// =================================================================== // Title: User-Security Shared Secret 2.8 // Filename: User28_SharedSecret.mof // Version: 2.8 // Status: Preliminary // Date: 05/29/2003 // =================================================================== // Copyright 2000-2003 Distributed Management Task Force, Inc. (DMTF). // All rights reserved. // DMTF is a not-for-profit association of industry members dedicated // to promoting enterprise and systems management and interoperability. // DMTF specifications and documents may be reproduced for uses // consistent with this purpose by members and non-members, // provided that correct attribution is given. // As DMTF specifications may be revised from time to time, // the particular version and release date should always be noted. // // Implementation of certain elements of this standard or proposed // standard may be subject to third party patent rights, including // provisional patent rights (herein "patent rights"). DMTF makes // no representations to users of the standard as to the existence // of such rights, and is not responsible to recognize, disclose, or // identify any or all such third party patent right, owners or // claimants, nor for any incomplete or inaccurate identification or // disclosure of such rights, owners or claimants. DMTF shall have no // liability to any party, in any manner or circumstance, under any // legal theory whatsoever, for failure to recognize, disclose, or // identify any such third party patent rights, or for such party's // reliance on the standard or incorporation thereof in its product, // protocols or testing procedures. DMTF shall have no liability to // any party implementing such standard, whether such implementation // is foreseeable or not, nor to any patent owner or claimant, and shall // have no liability or responsibility for costs or losses incurred if // a standard is withdrawn or modified after publication, and shall be // indemnified and held harmless by any party implementing the // standard from any and all claims of infringement by a patent owner // for such implementations. // // For information about patents held by third-parties which have // notified the DMTF that, in their opinion, such patent may relate to // or impact implementations of DMTF standards, visit // http://www.dmtf.org/about/policies/disclosures.php. // =================================================================== // Description: The User Model extends the management concepts that // are related to users and security. // This file defines the concepts and classes related to // shared secret security services and credentials. // // The object classes below are listed in an order that // avoids forward references. Required objects, defined // by other working groups, are omitted. // =================================================================== // Change Log for v2.8 - None // // Change Log for v2.7 - None // =================================================================== #pragma Locale ("en_US") // ================================================================== // SharedSecretService // ================================================================== [Version ("2.6.0"), Description ( "CIM_SharedSecretService is a service which ascertains whether " "messages received are from the Principal with whom a secret is " "shared. Examples include a login service that proves identity " "on the basis of knowledge of the shared secret, or a transport " "integrity service (like Kerberos provides) that includes a " "message authenticity code that proves each message in the " "messsage stream came from someone who knows the shared secret " "session key.") ] class CIM_SharedSecretService : CIM_LocalCredentialManagementService { [Description ( "The Algorithm used to convey the shared secret, such as " "HMAC-MD5,or PLAINTEXT."), MaxLen (256) ] string Algorithm; [Description ( "The Protocol supported by the SharedSecretService.") ] string Protocol; }; // ================================================================== // SharedSecret // ================================================================== [Version ("2.6.0"), Description ( "CIM_SharedSecret is the secret shared between a Users Access " "and a particular SharedSecret security service. Secrets may " "be in the form of a password used for initial authentication, " "or as with a session key, used as part of a message " "authentication code to verify that a message originated by the " "pricinpal with whom the secret is shared. It is important to " "note that SharedSecret is not just the password, but rather is " "the password used with a particular security service.") ] class CIM_SharedSecret : CIM_Credential { [Key, Propagated ("CIM_SharedSecretService.SystemCreationClassName"), Description ( "The scoping System's CCN."), MaxLen (256) ] string SystemCreationClassName; [Key, Propagated ("CIM_SharedSecretService.SystemName"), Description ( "The scoping System's Name."), MaxLen (256) ] string SystemName; [Key, Propagated ( "CIM_SharedSecretService.CreationClassName"), Description ( "The scoping Service's CCN."), MaxLen (256) ] string ServiceCreationClassName; [Key, Propagated ("CIM_SharedSecretService.Name"), Description ( "The scoping Service's Name."), MaxLen (256) ] string ServiceName; [Key, Description ( "RemoteID is the name by which the user is known at the " "remote secret key authentication service."), MaxLen (256) ] string RemoteID; [Description ( "The secret known by the Users Access.") ] string Secret; [Description ( "The transformation algorithm, if any, used to protect " "passwords before use in the protocol. For instance, " "Kerberos doesn't store passwords as the shared secret, but " "rather, a hash of the password.") ] string Algorithm; [Description ( "The protocol with which the SharedSecret is used.") ] string Protocol; }; // =================================================================== // SharedSecretIsShared // =================================================================== [Association, Version ("2.6.0"), Description ( "This relationship associates a SharedSecretService with the " "SecretKey it verifies.") ] class CIM_SharedSecretIsShared : CIM_ManagedCredential { [Override ("Antecedent"), Min (1), Max (1), Description ( "The credential management service.") ] CIM_SharedSecretService REF Antecedent; [Override ("Dependent"), Weak, Description ( "The managed credential.") ] CIM_SharedSecret REF Dependent; }; // ================================================================== // NamedSharedIKESecret // ================================================================== [Version ("2.6.0"), Description ( "CIM_NamedSharedIKESecret indirectly represents a shared secret " "credential. The local identity, IKEIdentity, and the remote " "peer identity share the secret that is named by the " "SharedSecretName. The SharedSecretName is used " "SharedSecretService to reference the secret.") ] class CIM_NamedSharedIKESecret : CIM_Credential { [Key, Propagated ("CIM_SharedSecretService.SystemCreationClassName"), Description ( "The scoping System's CCN."), MaxLen (256) ] string SystemCreationClassName; [Key, Propagated ("CIM_SharedSecretService.SystemName"), Description ( "The scoping System's Name."), MaxLen (256) ] string SystemName; [Key, Propagated ("CIM_SharedSecretService.CreationClassName"), Description ( "The scoping Service's CCN."), MaxLen (256) ] string ServiceCreationClassName; [Key, Propagated ("CIM_SharedSecretService.Name"), Description ( "The scoping Service's Name."), MaxLen (256) ] string ServiceName; [Key, Description ( "The local Identity with whom the direct trust relationship " "exists."), MaxLen (256), ModelCorrespondence { "CIM_NamedSharedIKESecret.LocalIdentityType"} ] string LocalIdentity; [Key, Description ( "LocalIdentityType is used to describe the type of the " "LocalIdentity."), ValueMap {"1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11"}, Values {"IPV4_ADDR", "FQDN", "USER_FQDN", "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET", "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN", "DER_ASN1_GN", "KEY_ID"}, ModelCorrespondence { "CIM_NamedSharedIKESecret.LocalIdentity"} ] uint16 LocalIdentityType; [Key, Description ( "The peer identity with whom the direct trust relationship " "exists."), MaxLen (256), ModelCorrespondence { "CIM_NamedSharedIKESecret.PeerIdentityType"} ] string PeerIdentity; [Key, Description ( "PeerIdentityType is used to describe the type of the " "PeerIdentity."), ValueMap {"1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11"}, Values {"IPV4_ADDR", "FQDN", "USER_FQDN", "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET", "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN", "DER_ASN1_GN", "KEY_ID"}, ModelCorrespondence { "CIM_NamedSharedIKESecret.PeerIdentity"} ] uint16 PeerIdentityType; [Description ( "SharedSecretName is an indirect reference to a shared " "secret. The SecretService does not expose the actual " "secret but rather provides access to the secret via a " "name.") ] string SharedSecretName; }; // ================================================================== // IKESecretIsNamed // ================================================================== [Association, Version ("2.6.0"), Description ( "CIM_IKESecretIsNamed association provides the relationship " "between a SharedSecretService and a NamedSharedIKESecret.") ] class CIM_IKESecretIsNamed : CIM_ManagedCredential { [Override ("Antecedent"), Min (1), Max (1), Description ( "The SharedSecretService that manages a " "NamedSharedIKESecret.") ] CIM_SharedSecretService REF Antecedent; [Override ("Dependent"), Weak, Description ( "The managed NamedSharedIKESecret.") ] CIM_NamedSharedIKESecret REF Dependent; }; // =================================================================== // end of file // ===================================================================