "The Name property defines the label by which the object is " "known. In the case of an LDAP-derived instance, the Name " "property value may be set to the distinguishedName of the " "LDAP-accessed object instance.") ] string Name; [Description ( "In the case of an LDAP-derived instance, the ObjectClass " "property value(s) may be set to the objectClass attribute " "values.") ] string ObjectClass[]; [MaxLen (128), Description ( "This property describes the kind of business performed by an " "organizational unit.") ] string BusinessCategory[]; [MaxLen (1024), Description ( "The Descriptions property values may contain human-readable " "descriptions of the object. In the case of an LDAP-derived " "instance, the description attribute may have multiple values " "that, therefore, cannot be placed in the inherited " "Description property.") ] string Descriptions[]; [MaxLen (128), Description ( "This property is used for the organizational unit's telegram " "service.") ] string DestinationIndicator[]; [Description ( "The organizational unit's facsimile telephone number.") ] string FacsimileTelephoneNumber[]; [MaxLen (16), Description ( "The organizational unit's International ISDN number.") ] string InternationaliSDNNumber[]; [Description ( "This property contains the name of a locality, such as a " "city, county or other geographic region.") ] string LocalityName[]; [Description ( "The name of the organizational unit.") ] string OU[]; [MaxLen (128), Description ( "The Physical Delivery Office Name property specifies the name " "of the city, village, etc. where a physical delivery office " "is situated.") ] string PhysicalDeliveryOfficeName[]; [Description ( "The Postal Address property values specify the address " "information required for the physical delivery of postal " "messages by the postal authority to the organizational " "unit.") ] string PostalAddress[]; [MaxLen (40), Description ( "The Postal Code property specifies the postal code of the " "organizational unit. If this value is present it will be " "part of the object's postal address.") ] string PostalCode[]; [MaxLen (40), Description ( "The Post Office Box property specifies the Post Office Box " "by which the organizational unit will receive physical " "postal delivery. If present, the property value is part of " "the object's postal address.") ] string PostOfficeBox[]; [Description ( "The Preferred Delivery Method property specifies the " "organizational unit's preferred method to be used for " "communicating with it.") ] string PreferredDeliveryMethod; [Description ( "This property value is for use by X.500 clients in " "constructing search filters.") ] string SearchGuide[]; [Description ( "In the case of an LDAP-derived instance, the See Also " "property specifies distinguishedName of other Directory " "objects which may be other aspects (in some sense) of the " "same real world object.") ] string SeeAlso[]; [Description ( "The State or Province Name property specifies a state or " "province.") ] string StateOrProvince[]; [MaxLen (128), Description ( "The Street Address property specifies a site for the local " "distribution and physical delivery in a postal address, i.e. " "the street name, place, avenue, and the number.") ] string Street[]; [MaxLen (32), Description ( "The Telephone Number property specifies a telephone number of " "the organizational unit, e.g. + 44 582 10101).") ] string TelephoneNumber[]; [Description ( "The Teletex Terminal Identifier property specifies the " "Teletex terminal identifier (and, optionally, parameters) for " "a teletex terminal associated with the organizational " "unit.") ] string TeletexTerminalIdentifier[]; [Description ( "The Telex Number property specifies the telex number, country " "code, and answerback code of a telex terminal for the " "organization.") ] string TelexNumber[]; [Octetstring, Description ( "In the case of an LDAP-derived instance, the UserPassword " "property may contain an encrypted password used to access " "the organizational unit's resources in a directory.") ] string UserPassword[]; [MaxLen (15), Description ( "An X.121 address for the organization.") ] string X121Address[]; }; // ================================================================== // UserEntity // ================================================================== [Abstract, Version ("2.6.0"), Description ( "UserEntity is an abstract class that represents users.") ] class CIM_UserEntity : CIM_OrganizationalEntity { }; // ================================================================== // Person // ================================================================== [Version ("2.6.0"), Description ( "The Person object class is used to represent people. The class " "is defined so as to incorporate commonly-used LDAP attributes to " "permit implementations to easily derive this information from " "LDAP-accessible directories. This class's properties are a " "subset of a related class, OtherPersonInformation, which " "defines all the group properties and in array form for " "directory compatibility.") ] class CIM_Person : CIM_UserEntity { [Key, MaxLen (256), Description ( "CreationClassName indicates the name of the class or the " "subclass used in the creation of an instance. When used " "with the other key properties of this class, this property " "allows all instances of this class and its subclasses to " "be uniquely identified.") ] string CreationClassName; [Key, MaxLen (1024),Description ( "The Name property defines the label by which the object is " "known. In the case of an LDAP-derived instance, the Name " "property value may be set to the distinguishedName of the " "LDAP-accessed object instance.") ] string Name; [MaxLen (128), Description ( "This property describes the kind of business performed by an " "organization.") ] string BusinessCategory; [Required, Description ( "A Common Name is a (possibly ambiguous) name by which the " "role is commonly known in some limited scope (such as an " "organization) and conforms to the naming conventions of the " "country or culture with which it is associated.") ] string CommonName; [Description ( "Based on inetOrgPerson, the Employee Number property " "specifies a numeric or an alphanumeric identifier assigned to " "a person.") ] string EmployeeNumber; [Description ( "Based on inetOrgPerson, the Employee Type property is used to " "identify the employer to employee relationship. Typical " "values used may include 'Contractor', 'Employee', 'Intern', " "'Temp', 'External', and 'Unknown' but any value may be " "used.") ] string EmployeeType; [Description ( "The person's facsimile telephone number.") ] string FacsimileTelephoneNumber; [MaxLen (32), Description ( "Based on RFC1274, the Home Phone property specifies a home " "telephone number for the person, e.g. + 44 582 10101).") ] string HomePhone; [Description ( "The Home Postal Address property values specify the home " "address information required for the physical delivery of " "postal messages by the postal authority.") ] string HomePostalAddress[]; [Description ( "From inetOrgPerson, the JPEG Phto property values may be used " "for one or more images of a person using the JPEG File " "Interchange Format.") ] string JPEGPhoto; [Description ( "This property contains the name of a locality, such as a " "city, county or other geographic region.") ] string LocalityName; [Description ( "Based on RFC1274, the mail box addresses for the person " "as defined in RFC822.") ] string Mail; [Description ( "The person's manager within the organization. In the case of " "an LDAP-derived instance, the Manager property value may " "contain the distinguishedName of the Manager.") ] string Manager; [MaxLen (32), Description ( "Based on RFC1274, the Mobile Phone property specifies a " "mobile telephone number for the person, e.g. + 44 582 10101).") ] string Mobile; [Description ( "The name of an organizational unit related to the person.") ] string OU; [MaxLen (32), Description ( "Based on RFC1274, the Pager property specifies a pager " "telephone number for the person, e.g. + 44 582 10101).") ] string Pager; [Description ( "The Postal Address property values specify the address " "information required for the physical delivery of postal " "messages by the postal authority to the person.") ] string PostalAddress[]; [MaxLen (40), Description ( "The Postal Code property specifies the postal code of the " "organization. If this value is present it will be part of " "the object's postal address.") ] string PostalCode; [Description ( "Based on inetOrgPerson, the person's preferred written or " "spoken language.") ] string PreferredLanguage; [Description ( "Based on RFC1274, the Secretary property may be used to " "specify a secretary for the person. In the case of an " "LDAP-derived object instance, the value may be a " "distinguishedName.") ] string Secretary; [Description ( "The State or Province Name property specifies a state or " "province.") ] string StateOrProvince; [Required, Description ( "The Surname property specifies the linguistic construct that " "normally is inherited by an individual from the individual's " "parent or assumed by marriage, and by which the individual is " "commonly known.") ] string Surname; [MaxLen (32), Description ( "The Telephone Number property specifies a telephone number of " "the organization, e.g. + 44 582 10101).") ] string TelephoneNumber; [Description ( "The Title property may be used to specify the person's " "designated position or function of the object within an " "organization, e.g., Manager, Vice-President, etc.") ] string Title; }; // ================================================================== // OtherPersonInformation // ================================================================== [Version ("2.6.0"), Description ( "The OtherPersonInformation class is used to provide " "additional information about an associated Person instance. " "This class is defined so as to incorporate commonly-used LDAP " "attributes to permit implementations to easily derive this " "information from LDAP-accessible directories.") ] class CIM_OtherPersonInformation : CIM_UserEntity { [Key, MaxLen (256), Description ( "CreationClassName indicates the name of the class or the " "subclass used in the creation of an instance. When used " "with the other key properties of this class, this property " "allows all instances of this class and its subclasses to " "be uniquely identified.") ] string CreationClassName; [Key, MaxLen (1024), Description ( "The Name property defines the label by which the object is " "known. In the case of an LDAP-derived instance, the Name " "property value may be set to the distinguishedName of the " "LDAP-accessed object instance.") ] string Name; [Description ( "In the case of an LDAP-derived instance, the ObjectClass " "property value(s) may be set to the objectClass attribute " "values.") ] string ObjectClass[]; [Octetstring, Description ( "The Audio property may be used to store an audio clip of the " "person.") ] string Audio[]; [MaxLen (128), Description ( "This property describes the kind of business performed by an " "organization.") ] string BusinessCategory[]; [MaxLen (128), Description ( "The Car License property is used to record the values of the " "vehicle license or registration plate associated with an " "individual.") ] string CarLicense[]; [Description ( "A Common Name is a (possibly ambiguous) name by which the " "role is commonly known in some limited scope (such as an " "organization) and conforms to the naming conventions of the " "country or culture with which it is associated.") ] string CommonName[]; [Description ( "The Country Name property specifies a country as defined in " "ISO 3166.") ] string CountryName[]; [Description ( "Based on inetOrgPerson, the Department Number is a code for " "department to which a person belongs. This can be strictly " "numeric (e.g., 1234) or alphanumeric (e.g., ABC/123).") ] string DepartmentNumber[]; [MaxLen (1024), Description ( "The Descriptions property values may contain human-readable " "descriptions of the object. In the case of an LDAP-derived " "instance, the description attribute may have multiple values " "that, therefore, cannot be placed in the inherited " "Description property.") ] string Descriptions[]; [MaxLen (128), Description ( "This property is used for the organization's telegram " "service.") ] string DestinationIndicator[]; [Description ( "Based on inetOrgPerson, the Display Name property values are " "used when displaying an entry.") ] string DisplayName[]; [Description ( "Based on inetOrgPerson, the Employee Number property " "specifies a numeric or an alphanumeric identifier assigned to " "a person.") ] string EmployeeNumber; [Description ( "Based on inetOrgPerson, the Employee Type property is used to " "identify the employer to employee relationship. Typical " "values used may include 'Contractor', 'Employee', 'Intern', " "'Temp', 'External', and 'Unknown' but any value may be " "used.") ] string EmployeeType[]; [Description ( "The person's facsimile telephone number.") ] string FacsimileTelephoneNumber[]; [Description ( "Based on liPerson, the GenerationQualifier property specifies " "a name qualifier that represents the person's generation " "(e.g., JR., III, etc.).") ] string GenerationQualifier[]; [Description ( "The Given Name property is used for the part of a person's " "name that is not their surname nor their middle name.") ] string GivenName[]; [Description ( "Based on liPerson, the Home Fax property specifies the " "person's facsimile telephone number at home.") ] string HomeFax[]; [MaxLen (32), Description ( "Based on RFC1274, the Home Phone property specifies a home " "telephone number for the person, e.g. + 44 582 10101).") ] string HomePhone[]; [Description ( "The Home Postal Address property values specify the home " "address information required for the physical delivery of " "postal messages by the postal authority.") ] string HomePostalAddress[]; [Description ( "Based on inetOrgPerson, the Initials property specifies the " "first letters of the person's name, typically the property " "values will exclude the first letter of the surname.") ] string Initials[]; [MaxLen (16), Description ( "The person's International ISDN number.") ] string InternationaliSDNNumber[]; [Description ( "From inetOrgPerson, the JPEG Phto property values may be used " "for one or more images of a person using the JPEG File " "Interchange Format.") ] string JPEGPhoto[]; [Description ( "Uniform Resource Identifier with optional label as defined in " "RFC2079.") ] string LabeledURI[]; [Description ( "This property contains the name of a locality, such as a " "city, county or other geographic region.") ] string LocalityName[]; [Description ( "Based on RFC1274, the mail box addresses for the person " "as defined in RFC822.") ] string Mail[]; [Description ( "The person's manager within the organization. In the case of " "an LDAP-derived instance, the Manager property value may " "contain the distinguishedName of the Manager.") ] string Manager[]; [Description ( "Based on liPerson, the middle name of the person.") ] string MiddleName[]; [MaxLen (32), Description ( "Based on RFC1274, the Mobile Phone property specifies a " "mobile telephone number for the person, e.g. + 44 582 10101).") ] string Mobile[]; [Required, Description ( "The name of the person's organization.") ] string OrganizationName[]; [Description ( "Based on RFC1274, the OrganizationalStatus property specifies " "a category by which a person is often referred to within an " "organization. Examples of usage in academia might include " "undergraduate student, researcher, lecturer, etc.") ] string OrganizationalStatus[]; [Description ( "Based on RFC1274, this property may be used for electronic " "mail box addresses other than RFC822 and X.400.") ] string OtherMailbox[]; [Description ( "The name of an organizational unit related to the person.") ] string OU[]; [MaxLen (32), Description ( "Based on RFC1274, the Pager property specifies a pager " "telephone number for the person, e.g. + 44 582 10101).") ] string Pager[]; [Description ( "Based on liPerson, the PersonalTitle property may be used to " "specify the person's personal title such as Mr., Ms., Dr., " "Prof. etc.") ] string PersonalTitle[]; [Octetstring, Description ( "Based on RFC1274, the Photo property may be used to specify a " "photograph for the person encoded in G3 fax as explained in " "recommendation T.4, with an ASN.1 wrapper to make it " "compatible with an X.400 BodyPart as defined in X.420.") ] string Photo[]; [MaxLen (128), Description ( "The Physical Delivery Office Name property specifies the name " "of the city, village, etc. where a physical delivery office " "is situated.") ] string PhysicalDeliveryOfficeName[]; [Description ( "The Postal Address property values specify the address " "information required for the physical delivery of postal " "messages by the postal authority to the person.") ] string PostalAddress[]; [MaxLen (40), Description ( "The Postal Code property specifies the postal code of the " "organization. If this value is present it will be part of " "the object's postal address.") ] string PostalCode[]; [MaxLen (40), Description ( "The Post Office Box property specifies the Post Office Box " "by which the person will receive physical postal delivery. " "If present, the property value is part of the object's postal " "address.") ] string PostOfficeBox[]; [Description ( "The Preferred Delivery Method property specifies the " "preferred method to be used for contacting the person.") ] string PreferredDeliveryMethod; [Description ( "Based on inetOrgPerson, the person's preferred written or " "spoken language.") ] string PreferredLanguage; [Description ( "This property specifies a postal address suitable for receipt " "of telegrams or expedited documents, where it is necessary to " "have the recipient accept delivery.") ] string RegisteredAddress[]; [Description ( "Based on RFC1274, the Room Number property specifies the room " "number for the person.") ] string RoomNumber[]; [Description ( "Based on RFC1274, the Secretary property may be used to " "specify a secretary for the person. In the case of an " "LDAP-derived object instance, the value may be a " "distinguishedName.") ] string Secretary[]; [Description ( "In the case of an LDAP-derived instance, the See Also " "property specifies distinguishedName of other Directory " "objects which may be other aspects (in some sense) of the " "same real world object.") ] string SeeAlso[]; [Description ( "The State or Province Name property specifies a state or " "province.") ] string StateOrProvince[]; [MaxLen (128), Description ( "The Street Address property specifies a site for the local " "distribution and physical delivery in a postal address, i.e. " "the street name, place, avenue, and the number.") ] string Street[]; [Description ( "The Surname property specifies the linguistic construct that " "normally is inherited by an individual from the individual's " "parent or assumed by marriage, and by which the individual is " "commonly known.") ] string Surname[]; [MaxLen (32), Description ( "The Telephone Number property specifies a telephone number of " "the organization, e.g. + 44 582 10101).") ] string TelephoneNumber[]; [Description ( "The Teletex Terminal Identifier property specifies the " "Teletex terminal identifier (and, optionally, parameters) for " "a teletex terminal associated with the organization.") ] string TeletexTerminalIdentifier[]; [Description ( "The Telex Number property specifies the telex number, country " "code, and answerback code of a telex terminal for the " "organization.") ] string TelexNumber[]; [Octetstring, Description ( "A small image of the person's organization logo.") ] string ThumbnailLogo[]; [Octetstring, Description ( "A small image of the person.") ] string ThumbnailPhoto[]; [Description ( "The Title property may be used to specify the person's " "designated position or function of the object within an " "organization, e.g., Manager, Vice-President, etc.") ] string Title[]; [Description ( "Based on RFC1274, the UserID property may be used to specify " "a computer system login name.") ] string UserID[]; [Description ( "A unique identifier that may be assigned in an environment to " "differentiate between uses of a given named person instance.") ] string UniqueIdentifier[]; [Octetstring, Description ( "Based on inetOrgPerson and for directory compatibility, the " "User Certificate property may be used to specify a public key " "certificate for the person.") ] string UserCertificate[]; [Octetstring, Description ( "In the case of an LDAP-derived instance, the UserPassword " "property may contain an encrypted password used to access " "the person's resources in a directory.") ] string UserPassword[]; [Octetstring, Description ( "Based on inetOrgPerson and for directory compatibility, the " "UserPKCS12 property value may be used to provide a format " "for exchange of personal identity information. The property " "values are PFX PDUs stored as Octetstrings.") ] string UserPKCS12[]; [Octetstring, Description ( "Based on inetOrgPerson, the User S/MIME Certificate property " "may be used to specify the person's an S/MIME (RFC1847) " "signed message with a zero-length body. It contains the " "entire certificate chain and the signed attribute that " "describes their algorithm capabilities. If available, this " "property is preferred over the UserCertificate property for " "S/MIME applications.") ] string UserSMIMECertificate[]; [MaxLen (15), Description ( "An X.121 address for the organization.") ] string X121Address[]; [Octetstring, Description ( "An X.500 specified unique identifier that may be assigned in " "an environment to differentiate between uses of a given named " "person object instance.") ] string X500UniqueIdentifier[]; }; // ================================================================== // UsersAccess // ================================================================== [Version ("2.6.0"), Description ( "The UsersAccess object class is used to specify a system user " "that permitted access to system resources. The ManagedElement " "that has access to system resources (represented in the model in " "the ElementAsUser association) may be a person, a service, a " "service access point or any collection thereof. Whereas the " "Account class represents the user's relationship to a system " "from the perspective of the security services of the system, the " "UserAccess class represents the relationships to the systems " "independent of a particular system or service.") ] class CIM_UsersAccess : CIM_UserEntity { [Key, MaxLen (256), Description ( "CreationClassName indicates the name of the class or the " "subclass used in the creation of an instance. When used " "with the other key properties of this class, this property " "allows all instances of this class and its subclasses to " "be uniquely identified.") ] string CreationClassName; [Key, MaxLen (256), Description ( "The Name property defines the label by which the object is " "known.") ] string Name; [Key, Description ( "The ElementID property uniquely specifies the ManagedElement " "object instance that is the user represented by the " "UsersAccess object instance. The ElementID is formatted " "similarly to a model path except that the property-value " "pairs are ordered in alphabetical order (US ASCII lexical " "order).") ] string ElementID; [Description ( "Biometric information used to identify a person. The " "property value is left null or set to 'N/A' for non-human " "user or a user not using biometric information for " "authentication."), ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8"}, Values {"N/A", "Other", "Facial", "Retina", "Mark", "Finger", "Voice", "DNA-RNA", "EEG"} ] uint16 Biometric[]; }; // ================================================================== // Account // ================================================================== [Version ("2.6.0"), Description ( "CIM_Account is the information held by a SecurityService " "to track identity and privileges managed by that service. " "Common examples of an Account are the entries in a UNIX " "/etc/passwd file. Several kinds of security services use " "various information from those entries - the /bin/login " "program uses the account name ('root') and hashed password " "to authenticate users, and the file service, for instance, " "uses the UserID field ('0') and GroupID field ('0') to " "record ownership and determine access control privileges " "on files in the file system. This class is defined so as " "to incorporate commonly-used LDAP attributes to permit " "implementations to easily derive this information from " "LDAP-accessible directories.") ] class CIM_Account : CIM_LogicalElement { [Propagated ("CIM_System.CreationClassName"), Key, MaxLen (256), Description ("The scoping System's CCN.") ] string SystemCreationClassName; [Propagated ("CIM_System.Name"), Key, MaxLen (256),Description ("The scoping System's Name.") ] string SystemName; [Key, MaxLen (256), Description ( "CreationClassName indicates the name of the class or the " "subclass used in the creation of an instance. When used " "with the other key properties of this class, this property " "allows all instances of this class and its subclasses to " "be uniquely identified.") ] string CreationClassName; [Key, Override("Name"), MaxLen (1024), Description ( "The Name property defines the label by which the object is " "known. The value of this property may be set to be the same " "as that of the UserID property or, in the case of an " "LDAP-derived instance, the Name property value may be set to " "the distinguishedName of the LDAP-accessed object instance.") ] string Name; [MaxLen (256), Description ( "UserID is the value used by the SecurityService to " "represent identity. For an authentication service, the " "UserID may be the name of the user, or for an authorization " "service the value which serves as a handle to a mapping of " "the identity.") ] string UserID; [Description ( "In the case of an LDAP-derived instance, the ObjectClass " "property value(s) may be set to the objectClass attribute " "values.") ] string ObjectClass[]; [MaxLen (1024), Description ( "The Descriptions property values may contain human-readable " "descriptions of the object. In the case of an LDAP-derived " "instance, the description attribute may have multiple values " "that, therefore, cannot be placed in the inherited " "Description property.") ] string Descriptions[]; [Description ( "Based on RFC1274, the host name of the system(s) for which " "the account applies. The host name may be a fully-qualified " "DNS name or it may be an unqualified host name.") ] string Host[]; [Description ( "This property contains the name of a locality, such as a " "city, county or other geographic region.") ] string LocalityName[]; [Required, Description ( "The name of the organization related to the account.") ] string OrganizationName[]; [Description ( "The name of an organizational unit related to the account.") ] string OU[]; [Description ( "In the case of an LDAP-derived instance, the See Also " "property specifies distinguishedName of other Directory " "objects which may be other aspects (in some sense) of the " "same real world object.") ] string SeeAlso[]; [Octetstring, Description ( "Based on inetOrgPerson and for directory compatibility, the " "User Certificate property may be used to specify a public key " "certificate for the person.") ] string UserCertificate[]; [Octetstring, Description ( "In the case of an LDAP-derived instance, the UserPassword " "property may contain an encrypted password used to access " "the person's resources in a directory.") ] string UserPassword[]; }; // ================================================================== // SecurityService // ================================================================== [Abstract, Version ("2.6.0"), Description ( "A service providing security functionaity.") ] class CIM_SecurityService : CIM_Service { }; // ================================================================== // AccountManagementService // ================================================================== [Version ("2.6.0"), Description ( "CIM_AccountManagementService creates, manages, and if necessary " "destroys Accounts on behalf of other SecuritySerices.") ] class CIM_AccountManagementService : CIM_SecurityService { }; // ================================================================== // AuthenticationService // ================================================================== [Version ("2.6.0"), Description ( "CIM_AuthenticationService verifies users' identities through " "some means. These services are decomposed into a subclass that " "provides credentials to users and a subclass that provides for " "the verification of the validity of a credential and, perhaps, " "the appropriateness of its use for access to target resources. " "The persistent state information used from one such verification " "to another is maintained in an Account for that Users Access on " "that AuthenticationService.") ] class CIM_AuthenticationService : CIM_SecurityService { }; // ================================================================== // VerificationService // ================================================================== [Version ("2.6.0"), Description ( "CIM_VerificationService is the authentication service that " "verifies a credential for use and may also verify the " "appropriateness of a particular credential in conjunction with a " "particular target resource.") ] class CIM_VerificationService : CIM_AuthenticationService { }; // ================================================================== // CredentialManagementService // ================================================================== [Version ("2.6.0"), Description ( "CIM_CredentialManagementService issues credentials and manages " "the credential lifecycle.") ] class CIM_CredentialManagementService : CIM_AuthenticationService { }; // ================================================================== // CredentialManagementSAP // ================================================================== [Version ("2.6.0"), Description ( "CIM_CredentialManagementSAP represents the ability to " "utilize or invoke a CredentialManagementService.") ] class CIM_CredentialManagementSAP : CIM_ServiceAccessPoint { [Description ("The URL for the access point.") ] string URL; }; // ================================================================== // CertificateAuthority // ================================================================== [Version ("2.6.0"), Description ( "A Certificate Authority (CA) is a credential " "management service that issues and cryptographically " "signs certificates thus acting as an trusted third-party " "intermediary in establishing trust relationships. The CA " "authenicates the holder of the private key related to the " "certificate's public key; the authenicated entity is " "represented by the UsersAccess class.") ] class CIM_CertificateAuthority : CIM_CredentialManagementService { [Description ( "The CAPolicyStatement describes what care is taken by the " "CertificateAuthority when signing a new certificate. " "The CAPolicyStatment may be a dot-delimited ASN.1 OID " "string which identifies to the formal policy statement.") ] string CAPolicyStatement; [Description ( "A CRL, or CertificateRevocationList, is a " "list of certificates which the CertificateAuthority has " "revoked and which are not yet expired. Revocation is " "necessary when the private key associated with the public " "key of a certificate is lost or compromised, or when the " "person for whom the certificate is signed no longer is " "entitled to use the certificate."), Octetstring ] string CRL[]; [Description ( "Certificate Revocation Lists may be " "available from a number of distribution points. " "CRLDistributionPoint array values provide URIs for those " "distribution points.") ] string CRLDistributionPoint[]; [Description ( "Certificates refer to their issuing CA by " "its Distinguished Name (as defined in X.501)."), DN] string CADistinguishedName; [Description ( "The frequency, expressed in hours, at which " "the CA will update its Certificate Revocation List. Zero " "implies that the refresh frequency is unknown."), Units("Hours") ] uint8 CRLRefreshFrequency; [Description ( "The maximum number of certificates in a " "certificate chain permitted for credentials issued by " "this certificate authority or it's subordinate CAs. \n" "The MaxChainLength of a superior CA in the trust " "hierarchy should be greater than this value and the " "MaxChainLength of a subordinate CA in the trust hierarchy " "should be less than this value.") ] uint8 MaxChainLength; }; // ================================================================== // KerberosKeyDistributionCenter // ================================================================== [Version ("2.6.0"), Description ("The Kerberos KDC.") ] class CIM_KerberosKeyDistributionCenter : CIM_CredentialManagementService { [Override ("Name"), Description ("The Realm served by this KDC.") ] string Name; [Description ( "The version of Kerberos supported by this service."), ValueMap {"0", "1", "2", "3"}, Values {"V4", "V5", "DCE", "MS"} ] uint16 Protocol[]; }; // ================================================================== // Notary // ================================================================== [Version ("2.6.0"), Description ( "CIM_Notary is an AuthenticationService (credential " "management service) which compares the " "biometric characteristics of a person with the " "known characteristics of an Users Access, and determines " "whether the person is the UsersAccess. An example is " "a bank teller who compares a picture ID with the person " "trying to cash a check, or a biometric login service that " "uses voice recognition to identify a user.") ] class CIM_Notary : CIM_CredentialManagementService { [Description ( "The types of biometric information which " "this Notary can compare."), ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8"}, Values {"N/A", "Other", "Facial", "Retina", "Mark", "Finger", "Voice", "DNA-RNA", "EEG"} ] uint16 Comparitors; [Description ( "The SealProtocol is how the decision of the Notary is " "recorded for future use by parties who will rely on its " "decision. For instance, a drivers licence frequently " "includes tamper-resistent coatings and markings to protect " "the recorded decision that a driver, having various " "biometric characteristics of height, weight, hair and eye " "color, using a particular name, has features represented in " "a photograph of their face.") ] string SealProtocol; [Description ( "CharterIssued documents when the Notary is first " "authorized, by whoever gave it responsibility, to perform " "its service.") ] datetime CharterIssued; [Description ( "CharterExpired documents when the Notary is no longer " "authorized, by whoever gave it responsibility, to perform " "its service.") ] datetime CharterExpired; }; // ================================================================== // LocalCredentialManagementService // ================================================================== [Version ("2.6.0"), Description ( "CIM_LocalCredentialManagementService is a credential " "management service that provides local system " "management of credentials used by the local system.") ] class CIM_LocalCredentialManagementService : CIM_CredentialManagementService { }; // ================================================================== // SharedSecretService // ================================================================== [Version ("2.6.0"), Description ( "CIM_SharedSecretService is a service which ascertains " "whether messages received are from the Principal with " "whom a secret is shared. Examples include a login " "service that proves identity on the basis of knowledge of " "the shared secret, or a transport integrity service (like " "Kerberos provides) that includes a message authenticity " "code that proves each message in the messsage stream came " "from someone who knows the shared secret session key.") ] class CIM_SharedSecretService : CIM_LocalCredentialManagementService { [MaxLen (256), Description ( "The Algorithm used to convey the shared secret, such as " "HMAC-MD5,or PLAINTEXT.") ] string Algorithm; [Description ( "The Protocol supported by the SharedSecretService.") ] string Protocol; }; // ================================================================== // PublicKeyManagementService // ================================================================== [Version ("2.6.0"), Description ( "CIM_PublicKeyManagementService is a credential management " "service that provides local system management of public " "keys used by the local system.") ] class CIM_PublicKeyManagementService : CIM_LocalCredentialManagementService { }; // ================================================================== // Credential // ================================================================== [Abstract, Version ("2.6.0"), Description ( "Subclasses of CIM_Credential define materials, " "information, or other data which are used to prove the " "identity of a CIM_UsersAccess to a particular " "CIM_SecurityService. Generally, there may be some shared " "information, or credential material which is used to " "identify and authenticate ones self in the process of " "gaining access to, or permission to use, an Account. " "Such credential material may be used to authenticate a " "users access identity initially, as done by a " "CIM_AuthenticationService (see later), and additionally on " "an ongoing basis during the course of a connection or " "other security association, as proof that each received " "message or communication came from the owning user access of " "that credential material.") ] class CIM_Credential : CIM_ManagedElement { }; // ================================================================== // PublicKeyCertificate // ================================================================== [Version ("2.6.0"), Description ( "A Public Key Certificate is a credential " "that is cryptographically signed by a trusted Certificate " "Authority (CA) and issued to an authenticated entity " "(e.g., human user, service,etc.) called the Subject in " "the certificate and represented by the UsersAccess class. " "The public key in the certificate is cryptographically " "related to a private key that is to be held and kept " "private by the authenticated Subject. The certificate " "and its related private key can then be used for " "establishing trust relationships and securing " "communications with the Subject. Refer to the ITU/CCITT " "X.509 standard as an example of such certificates.") ] class CIM_PublicKeyCertificate : CIM_Credential { [Propagated ("CIM_CertificateAuthority.SystemCreationClassName"), Key, MaxLen (256), Description ("The scoping System's CCN.") ] string SystemCreationClassName; [Propagated ("CIM_CertificateAuthority.SystemName"), Key, MaxLen (256),Description ("The scoping System's Name.") ] string SystemName; [Propagated ("CIM_CertificateAuthority.CreationClassName"), Key, MaxLen (256), Description ("The scoping Service's CCN.") ] string ServiceCreationClassName; [Propagated ("CIM_CertificateAuthority.Name"), Key, MaxLen (256), Description ("The scoping Service's Name.") ] string ServiceName; [Key, MaxLen (256), Description ( "Certificate subject identifier.") ] string Subject; [MaxLen (256), Description ( "Alternate subject identifier for the Certificate.") ] string AltSubject; [Description ("The DER-encoded raw public key."), Octetstring ] uint8 PublicKey[]; }; // ================================================================== // UnsignedPublicKey // ================================================================== [Version ("2.6.0"), Description ( "A CIM_UnsignedPublicKey represents an unsigned public " "key credential. The local UsersAccess (or subclass " "thereof) accepts the public key as authentic because of " "a direct trust relationship rather than via a third-party " "Certificate Authority.") ] class CIM_UnsignedPublicKey : CIM_Credential { [Propagated ( "CIM_PublicKeyManagementService.SystemCreationClassName"), Key, MaxLen (256), Description ("The scoping System's CCN.") ] string SystemCreationClassName; [Propagated ("CIM_PublicKeyManagementService.SystemName"), Key, MaxLen (256),Description ("The scoping System's Name.") ] string SystemName; [Propagated ("CIM_PublicKeyManagementService.CreationClassName"), Key, MaxLen (256), Description ("The scoping Service's CCN.") ] string ServiceCreationClassName; [Propagated ("CIM_PublicKeyManagementService.Name"), Key, MaxLen (256), Description ("The scoping Service's Name.") ] string ServiceName; [Key, MaxLen (256), Description ( "The Identity of the Peer with whom a direct trust " "relationship exists. The public key may be used for " "security functions with the Peer."), ModelCorrespondence { "CIM_PublicKeyManagementService.PeerIdentityType"} ] string PeerIdentity; [Description ( "PeerIdentityType is used to describe the " "type of the PeerIdentity. The currently defined values " "are used for IKE identities."), ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11"}, Values {"Other", "IPV4_ADDR", "FQDN", "USER_FQDN", "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET", "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN", "DER_ASN1_GN", "KEY_ID"}, ModelCorrespondence { "CIM_PublicKeyManagementService.PeerIdentity"} ] uint16 PeerIdentityType; [Description ("The DER-encoded raw public key."), Octetstring ] uint8 PublicKey[]; }; // ================================================================== // KerberosTicket // ================================================================== [Version ("2.6.0"), Description ( "A CIM_KerberosTicket represents a credential issued by a " "particular Kerberos Key Distribution Center (KDC) " "to a particular CIM_UsersAccess as the result of a " "successful authentication process. There are two types of " "tickets that a KDC may issue to a Users Access - a " "TicketGranting ticket, which is used to protect and " "authenticate communications between the Users Access and the " "KDC, and a Session ticket, which the KDC issues to two " "Users Access to allow them to communicate with each other.") ] class CIM_KerberosTicket : CIM_Credential { [Propagated ( "CIM_KerberosKeyDistributionCenter.SystemCreationClassName"), Key, MaxLen (256), Description ("The scoping System's CCN.") ] string SystemCreationClassName; [Propagated ("CIM_KerberosKeyDistributionCenter.SystemName"), Key, MaxLen (256), Description ("The scoping System's Name.") ] string SystemName; [Propagated ( "CIM_KerberosKeyDistributionCenter.CreationClassName"), Key, MaxLen (256), Description ("The scoping Service's CCN.") ] string ServiceCreationClassName; [Propagated ("CIM_KerberosKeyDistributionCenter.Name"), Key, MaxLen (256), Description ( "The scoping Service's Name. The Kerberos KDC Realm of " "CIM_KerberosTicket is used to record the security " "authority, or Realm, name so that tickets issued by " "different Realms can be separately managed and " "enumerated.") ] string ServiceName; [Key, MaxLen (256), Description ( "The name of the service for which this ticket is used.") ] string AccessesService; [Key, MaxLen (256), Description ( "RemoteID is the name by which the user is known at " "the KDC security service.") ] string RemoteID; datetime Issued; datetime Expires; [Description ( "The Type of CIM_KerberosTicket is used to indicate whether " "the ticket in question was issued by the Kerberos Key " "Distribution Center (KDC) to support ongoing communication " "between the Users Access and the KDC (\"TicketGranting\"), " "or was issued by the KDC to support ongoing communication " "between two Users Access entities (\"Session\")."), ValueMap {"0", "1"}, Values {"Session", "TicketGranting"} ] uint16 TicketType; }; // ================================================================== // SharedSecret // ================================================================== [Version ("2.6.0"), Description ( "CIM_SharedSecret is the secret shared between a Users Access " "and a particular SharedSecret security service. Secrets " "may be in the form of a password used for initial " "authentication, or as with a session key, used as part of " "a message authentication code to verify that a message " "originated by the pricinpal with whom the secret is shared. " "It is important to note that SharedSecret is not just the " "password, but rather is the password used with a particular " "security service.") ] class CIM_SharedSecret : CIM_Credential { [Propagated ("CIM_SharedSecretService.SystemCreationClassName"), Key, MaxLen (256), Description ("The scoping System's CCN.") ] string SystemCreationClassName; [Propagated ("CIM_SharedSecretService.SystemName"), Key, MaxLen (256),Description ("The scoping System's Name.") ] string SystemName; [Propagated ( "CIM_SharedSecretService.CreationClassName"), Key, MaxLen (256), Description ("The scoping Service's CCN.") ] string ServiceCreationClassName; [Propagated ("CIM_SharedSecretService.Name"), Key, MaxLen (256), Description ("The scoping Service's Name.") ] string ServiceName; [Key, MaxLen (256), Description ( "RemoteID is the name by which the user is known at " "the remote secret key authentication service.") ] string RemoteID; [Description ( "The secret known by the Users Access.") ] string Secret; [Description ( "The transformation algorithm, if any, used to " "protect passwords before use in the protocol. For " "instance, Kerberos doesn't store passwords as the shared " "secret, but rather, a hash of the password.") ] string Algorithm; [Description ( "The protocol with which the SharedSecret is used.") ] string Protocol; }; // ================================================================== // NamedSharedIKESecret // ================================================================== [Version ("2.6.0"), Description ( "CIM_NamedSharedIKESecret indirectly represents a shared " "secret credential. The local identity, IKEIdentity, " "and the remote peer identity share the secret that is " "named by the SharedSecretName. The SharedSecretName is " "used SharedSecretService to reference the secret.") ] class CIM_NamedSharedIKESecret : CIM_Credential { [Propagated ("CIM_SharedSecretService.SystemCreationClassName"), Key, MaxLen (256), Description ("The scoping System's CCN.") ] string SystemCreationClassName; [Propagated ("CIM_SharedSecretService.SystemName"), Key, MaxLen (256),Description ("The scoping System's Name.") ] string SystemName; [Propagated ("CIM_SharedSecretService.CreationClassName"), Key, MaxLen (256), Description ("The scoping Service's CCN.") ] string ServiceCreationClassName; [Propagated ("CIM_SharedSecretService.Name"), Key, MaxLen (256), Description ("The scoping Service's Name.") ] string ServiceName; [Key, MaxLen (256), Description ( "The local Identity with whom the direct trust " "relationship exists."), ModelCorrespondence { "CIM_NamedSharedIKESecret.LocalIdentityType"} ] string LocalIdentity; [Key, Description ( "LocalIdentityType is used to describe " "the type of the LocalIdentity."), ValueMap {"1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11"}, Values {"IPV4_ADDR", "FQDN", "USER_FQDN", "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET", "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN", "DER_ASN1_GN", "KEY_ID"}, ModelCorrespondence { "CIM_NamedSharedIKESecret.LocalIdentity"} ] uint16 LocalIdentityType; [Key, MaxLen (256), Description ( "The peer identity with whom the direct trust " "relationship exists."), ModelCorrespondence { "CIM_NamedSharedIKESecret.PeerIdentityType"} ] string PeerIdentity; [Key, Description ( "PeerIdentityType is used to describe " "the type of the PeerIdentity."), ValueMap {"1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11"}, Values {"IPV4_ADDR", "FQDN", "USER_FQDN", "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET", "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN", "DER_ASN1_GN", "KEY_ID"}, ModelCorrespondence { "CIM_NamedSharedIKESecret.PeerIdentity"} ] uint16 PeerIdentityType; [Description ( "SharedSecretName is an indirect reference " "to a shared secret. The SecretService does not expose " "the actual secret but rather provides access to the " "secret via a name.") ] string SharedSecretName; }; // ================================================================== // AuthorizationService // ================================================================== [Version ("2.6.0"), Description ( "CIM_AuthorizationService determines whether a user, by " "association with an Account used by the AuthorizationService, is " "permitted access a resource or set of resources.") ] class CIM_AuthorizationService : CIM_SecurityService { }; // ================================================================== // AuthenticationRequirement // ================================================================== [Version ("2.6.0"), Description ( "CIM_AuthenticationRequirement provides, through its " "associations, the authentication requirements for access to " "system resources. For a particular set of target resources, the " "AuthenticationService may require that credentials be issued by " "a specific CredentialManagementService. The " "AuthenticationRequirement class is weak to the system (e.g., " "Computer System or Administrative Domain) for which the " "requirements apply.") ] class CIM_AuthenticationRequirement : CIM_LogicalElement { [Propagated ("CIM_System.CreationClassName"), Key, MaxLen (256), Description ("Hosting system creation class name.") ] string SystemCreationClassName; [Propagated ("CIM_System.Name"), Key, MaxLen (256), Description ("Hosting system name.") ] string SystemName; [Key, MaxLen (256), Description ( "CreationClassName indicates the name of the class or the " "subclass used in the creation of an instance. When used " "with the other key properties of this class, this property " "allows all instances of this class and its subclasses to " "be uniquely identified.") ] string CreationClassName; [Key, MaxLen (256), Override ("Name"), Description ( "The Name property defines the unique label, in the context of " "the hosting system, by which the AuthenticationRequirement " "is known.") ] string Name; [Description ( "The SecurityClassification property specifies a named level " "of security associated with the AuthenticationRequirement, " "e.g., 'Confidential', 'Top Secret', etc.") ] string SecurityClassification; }; // ================================================================== // AccessControlInformation // ================================================================== [Version ("2.6.0"), Description ( "CIM_AccessControlInformation provides, through its properties " "and its associations, the specification of the access rights " "granted to a set of subject users to a set of target resources. " "The AccessControlInformation class is weak to the system (e.g., " "Computer System or Administrative Domain) for which the access " "controls apply.") ] class CIM_AccessControlInformation : CIM_LogicalElement { [Propagated ("CIM_System.CreationClassName"), Key, MaxLen (256), Description ("Hosting system creation class name.") ] string SystemCreationClassName; [Propagated ("CIM_System.Name"), Key, MaxLen (256), Description ("Hosting system name.") ] string SystemName; [Key, MaxLen (256), Description ( "CreationClassName indicates the name of the class or the " "subclass used in the creation of an instance. When used " "with the other key properties of this class, this property " "allows all instances of this class and its subclasses to " "be uniquely identified.") ] string CreationClassName; [Key, MaxLen (256), Override ("Name"), Description ( "The Name property defines the unique label, in the context of " "the hosting system, by which the AccessControlInformation " "is known.") ] string Name; [Description ( "The SecurityClassification property specifies a named level " "of security associated with the AccessControlInformation, " "e.g., 'Confidential', 'Top Secret', etc.") ] string SecurityClassification; [Description ( "The AccessType property is an array of string values that " "specifies the type of access for which the corresponding " "permission applies. For example, it can be used to specify a " "generic access such as 'Read-only', 'Read/Write', etc. for " "file or record access control or it can be used to specifiy " "an entry point name for service access control."), ModelCorrespondence { "CIM_AccessControlInformation.AccessQualifier", "CIM_AccessControlInformation.Permission"} ] string AccessType[]; [Description ( "The AccessQualifier property is an array of string values " "may be used to further qualify the type of access for which " "the corresponding permission applies. For example, it may be " "used to specify a set of parameters that are permitted or " "denied in conjunction with the corresponding AccessType entry " "point name."), ModelCorrespondence { "CIM_AccessControlInformation.AccessType", "CIM_AccessControlInformation.Permission"} ] string AccessQualifier[]; [Description ( "The Permission property is an array of string values " "indicating the permission that applies to the corrsponding " "AccessType and AccessQualifier array values. The values " "may be extended in subclasses to provide more specific access " "controls."), ValueMap {"Unknown", "Allow", "Deny", "Manage"}, ModelCorrespondence { "CIM_AccessControlInformation.AccessType", "CIM_AccessControlInformation.AccessQualifier"} ] string Permission[]; }; // ================================================================== // === Association class definitions === // ================================================================== // Aggregations // ================================================================== // MemberPrincipal // ================================================================== [Association, Aggregation, Version ("2.6.0"), Description ( "CIM_MemberPrincipal is an aggregation used to establish " "membership of principals (i.e., users) in a Collection. That " "membership can be established either directly or indirectly as " "indicated in the UsersAccessBy property. For example, a user " "may be identified directly by their userid (i.e., Account object " "instance) or the user may be identified indirectly by realm from " "which a ticket was issued (i.e., CredentialManagementService " "object instance). The latter case is useful, for example, for " "specifying that only users identified by an internal credential " "service are permitted to access very sensitive information.") ] class CIM_MemberPrincipal : CIM_MemberOfCollection { [Override ("Collection"), Aggregate ] CIM_Collection REF Collection; [Override ("Member") ] CIM_ManagedElement REF Member; [Description ( "A MemberPrincipal may be identifed in several ways that may " "be either direct or indirect membership in the collection. \n" " - A 'UsersAccess' membership directly identifies the user by " "the UsersAccess object instance. \n" " - An 'Account' membership directly identifies the user by " "the Account object class instance. \n" " - A 'UsingElement' membership indirectly identifies the user " "by the ManagedElement object instance that has " "ElementAsUser associations to UsersAccess object " "instances. Hence, all UsersAccess instances are " "indirectly included in the collection."), ValueMap {"1", "2", "3", "4"}, Values {"UsersAccess", "Account", "UsingElement", "CredentialManagementService"} ] uint16 UserAccessBy; }; // =================================================================== // AccountOnSystem // =================================================================== [Association, Aggregation, Version ("2.6.0"), Description ( "A system (e.g., ApplicationSystem, ComputerSystem, AdminDomain) " "aggregates Accounts and scopes the uniqueness of the Account " "names (i.e., userids).") ] class CIM_AccountOnSystem : CIM_SystemComponent { [Override ("GroupComponent"), Min (1), Max (1), Aggregate, Description ( "The aggregating system also provides name scoping " "for the Account.") ] CIM_System REF GroupComponent; [Override ("PartComponent"), Weak, Description ("The subordinate Account.") ] CIM_Account REF PartComponent; }; // ================================================================== // OrgStructure // ================================================================== [Association, Aggregation, Version ("2.6.0"), Description ( "CIM_OrgStructure is an association used to establish parent-child " "relationships between OrganizationalEntity instances. This is " "used to capture organizational relationships between object " "instances such as those that are imported from an LDAP-accessible " "directory.") ] class CIM_OrgStructure { [Key, Max (1), Aggregate, Description ("The organizational parent in this association.") ] CIM_OrganizationalEntity REF Parent; [Key, Description ( "The organizational child in this association, " "i.e., the sub-unit or other owned object instance.") ] CIM_OrganizationalEntity REF Child; }; // ================================================================== // CollectionInOrganization // ================================================================== [Association, Aggregation, Version ("2.6.0"), Description ( "CIM_CollectionInOrganization is an association used to establish " "a parent-child relationship between a collection and an 'owning' " "OrganizationalEntity. A single collection should not have both " "a CollectionInOrganization and a CollectionInSystem " "association.") ] class CIM_CollectionInOrganization { [Key, Max (1), Aggregate, Description ( "The parent organization responsible for the collection.") ] CIM_OrganizationalEntity REF Parent; [Key, Description ("The collection.") ] CIM_Collection REF Child; }; // ================================================================== // CollectionInSystem // ================================================================== [Association, Aggregation, Version ("2.6.0"), Description ( "CIM_CollectionInSystem is an association used to establish a " "parent-child relationship between a collection and an 'owning' " "System such as an AdminDomain or ComputerSystem. A single " "collection should not have both a CollectionInOrganization and a " "CollectionInSystem association.") ] class CIM_CollectionInSystem { [Key, Max (1), Aggregate, Description ( "The parent system responsible for the collection.") ] CIM_System REF Parent; [Key, Description ("The collection.") ] CIM_Collection REF Child; }; // Associations // ================================================================== // ElementAsUser // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_ElementAsUser is an association used to establish the " "'ownership' of UsersAccess object instances. That is, the " "ManagedElement may have UsersAccess to systems and, therefore, " "be 'users' on those systems. UsersAccess instances must have an " "'owning' ManagedElement. Typically, the ManagedElements will be " "limited to Collection, Person, Service and ServiceAccessPoint. " "Other non-human ManagedElements that might be thought of as " "having UsersAccess (e.g., a device or system) have services that " "have the UsersAccess.") ] class CIM_ElementAsUser : CIM_Dependency { [Min (1), Max (1), Override ("Antecedent"), Description ("The ManagedElement that has UsersAccess.") ] CIM_ManagedElement REF Antecedent; [Override ("Dependent"), Description ("The 'owned' UsersAccess.") ] CIM_UsersAccess REF Dependent; }; // ================================================================== // MoreOrganizationInfo // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_MoreOrganizationInfo is an association used to extend the " "information in a CIM_Organization class instance.") ] class CIM_MoreOrganizationInfo : CIM_Dependency { [Max (1), Override ("Antecedent"), Description ("The Organization which has more information.") ] CIM_Organization REF Antecedent; [Min (0), Max (1), Override ("Dependent"), Description ("Additional data concerning the Organization.") ] CIM_OtherOrganizationInformation REF Dependent; }; // ================================================================== // MoreOrgUnitInfo // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_MoreOrgUnitInfo is an association used to extend the " "information in an CIM_OrgUnit class instance.") ] class CIM_MoreOrgUnitInfo : CIM_Dependency { [Max (1), Override ("Antecedent"), Description ("The OrgUnit which has more information.") ] CIM_OrgUnit REF Antecedent; [Min (0), Max (1), Override ("Dependent"), Description ("Additional data concerning the OrgUnit.") ] CIM_OtherOrgUnitInformation REF Dependent; }; // ================================================================== // MoreGroupInfo // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_MoreGroupInfo is an association used to extend the " "information in a CIM_Group class instance.") ] class CIM_MoreGroupInfo : CIM_Dependency { [Max (1), Override ("Antecedent"), Description ("The Group which has more information.") ] CIM_Group REF Antecedent; [Min (0), Max (1), Override ("Dependent"), Description ("Additional data concerning the Group.") ] CIM_OtherGroupInformation REF Dependent; }; // ================================================================== // MoreRoleInfo // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_MoreRoleInfo is an association used to extend the " "information in a CIM_Role class instance.") ] class CIM_MoreRoleInfo : CIM_Dependency { [Max (1), Override ("Antecedent"), Description ("The Role which has more information.") ] CIM_Role REF Antecedent; [Min (0), Max (1), Override ("Dependent"), Description ("Additional data concerning the Role.") ] CIM_OtherRoleInformation REF Dependent; }; // ================================================================== // MorePersonInfo // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_MorePersonInfo is an association used to extend the " "information in a CIM_Person class instance.") ] class CIM_MorePersonInfo : CIM_Dependency { [Max (1), Override ("Antecedent"), Description ("The Person which has more information.") ] CIM_Person REF Antecedent; [Min (0), Max (1), Override ("Dependent"), Description ("Additional data concerning the Person.") ] CIM_OtherPersonInformation REF Dependent; }; // ================================================================== // SystemAdministrator // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_SystemAdministrator is an association used to identify " "the UserEntity as a system administrator of a CIM_System.") ] class CIM_SystemAdministrator : CIM_Dependency { [Override ("Antecedent"), Description ( "The administered system.") ] CIM_System REF Antecedent; [Override ("Dependent"), Description ( "The UserEntity that provides the admininstrative function " "for the associated system.") ] CIM_UserEntity REF Dependent; }; // ================================================================== // SystemAdministratorGroup // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_SystemAdministratorGroup is an association used to identify " "a Group that has system administrator responsibilities for a " "CIM_System.") ] class CIM_SystemAdministratorGroup : CIM_Dependency { [Override ("Antecedent"), Description ("The administered system.") ] CIM_System REF Antecedent; [Override ("Dependent"), Description ("The Group of administrators.") ] CIM_Group REF Dependent; }; // ================================================================== // SystemAdministratorRole // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_SystemAdministratorRole is an association used to identify " "a system administrator Role for a CIM_System.") ] class CIM_SystemAdministratorRole : CIM_Dependency { [Override ("Antecedent"), Description ("The administered system.") ] CIM_System REF Antecedent; [Override ("Dependent"), Description ("The system administration role.") ] CIM_Role REF Dependent; }; // =================================================================== // UsersAccount // =================================================================== [Association, Version ("2.6.0"), Description ( "This relationship associates UsersAccess with the Accounts " "with which they're able to interact.") ] class CIM_UsersAccount : CIM_Dependency { [Override ("Antecedent"), Description ("The user's Account.") ] CIM_Account REF Antecedent; [Override ("Dependent"), Description ( "The User as identified by their UsersAccess instance.") ] CIM_UsersAccess REF Dependent; }; // =================================================================== // AccountMapsToAccount // =================================================================== [Association, Version ("2.6.0"), Description ( "This relationship may be used to associate an Account used by an " "AuthenticationService to an Account used for Authorization. For " "instance, this mapping occurs naturally in the UNIX /etc/passwd " "file, where the AuthenticationSerice Account ('root') is mapped " "to the AuthorizationService Account ('0'). The two are separate " "accounts, as evidenced by the ability to have another " "AuthenticationService Account which ALSO maps to the " "AuthorizationService Account ('0') without ambiguity. This " "association may be used for other account mappings as well such " "as for coordinating single signon for multiple accounts for the " "same user.") ] class CIM_AccountMapsToAccount : CIM_Dependency { [Override ("Antecedent"), Description ("An Account.") ] CIM_Account REF Antecedent; [Override ("Dependent"), Description ("A related Account.") ] CIM_Account REF Dependent; }; // =================================================================== // SecurityServiceUsesAccount // =================================================================== [Association, Version ("2.6.0"), Description ( "This relationship associates SecurityService instances to " "the Accounts they use in the course of their work.") ] class CIM_SecurityServiceUsesAccount : CIM_Dependency { [Override ("Antecedent") ] CIM_Account REF Antecedent; [Override ("Dependent") ] CIM_SecurityService REF Dependent; }; // =================================================================== // ManagesAccount // =================================================================== [Association, Version ("2.6.0"), Description ( "This relationship associates the AccountManagement security " "service to the Accounts for which it is responsible.") ] class CIM_ManagesAccount : CIM_Dependency { [Override ("Antecedent") ] CIM_AccountManagementService REF Antecedent; [Override ("Dependent") ] CIM_Account REF Dependent; }; // =================================================================== // ServiceUsesSecurityService // =================================================================== [Association, Version ("2.6.0"), Description ( "This relationship associates a Service with the Security" "Services that it uses.") ] class CIM_ServiceUsesSecurityService : CIM_ServiceServiceDependency { [Override ("Antecedent") ] CIM_SecurityService REF Antecedent; [Override ("Dependent") ] CIM_Service REF Dependent; }; // =================================================================== // SecurityServiceForSystem // =================================================================== [Association, Version ("2.6.0"), Description ( "The CIM_SecurityServiceForSystem provides the association between " "a System and a SecurityService that provides services for that " "system.") ] class CIM_SecurityServiceForSystem : CIM_ProvidesServiceToElement { [Override ("Antecedent"), Description ( "The SecurityService that provides services for the system.") ] CIM_SecurityService REF Antecedent; [Override ("Dependent"), Description ( "The system that is dependent on the security service.") ] CIM_System REF Dependent; }; // =================================================================== // ManagesAccountOnSystem // =================================================================== [Association, Version ("2.6.0"), Description ( "The CIM_ManagesAccountOnSystem provides the association between a " "System and the AccountManagementService that manages accounts for " "that system.") ] class CIM_ManagesAccountOnSystem : CIM_SecurityServiceForSystem { [Override ("Antecedent"), Description ( "An AccountManagementService that manages accounts for the " "system.") ] CIM_AccountManagementService REF Antecedent; [Override ("Dependent"), Description ( "The system that is dependent on the AccountManagementService.") ] CIM_System REF Dependent; }; // ================================================================== // TrustHierarchy // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_TrustHierarchy is an association between two " "CredentialManagementService instances that establishes " "the trust hierarchy between them.") ] class CIM_TrustHierarchy : CIM_Dependency { [Override ("Antecedent"), Max (1), Description ( "The superior CredentialManagementService " "from which the dependent service gets its authority.") ] CIM_CredentialManagementService REF Antecedent; [Override ("Dependent"), Description ( "The subordinate CredentialManagementService.") ] CIM_CredentialManagementService REF Dependent; }; // ================================================================== // UsersCredential // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_UsersCredential is an association used to establish the " "credentials that may be used for a UsersAccess to a system or " "set of systems.") ] class CIM_UsersCredential : CIM_Dependency { [Override ("Antecedent"), Description ("The issued credential that may be used.") ] CIM_Credential REF Antecedent; [Override ("Dependent"), Description ("The UsersAccess that has use of a credential.") ] CIM_UsersAccess REF Dependent; }; // =================================================================== // PublicPrivateKeyPair // =================================================================== [Association, Version ("2.6.0"), Description ( "This relationship associates a PublicKeyCertificate with " "the Principal who has the PrivateKey used with the " "PublicKey. The PrivateKey is not modeled, since it is not " "a data element that ever SHOULD be accessible via " "management applications, other than key recovery services, " "which are outside our scope.") ] class CIM_PublicPrivateKeyPair : CIM_UsersCredential { [Override ("Antecedent") ] CIM_PublicKeyCertificate REF Antecedent; [Override ("Dependent") ] CIM_UsersAccess REF Dependent; [Description ( "The Certificate may be used for signature only " "or for confidentiality as well as signature"), ValueMap {"0", "1"}, Values {"SignOnly", "ConfidentialityOrSignature"} ] uint16 Use; boolean NonRepudiation; boolean BackedUp; [Description ( "The repository in which the certificate is backed up.") ] string Repository; }; // =================================================================== // CAHasPublicCertificate // =================================================================== [Association, Version ("2.6.0"), Description ( "A CertificateAuthority may have certificates issued by other CAs. " "This association is essentially an optimization of the CA having " "a UsersAccess instance with an association to a certificate thus " "mapping more closely to LDAP-based certificate authority " "implementations.") ] class CIM_CAHasPublicCertificate : CIM_Dependency { [Max (1), Override ("Antecedent"), Description ("The Certificate used by the CA.") ] CIM_PublicKeyCertificate REF Antecedent; [Override ("Dependent"), Description ("The CA that uses a Certificate.") ] CIM_CertificateAuthority REF Dependent; }; // =================================================================== // ManagedCredential // =================================================================== [Association, Version ("2.6.0"), Description ( "This relationship associates a CredentialManagementService " "with the Credential it manages.") ] class CIM_ManagedCredential : CIM_Dependency { [Override ("Antecedent"), Min (1), Max (1), Description ("The credential management service.") ] CIM_CredentialManagementService REF Antecedent; [Override ("Dependent"), Description ("The managed credential.") ] CIM_Credential REF Dependent; }; // =================================================================== // CASignsPublicKeyCertificate // =================================================================== [Association, Version ("2.6.0"), Description ( "This relationship associates a CertificateAuthority with " "the certificates it signs.") ] class CIM_CASignsPublicKeyCertificate : CIM_ManagedCredential { [Override ("Antecedent"), Min (1), Max (1), Description ("The CA which signed the certificate.") ] CIM_CertificateAuthority REF Antecedent; [Override ("Dependent"), Weak, Description ("The certificate issued by the CA.") ] CIM_PublicKeyCertificate REF Dependent; string SerialNumber; [Octetstring ] uint8 Signature[]; datetime Expires; string CRLDistributionPoint[]; }; // ================================================================== // LocallyManagedPublicKey // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_LocallyManagedPublicKey association provides the " "relationship between a PublicKeyManagementService and an " "UnsignedPublicKey.") ] class CIM_LocallyManagedPublicKey : CIM_ManagedCredential { [Override ("Antecedent"), Min (1), Max (1), Description ( "The PublicKeyManagementService that manages " "an unsigned public key.") ] CIM_PublicKeyManagementService REF Antecedent; [Override ("Dependent"), Weak, Description ( "An unsigned public key.") ] CIM_UnsignedPublicKey REF Dependent; }; // =================================================================== // SharedSecretIsShared // =================================================================== [Association, Version ("2.6.0"), Description ( "This relationship associates a SharedSecretService with the " "SecretKey it verifies.") ] class CIM_SharedSecretIsShared : CIM_ManagedCredential { [Override ("Antecedent"), Min (1), Max (1), Description ("The credential management service.") ] CIM_SharedSecretService REF Antecedent; [Override ("Dependent"), Weak, Description ("The managed credential.") ] CIM_SharedSecret REF Dependent; }; // ================================================================== // IKESecretIsNamed // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_IKESecretIsNamed association provides the " "relationship between a SharedSecretService and a " "NamedSharedIKESecret.") ] class CIM_IKESecretIsNamed : CIM_ManagedCredential { [Override ("Antecedent"), Min (1), Max (1), Description ( "The SharedSecretService that manages a " "NamedSharedIKESecret.") ] CIM_SharedSecretService REF Antecedent; [Override ("Dependent"), Weak, Description ( "The managed NamedSharedIKESecret.") ] CIM_NamedSharedIKESecret REF Dependent; }; // =================================================================== // KDCIssuesKerberosTicket // =================================================================== [Association, Version ("2.6.0"), Description ( "The KDC issues and owns Kerberos tickets. This association " "captures the relationship between the KDC and its issued " "tickets.") ] class CIM_KDCIssuesKerberosTicket : CIM_ManagedCredential { [Override ("Antecedent"), Min (1), Max (1), Description ("The issuing KDC.") ] CIM_KerberosKeyDistributionCenter REF Antecedent; [Override ("Dependent"), Weak, Description ("The managed credential.") ] CIM_KerberosTicket REF Dependent; }; // =================================================================== // NotaryVerifiesBiometric // =================================================================== [Association, Version ("2.6.0"), Description ( "This relationship associates a Notary service with the " "Users Access whose biometric information is verified.") ] class CIM_NotaryVerifiesBiometric : CIM_Dependency { [Override ("Antecedent"), Description ( "The Notary service that verifies biometric information.") ] CIM_Notary REF Antecedent; [Override ("Dependent"), Description ( "The UsersAccess that represents a person using " "biometric information for authentication.") ] CIM_UsersAccess REF Dependent; }; // ================================================================== // HostedAuthenticationRequirement // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_HostedAuthenticationRequirement is an association used to " "provide the namespace scoping of AuthenticationRequirement. The " "hosted requirements may or may not apply to resources on the " "hosting system.") ] class CIM_HostedAuthenticationRequirement : CIM_Dependency { [Min (1), Max (1), Override ("Antecedent"), Description ("The hosting system.") ] CIM_System REF Antecedent; [Override ("Dependent"), Weak, Description ("The hosted AuthenticationRequirement.") ] CIM_AuthenticationRequirement REF Dependent; }; // ================================================================== // AuthenticateForUse // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_AuthenticateForUse is an association used to provide an " "AuthenticationService with the AuthenticationRequirement it " "needs to do its job.") ] class CIM_AuthenticateForUse : CIM_Dependency { [Override ("Antecedent"), Description ("AuthenticationRequirement for use.") ] CIM_AuthenticationRequirement REF Antecedent; [Override ("Dependent"), Description ( "AuthenticationService that uses the requirements.") ] CIM_AuthenticationService REF Dependent; }; // ================================================================== // RequireCredentialsFrom // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_RequireCredentialsFrom is an association used to require " "that credentials are issued by particular Credential Management " "Services in order to authenticate a user.") ] class CIM_RequireCredentialsFrom : CIM_Dependency { [Override ("Antecedent"), Description ( "CredentialManagementService from which credentials are " "accepted for the associated AuthenticationRequirement.") ] CIM_CredentialManagementService REF Antecedent; [Override ("Dependent"), Description ( "AuthenticationRequirement that limit acceptable credentials.") ] CIM_AuthenticationRequirement REF Dependent; }; // ================================================================== // AuthenticationTarget // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_AuthenticationTarget is an association used to apply " "authentication requirements for access to specific resources. " "For example, a shared secret may be sufficient for access to " "unclassified resources, but for confidential resources, a " "stronger authentication may be required.") ] class CIM_AuthenticationTarget : CIM_Dependency { [Override ("Antecedent"), Description ( "AuthenticationRequirement that apply to specific resources.") ] CIM_AuthenticationRequirement REF Antecedent; [Override ("Dependent"), Description ( "Target resources that may be in a Collection or an " "individual ManagedElement. These resources are protected " "by the AuthenticationRequirement.") ] CIM_ManagedElement REF Dependent; }; // ================================================================== // HostedACI // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_HostedACI is an association used to provide the namespace " "scoping of AccessControlInformation. The hosted ACI may or may " "not apply to resources on the hosting system.") ] class CIM_HostedACI : CIM_Dependency { [Min (1), Max (1), Override ("Antecedent"), Description ("The hosting system.") ] CIM_System REF Antecedent; [Override ("Dependent"), Weak, Description ("The hosted AccessControlInformation.") ] CIM_AccessControlInformation REF Dependent; }; // ================================================================== // AuthorizedUse // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_AuthorizedUse is an association used to provide an " "AuthorizationService with the AccessControlInformation it needs " "to do its job.") ] class CIM_AuthorizedUse : CIM_Dependency { [Override ("Antecedent"), Description ("Access Control Information.") ] CIM_AccessControlInformation REF Antecedent; [Override ("Dependent"), Description ("AuthorizationService that uses an ACI.") ] CIM_AuthorizationService REF Dependent; }; // ================================================================== // AuthorizationSubject // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_AuthorizationSubject is an association used to apply " "authorization decisions to specific subjects (i.e., users). The " "subjects may be identified directly or they may be aggregated " "into a collection that may, in turn, use the MemberPrincipal " "association to provide further indirection in the specification " "of the subject set.") ] class CIM_AuthorizationSubject : CIM_Dependency { [Override ("Antecedent"), Description ( "AccessControlInformation that applies to a subject set.") ] CIM_AccessControlInformation REF Antecedent; [Override ("Dependent"), Description ( "The subject set may be specified as a collection or as a set " "of associations to ManagedElements that represent users.") ] CIM_ManagedElement REF Dependent; }; // ================================================================== // AuthorizationTarget // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_AuthorizationTarget is an association used to apply " "authorization decisions to specific target resources. The " "target resources may be aggregated into a collection or may be " "represented as a set of associations to ManagedElements.") ] class CIM_AuthorizationTarget : CIM_Dependency { [Override ("Antecedent"), Description ( "AccessControlInformation that applies to the target set.") ] CIM_AccessControlInformation REF Antecedent; [Override ("Dependent"), Description ( "The target set of resources may be specified as a collection " "or as a set of associations to ManagedElements that represent " "target resources.") ] CIM_ManagedElement REF Dependent; }; // =================================================================== // end of file // ===================================================================