// =================================================================== // Title: User_SharedSecret // $State: Exp $ // $Date: 2005/02/17 00:09:56 $ // $RCSfile: User_SharedSecret.mof,v $ // $Revision: 1.1 $ // =================================================================== //#pragma inLine ("Includes/copyright.inc") // Copyright 1998-2005 Distributed Management Task Force, Inc. (DMTF). // All rights reserved. // DMTF is a not-for-profit association of industry members dedicated // to promoting enterprise and systems management and interoperability. // DMTF specifications and documents may be reproduced for uses // consistent with this purpose by members and non-members, // provided that correct attribution is given. // As DMTF specifications may be revised from time to time, // the particular version and release date should always be noted. // // Implementation of certain elements of this standard or proposed // standard may be subject to third party patent rights, including // provisional patent rights (herein "patent rights"). DMTF makes // no representations to users of the standard as to the existence // of such rights, and is not responsible to recognize, disclose, or // identify any or all such third party patent right, owners or // claimants, nor for any incomplete or inaccurate identification or // disclosure of such rights, owners or claimants. DMTF shall have no // liability to any party, in any manner or circumstance, under any // legal theory whatsoever, for failure to recognize, disclose, or // identify any such third party patent rights, or for such party's // reliance on the standard or incorporation thereof in its product, // protocols or testing procedures. DMTF shall have no liability to // any party implementing such standard, whether such implementation // is foreseeable or not, nor to any patent owner or claimant, and shall // have no liability or responsibility for costs or losses incurred if // a standard is withdrawn or modified after publication, and shall be // indemnified and held harmless by any party implementing the // standard from any and all claims of infringement by a patent owner // for such implementations. // // For information about patents held by third-parties which have // notified the DMTF that, in their opinion, such patent may relate to // or impact implementations of DMTF standards, visit // http://www.dmtf.org/about/policies/disclosures.php. //#pragma inLine // =================================================================== // Description: The User Model extends the management concepts that // are related to users and security. // This file defines the concepts and classes related to // shared secret security services and credentials. // // The object classes below are listed in an order that // avoids forward references. Required objects, defined // by other working groups, are omitted. // =================================================================== // Change Log for v2.8 Final - // CR1235 - Generalized the Descriptions for SharedSecret and several // properties since these referenced a deprecated concept, // UsersAccess // // Change Log for v2.8 Preliminary - None // // Change Log for v2.7 - None // =================================================================== #pragma Locale ("en_US") // ================================================================== // SharedSecretService // ================================================================== [Version ( "2.6.0" ), Description ( "CIM_SharedSecretService is a service which ascertains whether " "messages received are from the Principal with whom a secret is " "shared. Examples include a login service that proves identity " "on the basis of knowledge of the shared secret, or a transport " "integrity service (like Kerberos provides) that includes a " "message authenticity code that proves each message in the " "messsage stream came from someone who knows the shared secret " "session key.")] class CIM_SharedSecretService : CIM_LocalCredentialManagementService { [Description ( "The Algorithm used to convey the shared secret, such as " "HMAC-MD5,or PLAINTEXT."), MaxLen ( 256 )] string Algorithm; [Description ( "The Protocol supported by the SharedSecretService.")] string Protocol; }; // ================================================================== // SharedSecret // ================================================================== [Version ( "2.8.0" ), Description ( "CIM_SharedSecret is a secret (such as a password or the " "response to a challenge question) that is shared between a " "principal and a particular SharedSecret security service. " "Secrets may be in the form of a password used for initial " "authentication, or as with a session key, used as part of a " "message to verify the originator of the message. It is " "important to note that SharedSecret is not just a password, " "but rather is the password used with a particular security " "service.")] class CIM_SharedSecret : CIM_Credential { [Key, Propagated ( "CIM_SharedSecretService.SystemCreationClassName" ), Description ( "The scoping System's CCN."), MaxLen ( 256 )] string SystemCreationClassName; [Key, Propagated ( "CIM_SharedSecretService.SystemName" ), Description ( "The scoping System's Name."), MaxLen ( 256 )] string SystemName; [Key, Propagated ( "CIM_SharedSecretService.CreationClassName" ), Description ( "The scoping Service's CCN."), MaxLen ( 256 )] string ServiceCreationClassName; [Key, Propagated ( "CIM_SharedSecretService.Name" ), Description ( "The scoping Service's Name."), MaxLen ( 256 )] string ServiceName; [Key, Description ( "RemoteID is the name by which the principal is known at the " "remote secret key authentication service."), MaxLen ( 256 )] string RemoteID; [Description ( "The secret known by the principal.")] string Secret; [Description ( "The transformation algorithm, if any, used to protect " "passwords before use in the protocol. For instance, " "Kerberos doesn't store passwords as the shared secret, but " "rather, a hash of the password.")] string Algorithm; [Description ( "The protocol with which the SharedSecret is used.")] string Protocol; }; // =================================================================== // SharedSecretIsShared // =================================================================== [Association, Version ( "2.6.0" ), Description ( "This relationship associates a SharedSecretService with the " "SecretKey it verifies.")] class CIM_SharedSecretIsShared : CIM_ManagedCredential { [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description ( "The credential management service.")] CIM_SharedSecretService REF Antecedent; [Override ( "Dependent" ), Weak, Description ( "The managed credential.")] CIM_SharedSecret REF Dependent; }; // ================================================================== // NamedSharedIKESecret // ================================================================== [Version ( "2.6.0" ), Description ( "CIM_NamedSharedIKESecret indirectly represents a shared secret " "credential. The local identity, IKEIdentity, and the remote " "peer identity share the secret that is named by the " "SharedSecretName. The SharedSecretName is used by the " "SharedSecretService to reference the secret.")] class CIM_NamedSharedIKESecret : CIM_Credential { [Key, Propagated ( "CIM_SharedSecretService.SystemCreationClassName" ), Description ( "The scoping System's CCN."), MaxLen ( 256 )] string SystemCreationClassName; [Key, Propagated ( "CIM_SharedSecretService.SystemName" ), Description ( "The scoping System's Name."), MaxLen ( 256 )] string SystemName; [Key, Propagated ( "CIM_SharedSecretService.CreationClassName" ), Description ( "The scoping Service's CCN."), MaxLen ( 256 )] string ServiceCreationClassName; [Key, Propagated ( "CIM_SharedSecretService.Name" ), Description ( "The scoping Service's Name."), MaxLen ( 256 )] string ServiceName; [Key, Description ( "The local Identity with whom the direct trust relationship " "exists."), MaxLen ( 256 ), ModelCorrespondence { "CIM_NamedSharedIKESecret.LocalIdentityType" }] string LocalIdentity; [Key, Description ( "LocalIdentityType is used to describe the type of the " "LocalIdentity."), ValueMap { "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11" }, Values { "IPV4_ADDR", "FQDN", "USER_FQDN", "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET", "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN", "DER_ASN1_GN", "KEY_ID" }, ModelCorrespondence { "CIM_NamedSharedIKESecret.LocalIdentity" }] uint16 LocalIdentityType; [Key, Description ( "The peer identity with whom the direct trust relationship " "exists."), MaxLen ( 256 ), ModelCorrespondence { "CIM_NamedSharedIKESecret.PeerIdentityType" }] string PeerIdentity; [Key, Description ( "PeerIdentityType is used to describe the type of the " "PeerIdentity."), ValueMap { "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11" }, Values { "IPV4_ADDR", "FQDN", "USER_FQDN", "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET", "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN", "DER_ASN1_GN", "KEY_ID" }, ModelCorrespondence { "CIM_NamedSharedIKESecret.PeerIdentity" }] uint16 PeerIdentityType; [Description ( "SharedSecretName is an indirect reference to a shared " "secret. The SecretService does not expose the actual secret " "but rather provides access to the secret via a name.")] string SharedSecretName; }; // ================================================================== // IKESecretIsNamed // ================================================================== [Association, Version ( "2.6.0" ), Description ( "CIM_IKESecretIsNamed association provides the relationship " "between a SharedSecretService and a NamedSharedIKESecret.")] class CIM_IKESecretIsNamed : CIM_ManagedCredential { [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description ( "The SharedSecretService that manages a " "NamedSharedIKESecret.")] CIM_SharedSecretService REF Antecedent; [Override ( "Dependent" ), Weak, Description ( "The managed NamedSharedIKESecret.")] CIM_NamedSharedIKESecret REF Dependent; }; // =================================================================== // end of file // ===================================================================