// =================================================================== // Title: User-Security General Credentials 2.8 // Filename: User28_Credential.mof // Version: 2.8 // Status: Preliminary // Date: 05/29/2003 // =================================================================== // Copyright 2000-2003 Distributed Management Task Force, Inc. (DMTF). // All rights reserved. // DMTF is a not-for-profit association of industry members dedicated // to promoting enterprise and systems management and interoperability. // DMTF specifications and documents may be reproduced for uses // consistent with this purpose by members and non-members, // provided that correct attribution is given. // As DMTF specifications may be revised from time to time, // the particular version and release date should always be noted. // // Implementation of certain elements of this standard or proposed // standard may be subject to third party patent rights, including // provisional patent rights (herein "patent rights"). DMTF makes // no representations to users of the standard as to the existence // of such rights, and is not responsible to recognize, disclose, or // identify any or all such third party patent right, owners or // claimants, nor for any incomplete or inaccurate identification or // disclosure of such rights, owners or claimants. DMTF shall have no // liability to any party, in any manner or circumstance, under any // legal theory whatsoever, for failure to recognize, disclose, or // identify any such third party patent rights, or for such party's // reliance on the standard or incorporation thereof in its product, // protocols or testing procedures. DMTF shall have no liability to // any party implementing such standard, whether such implementation // is foreseeable or not, nor to any patent owner or claimant, and shall // have no liability or responsibility for costs or losses incurred if // a standard is withdrawn or modified after publication, and shall be // indemnified and held harmless by any party implementing the // standard from any and all claims of infringement by a patent owner // for such implementations. // // For information about patents held by third-parties which have // notified the DMTF that, in their opinion, such patent may relate to // or impact implementations of DMTF standards, visit // http://www.dmtf.org/about/policies/disclosures.php. // =================================================================== // Description: The User Model extends the management concepts that // are related to users and security. // This file defines the generic concepts of a // credential. // // The object classes below are listed in an order that // avoids forward references. Required objects, defined // by other working groups, are omitted. // =================================================================== // Change Log for v2.8 Preliminary // CR1011 - Add BiometricCredential, update credential description. // CR1014 - Remove Min (1) from ManagedCredential.Antecedent // // Change Log for v2.7 // CR784 - Promote 2 properties, Issued and Expired, from // CIM_KerberosTicket to CIM_Credential // CR980 - Remove Experimental qualifier from 2 properties in // Credential // =================================================================== #pragma Locale ("en_US") // ================================================================== // Credential // ================================================================== [Abstract, Version ("2.7.1000"), Description ( "Subclasses of CIM_Credential define materials, information, or " "other data which are used to establish identity. Generally, " "there may be some shared information, or credential material " "which is used to identify and authenticate an entity in the " "process of gaining access to, or permission to use, " "resources. Such credential material may be used to " "authenticate an entity's identity initially, as done by a " "CIM_AuthenticationService, and additionally on an ongoing " "basis (for example, during the course of a connection or other " "security association), as proof that each received message or " "communication came from a valid 'user' of that credential " "material.") ] class CIM_Credential : CIM_ManagedElement { [Description ( "The date and time when the credential was issued. Use a " "value of all 0s if this information is not applicable.") ] datetime Issued; [Description ( "The date and time when the credential expires (and is not " "appropriate for use for authentication/ authorization). " "Use a value of all 9s if this information is not " "applicable. Note that this property does not define how " "the expiration is set - but that there IS an expiration. " "The property may be set to either a specific date/time or " "an interval (calculated from the Issued datetime). For " "example, for Certificate Authority-signed public key, the " "expiration is determined by the CA. Another example is a " "voice mail password that expires 60 days after it is " "set/issued.") ] datetime Expires; }; // =================================================================== // ManagedCredential // =================================================================== [Association, Version ("2.7.1000"), Description ( "This relationship associates a CredentialManagementService " "with the Credential it manages.") ] class CIM_ManagedCredential : CIM_Dependency { [Override ("Antecedent"), Max (1), Description ( "The credential management service.") ] CIM_CredentialManagementService REF Antecedent; [Override ("Dependent"), Description ( "The managed credential.") ] CIM_Credential REF Dependent; }; // ================================================================== // BiometricCredential // ================================================================== [Experimental, Version ("2.7.1000"), Description ( "CIM_BiometricCredential defines specific biometric-related " "credential information, used to validate an identity.") ] class CIM_BiometricCredential : CIM_Credential { [Key, Description ( "Within the scope of the instantiating Namespace, InstanceID " "opaquely and uniquely identifies an instance of this " "class. In order to ensure uniqueness within the NameSpace, " "the value of InstanceID SHOULD be constructed using the " "following 'preferred' algorithm:\n" ":\n" "Where and are separated by a colon ':', " "and where MUST include a copyrighted, trademarked " "or otherwise unique name that is owned by the business " "entity creating/defining the InstanceID, or is a registered " "ID that is assigned to the business entity by a recognized " "global authority (This is similar to the _ structure of Schema class names.) In " "addition, to ensure uniqueness MUST NOT contain a " "colon (':'). When using this algorithm, the first colon to " "appear in InstanceID MUST appear between and " ".\n" " is chosen by the business entity and SHOULD not " "be re-used to identify different underlying (real-world) " "elements. If the above 'preferred' algorithm is not used, " "the defining entity MUST assure that the resultant " "InstanceID is not re-used across any InstanceIDs produced " "by this or other providers for this instance's NameSpace.\n" "For DMTF defined instances, the 'preferred' algorithm MUST " "be used with the set to 'CIM'.") ] string InstanceID; [Description ( "The type of biometric information for identification."), ValueMap {"1", "2", "3", "4", "5", "6", "7", "8"}, Values {"Other", "Facial", "Retina", "Mark", "Finger", "Voice", "DNA-RNA", "EEG"}, ArrayType ("Indexed"), ModelCorrespondence { "CIM_BiometricCredential.BiometricDescriptions"} ] uint16 Biometrics[]; [Description ( "Additional information regarding the entries in the " "Biometrics array. For example, information regarding where " "or how the data is stored may be specified in this array. " "Entries at the same index correspond between the Biometrics " "and Descriptions arrays. An entry MUST be provided when " "the value 1, \"Other\", is specified in the Biometrics " "array."), ArrayType ("Indexed"), ModelCorrespondence {"CIM_BiometricCredential.Biometrics"} ] string BiometricDescriptions[]; }; // =================================================================== // end of file // ===================================================================