// =================================================================== // Title: User-Security Shared Secret 2.7 // Filename: User27_SharedSecret.mof // Version: 2.7.0 // Status: Final // Date: 03/31/2003 // =================================================================== // Copyright 2000-2003 Distributed Management Task Force, Inc. (DMTF). // All rights reserved. // DMTF is a not-for-profit association of industry members dedicated // to promoting enterprise and systems management and interoperability. // DMTF specifications and documents may be reproduced for uses // consistent with this purpose by members and non-members, // provided that correct attribution is given. // As DMTF specifications may be revised from time to time, // the particular version and release date should always be noted. // // Implementation of certain elements of this standard or proposed // standard may be subject to third party patent rights, including // provisional patent rights (herein "patent rights"). DMTF makes // no representations to users of the standard as to the existence // of such rights, and is not responsible to recognize, disclose, or // identify any or all such third party patent right, owners or // claimants, nor for any incomplete or inaccurate identification or // disclosure of such rights, owners or claimants. DMTF shall have no // liability to any party, in any manner or circumstance, under any // legal theory whatsoever, for failure to recognize, disclose, or // identify any such third party patent rights, or for such party's // reliance on the standard or incorporation thereof in its product, // protocols or testing procedures. DMTF shall have no liability to // any party implementing such standard, whether such implementation // is foreseeable or not, nor to any patent owner or claimant, and shall // have no liability or responsibility for costs or losses incurred if // a standard is withdrawn or modified after publication, and shall be // indemnified and held harmless by any party implementing the // standard from any and all claims of infringement by a patent owner // for such implementations. // // For information about patents held by third-parties which have // notified the DMTF that, in their opinion, such patent may relate to // or impact implementations of DMTF standards, visit // http://www.dmtf.org/about/policies/disclosures.php. // =================================================================== // Description: The User Model extends the management concepts that // are related to users and security. // This file defines the concepts and classes related to // shared secret security services and credentials. // // The object classes below are listed in an order that // avoids forward references. Required objects, defined // by other working groups, are omitted. // =================================================================== // Change Log for v2.7 - None // =================================================================== #pragma Locale ("en_US") // ================================================================== // SharedSecretService // ================================================================== [Version ("2.6.0"), Description ( "CIM_SharedSecretService is a service which ascertains " "whether messages received are from the Principal with " "whom a secret is shared. Examples include a login " "service that proves identity on the basis of knowledge of " "the shared secret, or a transport integrity service (like " "Kerberos provides) that includes a message authenticity " "code that proves each message in the messsage stream came " "from someone who knows the shared secret session key.") ] class CIM_SharedSecretService : CIM_LocalCredentialManagementService { [MaxLen (256), Description ( "The Algorithm used to convey the shared secret, such as " "HMAC-MD5,or PLAINTEXT.") ] string Algorithm; [Description ( "The Protocol supported by the SharedSecretService.") ] string Protocol; }; // ================================================================== // SharedSecret // ================================================================== [Version ("2.6.0"), Description ( "CIM_SharedSecret is the secret shared between a Users Access " "and a particular SharedSecret security service. Secrets " "may be in the form of a password used for initial " "authentication, or as with a session key, used as part of " "a message authentication code to verify that a message " "originated by the pricinpal with whom the secret is shared. " "It is important to note that SharedSecret is not just the " "password, but rather is the password used with a particular " "security service.") ] class CIM_SharedSecret : CIM_Credential { [Propagated ("CIM_SharedSecretService.SystemCreationClassName"), Key, MaxLen (256), Description ("The scoping System's CCN.") ] string SystemCreationClassName; [Propagated ("CIM_SharedSecretService.SystemName"), Key, MaxLen (256),Description ("The scoping System's Name.") ] string SystemName; [Propagated ( "CIM_SharedSecretService.CreationClassName"), Key, MaxLen (256), Description ("The scoping Service's CCN.") ] string ServiceCreationClassName; [Propagated ("CIM_SharedSecretService.Name"), Key, MaxLen (256), Description ("The scoping Service's Name.") ] string ServiceName; [Key, MaxLen (256), Description ( "RemoteID is the name by which the user is known at " "the remote secret key authentication service.") ] string RemoteID; [Description ( "The secret known by the Users Access.") ] string Secret; [Description ( "The transformation algorithm, if any, used to " "protect passwords before use in the protocol. For " "instance, Kerberos doesn't store passwords as the shared " "secret, but rather, a hash of the password.") ] string Algorithm; [Description ( "The protocol with which the SharedSecret is used.") ] string Protocol; }; // =================================================================== // SharedSecretIsShared // =================================================================== [Association, Version ("2.6.0"), Description ( "This relationship associates a SharedSecretService with the " "SecretKey it verifies.") ] class CIM_SharedSecretIsShared : CIM_ManagedCredential { [Override ("Antecedent"), Min (1), Max (1), Description ("The credential management service.") ] CIM_SharedSecretService REF Antecedent; [Override ("Dependent"), Weak, Description ("The managed credential.") ] CIM_SharedSecret REF Dependent; }; // ================================================================== // NamedSharedIKESecret // ================================================================== [Version ("2.6.0"), Description ( "CIM_NamedSharedIKESecret indirectly represents a shared " "secret credential. The local identity, IKEIdentity, " "and the remote peer identity share the secret that is " "named by the SharedSecretName. The SharedSecretName is " "used SharedSecretService to reference the secret.") ] class CIM_NamedSharedIKESecret : CIM_Credential { [Propagated ("CIM_SharedSecretService.SystemCreationClassName"), Key, MaxLen (256), Description ("The scoping System's CCN.") ] string SystemCreationClassName; [Propagated ("CIM_SharedSecretService.SystemName"), Key, MaxLen (256),Description ("The scoping System's Name.") ] string SystemName; [Propagated ("CIM_SharedSecretService.CreationClassName"), Key, MaxLen (256), Description ("The scoping Service's CCN.") ] string ServiceCreationClassName; [Propagated ("CIM_SharedSecretService.Name"), Key, MaxLen (256), Description ("The scoping Service's Name.") ] string ServiceName; [Key, MaxLen (256), Description ( "The local Identity with whom the direct trust " "relationship exists."), ModelCorrespondence { "CIM_NamedSharedIKESecret.LocalIdentityType"} ] string LocalIdentity; [Key, Description ( "LocalIdentityType is used to describe " "the type of the LocalIdentity."), ValueMap {"1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11"}, Values {"IPV4_ADDR", "FQDN", "USER_FQDN", "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET", "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN", "DER_ASN1_GN", "KEY_ID"}, ModelCorrespondence { "CIM_NamedSharedIKESecret.LocalIdentity"} ] uint16 LocalIdentityType; [Key, MaxLen (256), Description ( "The peer identity with whom the direct trust " "relationship exists."), ModelCorrespondence { "CIM_NamedSharedIKESecret.PeerIdentityType"} ] string PeerIdentity; [Key, Description ( "PeerIdentityType is used to describe " "the type of the PeerIdentity."), ValueMap {"1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11"}, Values {"IPV4_ADDR", "FQDN", "USER_FQDN", "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET", "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN", "DER_ASN1_GN", "KEY_ID"}, ModelCorrespondence { "CIM_NamedSharedIKESecret.PeerIdentity"} ] uint16 PeerIdentityType; [Description ( "SharedSecretName is an indirect reference " "to a shared secret. The SecretService does not expose " "the actual secret but rather provides access to the " "secret via a name.") ] string SharedSecretName; }; // ================================================================== // IKESecretIsNamed // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_IKESecretIsNamed association provides the " "relationship between a SharedSecretService and a " "NamedSharedIKESecret.") ] class CIM_IKESecretIsNamed : CIM_ManagedCredential { [Override ("Antecedent"), Min (1), Max (1), Description ( "The SharedSecretService that manages a " "NamedSharedIKESecret.") ] CIM_SharedSecretService REF Antecedent; [Override ("Dependent"), Weak, Description ( "The managed NamedSharedIKESecret.") ] CIM_NamedSharedIKESecret REF Dependent; }; // =================================================================== // end of file // ===================================================================