1 marek 1.1 // Copyright (c) 2005 DMTF.  All rights reserved.
 2              [Version ( "2.8.0" ), 
 3               UMLPackagePath ( "CIM::User::PublicKey" ), 
 4               Description ( 
 5                  "A Certificate Authority (CA) is a credential management "
 6                  "service that issues and cryptographically signs certificates. "
 7                  "It acts as an trusted third-party intermediary in establishing "
 8                  "trust relationships. The CA authenticates the identity of the "
 9                  "holder of the \'private\' key, related to the certificate\'s "
10                  "\'public\' key." )]
11           class CIM_CertificateAuthority : CIM_CredentialManagementService {
12           
13                 [Description ( 
14                     "The CAPolicyStatement describes what care is taken by "
15                     "the CertificateAuthority when signing a new certificate. "
16                     "The CAPolicyStatment may be a dot-delimited ASN.1 OID "
17                     "string which identifies to the formal policy statement." )]
18              string CAPolicyStatement;
19           
20                 [Description ( 
21                     "A CRL, or CertificateRevocationList, is a list of "
22 marek 1.1           "certificates which the CertificateAuthority has revoked "
23                     "and which are not yet expired. Revocation is necessary "
24                     "when the private key associated with the public key of a "
25                     "certificate is lost or compromised, or when the person "
26                     "for whom the certificate is signed no longer is entitled "
27                     "to use the certificate." ), 
28                  OctetString]
29              string CRL[];
30           
31                 [Description ( 
32                     "Certificate revocation lists may be available from a "
33                     "number of distribution points. CRLDistributionPoint "
34                     "array values provide URIs for those distribution points." )]
35              string CRLDistributionPoint[];
36           
37                 [Description ( 
38                     "Certificates refer to their issuing CA by its "
39                     "Distinguished Name (as defined in X.501)." ), 
40                  Dn]
41              string CADistinguishedName;
42           
43 marek 1.1       [Description ( 
44                     "The frequency, expressed in hours, at which the CA will "
45                     "update its Certificate Revocation List. Zero implies "
46                     "that the refresh frequency is unknown." ), 
47                  Units ( "Hours" ), 
48                  PUnit ( "hour" )]
49              uint8 CRLRefreshFrequency;
50           
51                 [Description ( 
52                     "The maximum number of certificates in a certificate "
53                     "chain permitted for credentials issued by this "
54                     "certificate authority or it\'s subordinate CAs. \n"
55                     "The MaxChainLength of a superior CA in the trust "
56                     "hierarchy should be greater than this value and the "
57                     "MaxChainLength of a subordinate CA in the trust "
58                     "hierarchy should be less than this value." )]
59              uint8 MaxChainLength;
60           
61           
62           };