// =================================================================== // Title: User-Security Users Access 2.7 // Filename: User27_UsersAccess.mof // Version: 2.7.0 // Status: Preliminary // Date: 07/07/2002 // =================================================================== // Copyright 2000-2002 Distributed Management Task Force, Inc. (DMTF). // All rights reserved. // DMTF is a not-for-profit association of industry members dedicated // to promoting enterprise and systems management and interoperability. // DMTF specifications and documents may be reproduced for uses // consistent with this purpose by members and non-members, // provided that correct attribution is given. // As DMTF specifications may be revised from time to time, // the particular version and release date should always be noted. // // Implementation of certain elements of this standard or proposed // standard may be subject to third party patent rights, including // provisional patent rights (herein "patent rights"). DMTF makes // no representations to users of the standard as to the existence // of such rights, and is not responsible to recognize, disclose, or // identify any or all such third party patent right, owners or // claimants, nor for any incomplete or inaccurate identification or // disclosure of such rights, owners or claimants. DMTF shall have no // liability to any party, in any manner or circumstance, under any // legal theory whatsoever, for failure to recognize, disclose, or // identify any such third party patent rights, or for such party's // reliance on the standard or incorporation thereof in its product, // protocols or testing procedures. DMTF shall have no liability to // any party implementing such standard, whether such implementation // is foreseeable or not, nor to any patent owner or claimant, and shall // have no liability or responsibility for costs or losses incurred if // a standard is withdrawn or modified after publication, and shall be // indemnified and held harmless by any party implementing the // standard from any and all claims of infringement by a patent owner // for such implementations. // // For information about patents held by third-parties which have // notified the DMTF that, in their opinion, such patent may relate to // or impact implementations of DMTF standards, visit // http://www.dmtf.org/about/policies/disclosures.php. // =================================================================== // Description: The User Model extends the management concepts that // are related to users and security. // This file defines the concepts and classes related to // users' access to a target, and a notary service that // may verify biometrics defined in the UsersAccess class. // // The object classes below are listed in an order that // avoids forward references. Required objects, defined // by other working groups, are omitted. // =================================================================== // Change Log for v2.7 - None // =================================================================== #pragma Locale ("en_US") // ================================================================== // UsersAccess // ================================================================== [Version ("2.6.0"), Description ( "The UsersAccess object class is used to specify a system user " "that permitted access to system resources. The ManagedElement " "that has access to system resources (represented in the model in " "the ElementAsUser association) may be a person, a service, a " "service access point or any collection thereof. Whereas the " "Account class represents the user's relationship to a system " "from the perspective of the security services of the system, the " "UserAccess class represents the relationships to the systems " "independent of a particular system or service.") ] class CIM_UsersAccess : CIM_UserEntity { [Key, MaxLen (256), Description ( "CreationClassName indicates the name of the class or the " "subclass used in the creation of an instance. When used " "with the other key properties of this class, this property " "allows all instances of this class and its subclasses to " "be uniquely identified.") ] string CreationClassName; [Key, MaxLen (256), Description ( "The Name property defines the label by which the object is " "known.") ] string Name; [Key, Description ( "The ElementID property uniquely specifies the ManagedElement " "object instance that is the user represented by the " "UsersAccess object instance. The ElementID is formatted " "similarly to a model path except that the property-value " "pairs are ordered in alphabetical order (US ASCII lexical " "order).") ] string ElementID; [Description ( "Biometric information used to identify a person. The " "property value is left null or set to 'N/A' for non-human " "user or a user not using biometric information for " "authentication."), ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8"}, Values {"N/A", "Other", "Facial", "Retina", "Mark", "Finger", "Voice", "DNA-RNA", "EEG"} ] uint16 Biometric[]; }; // ================================================================== // ElementAsUser // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_ElementAsUser is an association used to establish the " "'ownership' of UsersAccess object instances. That is, the " "ManagedElement may have UsersAccess to systems and, therefore, " "be 'users' on those systems. UsersAccess instances must have an " "'owning' ManagedElement. Typically, the ManagedElements will be " "limited to Collection, Person, Service and ServiceAccessPoint. " "Other non-human ManagedElements that might be thought of as " "having UsersAccess (e.g., a device or system) have services that " "have the UsersAccess.") ] class CIM_ElementAsUser : CIM_Dependency { [Min (1), Max (1), Override ("Antecedent"), Description ("The ManagedElement that has UsersAccess.") ] CIM_ManagedElement REF Antecedent; [Override ("Dependent"), Description ("The 'owned' UsersAccess.") ] CIM_UsersAccess REF Dependent; }; // ================================================================== // UsersCredential // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_UsersCredential is an association used to establish the " "credentials that may be used for a UsersAccess to a system or " "set of systems.") ] class CIM_UsersCredential : CIM_Dependency { [Override ("Antecedent"), Description ("The issued credential that may be used.") ] CIM_Credential REF Antecedent; [Override ("Dependent"), Description ("The UsersAccess that has use of a credential.") ] CIM_UsersAccess REF Dependent; }; // ================================================================== // Notary // ================================================================== [Version ("2.6.0"), Description ( "CIM_Notary is an AuthenticationService (credential " "management service) which compares the " "biometric characteristics of a person with the " "known characteristics of a Users Access, and determines " "whether the person is the UsersAccess. An example is " "a bank teller who compares a picture ID with the person " "trying to cash a check, or a biometric login service that " "uses voice recognition to identify a user.") ] class CIM_Notary : CIM_CredentialManagementService { [Description ( "The types of biometric information which " "this Notary can compare."), ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8"}, Values {"N/A", "Other", "Facial", "Retina", "Mark", "Finger", "Voice", "DNA-RNA", "EEG"} ] uint16 Comparitors; [Description ( "The SealProtocol is how the decision of the Notary is " "recorded for future use by parties who will rely on its " "decision. For instance, a drivers licence frequently " "includes tamper-resistent coatings and markings to protect " "the recorded decision that a driver, having various " "biometric characteristics of height, weight, hair and eye " "color, using a particular name, has features represented in " "a photograph of their face.") ] string SealProtocol; [Description ( "CharterIssued documents when the Notary is first " "authorized, by whoever gave it responsibility, to perform " "its service.") ] datetime CharterIssued; [Description ( "CharterExpired documents when the Notary is no longer " "authorized, by whoever gave it responsibility, to perform " "its service.") ] datetime CharterExpired; }; // =================================================================== // NotaryVerifiesBiometric // =================================================================== [Association, Version ("2.6.0"), Description ( "This relationship associates a Notary service with the " "Users Access whose biometric information is verified.") ] class CIM_NotaryVerifiesBiometric : CIM_Dependency { [Override ("Antecedent"), Description ( "The Notary service that verifies biometric information.") ] CIM_Notary REF Antecedent; [Override ("Dependent"), Description ( "The UsersAccess that represents a person using " "biometric information for authentication.") ] CIM_UsersAccess REF Dependent; }; // =================================================================== // PublicPrivateKeyPair // =================================================================== [Association, Version ("2.6.0"), Description ( "This relationship associates a PublicKeyCertificate with " "the Principal who has the PrivateKey used with the " "PublicKey. The PrivateKey is not modeled, since it is not " "a data element that ever SHOULD be accessible via " "management applications, other than key recovery services, " "which are outside our scope.") ] class CIM_PublicPrivateKeyPair : CIM_UsersCredential { [Override ("Antecedent") ] CIM_PublicKeyCertificate REF Antecedent; [Override ("Dependent") ] CIM_UsersAccess REF Dependent; [Description ( "The Certificate may be used for signature only " "or for confidentiality as well as signature"), ValueMap {"0", "1"}, Values {"SignOnly", "ConfidentialityOrSignature"} ] uint16 Use; [Description ( "Indicates if the certificate can be NonRepudiation.") ] boolean NonRepudiation; [Description ( "Indicates if the certificate can be backed up.") ] boolean BackedUp; [Description ( "The repository in which the certificate is backed up.") ] string Repository; }; // =================================================================== // end of file // ===================================================================