// =================================================================== // Title: User-Security Authentication Requirements 2.8 // Filename: User28_AuthenticationReqmt.mof // Version: 2.8 // Status: Preliminary // Date: 07/29/2003 // =================================================================== // Copyright 2000-2003 Distributed Management Task Force, Inc. (DMTF). // All rights reserved. // DMTF is a not-for-profit association of industry members dedicated // to promoting enterprise and systems management and interoperability. // DMTF specifications and documents may be reproduced for uses // consistent with this purpose by members and non-members, // provided that correct attribution is given. // As DMTF specifications may be revised from time to time, // the particular version and release date should always be noted. // // Implementation of certain elements of this standard or proposed // standard may be subject to third party patent rights, including // provisional patent rights (herein "patent rights"). DMTF makes // no representations to users of the standard as to the existence // of such rights, and is not responsible to recognize, disclose, or // identify any or all such third party patent right, owners or // claimants, nor for any incomplete or inaccurate identification or // disclosure of such rights, owners or claimants. DMTF shall have no // liability to any party, in any manner or circumstance, under any // legal theory whatsoever, for failure to recognize, disclose, or // identify any such third party patent rights, or for such party's // reliance on the standard or incorporation thereof in its product, // protocols or testing procedures. DMTF shall have no liability to // any party implementing such standard, whether such implementation // is foreseeable or not, nor to any patent owner or claimant, and shall // have no liability or responsibility for costs or losses incurred if // a standard is withdrawn or modified after publication, and shall be // indemnified and held harmless by any party implementing the // standard from any and all claims of infringement by a patent owner // for such implementations. // // For information about patents held by third-parties which have // notified the DMTF that, in their opinion, such patent may relate to // or impact implementations of DMTF standards, visit // http://www.dmtf.org/about/policies/disclosures.php. // =================================================================== // Description: The User Model extends the management concepts that // are related to users and security. // This file defines the concepts and classes related to // requirements for authentication. // // The object classes below are listed in an order that // avoids forward references. Required objects, defined // by other working groups, are omitted. // =================================================================== // Change Log for v2.8 Preliminary (Company Review) // CR1107 - Deprecated: // AuthenticationRequirement // HostedAuthenticationRequirement // AuthenticatedForUse // RequireCredentialFrom // AuthenticationTarget // CR1128 - Change subclassing of HostedAuthenticationRequirement // from Dependency to HostedDependency. // // Change Log for v2.8 Preliminary - None // // Change Log for v2.7 - None // =================================================================== #pragma Locale ("en_US") // ================================================================== // AuthenticationRequirement // ================================================================== [Deprecated {"CIM_AuthenticationCondition","CIM_AuthenticationRule", "CIM_SecuritySensitivity"}, Version ("2.7.1000"), Description ( "CIM_AuthenticationRequirement provides, through its " "associations, the authentication requirements for accessto " "system resources. For a particularset of target resources, " "the AuthenticationService may require that credentialsbe " "issued by a specific CredentialManagementService. The " "AuthenticationRequirement class is weak to the system(e.g., " "ComputerSystem or Administrative Domain) for which the " "requirements apply.\n" "\n" "Note that this class was defined before the Policy " "Modelexisted, and is deprecated in lieuof authentication " "policy - specifically, the AuthenticationConditionand " "AuthenticationRule classes. In the updated design, " "AuthenticationConditiondescribes the specific combinations " "ofcredentials (or alternative credentials) that are required " "in order to authenticatean Identity. This allows a " "moreexplicit and flexible description of authentication " "requirements.Also, the definition of 'security classification' " "as a property of this class was problematic - since itcould " "not be assigned to an element in a straightforwardfashion. To " "correct this issue, the SecuritySensitivityclass (and its " "association, ElementSecuritySensitivity) are defined.") ] class CIM_AuthenticationRequirement : CIM_LogicalElement { [Deprecated {"CIM_AuthenticationRule.SystemCreationClassName"}, Key, Propagated ("CIM_System.CreationClassName"), Description ( "Hosting systemcreation class name."), MaxLen (256) ] string SystemCreationClassName; [Deprecated {"CIM_AuthenticationRule.SystemName"}, Key, Propagated ("CIM_System.Name"), Description ( "Hosting system name."), MaxLen (256) ] string SystemName; [Deprecated {"CIM_AuthenticationRule.CreationClassName"}, Key, Description ( "CreationClassName indicates the nameof the class or the " "subclass used in the creation of an instance.When used with " "the other key properties of thisclass, this property allows " "all instances of this class andits subclasses to be " "uniquely identified."), MaxLen (256) ] string CreationClassName; [Deprecated {"CIM_AuthenticationRule.PolicyRuleName"}, Key, Override ("Name"), Description ( "The Name property defines the unique label, in the context " "of the hosting system, by which the " "AuthenticationRequirement is known."), MaxLen (256) ] string Name; [Deprecated {"CIM_SecuritySensitivity.SecurityLevel"}, Description ( "The SecurityClassification property specifiesa named level " "of security associated with the AuthenticationRequirement, " "e.g., 'Confidential', 'Top Secret', etc.") ] string SecurityClassification; }; // ================================================================== // HostedAuthenticationRequirement // ================================================================== [Association, Deprecated {"CIM_PolicyRuleInSystem"}, Version ("2.7.1000"), Description ( "CIM_HostedAuthenticationRequirement is an associationused to " "provide the namespace scoping of AuthenticationRequirement. " "The hosted requirements may or may not apply to resourceson " "the hosting system. Since theAuthenticationRequirement class " "is deprecated in lieu of explicitpolicy rules, this class is " "similarly deprecated to its'policy' equivalent.") ] class CIM_HostedAuthenticationRequirement : CIM_HostedDependency { [Deprecated {"CIM_PolicyRuleInSystem.Antecedent"}, Override ("Antecedent"), Min (1), Max (1), Description ( "The hosting system.") ] CIM_System REF Antecedent; [Deprecated {"CIM_PolicyRuleInSystem.Dependent"}, Override ("Dependent"), Weak, Description ( "The hosted AuthenticationRequirement.") ] CIM_AuthenticationRequirement REF Dependent; }; // ================================================================== // AuthenticateForUse // ================================================================== [Association, Deprecated {"No value"}, Version ("2.7.1000"), Description ( "CIM_AuthenticateForUse is an association used to providean " "AuthenticationService with the AuthenticationRequirement it " "needs to do its job. Thisassociation is unnecessary and " "therefore deprecated, sinceit is implied that an Identity MUST " "be authenticated (its CurrentlyAuthenticatedBoolean set to " "TRUE) in order to have any Privileges.") ] class CIM_AuthenticateForUse : CIM_Dependency { [Deprecated {"No value"}, Override ("Antecedent"), Description ( "AuthenticationRequirementfor use.") ] CIM_AuthenticationRequirement REF Antecedent; [Deprecated {"No value"}, Override ("Dependent"), Description ( "AuthenticationServicethat uses the requirements.") ] CIM_AuthenticationService REF Dependent; }; // ================================================================== // RequireCredentialsFrom // ================================================================== [Association, Deprecated {"CIM_AuthenticationCondition", "CIM_AuthenticationRule"}, Version ("2.7.1000"), Description ( "CIM_RequireCredentialsFrom is an association usedto require " "that credentials are issued by particular CredentialManagement " "Services in order to authenticate a user. This association is " "deprecated in lieu of explicitdeclaration of the " "AuthenticationConditionsin an AuthenticationRule. Instances " "of AuthenticationCondition describethe specific combinations " "of credentials (or alternativecredentials) that are required " "to authenticate an Identity.This allows a more explicit and " "flexible description of authenticationrequirements.") ] class CIM_RequireCredentialsFrom : CIM_Dependency { [Deprecated {"CIM_AuthenticationCondition"}, Override ("Antecedent"), Description ( "CredentialManagementService from whichcredentials are " "accepted for the associated AuthenticationRequirement.") ] CIM_CredentialManagementService REF Antecedent; [Deprecated {"CIM_AuthenticationRule"}, Override ("Dependent"), Description ( "AuthenticationRequirementthat limit acceptable " "credentials.") ] CIM_AuthenticationRequirement REF Dependent; }; // ================================================================== // AuthenticationTarget // ================================================================== [Association, Deprecated {"CIM_PolicySetAppliesToElement"}, Version ("2.7.1000"), Description ( "CIM_AuthenticationTarget is an association used toapply " "authentication requirements for access to specificresources. " "Forexample, a shared secret may be sufficient for access to " "unclassified resources, but for confidential resources,a " "stronger authentication may be required. Since the " "AuthenticationRequirement class is deprecated in lieu of " "explicit policy rules, thisassociation is similarly deprecated " "to its 'policy'equivalent.") ] class CIM_AuthenticationTarget : CIM_Dependency { [Deprecated {"CIM_PolicySetAppliesToElement.PolicySet"}, Override ("Antecedent"), Description ( "AuthenticationRequirement that apply to specific " "resources.") ] CIM_AuthenticationRequirement REF Antecedent; [Deprecated {"CIM_PolicySetAppliesToElement.ManagedElement"}, Override ("Dependent"), Description ( "Target resources that may be in a Collection or an " "individual ManagedElement. These resources are protected " "by the AuthenticationRequirement.") ] CIM_ManagedElement REF Dependent; }; // =================================================================== // end of file // ===================================================================