// =================================================================== // Title: User-Security Authentication Requirements 2.7 // Filename: User27_AuthenticationReqmt.mof // Version: 2.7.0 // Status: Preliminary // Date: 07/07/2002 // =================================================================== // Copyright 2000-2002 Distributed Management Task Force, Inc. (DMTF). // All rights reserved. // DMTF is a not-for-profit association of industry members dedicated // to promoting enterprise and systems management and interoperability. // DMTF specifications and documents may be reproduced for uses // consistent with this purpose by members and non-members, // provided that correct attribution is given. // As DMTF specifications may be revised from time to time, // the particular version and release date should always be noted. // // Implementation of certain elements of this standard or proposed // standard may be subject to third party patent rights, including // provisional patent rights (herein "patent rights"). DMTF makes // no representations to users of the standard as to the existence // of such rights, and is not responsible to recognize, disclose, or // identify any or all such third party patent right, owners or // claimants, nor for any incomplete or inaccurate identification or // disclosure of such rights, owners or claimants. DMTF shall have no // liability to any party, in any manner or circumstance, under any // legal theory whatsoever, for failure to recognize, disclose, or // identify any such third party patent rights, or for such party's // reliance on the standard or incorporation thereof in its product, // protocols or testing procedures. DMTF shall have no liability to // any party implementing such standard, whether such implementation // is foreseeable or not, nor to any patent owner or claimant, and shall // have no liability or responsibility for costs or losses incurred if // a standard is withdrawn or modified after publication, and shall be // indemnified and held harmless by any party implementing the // standard from any and all claims of infringement by a patent owner // for such implementations. // // For information about patents held by third-parties which have // notified the DMTF that, in their opinion, such patent may relate to // or impact implementations of DMTF standards, visit // http://www.dmtf.org/about/policies/disclosures.php. // =================================================================== // Description: The User Model extends the management concepts that // are related to users and security. // This file defines the concepts and classes related to // requirements for authentication. // // The object classes below are listed in an order that // avoids forward references. Required objects, defined // by other working groups, are omitted. // =================================================================== // Change Log for v2.7 - None // =================================================================== #pragma Locale ("en_US") // ================================================================== // AuthenticationRequirement // ================================================================== [Version ("2.6.0"), Description ( "CIM_AuthenticationRequirement provides, through its " "associations, the authentication requirements for access to " "system resources. For a particular set of target resources, the " "AuthenticationService may require that credentials be issued by " "a specific CredentialManagementService. The " "AuthenticationRequirement class is weak to the system (e.g., " "Computer System or Administrative Domain) for which the " "requirements apply.") ] class CIM_AuthenticationRequirement : CIM_LogicalElement { [Propagated ("CIM_System.CreationClassName"), Key, MaxLen (256), Description ("Hosting system creation class name.") ] string SystemCreationClassName; [Propagated ("CIM_System.Name"), Key, MaxLen (256), Description ("Hosting system name.") ] string SystemName; [Key, MaxLen (256), Description ( "CreationClassName indicates the name of the class or the " "subclass used in the creation of an instance. When used " "with the other key properties of this class, this property " "allows all instances of this class and its subclasses to " "be uniquely identified.") ] string CreationClassName; [Key, MaxLen (256), Override ("Name"), Description ( "The Name property defines the unique label, in the context of " "the hosting system, by which the AuthenticationRequirement " "is known.") ] string Name; [Description ( "The SecurityClassification property specifies a named level " "of security associated with the AuthenticationRequirement, " "e.g., 'Confidential', 'Top Secret', etc.") ] string SecurityClassification; }; // ================================================================== // HostedAuthenticationRequirement // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_HostedAuthenticationRequirement is an association used to " "provide the namespace scoping of AuthenticationRequirement. The " "hosted requirements may or may not apply to resources on the " "hosting system.") ] class CIM_HostedAuthenticationRequirement : CIM_Dependency { [Min (1), Max (1), Override ("Antecedent"), Description ("The hosting system.") ] CIM_System REF Antecedent; [Override ("Dependent"), Weak, Description ("The hosted AuthenticationRequirement.") ] CIM_AuthenticationRequirement REF Dependent; }; // ================================================================== // AuthenticateForUse // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_AuthenticateForUse is an association used to provide an " "AuthenticationService with the AuthenticationRequirement it " "needs to do its job.") ] class CIM_AuthenticateForUse : CIM_Dependency { [Override ("Antecedent"), Description ("AuthenticationRequirement for use.") ] CIM_AuthenticationRequirement REF Antecedent; [Override ("Dependent"), Description ( "AuthenticationService that uses the requirements.") ] CIM_AuthenticationService REF Dependent; }; // ================================================================== // RequireCredentialsFrom // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_RequireCredentialsFrom is an association used to require " "that credentials are issued by particular Credential Management " "Services in order to authenticate a user.") ] class CIM_RequireCredentialsFrom : CIM_Dependency { [Override ("Antecedent"), Description ( "CredentialManagementService from which credentials are " "accepted for the associated AuthenticationRequirement.") ] CIM_CredentialManagementService REF Antecedent; [Override ("Dependent"), Description ( "AuthenticationRequirement that limit acceptable credentials.") ] CIM_AuthenticationRequirement REF Dependent; }; // ================================================================== // AuthenticationTarget // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_AuthenticationTarget is an association used to apply " "authentication requirements for access to specific resources. " "For example, a shared secret may be sufficient for access to " "unclassified resources, but for confidential resources, a " "stronger authentication may be required.") ] class CIM_AuthenticationTarget : CIM_Dependency { [Override ("Antecedent"), Description ( "AuthenticationRequirement that apply to specific resources.") ] CIM_AuthenticationRequirement REF Antecedent; [Override ("Dependent"), Description ( "Target resources that may be in a Collection or an " "individual ManagedElement. These resources are protected " "by the AuthenticationRequirement.") ] CIM_ManagedElement REF Dependent; }; // =================================================================== // end of file // ===================================================================