1 karl 1.1 // ===================================================================
2 // Title: User-Security MOF specification 2.5
3 // Filename: CIM_UserSec25.mof
4 // Version: 2.5
5 // Release: 0
6 // Date: 12/19/2000
7 // Description: These object classes define the user and security
8 // model for CIM and includes classes needed to represent
9 // users, groups and organizational entities as well as
10 // security services and authentication and authorization
11 // information.
12 // The object classes below are listed in an order that
13 // avoids forward references. Required objects, defined
14 // by other working groups, are omitted.
15 // ===================================================================
16 // Author: DMTF User and Security Working Group
17 // Date: 14 March 2000 - Version 2.3
18 //
19 // 09 Jun 2000 - ERRATA to Version 2.3 creating V2.4
20 // - CR493a, Correction of Antecedent/Dependent references
21 // References are reversed from the original 2.3 model
22 karl 1.1 // - CR497: Corrections to antecedent/dependent references
23 // 1. ElementAsUser should run between an ME and a
24 // UsersAccess. Both references are ME in the MOF.
25 // UsersAccess is the Dependent reference.
26 //
27 // 2. ManagesAccount should subclass from Dependency.
28 //
29 // 3. ServiceUsesSecurityService - antecedent and
30 // dependent are backwards. SecurityService should
31 // be the antecedent and Service the dependent.
32 //
33 // 4. SecurityServiceForSystem - should subclass from
34 // ProvidesServiceToElement.
35 //
36 // 5. UsersCredentials - The antecedent and dependent
37 // references are backwards. The UsersAccess is
38 // dependent on the Credentials - the credentials
39 // are the antecedent.
40 //
41 // 6. The change in UsersCredentials affects
42 // PublicPrivateKeyPair, since it inherits from
43 karl 1.1 // UsersCredentials.
44 //
45 // 7. CAHasPublicCertificate - The antecedent and
46 // dependent references are backwards. The CA USES
47 // the public certificate - therefore, it is dependent
48 // on the certificate.
49 //
50 // 8. AuthenticateForUse - The antecedent and
51 // dependent are backwards. The association "provides
52 // an AuthenticationService with the
53 // AuthenticationRequirement it needs to do its job".
54 // AuthenticationService is Dependent on the
55 // Requirement.
56 //
57 // 9. RequireCredentialsFrom - Antecedent and
58 // dependent are backwards. The requirement is for
59 // a specific credential mgmt service - the service
60 // has no dependencies at all on the requirement.
61 //
62 // 10. AuthenticationTarget - Clarification that the
63 // "target" is dependent on the requirement to protect
64 karl 1.1 // it.
65 //
66 // 11. AuthorizedUse - The antecedent and dependent
67 // are backwards since the description says that the
68 // association "provides an AuthorizationService
69 // with the AccessControlInformation it needs to do
70 // its job". AuthorizationService is Dependent on the
71 // ACI.
72 //
73 // 21 June 2000 - ERRATA to Version 2.3 creating Version 2.4
74 // - CR515: CIM Account keys. CIM_Account currently has two
75 // local keys, Name and UserID.
76 // The intent was to have CreationClassName and Name
77 // as keys where name could be set to a value equal to
78 // the UserID or to some other value, e.g., a DN from
79 // a directory.
80 //
81 // 10 Nov 2000 - Changes to Version 2.4 creating V2.5
82 // - CR544a, Adds classes and properties needed for Network
83 // IPsec submodel.
84 // Classes added are:
85 karl 1.1 // CredentialManagementSAP
86 // LocalCredentialManagementService
87 // PublicKeyManagementService
88 // UnsignedPublicKey
89 // NamedSharedIKESecret
90 // TrustHierarchy
91 // LocallyManagedPublicKey
92 // IKESecretIsNamed
93 // Properties added are:
94 // CertificateAuthority.CADistinguishedName
95 // CertificateAuthority.MaxChainLength
96 // CertificateAuthority.CRLRefreshFrequency
97 // - CR560, ERRATA renames KerberosTicket.Type to
98 // KerberosTicket.TicketType and changes it from an
99 // array to a scalar property
100 //
101 // ===================================================================
102
103 // ===================================================================
104 // === Pragmas ===
105 // ===================================================================
106 karl 1.1 #pragma Locale ("en_US")
107
108
109
110 // ==================================================================
111 // === Data class definitions ===
112 // ==================================================================
113
114
115 // ==================================================================
116 // Group
117 // ==================================================================
118 [Description (
119 "The Group class is used to collect ManagedElements into groups. "
120 "This class is defined so as to incorporate commonly-used LDAP "
121 "attributes to permit implementations to easily derive this "
122 "information from LDAP-accessible directories. This class's "
123 "properties are a subset of a related class, "
124 "OtherGroupInformation, which defines all the group properties "
125 "and in array form for directory compatibility." ) ]
126 class CIM_Group : CIM_Collection
127 karl 1.1 {
128 [Key, MaxLen (256), Description (
129 "CreationClassName indicates the name of the class or the "
130 "subclass used in the creation of an instance. When used "
131 "with the other key properties of this class, this property "
132 "allows all instances of this class and its subclasses to "
133 "be uniquely identified.")]
134 string CreationClassName;
135 [Key, MaxLen (1024), Description (
136 "The Name property defines the label by which the object is "
137 "known. In the case of an LDAP-derived instance, the Name "
138 "property value may be set to the distinguishedName of the "
139 "LDAP-accessed object instance.")]
140 string Name;
141 [MaxLen (128), Description (
142 "The BusinessCategory property may be used to describe the "
143 "kind of business activity performed by the members of the "
144 "group.")]
145 string BusinessCategory;
146 [Required, Description (
147 "A Common Name is a (possibly ambiguous) name by which the "
148 karl 1.1 "group is commonly known in some limited scope (such as an "
149 "organization) and conforms to the naming conventions of the "
150 "country or culture with which it is associated.")]
151 string CommonName;
152 };
153
154 // ==================================================================
155 // OtherGroupInformation
156 // ==================================================================
157 [Description (
158 "The OtherGroupInformation class provides additional information "
159 "about an associated Group instance. This class is defined so as "
160 "to incorporate commonly-used LDAP attributes to permit "
161 "implementations to easily derive this information from "
162 "LDAP-accessible directories.") ]
163 class CIM_OtherGroupInformation : CIM_ManagedElement
164 {
165 [Key, MaxLen (256), Description (
166 "CreationClassName indicates the name of the class or the "
167 "subclass used in the creation of an instance. When used "
168 "with the other key properties of this class, this property "
169 karl 1.1 "allows all instances of this class and its subclasses to "
170 "be uniquely identified.")]
171 string CreationClassName;
172 [Key, MaxLen (1024), Description (
173 "The Name property defines the label by which the object is "
174 "known. In the case of an LDAP-derived instance, the Name "
175 "property value may be set to the distinguishedName of the "
176 "LDAP-accessed object instance.")]
177 string Name;
178 [Description (
179 "In the case of an LDAP-derived instance, the ObjectClass "
180 "property value(s) may be set to the objectClass attribute "
181 "values.")]
182 string ObjectClass[];
183 [MaxLen (128), Description (
184 "The BusinessCategory property may be used to describe the "
185 "kind of business activity performed by the members of the "
186 "group.")]
187 string BusinessCategory[];
188 [Description (
189 "A Common Name is a (possibly ambiguous) name by which the "
190 karl 1.1 "group is commonly known in some limited scope (such as an "
191 "organization) and conforms to the naming conventions of the "
192 "country or culture with which it is associated.")]
193 string CommonName[];
194 [MaxLen (1024), Description (
195 "The Descriptions property values may contain human-readable "
196 "descriptions of the object. In the case of an LDAP-derived "
197 "instance, the description attribute may have multiple values "
198 "that, therefore, cannot be placed in the inherited "
199 "Description property.")]
200 string Descriptions[];
201 [Description (
202 "The name of an organization related to the group.")]
203 string OrganizationName[];
204 [Description (
205 "The name of an organizational unit related to the group.")]
206 string OU[];
207 [Description (
208 "The Owner property specifies the name of some object that "
209 "has some responsibility for the group. In the case of an "
210 "LDAP-derived instance, a property value for Owner may be a "
211 karl 1.1 "distinguishedName of owning persons, groups, roles, etc.")]
212 string Owner[];
213 [Description (
214 "In the case of an LDAP-derived instance, the See Also "
215 "property specifies distinguishedName of other Directory "
216 "objects which may be other aspects (in some sense) of the "
217 "same real world object.")]
218 string SeeAlso[];
219 };
220
221 // ==================================================================
222 // Role
223 // ==================================================================
224 [Description (
225 "The Role object class is used to represent a position or set of "
226 "responsibilities within an organization, organizational unit or "
227 "system administration scope and is filled by a person or persons "
228 "(or non-human entities represented by ManagedSystemElement "
229 "subclasses) that may be explicitly or implicitly members of this "
230 "collection subclass. The class is defined so as to incorporate "
231 "commonly-used LDAP attributes to permit implementations to "
232 karl 1.1 "easily derive this information from LDAP-accessible directories. "
233 "The members of a role are frequently called role occupants. "
234 "This class's properties are a subset of a related class, "
235 "OtherRoleInformation, which defines all the group properties "
236 "and in array form for directory compatibility. ")]
237 class CIM_Role : CIM_Collection
238 {
239 [Key, MaxLen (256), Description (
240 "CreationClassName indicates the name of the class or the "
241 "subclass used in the creation of an instance. When used "
242 "with the other key properties of this class, this property "
243 "allows all instances of this class and its subclasses to "
244 "be uniquely identified.")]
245 string CreationClassName;
246 [Key, MaxLen (1024),Description (
247 "The Name property defines the label by which the object is "
248 "known. In the case of an LDAP-derived instance, the Name "
249 "property value may be set to the distinguishedName of the "
250 "LDAP-accessed object instance.")]
251 string Name;
252 [MaxLen (128), Description (
253 karl 1.1 "This property may be used to describe the kind of business "
254 "activity performed by the members (role occupants) in the "
255 "position or set of responsibilities represented by the Role. "
256 )]
257 string BusinessCategory;
258 [Required, Description (
259 "A Common Name is a (possibly ambiguous) name by which the "
260 "role is commonly known in some limited scope (such as an "
261 "organization) and conforms to the naming conventions of the "
262 "country or culture with which it is associated.")]
263 string CommonName;
264 };
265
266 // ==================================================================
267 // OtherRoleInformation
268 // ==================================================================
269 [Description (
270 "The OtherRoleInformation class is used to provide additional "
271 "information about an associated Role instance. This class is "
272 "defined so as to incorporate commonly-used LDAP attributes to "
273 "permit implementations to easily derive this information from "
274 karl 1.1 "LDAP-accessible directories.") ]
275 class CIM_OtherRoleInformation : CIM_ManagedElement
276 {
277 [Key, MaxLen (256), Description (
278 "CreationClassName indicates the name of the class or the "
279 "subclass used in the creation of an instance. When used "
280 "with the other key properties of this class, this property "
281 "allows all instances of this class and its subclasses to "
282 "be uniquely identified.")]
283 string CreationClassName;
284 [Key, MaxLen (1024),Description (
285 "The Name property defines the label by which the object is "
286 "known. In the case of an LDAP-derived instance, the Name "
287 "property value may be set to the distinguishedName of the "
288 "LDAP-accessed object instance.")]
289 string Name;
290 [Description (
291 "In the case of an LDAP-derived instance, the ObjectClass "
292 "property value(s) may be set to the objectClass attribute "
293 "values.")]
294 string ObjectClass[];
295 karl 1.1 [MaxLen (128), Description (
296 "This property may be used to describe the kind of business "
297 "activity performed by the members (role occupants) in the "
298 "position or set of responsibilities represented by the Role. "
299 )]
300 string BusinessCategory[];
301 [Description (
302 "A Common Name is a (possibly ambiguous) name by which the "
303 "role is commonly known in some limited scope (such as an "
304 "organization) and conforms to the naming conventions of the "
305 "country or culture with which it is associated.")]
306 string CommonName[];
307 [MaxLen (1024), Description (
308 "The Descriptions property values may contain human-readable "
309 "descriptions of the object. In the case of an LDAP-derived "
310 "instance, the description attribute may have multiple values "
311 "that, therefore, cannot be placed in the inherited "
312 "Description property.")]
313 string Descriptions[];
314 [MaxLen (128), Description (
315 "This property is used for the role occupants' telegram "
316 karl 1.1 "service.")]
317 string DestinationIndicator[];
318 [Description (
319 "The role occupants' facsimile telephone number.")]
320 string FacsimileTelephoneNumber[];
321 [MaxLen (16), Description (
322 "The role occupants' International ISDN number.")]
323 string InternationaliSDNNumber[];
324 [Description (
325 "The name of an organizational unit related to the role.")]
326 string OU[];
327 [MaxLen (128), Description (
328 "The Physical Delivery Office Name property specifies the name "
329 "of the city, village, etc. where a physical delivery office "
330 "is situated.")]
331 string PhysicalDeliveryOfficeName[];
332 [Description (
333 "The Postal Address property values specify the address "
334 "information required for the physical delivery of postal "
335 "messages by the postal authority to the role occupants.")]
336 string PostalAddress[];
337 karl 1.1 [MaxLen (40), Description (
338 "The Postal Code property specifies the postal code for the "
339 "role occupants. If this value is present it will be part of "
340 "the object's postal address.")]
341 string PostalCode[];
342 [MaxLen (40), Description (
343 "The Post Office Box property specifies the Post Office Box "
344 "by which the role occupants will receive physical postal "
345 "delivery. If present, the property value is part of the "
346 "object's postal address.")]
347 string PostOfficeBox[];
348 [Description (
349 "The Preferred Delivery Method property specifies the "
350 "role occupants' preferred method to be used for contacting "
351 "them in their role.")]
352 string PreferredDeliveryMethod;
353 [Description (
354 "This property specifies a postal address suitable for receipt "
355 "of telegrams or expedited documents, where it is necessary to "
356 "have the recipient accept delivery.")]
357 string RegisteredAddress[];
358 karl 1.1 [Description (
359 "In the case of an LDAP-derived instance, the See Also "
360 "property specifies distinguishedName of other Directory "
361 "objects which may be other aspects (in some sense) of the "
362 "same real world object.")]
363 string SeeAlso[];
364 [Description (
365 "The State or Province Name property specifies a state or "
366 "province." )]
367 string StateOrProvince[];
368 [MaxLen (128), Description (
369 "The Street Address property specifies a site for the local "
370 "distribution and physical delivery in a postal address, i.e. "
371 "the street name, place, avenue, and the number." )]
372 string Street[];
373 [MaxLen (32), Description (
374 "The Telephone Number property specifies a telephone number of "
375 "the role occupants, e.g. + 44 582 10101)." )]
376 string TelephoneNumber[];
377 [Description (
378 "The Teletex Terminal Identifier property specifies the "
379 karl 1.1 "Teletex terminal identifier (and, optionally, parameters) for "
380 "a teletex terminal associated with the role occupants." )]
381 string TeletexTerminalIdentifier[];
382 [Description (
383 "The Telex Number property specifies the telex number, country "
384 "code, and answerback code of a telex terminal for the "
385 "role occupants." )]
386 string TelexNumber[];
387 [MaxLen (15), Description (
388 "An X.121 address for the role occupants.")]
389 string X121Address[];
390 };
391
392 // ==================================================================
393 // OrganizationalEntity
394 // ==================================================================
395 [Abstract, Description (
396 "OrganizationalEntity is an abstract class from which classes "
397 "that fit into an organizational structure are derived.") ]
398 class CIM_OrganizationalEntity : CIM_ManagedElement
399 {
400 karl 1.1 };
401
402 // ==================================================================
403 // Organization
404 // ==================================================================
405 [Description (
406 "The Organization class is used to represent an organization such "
407 "as a corporation or other autonomous entity. The class is "
408 "defined so as to incorporate commonly-used LDAP attributes to "
409 "permit implementations to easily derive this information from "
410 "LDAP-accessible directories. This class's properties are a "
411 "subset of a related class, OtherOrganizationInformation, which "
412 "defines all the group properties and in array form for "
413 "directory compatibility.") ]
414 class CIM_Organization : CIM_OrganizationalEntity
415 {
416 [Key, MaxLen (256), Description (
417 "CreationClassName indicates the name of the class or the "
418 "subclass used in the creation of an instance. When used "
419 "with the other key properties of this class, this property "
420 "allows all instances of this class and its subclasses to "
421 karl 1.1 "be uniquely identified.")]
422 string CreationClassName;
423 [Key, MaxLen (1024),Description (
424 "The Name property defines the label by which the object is "
425 "known. In the case of an LDAP-derived instance, the Name "
426 "property value may be set to the distinguishedName of the "
427 "LDAP-accessed object instance.")]
428 string Name;
429 [MaxLen (128), Description (
430 "This property describes the kind of business performed by an "
431 "organization.")]
432 string BusinessCategory;
433 [Description (
434 "The organization's facsimile telephone number.")]
435 string FacsimileTelephoneNumber;
436 [Description (
437 "This property contains the name of a locality, such as a "
438 "city, county or other geographic region.")]
439 string LocalityName;
440 [Description (
441 "Based on RFC1274, the mail box addresses for the organization "
442 karl 1.1 "as defined in RFC822.")]
443 string Mail;
444 [Required, Description (
445 "The name of the organization.")]
446 string OrganizationName;
447 [Description (
448 "The Postal Address property values specify the address "
449 "information required for the physical delivery of postal "
450 "messages by the postal authority to the organization.")]
451 string PostalAddress[];
452 [MaxLen (40), Description (
453 "The Postal Code property specifies the postal code of the "
454 "organization. If this value is present it will be part of "
455 "the object's postal address.")]
456 string PostalCode;
457 [Description (
458 "The State or Province Name property specifies a state or "
459 "province." )]
460 string StateOrProvince;
461 [MaxLen (32), Description (
462 "The Telephone Number property specifies a telephone number of "
463 karl 1.1 "the organization, e.g. + 44 582 10101)." )]
464 string TelephoneNumber;
465 };
466
467 // ==================================================================
468 // OtherOrganizationInformation
469 // ==================================================================
470 [Description (
471 "The OtherOrganizationInformation class is used to provide "
472 "additional information about an associated Organization instance. "
473 "This class is defined so as to incorporate commonly-used LDAP "
474 "attributes to permit implementations to easily derive this "
475 "information from LDAP-accessible directories.") ]
476 class CIM_OtherOrganizationInformation : CIM_ManagedElement
477 {
478 [Key, MaxLen (256), Description (
479 "CreationClassName indicates the name of the class or the "
480 "subclass used in the creation of an instance. When used "
481 "with the other key properties of this class, this property "
482 "allows all instances of this class and its subclasses to "
483 "be uniquely identified.")]
484 karl 1.1 string CreationClassName;
485 [Key, MaxLen (1024),Description (
486 "The Name property defines the label by which the object is "
487 "known. In the case of an LDAP-derived instance, the Name "
488 "property value may be set to the distinguishedName of the "
489 "LDAP-accessed object instance.")]
490 string Name;
491 [Description (
492 "In the case of an LDAP-derived instance, the ObjectClass "
493 "property value(s) may be set to the objectClass attribute "
494 "values.")]
495 string ObjectClass[];
496 [MaxLen (128), Description (
497 "This property describes the kind of business performed by an "
498 "organization.")]
499 string BusinessCategory[];
500 [MaxLen (1024), Description (
501 "The Descriptions property values may contain human-readable "
502 "descriptions of the object. In the case of an LDAP-derived "
503 "instance, the description attribute may have multiple values "
504 "that, therefore, cannot be placed in the inherited "
505 karl 1.1 "Description property.")]
506 string Descriptions[];
507 [MaxLen (128), Description (
508 "This property is used for the organization's telegram "
509 "service.")]
510 string DestinationIndicator[];
511 [Description (
512 "The organization's facsimile telephone number.")]
513 string FacsimileTelephoneNumber[];
514 [MaxLen (16), Description (
515 "The organization's International ISDN number.")]
516 string InternationaliSDNNumber[];
517 [Description (
518 "Uniform Resource Identifier with optional label as defined in "
519 "RFC2079.")]
520 string LabeledURI[];
521 [Description (
522 "This property contains the name of a locality, such as a "
523 "city, county or other geographic region.")]
524 string LocalityName[];
525 [Description (
526 karl 1.1 "Based on RFC1274, the mail box addresses for the organization "
527 "as defined in RFC822.")]
528 string Mail[];
529 [Description (
530 "The manager for the organization. In the case of an "
531 "LDAP-derived instance, the Manager property value may contain "
532 "the distinguishedName of the Manager.")]
533 string Manager[];
534 [Description (
535 "The name of the organization.")]
536 string OrganizationName[];
537 [Description (
538 "Based on RFC1274, this property may be used for electronic "
539 "mail box addresses other than RFC822 and X.400.")]
540 string OtherMailbox[];
541 [MaxLen (128), Description (
542 "The Physical Delivery Office Name property specifies the name "
543 "of the city, village, etc. where a physical delivery office "
544 "is situated.")]
545 string PhysicalDeliveryOfficeName[];
546 [Description (
547 karl 1.1 "The Postal Address property values specify the address "
548 "information required for the physical delivery of postal "
549 "messages by the postal authority to the organization.")]
550 string PostalAddress[];
551 [MaxLen (40), Description (
552 "The Postal Code property specifies the postal code of the "
553 "organization. If this value is present it will be part of "
554 "the object's postal address.")]
555 string PostalCode[];
556 [MaxLen (40), Description (
557 "The Post Office Box property specifies the Post Office Box "
558 "by which the organization will receive physical postal "
559 "delivery. If present, the property value is part of the "
560 "object's postal address.")]
561 string PostOfficeBox[];
562 [Description (
563 "The Preferred Delivery Method property specifies the "
564 "organization's preferred method to be used for communicating "
565 "with it.")]
566 string PreferredDeliveryMethod;
567 [Description (
568 karl 1.1 "This property specifies a postal address suitable for receipt "
569 "of telegrams or expedited documents, where it is necessary to "
570 "have the recipient accept delivery.")]
571 string RegisteredAddress[];
572 [Description (
573 "This property value is for use by X.500 clients in "
574 "constructing search filters.")]
575 string SearchGuide[];
576 [Description (
577 "In the case of an LDAP-derived instance, the See Also "
578 "property specifies distinguishedName of other Directory "
579 "objects which may be other aspects (in some sense) of the "
580 "same real world object.")]
581 string SeeAlso[];
582 [Description (
583 "The State or Province Name property specifies a state or "
584 "province." )]
585 string StateOrProvince[];
586 [MaxLen (128), Description (
587 "The Street Address property specifies a site for the local "
588 "distribution and physical delivery in a postal address, i.e. "
589 karl 1.1 "the street name, place, avenue, and the number." )]
590 string Street[];
591 [MaxLen (32), Description (
592 "The Telephone Number property specifies a telephone number of "
593 "the organization, e.g. + 44 582 10101)." )]
594 string TelephoneNumber[];
595 [Description (
596 "The Teletex Terminal Identifier property specifies the "
597 "Teletex terminal identifier (and, optionally, parameters) for "
598 "a teletex terminal associated with the organization." )]
599 string TeletexTerminalIdentifier[];
600 [Description (
601 "The Telex Number property specifies the telex number, country "
602 "code, and answerback code of a telex terminal for the "
603 "organization." )]
604 string TelexNumber[];
605 [Octetstring, Description (
606 "An image of the organization logo")]
607 string ThumbnailLogo[];
608 [Description (
609 "A unique identifier that may be assigned in an environment to "
610 karl 1.1 "differentiate between uses of a given named organization "
611 "instance.")]
612 string UniqueIdentifier[];
613 [Octetstring, Description (
614 "In the case of an LDAP-derived instance, the UserPassword "
615 "property may contain an encrypted password used to access "
616 "the organization's resources in a directory." )]
617 string UserPassword[];
618 [MaxLen (15), Description (
619 "An X.121 address for the organization.")]
620 string X121Address[];
621 };
622
623 // ==================================================================
624 // OrgUnit
625 // ==================================================================
626 [Description (
627 "The OrgUnit class is used to represent a sub-unit of an "
628 "organization such a division or department. The class is "
629 "defined so as to incorporate commonly-used LDAP attributes to "
630 "permit implementations to easily derive this information from "
631 karl 1.1 "LDAP-accessible directories. This class's properties are a "
632 "subset of a related class, OtherOrgUnitInformation, which "
633 "defines all the group properties and in array form for "
634 "directory compatibility. ") ]
635 class CIM_OrgUnit : CIM_OrganizationalEntity
636 {
637 [Key, MaxLen (256), Description (
638 "CreationClassName indicates the name of the class or the "
639 "subclass used in the creation of an instance. When used "
640 "with the other key properties of this class, this property "
641 "allows all instances of this class and its subclasses to "
642 "be uniquely identified.")]
643 string CreationClassName;
644 [Key, MaxLen (1024),Description (
645 "The Name property defines the label by which the object is "
646 "known. In the case of an LDAP-derived instance, the Name "
647 "property value may be set to the distinguishedName of the "
648 "LDAP-accessed object instance.")]
649 string Name;
650 [MaxLen (128), Description (
651 "This property describes the kind of business performed by an "
652 karl 1.1 "organizational unit.")]
653 string BusinessCategory;
654 [Description (
655 "The organizational unit's facsimile telephone number.")]
656 string FacsimileTelephoneNumber;
657 [Description (
658 "This property contains the name of a locality, such as a "
659 "city, county or other geographic region.")]
660 string LocalityName;
661 [Required, Description (
662 "The name of the organizational unit.")]
663 string OU;
664 [Description (
665 "The Postal Address property values specify the address "
666 "information required for the physical delivery of postal "
667 "messages by the postal authority to the organizational unit."
668 )]
669 string PostalAddress[];
670 [MaxLen (40), Description (
671 "The Postal Code property specifies the postal code of the "
672 "organizational unit. If this value is present it will be "
673 karl 1.1 "part of the object's postal address.")]
674 string PostalCode;
675 [Description (
676 "The State or Province Name property specifies a state or "
677 "province." )]
678 string StateOrProvince;
679 [MaxLen (32), Description (
680 "The Telephone Number property specifies a telephone number of "
681 "the organizational unit, e.g. + 44 582 10101)." )]
682 string TelephoneNumber;
683 };
684
685 // ==================================================================
686 // OtherOrgUnitInformation
687 // ==================================================================
688 [Description (
689 "The OtherOrgUnitInformation class is used to provide "
690 "additional information about an associated OrgUnit instance. "
691 "This class is defined so as to incorporate commonly-used LDAP "
692 "attributes to permit implementations to easily derive this "
693 "information from LDAP-accessible directories.") ]
694 karl 1.1 class CIM_OtherOrgUnitInformation : CIM_ManagedElement
695 {
696 [Key, MaxLen (256), Description (
697 "CreationClassName indicates the name of the class or the "
698 "subclass used in the creation of an instance. When used "
699 "with the other key properties of this class, this property "
700 "allows all instances of this class and its subclasses to "
701 "be uniquely identified.")]
702 string CreationClassName;
703 [Key, MaxLen (1024),Description (
704 "The Name property defines the label by which the object is "
705 "known. In the case of an LDAP-derived instance, the Name "
706 "property value may be set to the distinguishedName of the "
707 "LDAP-accessed object instance.")]
708 string Name;
709 [Description (
710 "In the case of an LDAP-derived instance, the ObjectClass "
711 "property value(s) may be set to the objectClass attribute "
712 "values.")]
713 string ObjectClass[];
714 [MaxLen (128), Description (
715 karl 1.1 "This property describes the kind of business performed by an "
716 "organizational unit.")]
717 string BusinessCategory[];
718 [MaxLen (1024), Description (
719 "The Descriptions property values may contain human-readable "
720 "descriptions of the object. In the case of an LDAP-derived "
721 "instance, the description attribute may have multiple values "
722 "that, therefore, cannot be placed in the inherited "
723 "Description property.")]
724 string Descriptions[];
725 [MaxLen (128), Description (
726 "This property is used for the organizational unit's telegram "
727 "service.")]
728 string DestinationIndicator[];
729 [Description (
730 "The organizational unit's facsimile telephone number.")]
731 string FacsimileTelephoneNumber[];
732 [MaxLen (16), Description (
733 "The organizational unit's International ISDN number.")]
734 string InternationaliSDNNumber[];
735 [Description (
736 karl 1.1 "This property contains the name of a locality, such as a "
737 "city, county or other geographic region.")]
738 string LocalityName[];
739 [Description (
740 "The name of the organizational unit.")]
741 string OU[];
742 [MaxLen (128), Description (
743 "The Physical Delivery Office Name property specifies the name "
744 "of the city, village, etc. where a physical delivery office "
745 "is situated.")]
746 string PhysicalDeliveryOfficeName[];
747 [Description (
748 "The Postal Address property values specify the address "
749 "information required for the physical delivery of postal "
750 "messages by the postal authority to the organizational unit."
751 )]
752 string PostalAddress[];
753 [MaxLen (40), Description (
754 "The Postal Code property specifies the postal code of the "
755 "organizational unit. If this value is present it will be "
756 "part of the object's postal address.")]
757 karl 1.1 string PostalCode[];
758 [MaxLen (40), Description (
759 "The Post Office Box property specifies the Post Office Box "
760 "by which the organizational unit will receive physical "
761 "postal delivery. If present, the property value is part of "
762 "the object's postal address.")]
763 string PostOfficeBox[];
764 [Description (
765 "The Preferred Delivery Method property specifies the "
766 "organizational unit's preferred method to be used for "
767 "communicating with it.")]
768 string PreferredDeliveryMethod;
769 [Description (
770 "This property value is for use by X.500 clients in "
771 "constructing search filters.")]
772 string SearchGuide[];
773 [Description (
774 "In the case of an LDAP-derived instance, the See Also "
775 "property specifies distinguishedName of other Directory "
776 "objects which may be other aspects (in some sense) of the "
777 "same real world object.")]
778 karl 1.1 string SeeAlso[];
779 [Description (
780 "The State or Province Name property specifies a state or "
781 "province." )]
782 string StateOrProvince[];
783 [MaxLen (128), Description (
784 "The Street Address property specifies a site for the local "
785 "distribution and physical delivery in a postal address, i.e. "
786 "the street name, place, avenue, and the number." )]
787 string Street[];
788 [MaxLen (32), Description (
789 "The Telephone Number property specifies a telephone number of "
790 "the organizational unit, e.g. + 44 582 10101)." )]
791 string TelephoneNumber[];
792 [Description (
793 "The Teletex Terminal Identifier property specifies the "
794 "Teletex terminal identifier (and, optionally, parameters) for "
795 "a teletex terminal associated with the organizational unit."
796 )]
797 string TeletexTerminalIdentifier[];
798 [Description (
799 karl 1.1 "The Telex Number property specifies the telex number, country "
800 "code, and answerback code of a telex terminal for the "
801 "organization." )]
802 string TelexNumber[];
803 [Octetstring, Description (
804 "In the case of an LDAP-derived instance, the UserPassword "
805 "property may contain an encrypted password used to access "
806 "the organizational unit's resources in a directory." )]
807 string UserPassword[];
808 [MaxLen (15), Description (
809 "An X.121 address for the organization.")]
810 string X121Address[];
811 };
812
813 // ==================================================================
814 // UserEntity
815 // ==================================================================
816 [Abstract, Description (
817 "UserEntity is an abstract class that represents users.") ]
818 class CIM_UserEntity : CIM_OrganizationalEntity
819 {
820 karl 1.1 };
821
822 // ==================================================================
823 // Person
824 // ==================================================================
825 [Description (
826 "The Person object class is used to represent people. The class "
827 "is defined so as to incorporate commonly-used LDAP attributes to "
828 "permit implementations to easily derive this information from "
829 "LDAP-accessible directories. This class's properties are a "
830 "subset of a related class, OtherPersonInformation, which "
831 "defines all the group properties and in array form for "
832 "directory compatibility. ") ]
833 class CIM_Person : CIM_UserEntity
834 {
835 [Key, MaxLen (256), Description (
836 "CreationClassName indicates the name of the class or the "
837 "subclass used in the creation of an instance. When used "
838 "with the other key properties of this class, this property "
839 "allows all instances of this class and its subclasses to "
840 "be uniquely identified.")]
841 karl 1.1 string CreationClassName;
842 [Key, MaxLen (1024),Description (
843 "The Name property defines the label by which the object is "
844 "known. In the case of an LDAP-derived instance, the Name "
845 "property value may be set to the distinguishedName of the "
846 "LDAP-accessed object instance.")]
847 string Name;
848 [MaxLen (128), Description (
849 "This property describes the kind of business performed by an "
850 "organization.")]
851 string BusinessCategory;
852 [Required, Description (
853 "A Common Name is a (possibly ambiguous) name by which the "
854 "role is commonly known in some limited scope (such as an "
855 "organization) and conforms to the naming conventions of the "
856 "country or culture with which it is associated.")]
857 string CommonName;
858 [Description (
859 "Based on inetPrgPerson, the Employee Number property "
860 "specifies a numeric or an alphanumeric identifier assigned to "
861 "a person.")]
862 karl 1.1 string EmployeeNumber;
863 [Description (
864 "Based on inetOrgPerson, the Employee Type property is used to "
865 "identify the employer to employee relationship. Typical "
866 "values used may include 'Contractor', 'Employee', 'Intern', "
867 "'Temp', 'External', and 'Unknown' but any value may be used."
868 )]
869 string EmployeeType;
870 [Description (
871 "The person's facsimile telephone number.")]
872 string FacsimileTelephoneNumber;
873 [MaxLen (32), Description (
874 "Based on RFC1274, the Home Phone property specifies a home "
875 "telephone number for the person, e.g. + 44 582 10101)." )]
876 string HomePhone;
877 [Description (
878 "The Home Postal Address property values specify the home "
879 "address information required for the physical delivery of "
880 "postal messages by the postal authority.")]
881 string HomePostalAddress[];
882 [Description (
883 karl 1.1 "From inetOrgPerson, the JPEG Phto property values may be used "
884 "for one or more images of a person using the JPEG File "
885 "Interchange Format.")]
886 string JPEGPhoto;
887 [Description (
888 "This property contains the name of a locality, such as a "
889 "city, county or other geographic region.")]
890 string LocalityName;
891 [Description (
892 "Based on RFC1274, the mail box addresses for the person "
893 "as defined in RFC822.")]
894 string Mail;
895 [Description (
896 "The person's manager within the organization. In the case of "
897 "an LDAP-derived instance, the Manager property value may "
898 "contain the distinguishedName of the Manager.")]
899 string Manager;
900 [MaxLen (32), Description (
901 "Based on RFC1274, the Mobile Phone property specifies a "
902 "mobile telephone number for the person, e.g. + 44 582 10101)."
903 )]
904 karl 1.1 string Mobile;
905 [Description (
906 "The name of an organizational unit related to the person.")]
907 string OU;
908 [MaxLen (32), Description (
909 "Based on RFC1274, the Pager property specifies a pager "
910 "telephone number for the person, e.g. + 44 582 10101).")]
911 string Pager;
912 [Description (
913 "The Postal Address property values specify the address "
914 "information required for the physical delivery of postal "
915 "messages by the postal authority to the person.")]
916 string PostalAddress[];
917 [MaxLen (40), Description (
918 "The Postal Code property specifies the postal code of the "
919 "organization. If this value is present it will be part of "
920 "the object's postal address.")]
921 string PostalCode;
922 [Description (
923 "Based on inetOrgPerson, the person's preferred written or "
924 "spoken language.")]
925 karl 1.1 string PreferredLanguage;
926 [Description (
927 "Based on RFC1274, the Secretary property may be used to "
928 "specify a secretary for the person. In the case of an "
929 "LDAP-derived object instance, the value may be a "
930 "distinguishedName.")]
931 string Secretary;
932 [Description (
933 "The State or Province Name property specifies a state or "
934 "province." )]
935 string StateOrProvince;
936 [Required, Description (
937 "The Surname property specifies the linguistic construct that "
938 "normally is inherited by an individual from the individual's "
939 "parent or assumed by marriage, and by which the individual is "
940 "commonly known.")]
941 string Surname;
942 [MaxLen (32), Description (
943 "The Telephone Number property specifies a telephone number of "
944 "the organization, e.g. + 44 582 10101)." )]
945 string TelephoneNumber;
946 karl 1.1 [Description (
947 "The Title property may be used to specify the person's "
948 "designated position or function of the object within an "
949 "organization, e.g., Manager, Vice-President, etc.")]
950 string Title;
951 };
952
953 // ==================================================================
954 // OtherPersonInformation
955 // ==================================================================
956 [Description (
957 "The OtherPersonInformation class is used to provide "
958 "additional information about an associated Person instance. "
959 "This class is defined so as to incorporate commonly-used LDAP "
960 "attributes to permit implementations to easily derive this "
961 "information from LDAP-accessible directories.") ]
962 class CIM_OtherPersonInformation : CIM_UserEntity
963 {
964 [Key, MaxLen (256), Description (
965 "CreationClassName indicates the name of the class or the "
966 "subclass used in the creation of an instance. When used "
967 karl 1.1 "with the other key properties of this class, this property "
968 "allows all instances of this class and its subclasses to "
969 "be uniquely identified.")]
970 string CreationClassName;
971 [Key, MaxLen (1024),Description (
972 "The Name property defines the label by which the object is "
973 "known. In the case of an LDAP-derived instance, the Name "
974 "property value may be set to the distinguishedName of the "
975 "LDAP-accessed object instance.")]
976 string Name;
977 [Description (
978 "In the case of an LDAP-derived instance, the ObjectClass "
979 "property value(s) may be set to the objectClass attribute "
980 "values.")]
981 string ObjectClass[];
982 [Octetstring, Description (
983 "The Audio property may be used to store an audio clip of the "
984 "person.")]
985 string Audio[];
986 [MaxLen (128), Description (
987 "This property describes the kind of business performed by an "
988 karl 1.1 "organization.")]
989 string BusinessCategory[];
990 [MaxLen (128), Description (
991 "The Car License property is used to record the values of the "
992 "vehicle license or registration plate associated with an "
993 "individual.")]
994 string CarLicense[];
995 [Description (
996 "A Common Name is a (possibly ambiguous) name by which the "
997 "role is commonly known in some limited scope (such as an "
998 "organization) and conforms to the naming conventions of the "
999 "country or culture with which it is associated.")]
1000 string CommonName[];
1001 [Description (
1002 "The Country Name property specifies a country as defined in "
1003 "ISO 3166.")]
1004 string CountryName[];
1005 [Description (
1006 "Based on inetOrgPerson, the Department Number is a code for "
1007 "department to which a person belongs. This can be strictly "
1008 "numeric (e.g., 1234) or alphanumeric (e.g., ABC/123).")]
1009 karl 1.1 string DepartmentNumber[];
1010 [MaxLen (1024), Description (
1011 "The Descriptions property values may contain human-readable "
1012 "descriptions of the object. In the case of an LDAP-derived "
1013 "instance, the description attribute may have multiple values "
1014 "that, therefore, cannot be placed in the inherited "
1015 "Description property.")]
1016 string Descriptions[];
1017 [MaxLen (128), Description (
1018 "This property is used for the organization's telegram "
1019 "service.")]
1020 string DestinationIndicator[];
1021 [Description (
1022 "Based on inetOrgPerson, the Display Name property values are "
1023 "used when displaying an entry.")]
1024 string DisplayName[];
1025 [Description (
1026 "Based on inetPrgPerson, the Employee Number property "
1027 "specifies a numeric or an alphanumeric identifier assigned to "
1028 "a person.")]
1029 string EmployeeNumber;
1030 karl 1.1 [Description (
1031 "Based on inetOrgPerson, the Employee Type property is used to "
1032 "identify the employer to employee relationship. Typical "
1033 "values used may include 'Contractor', 'Employee', 'Intern', "
1034 "'Temp', 'External', and 'Unknown' but any value may be used."
1035 )]
1036 string EmployeeType[];
1037 [Description (
1038 "The person's facsimile telephone number.")]
1039 string FacsimileTelephoneNumber[];
1040 [Description (
1041 "Based on liPerson, the GenerationQualifier property specifies "
1042 "a name qualifier that represents the person's generation "
1043 "(e.g., JR., III, etc.).")]
1044 string GenerationQualifier[];
1045 [Description (
1046 "The Given Name property is used for the part of a person's "
1047 "name that is not their surname nor their middle name.")]
1048 string GivenName[];
1049 [Description (
1050 "Based on liPerson, the Home Fax property specifies the "
1051 karl 1.1 "person's facsimile telephone number at home.")]
1052 string HomeFax[];
1053 [MaxLen (32), Description (
1054 "Based on RFC1274, the Home Phone property specifies a home "
1055 "telephone number for the person, e.g. + 44 582 10101)." )]
1056 string HomePhone[];
1057 [Description (
1058 "The Home Postal Address property values specify the home "
1059 "address information required for the physical delivery of "
1060 "postal messages by the postal authority.")]
1061 string HomePostalAddress[];
1062 [Description (
1063 "Based on inetOrgPerson, the Initials property specifies the "
1064 "first letters of the person's name, typically the property "
1065 "values will exclude the first letter of the surname.")]
1066 string Initials[];
1067 [MaxLen (16), Description (
1068 "The person's International ISDN number.")]
1069 string InternationaliSDNNumber[];
1070 [Description (
1071 "From inetOrgPerson, the JPEG Phto property values may be used "
1072 karl 1.1 "for one or more images of a person using the JPEG File "
1073 "Interchange Format.")]
1074 string JPEGPhoto[];
1075 [Description (
1076 "Uniform Resource Identifier with optional label as defined in "
1077 "RFC2079.")]
1078 string LabeledURI[];
1079 [Description (
1080 "This property contains the name of a locality, such as a "
1081 "city, county or other geographic region.")]
1082 string LocalityName[];
1083 [Description (
1084 "Based on RFC1274, the mail box addresses for the person "
1085 "as defined in RFC822.")]
1086 string Mail[];
1087 [Description (
1088 "The person's manager within the organization. In the case of "
1089 "an LDAP-derived instance, the Manager property value may "
1090 "contain the distinguishedName of the Manager.")]
1091 string Manager[];
1092 [Description (
1093 karl 1.1 "Based on liPerson, the middle name of the person.")]
1094 string MiddleName[];
1095 [MaxLen (32), Description (
1096 "Based on RFC1274, the Mobile Phone property specifies a "
1097 "mobile telephone number for the person, e.g. + 44 582 10101)."
1098 )]
1099 string Mobile[];
1100 [Required, Description (
1101 "The name of the person's organization.")]
1102 string OrganizationName[];
1103 [Description (
1104 "Based on RFC1274, the OrganizationalStatus property specifies "
1105 "a category by which a person is often referred to within an "
1106 "organization. Examples of usage in academia might include "
1107 "undergraduate student, researcher, lecturer, etc.")]
1108 string OrganizationalStatus[];
1109 [Description (
1110 "Based on RFC1274, this property may be used for electronic "
1111 "mail box addresses other than RFC822 and X.400.")]
1112 string OtherMailbox[];
1113 [Description (
1114 karl 1.1 "The name of an organizational unit related to the person.")]
1115 string OU[];
1116 [MaxLen (32), Description (
1117 "Based on RFC1274, the Pager property specifies a pager "
1118 "telephone number for the person, e.g. + 44 582 10101).")]
1119 string Pager[];
1120 [Description (
1121 "Based on liPerson, the PersonalTitle property may be used to "
1122 "specify the person's personal title such as Mr., Ms., Dr., "
1123 "Prof. etc.")]
1124 string PersonalTitle[];
1125 [Octetstring, Description (
1126 "Based on RFC1274, the Photo property may be used to specify a "
1127 "photograph for the person encoded in G3 fax as explained in "
1128 "recommendation T.4, with an ASN.1 wrapper to make it "
1129 "compatible with an X.400 BodyPart as defined in X.420.")]
1130 string Photo[];
1131 [MaxLen (128), Description (
1132 "The Physical Delivery Office Name property specifies the name "
1133 "of the city, village, etc. where a physical delivery office "
1134 "is situated.")]
1135 karl 1.1 string PhysicalDeliveryOfficeName[];
1136 [Description (
1137 "The Postal Address property values specify the address "
1138 "information required for the physical delivery of postal "
1139 "messages by the postal authority to the person.")]
1140 string PostalAddress[];
1141 [MaxLen (40), Description (
1142 "The Postal Code property specifies the postal code of the "
1143 "organization. If this value is present it will be part of "
1144 "the object's postal address.")]
1145 string PostalCode[];
1146 [MaxLen (40), Description (
1147 "The Post Office Box property specifies the Post Office Box "
1148 "by which the person will receive physical postal delivery. "
1149 "If present, the property value is part of the object's postal "
1150 "address.")]
1151 string PostOfficeBox[];
1152 [Description (
1153 "The Preferred Delivery Method property specifies the "
1154 "preferred method to be used for contacting the person.")]
1155 string PreferredDeliveryMethod;
1156 karl 1.1 [Description (
1157 "Based on inetOrgPerson, the person's preferred written or "
1158 "spoken language.")]
1159 string PreferredLanguage;
1160 [Description (
1161 "This property specifies a postal address suitable for receipt "
1162 "of telegrams or expedited documents, where it is necessary to "
1163 "have the recipient accept delivery.")]
1164 string RegisteredAddress[];
1165 [Description (
1166 "Based on RFC1274, the Room Number property specifies the room "
1167 "number for the person.")]
1168 string RoomNumber[];
1169 [Description (
1170 "Based on RFC1274, the Secretary property may be used to "
1171 "specify a secretary for the person. In the case of an "
1172 "LDAP-derived object instance, the value may be a "
1173 "distinguishedName.")]
1174 string Secretary[];
1175 [Description (
1176 "In the case of an LDAP-derived instance, the See Also "
1177 karl 1.1 "property specifies distinguishedName of other Directory "
1178 "objects which may be other aspects (in some sense) of the "
1179 "same real world object.")]
1180 string SeeAlso[];
1181 [Description (
1182 "The State or Province Name property specifies a state or "
1183 "province." )]
1184 string StateOrProvince[];
1185 [MaxLen (128), Description (
1186 "The Street Address property specifies a site for the local "
1187 "distribution and physical delivery in a postal address, i.e. "
1188 "the street name, place, avenue, and the number." )]
1189 string Street[];
1190 [Description (
1191 "The Surname property specifies the linguistic construct that "
1192 "normally is inherited by an individual from the individual's "
1193 "parent or assumed by marriage, and by which the individual is "
1194 "commonly known.")]
1195 string Surname[];
1196 [MaxLen (32), Description (
1197 "The Telephone Number property specifies a telephone number of "
1198 karl 1.1 "the organization, e.g. + 44 582 10101)." )]
1199 string TelephoneNumber[];
1200 [Description (
1201 "The Teletex Terminal Identifier property specifies the "
1202 "Teletex terminal identifier (and, optionally, parameters) for "
1203 "a teletex terminal associated with the organization." )]
1204 string TeletexTerminalIdentifier[];
1205 [Description (
1206 "The Telex Number property specifies the telex number, country "
1207 "code, and answerback code of a telex terminal for the "
1208 "organization." )]
1209 string TelexNumber[];
1210 [Octetstring, Description (
1211 "A small image of the person's organization logo")]
1212 string ThumbnailLogo[];
1213 [Octetstring, Description (
1214 "A small image of the person.")]
1215 string ThumbnailPhoto[];
1216 [Description (
1217 "The Title property may be used to specify the person's "
1218 "designated position or function of the object within an "
1219 karl 1.1 "organization, e.g., Manager, Vice-President, etc.")]
1220 string Title[];
1221 [Description (
1222 "Based on RFC1274, the UserID property may be used to specify "
1223 "a computer system login name.")]
1224 string UserID[];
1225 [Description (
1226 "A unique identifier that may be assigned in an environment to "
1227 "differentiate between uses of a given named person instance."
1228 )]
1229 string UniqueIdentifier[];
1230 [Octetstring, Description (
1231 "Based on inetOrgPerson and for directory compatibility, the "
1232 "User Certificate property may be used to specify a public key "
1233 "certificate for the person.")]
1234 string UserCertificate[];
1235 [Octetstring, Description (
1236 "In the case of an LDAP-derived instance, the UserPassword "
1237 "property may contain an encrypted password used to access "
1238 "the person's resources in a directory." )]
1239 string UserPassword[];
1240 karl 1.1 [Octetstring, Description (
1241 "Based on inetOrgPerson and for directory compatibility, the "
1242 "UserPKCS12 property value may be used to provides a format "
1243 "for exchange of personal identity information. The property "
1244 "values are PFX PDUs stored as Octetstrings.")]
1245 string UserPKCS12[];
1246 [Octetstring, Description (
1247 "Based on inetOrgPerson, the User S/MIME Certificate property "
1248 "may be used to specify the person's an S/MIME (RFC1847) "
1249 "signed message with a zero-length body. It contains the "
1250 "entire certificate chain and the signed attribute that "
1251 "describes their algorithm capabilities. If available, this "
1252 "property is preferred over the UserCertificate property for "
1253 "S/MIME applications.")]
1254 string UserSMIMECertificate[];
1255 [MaxLen (15), Description (
1256 "An X.121 address for the organization.")]
1257 string X121Address[];
1258 [Octetstring, Description (
1259 "An X.500 specified unique identifier that may be assigned in "
1260 "an environment to differentiate between uses of a given named "
1261 karl 1.1 "person object instance.")]
1262 string X500UniqueIdentifier[];
1263 };
1264
1265
1266 // ==================================================================
1267 // UsersAccess
1268 // ==================================================================
1269 [Description (
1270 "The UsersAccess object class is used to specify a system user "
1271 "that permitted access to system resources. The ManagedElement "
1272 "that has access to system resources (represented in the model in "
1273 "the ElementAsUser association) may be a person, a service, a "
1274 "service access point or any collection thereof. Whereas the "
1275 "Account class represents the user's relationship to a system "
1276 "from the perspective of the security services of the system, the "
1277 "UserAccess class represents the relationships to the systems "
1278 "independent of a particular system or service.") ]
1279 class CIM_UsersAccess: CIM_UserEntity
1280 {
1281 [Key, MaxLen (256), Description (
1282 karl 1.1 "CreationClassName indicates the name of the class or the "
1283 "subclass used in the creation of an instance. When used "
1284 "with the other key properties of this class, this property "
1285 "allows all instances of this class and its subclasses to "
1286 "be uniquely identified.")]
1287 string CreationClassName;
1288 [Key, MaxLen (256),Description (
1289 "The Name property defines the label by which the object is "
1290 "known.")]
1291 string Name;
1292 [Key, Description (
1293 "The ElementID property uniquely specifies the ManagedElement "
1294 "object instance that is the user represented by the "
1295 "UsersAccess object instance. The ElementID is formatted "
1296 "similarly to a model path except that the property-value "
1297 "pairs are ordered in alphabetical order (US ASCII lexical "
1298 "order).")]
1299 string ElementID;
1300 [Description (
1301 "Biometric information used to identify a person. The "
1302 "property value is left null or set to 'N/A' for non-human "
1303 karl 1.1 "user or a user not using biometric information for "
1304 "authentication."),
1305 Values { "N/A", "Other", "Facial", "Retina", "Mark", "Finger",
1306 "Voice", "DNA-RNA", "EEG"} ]
1307 uint16 Biometric[];
1308 };
1309
1310 // ==================================================================
1311 // Account
1312 // ==================================================================
1313 [Description (
1314 "CIM_Account is the information held by a SecurityService "
1315 "to track identity and privileges managed by that service. "
1316 "Common examples of an Account are the entries in a UNIX "
1317 "/etc/passwd file. Several kinds of security services use "
1318 "various information from those entries - the /bin/login "
1319 "program uses the account name ('root') and hashed password "
1320 "to authenticate users, and the file service, for instance, "
1321 "uses the UserID field ('0') and GroupID field ('0') to "
1322 "record ownership and determine access control privileges "
1323 "on files in the file system. This class is defined so as "
1324 karl 1.1 "to incorporate commonly-used LDAP attributes to permit "
1325 "implementations to easily derive this information from "
1326 "LDAP-accessible directories.") ]
1327 class CIM_Account:CIM_LogicalElement
1328 {
1329 [Propagated ("CIM_System.CreationClassName"), Key,
1330 MaxLen (256), Description ("Scoping System")]
1331 string SystemCreationClassName;
1332 [Propagated ("CIM_System.Name"), Key,
1333 MaxLen (256),Description ("Scoping System")]
1334 string SystemName;
1335 [Key, MaxLen (256), Description (
1336 "CreationClassName indicates the name of the class or the "
1337 "subclass used in the creation of an instance. When used "
1338 "with the other key properties of this class, this property "
1339 "allows all instances of this class and its subclasses to "
1340 "be uniquely identified.")]
1341 string CreationClassName;
1342 [Key, Override("Name"), MaxLen (1024), Description (
1343 "The Name property defines the label by which the object is "
1344 "known. The value of this property may be set to be the same "
1345 karl 1.1 "as that of the UserID property or, in the case of an "
1346 "LDAP-derived instance, the Name property value may be set to "
1347 "the distinguishedName of the LDAP-accessed object instance.")]
1348 string Name;
1349 [MaxLen (256), Description (
1350 "UserID is the value used by the SecurityService to "
1351 "represent identity. For an authentication service, the "
1352 "UserID may be the name of the user, or for an authorization "
1353 "service the value which serves as a handle to a mapping of "
1354 "the identity.") ]
1355 string UserID;
1356 [Description (
1357 "In the case of an LDAP-derived instance, the ObjectClass "
1358 "property value(s) may be set to the objectClass attribute "
1359 "values.")]
1360 string ObjectClass[];
1361 [MaxLen (1024), Description (
1362 "The Descriptions property values may contain human-readable "
1363 "descriptions of the object. In the case of an LDAP-derived "
1364 "instance, the description attribute may have multiple values "
1365 "that, therefore, cannot be placed in the inherited "
1366 karl 1.1 "Description property.")]
1367 string Descriptions[];
1368 [Description (
1369 "Based on RFC1274, the host name of the system(s) for which "
1370 "the account applies. The host name may be a fully-qualified "
1371 "DNS name or it may be an unqualified host name.")]
1372 string Host[];
1373 [Description (
1374 "This property contains the name of a locality, such as a "
1375 "city, county or other geographic region.")]
1376 string LocalityName[];
1377 [Required, Description (
1378 "The name of the organization related to the account.")]
1379 string OrganizationName[];
1380 [Description (
1381 "The name of an organizational unit related to the account.")]
1382 string OU[];
1383 [Description (
1384 "In the case of an LDAP-derived instance, the See Also "
1385 "property specifies distinguishedName of other Directory "
1386 "objects which may be other aspects (in some sense) of the "
1387 karl 1.1 "same real world object.")]
1388 string SeeAlso[];
1389 [Octetstring, Description (
1390 "Based on inetOrgPerson and for directory compatibility, the "
1391 "User Certificate property may be used to specify a public key "
1392 "certificate for the person.")]
1393 string UserCertificate[];
1394 [Octetstring, Description (
1395 "In the case of an LDAP-derived instance, the UserPassword "
1396 "property may contain an encrypted password used to access "
1397 "the person's resources in a directory." )]
1398 string UserPassword[];
1399 };
1400
1401
1402 // ==================================================================
1403 // SecurityService
1404 // ==================================================================
1405 [ Abstract, Description (
1406 "CIM_SecurityService ...") ]
1407 class CIM_SecurityService:CIM_Service
1408 karl 1.1 {
1409 };
1410
1411 // ==================================================================
1412 // AccountManagementService
1413 // ==================================================================
1414 [Description (
1415 "CIM_AccountManagementService creates, manages, and if necessary "
1416 "destroys Accounts on behalf of other SecuritySerices.") ]
1417 class CIM_AccountManagementService:CIM_SecurityService
1418 {
1419 };
1420
1421 // ==================================================================
1422 // AuthenticationService
1423 // ==================================================================
1424 [Description (
1425 "CIM_AuthenticationService verifies users' identities through "
1426 "some means. These services are decomposed into a subclass that "
1427 "provides credentials to users and a subclass that provides for "
1428 "the verification of the validity of a credential and, perhaps, "
1429 karl 1.1 "the appropriateness of its use for access to target resources. "
1430 "The persistent state information used from one such verification "
1431 "to another is maintained in an Account for that Users Access on "
1432 "that AuthenticationService.") ]
1433 class CIM_AuthenticationService:CIM_SecurityService
1434 {
1435 };
1436
1437 // ==================================================================
1438 // VerificationService
1439 // ==================================================================
1440 [Description (
1441 "CIM_VerificationService is the authentication service that "
1442 "verifies a credential for use and may also verify the "
1443 "appropriateness of a particular credential in conjunction with a "
1444 "particular target resource.")]
1445 class CIM_VerificationService:CIM_AuthenticationService
1446 {
1447 };
1448
1449 // ==================================================================
1450 karl 1.1 // CredentialManagementService
1451 // ==================================================================
1452 [Description (
1453 "CIM_CredentialManagementService issues credentials and manages "
1454 "the credential lifecycle.") ]
1455 class CIM_CredentialManagementService:CIM_AuthenticationService
1456 {
1457 };
1458
1459 // ==================================================================
1460 // CredentialManagementSAP
1461 // ==================================================================
1462 [Description (
1463 "CIM_CredentialManagementSAP represents the ability to "
1464 "utilize or invoke a CredentialManagementService.") ]
1465 class CIM_CredentialManagementSAP:CIM_ServiceAccessPoint
1466 {
1467 [Description ("The URL for the access point.") ]
1468 string URL;
1469 };
1470
1471 karl 1.1 // ==================================================================
1472 // CertificateAuthority
1473 // ==================================================================
1474 [Description ("A Certificate Authority (CA) is a credential "
1475 "management service that issues and cryptographically "
1476 "signs certificates thus acting as an trusted third-party "
1477 "intermediary in establishing trust relationships. The CA "
1478 "authenicates the holder of the private key related to the "
1479 "certificate's public key; the authenicated entity is "
1480 "represented by the UsersAccess class.") ]
1481 class CIM_CertificateAuthority:CIM_CredentialManagementService
1482 {
1483 [Description (
1484 "The CAPolicyStatement describes what care is taken by the "
1485 "CertificateAuthority when signing a new certificate. "
1486 "The CAPolicyStatment may be a dot-delimited ASN.1 OID "
1487 "string which identifies to the formal policy statement.") ]
1488 string CAPolicyStatement;
1489 [Description ( "A CRL, or CertificateRevocationList, is a "
1490 "list of certificates which the CertificateAuthority has "
1491 "revoked and which are not yet expired. Revocation is "
1492 karl 1.1 "necessary when the private key associated with the public "
1493 "key of a certificate is lost or compromised, or when the "
1494 "person for whom the certificate is signed no longer is "
1495 "entitled to use the certificate."), Octetstring ]
1496 string CRL[];
1497 [Description ("Certificate Revocation Lists may be "
1498 "available from a number of distribution points. "
1499 "CRLDistributionPoint array values provide URIs for those "
1500 "distribution points.")]
1501 string CRLDistributionPoint[];
1502 [Description ( "Certificates refer to their issuing CA by "
1503 "its Distinguished Name (as defined in X.501)."), DN]
1504 string CADistinguishedName;
1505 [Description ( "The frequency, expressed in hours, at which "
1506 "the CA will update its Certificate Revocation List. Zero "
1507 "implies that the refresh frequency is unknown."),
1508 Units("Hours")]
1509 uint8 CRLRefreshFrequency;
1510 [Description ( "The maximum number of certificates in a "
1511 "certificate chain permitted for credentials issued by "
1512 "this certificate authority or it's subordinate CAs.\n"
1513 karl 1.1 "The MaxChainLength of a superior CA in the trust "
1514 "hierarchy should be greater than this value and the "
1515 "MaxChainLength of a subordinate CA in the trust hierarchy "
1516 "should be less than this value.")]
1517 uint8 MaxChainLength;
1518 };
1519
1520
1521 // ==================================================================
1522 // KerberosKeyDistributionCenter
1523 // ==================================================================
1524 [Description (
1525 "CIM_KerberosKeyDistributionCenter ...") ]
1526 class CIM_KerberosKeyDistributionCenter:CIM_CredentialManagementService
1527 {
1528 [Override ("Name"),
1529 Description ("The Realm served by this KDC.")]
1530 string Name;
1531 [Description ("The version of Kerberos supported by this "
1532 "service."),
1533 Values {"V4", "V5", "DCE", "MS"} ]
1534 karl 1.1 uint16 Protocol[];
1535 };
1536
1537
1538 // ==================================================================
1539 // Notary
1540 // ==================================================================
1541 [Description (
1542 "CIM_Notary is an AuthenticationService (credential "
1543 "management service) which compares the "
1544 "biometric characteristics of a person with the "
1545 "known characteristics of an Users Access, and determines "
1546 "whether the person is the UsersAccess. An example is "
1547 "a bank teller who compares a picture ID with the person "
1548 "trying to cash a check, or a biometric login service that "
1549 "uses voice recognition to identify a user.") ]
1550 class CIM_Notary:CIM_CredentialManagementService
1551 {
1552 [Description ( "The types of biometric information which "
1553 "this Notary can compare."),
1554 Values { "N/A", "Other", "Facial", "Retina", "Mark",
1555 karl 1.1 "Finger", "Voice", "DNA-RNA", "EEG"} ]
1556 uint16 Comparitors;
1557 [Description (
1558 "The SealProtocol is how the decision of the Notary is "
1559 "recorded for future use by parties who will rely on its "
1560 "decision. For instance, a drivers licence frequently "
1561 "includes tamper-resistent coatings and markings to protect "
1562 "the recorded decision that a driver, having various "
1563 "biometric characteristics of height, weight, hair and eye "
1564 "color, using a particular name, has features represented in "
1565 "a photograph of their face.")]
1566 string SealProtocol;
1567 [Description (
1568 "CharterIssued documents when the Notary is first "
1569 "authorized, by whoever gave it responsibility, to perform "
1570 "its service.")]
1571 datetime CharterIssued;
1572 [Description (
1573 "CharterExpired documents when the Notary is no longer "
1574 "authorized, by whoever gave it responsibility, to perform "
1575 "its service.")]
1576 karl 1.1 datetime CharterExpired;
1577 };
1578
1579
1580 // ==================================================================
1581 // LocalCredentialManagementService
1582 // ==================================================================
1583 [Description (
1584 "CIM_LocalCredentialManagementService is a credential "
1585 "management service that provides local system "
1586 "management of credentials used by the local system.") ]
1587 class CIM_LocalCredentialManagementService:CIM_CredentialManagementService
1588 {
1589 };
1590
1591 // ==================================================================
1592 // SharedSecretService
1593 // ==================================================================
1594 [Description (
1595 "CIM_SharedSecretService is a service which ascertains "
1596 "whether messages received are from the Principal with "
1597 karl 1.1 "whom a secret is shared. Examples include a login "
1598 "service that proves identity on the basis of knowledge of "
1599 "the shared secret, or a transport integrity service (like "
1600 "Kerberos provides) that includes a message authenticity "
1601 "code that proves each message in the messsage stream came "
1602 "from someone who knows the shared secret session key.")]
1603 class CIM_SharedSecretService:CIM_LocalCredentialManagementService
1604 {
1605 [MaxLen (256), Description (
1606 "The Algorithm used to convey the shared secret, such as "
1607 "HMAC-MD5,or PLAINTEXT.") ]
1608 string Algorithm;
1609 [Description (
1610 "The Protocol supported by the SharedSecretService.")]
1611 string Protocol;
1612 };
1613
1614 // ==================================================================
1615 // PublicKeyManagementService
1616 // ==================================================================
1617 [Description (
1618 karl 1.1 "CIM_PublicKeyManagementService is a credential management "
1619 "service that provides local system management of public "
1620 "keys used by the local system.") ]
1621 class CIM_PublicKeyManagementService:CIM_LocalCredentialManagementService
1622 {
1623 };
1624
1625 // ==================================================================
1626 // Credential
1627 // ==================================================================
1628 [Abstract, Description (
1629 "Subclasses of CIM_Credential define materials, "
1630 "information, or other data which are used to prove the "
1631 "identity of a CIM_UsersAccess to a particular "
1632 "CIM_SecurityService. Generally, there may be some shared "
1633 "information, or credential material which is used to "
1634 "identify and authenticate ones self in the process of "
1635 "gaining access to, or permission to use, an Account. "
1636 "Such credential material may be used to authenticate a "
1637 "users access identity initially, as done by a "
1638 "CIM_AuthenticationService (see later), and additionally on "
1639 karl 1.1 "an ongoing basis during the course of a connection or "
1640 "other security association, as proof that each received "
1641 "message or communication came from the owning user access of "
1642 "that credential material.") ]
1643 class CIM_Credential:CIM_ManagedElement
1644 {
1645 };
1646
1647
1648 // ==================================================================
1649 // PublicKeyCertificate
1650 // ==================================================================
1651 [Description ("A Public Key Certificate is a credential "
1652 "that is cryptographically signed by a trusted Certificate "
1653 "Authority (CA) and issued to an authenticated entity "
1654 "(e.g., human user, service,etc.) called the Subject in "
1655 "the certificate and represented by the UsersAccess class. "
1656 "The public key in the certificate is cryptographically "
1657 "related to a private key that is to be held and kept "
1658 "private by the authenticated Subject. The certificate "
1659 "and its related private key can then be used for "
1660 karl 1.1 "establishing trust relationships and securing "
1661 "communications with the Subject. Refer to the ITU/CCITT "
1662 "X.509 standard as an example of such certificates.") ]
1663 class CIM_PublicKeyCertificate:CIM_Credential
1664 {
1665 [Propagated ("CIM_System.CreationClassName"),
1666 Key, MaxLen (256), Description ("Scoping System")]
1667 string SystemCreationClassName;
1668 [Propagated ("CIM_System.Name"),
1669 Key, MaxLen (256),Description ("Scoping System")]
1670 string SystemName;
1671 [Propagated ("CIM_CertificateAuthority.CreationClassName"),
1672 Key, MaxLen (256), Description ("Scoping Service")]
1673 string ServiceCreationClassName;
1674 [Propagated ("CIM_CertificateAuthority.Name"),
1675 Key, MaxLen (256), Description ("Scoping Service")]
1676 string ServiceName;
1677 [Key, MaxLen (256), Description (
1678 "Certificate subject identifier")]
1679 string Subject;
1680 [MaxLen (256), Description (
1681 karl 1.1 "Alternate subject identifier for the Certificate.")]
1682 string AltSubject;
1683 [Description ("The DER-encoded raw public key."), Octetstring]
1684 uint8 PublicKey[];
1685 };
1686
1687 // ==================================================================
1688 // UnsignedPublicKey
1689 // ==================================================================
1690 [Description (
1691 "A CIM_UnsignedPublicKey represents an unsigned public "
1692 "key credential. The local UsersAccess (or subclass "
1693 "thereof) accepts the public key as authentic because of "
1694 "a direct trust relationship rather than via a third-party "
1695 "Certificate Authority.") ]
1696 class CIM_UnsignedPublicKey:CIM_Credential
1697 {
1698 [Propagated ("CIM_System.CreationClassName"),
1699 Key, MaxLen (256), Description ("Scoping System")]
1700 string SystemCreationClassName;
1701 [Propagated ("CIM_System.Name"),
1702 karl 1.1 Key, MaxLen (256),Description ("Scoping System")]
1703 string SystemName;
1704 [Propagated ("CIM_PublicKeyManagementService.CreationClassName"),
1705 Key, MaxLen (256), Description ("Scoping Service")]
1706 string ServiceCreationClassName;
1707 [Propagated ("CIM_PublicKeyManagementService.Name"),
1708 Key, MaxLen (256), Description ("Scoping Service")]
1709 string ServiceName;
1710 [Key, MaxLen (256), Description (
1711 "The Identity of the Peer with whom a direct trust "
1712 "relationship exists. The public key may be used for "
1713 "security functions with the Peer."),
1714 ModelCorrespondence
1715 {"CIM_PublicKeyManagementService.PeerIdentityType" } ]
1716 string PeerIdentity;
1717 [Description ("PeerIdentityType is used to describe the "
1718 "type of the PeerIdentity. The currently defined values "
1719 "are used for IKE identities."),
1720 ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8",
1721 "9", "10", "11"},
1722 Values {"Other", "IPV4_ADDR", "FQDN", "USER_FQDN",
1723 karl 1.1 "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
1724 "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
1725 "DER_ASN1_GN", "KEY_ID"},
1726 ModelCorrespondence
1727 {"CIM_PublicKeyManagementService.PeerIdentity" } ]
1728 uint16 PeerIdentityType;
1729 [Description ("The DER-encoded raw public key."),
1730 Octetstring]
1731 uint8 PublicKey[];
1732 };
1733
1734 // ==================================================================
1735 // KerberosTicket
1736 // ==================================================================
1737 [Description (
1738 "A CIM_KerberosTicket represents a credential issued by a "
1739 "particular Kerberos Key Distribution Center (KDC) "
1740 "to a particular CIM_UsersAccess as the result of a "
1741 "successful authentication process. There are two types of "
1742 "tickets that a KDC may issue to a Users Access - a "
1743 "TicketGranting ticket, which is used to protect and "
1744 karl 1.1 "authenticate communications between the Users Access and the "
1745 "KDC, and a Session ticket, which the KDC issues to two "
1746 "Users Access to allow them to communicate with each other. "
1747 ) ]
1748 class CIM_KerberosTicket:CIM_Credential
1749 {
1750 [Propagated ("CIM_System.CreationClassName"), Key,
1751 MaxLen (256), Description ("Scoping System")]
1752 string SystemCreationClassName;
1753 [Propagated ("CIM_System.Name"), Key,
1754 MaxLen (256),Description ("Scoping System")]
1755 string SystemName;
1756 [Key, MaxLen (256), Propagated
1757 ("CIM_KerberosKeyDistributionCenter.CreationClassName"),
1758 Description ("Scoping Service")]
1759 string ServiceCreationClassName;
1760 [Propagated ("CIM_KerberosKeyDistributionCenter.Name"),
1761 Key, MaxLen (256),
1762 Description ("Scoping Service. The Kerberos KDC Realm of "
1763 "CIM_KerberosTicket is used to record the security "
1764 "authority, or Realm, name so that tickets issued by "
1765 karl 1.1 "different Realms can be separately managed and "
1766 "enumerated.")]
1767 string ServiceName;
1768 [Key, MaxLen (256), Description ("The name of the service "
1769 "for which this ticket is used.")]
1770 string AccessesService;
1771 [Key, MaxLen (256), Description (
1772 "RemoteID is the name by which the user is known at "
1773 "the KDC security service.")]
1774 string RemoteID;
1775 datetime Issued;
1776 datetime Expires;
1777 [Description (
1778 "The Type of CIM_KerberosTicket is used to indicate whether "
1779 "the ticket in question was issued by the Kerberos Key "
1780 "Distribution Center (KDC) to support ongoing communication "
1781 "between the Users Access and the KDC (\"TicketGranting\"), "
1782 "or was issued by the KDC to support ongoing communication "
1783 "between two Users Access entities (\"Session\")." ),
1784 Values {"Session", "TicketGranting"}]
1785 uint16 TicketType;
1786 karl 1.1 };
1787
1788
1789 // ==================================================================
1790 // SharedSecret
1791 // ==================================================================
1792 [Description (
1793 "CIM_SharedSecret is the secret shared between a Users Access "
1794 "and a particular SharedSecret security service. Secrets "
1795 "may be in the form of a password used for initial "
1796 "authentication, or as with a session key, used as part of "
1797 "a message authentication code to verify that a message "
1798 "originated by the pricinpal with whom the secret is shared. "
1799 "It is important to note that SharedSecret is not just the "
1800 "password, but rather is the password used with a particular "
1801 "security service.")]
1802 class CIM_SharedSecret:CIM_Credential
1803 {
1804 [Propagated ("CIM_System.CreationClassName"), Key,
1805 MaxLen (256), Description ("Scoping System")]
1806 string SystemCreationClassName;
1807 karl 1.1 [Propagated ("CIM_System.Name"), Key,
1808 MaxLen (256),Description ("Scoping System")]
1809 string SystemName;
1810 [Key, MaxLen (256), Propagated
1811 ("CIM_SharedSecretService.CreationClassName"),
1812 Description ("Scoping Service")]
1813 string ServiceCreationClassName;
1814 [Propagated ("CIM_SharedSecretService.Name"),
1815 Key, MaxLen (256),
1816 Description ("Scoping Service")]
1817 string ServiceName;
1818 [Key, MaxLen (256), Description (
1819 "RemoteID is the name by which the user is known at "
1820 "the remote secret key authentication service.")]
1821 string RemoteID;
1822 [Description (
1823 "secret is the secret known by the Users Access.")]
1824 string secret;
1825 [Description (
1826 "algorithm names the transformation algorithm, if any, used "
1827 "to protect passwords before use in the protocol. For "
1828 karl 1.1 "instance, Kerberos doesn't store passwords as the shared "
1829 "secret, but rather, a hash of the password.")]
1830 string algorithm;
1831 [Description (
1832 "protocol names the protocol with which the SharedSecret is "
1833 "used.")]
1834 string protocol;
1835 };
1836
1837 // ==================================================================
1838 // NamedSharedIKESecret
1839 // ==================================================================
1840 [Description (
1841 "CIM_NamedSharedIKESecret indirectly represents a shared "
1842 "secret credential. The local identity, IKEIdentity, "
1843 "and the remote peer identity share the secret that is "
1844 "named by the SharedSecretName. The SharedSecretName is "
1845 "used SharedSecretService to reference the secret.") ]
1846 class CIM_NamedSharedIKESecret:CIM_Credential
1847 {
1848 [Propagated ("CIM_System.CreationClassName"),
1849 karl 1.1 Key, MaxLen (256), Description ("Scoping System")]
1850 string SystemCreationClassName;
1851 [Propagated ("CIM_System.Name"),
1852 Key, MaxLen (256),Description ("Scoping System")]
1853 string SystemName;
1854 [Propagated ("CIM_SharedSecretService.CreationClassName"),
1855 Key, MaxLen (256), Description ("Scoping Service")]
1856 string ServiceCreationClassName;
1857 [Propagated ("CIM_SharedSecretService.Name"),
1858 Key, MaxLen (256), Description ("Scoping Service")]
1859 string ServiceName;
1860 [Key, MaxLen (256), Description (
1861 "The local Identity with whom the direct trust "
1862 "relationship exists."),
1863 ModelCorrespondence
1864 {"CIM_NamedSharedIKESecret.LocalIdentityType" } ]
1865 string LocalIdentity;
1866 [Key, Description ("LocalIdentityType is used to describe "
1867 "the type of the LocalIdentity."),
1868 ValueMap {"1", "2", "3", "4", "5", "6", "7", "8",
1869 "9", "10", "11"},
1870 karl 1.1 Values {"IPV4_ADDR", "FQDN", "USER_FQDN",
1871 "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
1872 "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
1873 "DER_ASN1_GN", "KEY_ID"},
1874 ModelCorrespondence
1875 {"CIM_NamedSharedIKESecret.LocalIdentity" } ]
1876 uint16 LocalIdentityType;
1877 [Key, MaxLen (256), Description (
1878 "The peer identity with whom the direct trust "
1879 "relationship exists."),
1880 ModelCorrespondence
1881 {"CIM_NamedSharedIKESecret.PeerIdentityType" } ]
1882 string PeerIdentity;
1883 [Key, Description ("PeerIdentityType is used to describe "
1884 "the type of the PeerIdentity."),
1885 ValueMap {"1", "2", "3", "4", "5", "6", "7", "8",
1886 "9", "10", "11"},
1887 Values {"IPV4_ADDR", "FQDN", "USER_FQDN",
1888 "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
1889 "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
1890 "DER_ASN1_GN", "KEY_ID"},
1891 karl 1.1 ModelCorrespondence
1892 {"CIM_NamedSharedIKESecret.PeerIdentity" } ]
1893 uint16 PeerIdentityType;
1894 [Description ("SharedSecretName is an indirect reference "
1895 "to a shared secret. The SecretService does not expose "
1896 "the actual secret but rather provides access to the "
1897 "secret via a name.")]
1898 string SharedSecretName;
1899 };
1900
1901 // ==================================================================
1902 // AuthorizationService
1903 // ==================================================================
1904 [Description (
1905 "CIM_AuthorizationService determines whether a user, by "
1906 "association with an Account used by the AuthorizationService, is "
1907 "permitted access a resource or set of resources.") ]
1908 class CIM_AuthorizationService:CIM_SecurityService
1909 {
1910 };
1911
1912 karl 1.1 // ==================================================================
1913 // AuthenticationRequirement
1914 // ==================================================================
1915 [Description (
1916 "CIM_AuthenticationRequirement provides, through its "
1917 "associations, the authentication requirements for access to "
1918 "system resources. For a particular set of target resources, the "
1919 "AuthenticationService may require that credentials be issued by "
1920 "a specific CredentialManagementService. The "
1921 "AuthenticationRequirement class is weak to the system (e.g., "
1922 "Computer System or Administrative Domain) for which the "
1923 "requirements apply.")]
1924 class CIM_AuthenticationRequirement : CIM_LogicalElement
1925 {
1926 [Key, MaxLen (256), Propagated ("CIM_System.CreationClassName"),
1927 Description ("Hosting system creation class name")]
1928 string SystemCreationClassName;
1929 [Key, MaxLen (256), Propagated ("CIM_System.Name"),
1930 Description ("Hosting system name")]
1931 string SystemName;
1932 [Key, MaxLen (256), Description (
1933 karl 1.1 "CreationClassName indicates the name of the class or the "
1934 "subclass used in the creation of an instance. When used "
1935 "with the other key properties of this class, this property "
1936 "allows all instances of this class and its subclasses to "
1937 "be uniquely identified.")]
1938 string CreationClassName;
1939 [Key, MaxLen (256), Override ("Name"), Description (
1940 "The Name property defines the unique label, in the context of "
1941 "the hosting system, by which the AuthenticationRequirement "
1942 "is known.")]
1943 string Name;
1944 [Description (
1945 "The SecurityClassification property specifies a named level "
1946 "of security associated with the AuthenticationRequirement, "
1947 "e.g., 'Confidential', 'Top Secret', etc.")]
1948 string SecurityClassification;
1949 };
1950
1951
1952 // ==================================================================
1953 // AccessControlInformation
1954 karl 1.1 // ==================================================================
1955 [Description (
1956 "CIM_AccessControlInformation provides, through its properties "
1957 "and its associations, the specification of the access rights "
1958 "granted to a set of subject users to a set of target resources. "
1959 "The AccessControlInformation class is weak to the system (e.g., "
1960 "Computer System or Administrative Domain) for which the access "
1961 "controls apply.")]
1962 class CIM_AccessControlInformation: CIM_LogicalElement
1963 {
1964 [Key, MaxLen (256), Propagated ("CIM_System.CreationClassName"),
1965 Description ("Hosting system creation class name")]
1966 string SystemCreationClassName;
1967 [Key, MaxLen (256), Propagated ("CIM_System.Name"),
1968 Description ("Hosting system name")]
1969 string SystemName;
1970 [Key, MaxLen (256), Description (
1971 "CreationClassName indicates the name of the class or the "
1972 "subclass used in the creation of an instance. When used "
1973 "with the other key properties of this class, this property "
1974 "allows all instances of this class and its subclasses to "
1975 karl 1.1 "be uniquely identified.")]
1976 string CreationClassName;
1977 [Key, MaxLen (256), Override ("Name"), Description (
1978 "The Name property defines the unique label, in the context of "
1979 "the hosting system, by which the AccessControlInformation "
1980 "is known.")]
1981 string Name;
1982 [Description (
1983 "The SecurityClassification property specifies a named level "
1984 "of security associated with the AccessControlInformation, "
1985 "e.g., 'Confidential', 'Top Secret', etc.")]
1986 string SecurityClassification;
1987 [Description (
1988 "The AccessType property is an array of string values that "
1989 "specifies the type of access for which the corresponding "
1990 "permission applies. For example, it can be used to specify a "
1991 "generic access such as 'Read-only', 'Read/Write', etc. for "
1992 "file or record access control or it can be used to specifiy "
1993 "an entry point name for service access control."),
1994 ModelCorrespondence {
1995 "CIM_AccessControlInformation.AccessQualifier",
1996 karl 1.1 "CIM_AccessControlInformation.Permission" } ]
1997 string AccessType[];
1998 [Description (
1999 "The AccessQualifier property is an array of string values "
2000 "may be used to further qualify the type of access for which "
2001 "the corresponding permission applies. For example, it may be "
2002 "used to specify a set of parameters that are permitted or "
2003 "denied in conjunction with the corresponding AccessType entry "
2004 "point name."),
2005 ModelCorrespondence {
2006 "CIM_AccessControlInformation.AccessType",
2007 "CIM_AccessControlInformation.Permission" } ]
2008 string AccessQualifier[];
2009 [Description (
2010 "The Permission property is an array of string values "
2011 "indicating the permission that applies to the corrsponding "
2012 "AccessType and AccessQualifier array values. The values "
2013 "may be extended in subclasses to provide more specific access "
2014 "controls."),
2015 ValueMap {"Unknown", "Allow", "Deny", "Manage"},
2016 ModelCorrespondence {
2017 karl 1.1 "CIM_AccessControlInformation.AccessType",
2018 "CIM_AccessControlInformation.AccessQualifier" } ]
2019 string Permission[];
2020 };
2021
2022 // ==================================================================
2023 // === Association class definitions ===
2024 // ==================================================================
2025
2026 // Aggregations
2027
2028 // ==================================================================
2029 // MemberPrincipal
2030 // ==================================================================
2031 [Association, Aggregation, Description (
2032 "CIM_MemberPrincipal is an aggregation used to establish "
2033 "membership of principals (i.e., users) in a Collection. That "
2034 "membership can be established either directly or indirectly as "
2035 "indicated in the UsersAccessBy property. For example, a user "
2036 "may be identified directly by their userid (i.e., Account object "
2037 "instance) or the user may be identified indirectly by realm from "
2038 karl 1.1 "which a ticket was issued (i.e., CredentialManagementService "
2039 "object instance). The latter case is useful, for example, for "
2040 "specifying that only users identified by an internal credential "
2041 "service are permitted to access very sensitive information." ) ]
2042 class CIM_MemberPrincipal: CIM_MemberOfCollection
2043 {
2044 [Override ("Collection") ]
2045 CIM_Collection REF Collection;
2046 [Override ("Member") ]
2047 CIM_ManagedElement REF Member;
2048 [Description (
2049 "A MemberPrincipal may be identifed in several ways that may "
2050 "be either direct or indirect membership in the collection. "
2051 " - A 'UsersAccess' membership directly identifies the user by "
2052 " the UsersAccess object instance. "
2053 " - An 'Account' membership directly identifies the user by "
2054 " the Account object class instance. "
2055 " - A 'UsingElement' membership indirectly identifies the user "
2056 " by the ManagedElement object instance that has "
2057 " ElementAsUser associations to UsersAccess object "
2058 " instances. Hence, all UsersAccess instances are "
2059 karl 1.1 " indirectly included in the collection. "),
2060 ValueMap {"1", "2", "3", "4" },
2061 Values {"UsersAccess", "Account", "UsingElement",
2062 "CredentialManagementService"} ]
2063 uint16 UserAccessBy;
2064 };
2065
2066
2067 // ===================================================================
2068 // AccountOnSystem
2069 // ===================================================================
2070 [Association, Aggregation, Description (
2071 "A system (e.g., ApplicationSystem, ComputerSystem, AdminDomain) "
2072 "aggregates Accounts and scopes the uniqueness of the Account "
2073 "names (i.e., userids).") ]
2074 class CIM_AccountOnSystem : CIM_SystemComponent
2075 {
2076 [Override ("GroupComponent"), Min (1), Max (1),
2077 Description ("The aggregating system also provides name scoping "
2078 "for the Account.")]
2079 CIM_System REF GroupComponent;
2080 karl 1.1 [Override ("PartComponent"), Weak,
2081 Description ("The subordinate Account")]
2082 CIM_Account REF PartComponent;
2083 };
2084
2085 // ==================================================================
2086 // OrgStructure
2087 // ==================================================================
2088 [Association, Aggregation, Description (
2089 "CIM_OrgStructure is an association used to establish parent-child "
2090 "relationships between OrganizationalEntity instances. This is "
2091 "used to capture organizational relationships between object "
2092 "instances such as those that are imported from an LDAP-accessible "
2093 "directory.") ]
2094 class CIM_OrgStructure
2095 {
2096 [Key, Max (1),
2097 Description ("The organizational parent in this association.") ]
2098 CIM_OrganizationalEntity REF Parent;
2099 [Key,
2100 Description ("The organizational child in this association, "
2101 karl 1.1 "i.e., the sub-unit or other owned object instance.") ]
2102 CIM_OrganizationalEntity REF Child;
2103 };
2104
2105 // ==================================================================
2106 // CollectionInOrganization
2107 // ==================================================================
2108 [Association, Aggregation, Description (
2109 "CIM_CollectionInOrganization is an association used to establish "
2110 "a parent-child relationship between a collection and an 'owning' "
2111 "OrganizationalEntity. A single collection should not have both "
2112 "a CollectionInOrganization and a CollectionInSystem association."
2113 )]
2114 class CIM_CollectionInOrganization
2115 {
2116 [Key, Max (1),
2117 Description ("The parent organization responsible for the "
2118 "collection.") ]
2119 CIM_OrganizationalEntity REF Parent;
2120 [Key,
2121 Description ("The collection") ]
2122 karl 1.1 CIM_Collection REF Child;
2123 };
2124
2125 // ==================================================================
2126 // CollectionInSystem
2127 // ==================================================================
2128 [Association, Aggregation, Description (
2129 "CIM_CollectionInSystem is an association used to establish a "
2130 "parent-child relationship between a collection and an 'owning' "
2131 "System such as an AdminDomain or ComputerSystem. A single "
2132 "collection should not have both a CollectionInOrganization and a "
2133 "CollectionInSystem association." )]
2134 class CIM_CollectionInSystem
2135 {
2136 [Key, Max (1),
2137 Description ("The parent system responsible for the "
2138 "collection.") ]
2139 CIM_System REF Parent;
2140 [Key,
2141 Description ("The collection") ]
2142 CIM_Collection REF Child;
2143 karl 1.1 };
2144
2145 // Associations
2146
2147 // ==================================================================
2148 // ElementAsUser
2149 // ==================================================================
2150 [Association, Description (
2151 "CIM_ElementAsUser is an association used to establish the "
2152 "'ownership' of UsersAccess object instances. That is, the "
2153 "ManagedElement may have UsersAccess to systems and, therefore, "
2154 "be 'users' on those systems. UsersAccess instances must have an "
2155 "'owning' ManagedElement. Typically, the ManagedElements will be "
2156 "limited to Collection, Person, Service and ServiceAccessPoint. "
2157 "Other non-human ManagedElements that might be thought of as "
2158 "having UsersAccess (e.g., a device or system) have services that "
2159 "have the UsersAccess.")]
2160 class CIM_ElementAsUser : CIM_Dependency
2161 {
2162 [Min (1), Max (1), Override ("Antecedent"),
2163 Description ("The ManagedElement that has UsersAccess") ]
2164 karl 1.1 CIM_ManagedElement REF Antecedent;
2165 [Override ("Dependent"),
2166 Description ("The 'owned' UsersAccess") ]
2167 CIM_UsersAccess REF Dependent;
2168 };
2169
2170
2171 // ==================================================================
2172 // MoreOrganizationInfo
2173 // ==================================================================
2174 [Association, Description (
2175 "CIM_MoreOrganizationInfo is an association used to extend the "
2176 "information in a CIM_Organization class instance."
2177 )]
2178 class CIM_MoreOrganizationInfo : CIM_Dependency
2179 {
2180 [Max (1), Override ("Antecedent"),
2181 Description (" "
2182 " ") ]
2183 CIM_Organization REF Antecedent;
2184 [Min (0), Max (1), Override ("Dependent"),
2185 karl 1.1 Description (" ") ]
2186 CIM_OtherOrganizationInformation REF Dependent;
2187 };
2188
2189 // ==================================================================
2190 // MoreOrgUnitInfo
2191 // ==================================================================
2192 [Association, Description (
2193 "CIM_MoreOrgUnitInfo is an association used to extend the "
2194 "information in an CIM_OrgUnit class instance."
2195 )]
2196 class CIM_MoreOrgUnitInfo : CIM_Dependency
2197 {
2198 [Max (1), Override ("Antecedent"),
2199 Description (" "
2200 " ") ]
2201 CIM_OrgUnit REF Antecedent;
2202 [Min (0), Max (1), Override ("Dependent"),
2203 Description (" ") ]
2204 CIM_OtherOrgUnitInformation REF Dependent;
2205 };
2206 karl 1.1
2207 // ==================================================================
2208 // MoreGroupInfo
2209 // ==================================================================
2210 [Association, Description (
2211 "CIM_MoreGroupInfo is an association used to extend the "
2212 "information in a CIM_Group class instance."
2213 )]
2214 class CIM_MoreGroupInfo : CIM_Dependency
2215 {
2216 [Max (1), Override ("Antecedent"),
2217 Description (" "
2218 " ") ]
2219 CIM_Group REF Antecedent;
2220 [Min (0), Max (1), Override ("Dependent"),
2221 Description (" ") ]
2222 CIM_OtherGroupInformation REF Dependent;
2223 };
2224
2225 // ==================================================================
2226 // MoreRoleInfo
2227 karl 1.1 // ==================================================================
2228 [Association, Description (
2229 "CIM_MoreRoleInfo is an association used to extend the "
2230 "information in a CIM_Role class instance."
2231 )]
2232 class CIM_MoreRoleInfo : CIM_Dependency
2233 {
2234 [Max (1), Override ("Antecedent"),
2235 Description (" "
2236 " ") ]
2237 CIM_Role REF Antecedent;
2238 [Min (0), Max (1), Override ("Dependent"),
2239 Description (" ") ]
2240 CIM_OtherRoleInformation REF Dependent;
2241 };
2242
2243 // ==================================================================
2244 // MorePersonInfo
2245 // ==================================================================
2246 [Association, Description (
2247 "CIM_MorePersonInfo is an association used to extend the "
2248 karl 1.1 "information in a CIM_Person class instance."
2249 )]
2250 class CIM_MorePersonInfo : CIM_Dependency
2251 {
2252 [Max (1), Override ("Antecedent"),
2253 Description (" "
2254 " ") ]
2255 CIM_Person REF Antecedent;
2256 [Min (0), Max (1), Override ("Dependent"),
2257 Description (" ") ]
2258 CIM_OtherPersonInformation REF Dependent;
2259 };
2260
2261
2262 // ==================================================================
2263 // SystemAdministrator
2264 // ==================================================================
2265 [Association, Description (
2266 "CIM_SystemAdministrator is an association used to identify "
2267 "the UserEntity as a system administrator of a CIM_System." ) ]
2268 class CIM_SystemAdministrator: CIM_Dependency
2269 karl 1.1 {
2270 [Override ("Antecedent"), Description (
2271 "The administered system.") ]
2272 CIM_System REF Antecedent;
2273 [Override ("Dependent"), Description (
2274 "The UserEntity that provides the admininstrative function "
2275 "for the associated system.") ]
2276 CIM_UserEntity REF Dependent;
2277
2278 };
2279
2280 // ==================================================================
2281 // SystemAdministratorGroup
2282 // ==================================================================
2283 [Association, Description (
2284 "CIM_SystemAdministratorGroup is an association used to identify "
2285 "a Group that has system administrator responsibilities for a "
2286 "CIM_System. " )]
2287 class CIM_SystemAdministratorGroup : CIM_Dependency
2288 {
2289 [Override ("Antecedent"),
2290 karl 1.1 Description ("The administered system") ]
2291 CIM_System REF Antecedent;
2292 [Override ("Dependent"),
2293 Description ("The Group of administrators") ]
2294 CIM_Group REF Dependent;
2295 };
2296
2297 // ==================================================================
2298 // SystemAdministratorRole
2299 // ==================================================================
2300 [Association, Description (
2301 "CIM_SystemAdministratorRole is an association used to identify "
2302 "a system administrator Role for a CIM_System.")]
2303 class CIM_SystemAdministratorRole : CIM_Dependency
2304 {
2305 [Override ("Antecedent"),
2306 Description ("The administered system") ]
2307 CIM_System REF Antecedent;
2308 [Override ("Dependent"),
2309 Description ("The system administration role") ]
2310 CIM_Role REF Dependent;
2311 karl 1.1 };
2312
2313 // ===================================================================
2314 // UsersAccount
2315 // ===================================================================
2316 [Association, Description (
2317 "This relationship associates UsersAccess with the Accounts "
2318 "with which they're able to interact.") ]
2319 class CIM_UsersAccount : CIM_Dependency
2320 {
2321 [Override ("Antecedent"),
2322 Description ( "The user's Account") ]
2323 CIM_Account REF Antecedent;
2324 [Override ("Dependent"),
2325 Description ( "The User as identified by their UsersAccess "
2326 "instance")]
2327 CIM_UsersAccess REF Dependent;
2328 };
2329
2330
2331 // ===================================================================
2332 karl 1.1 // AccountMapsToAccount
2333 // ===================================================================
2334 [Association, Description (
2335 "This relationship may be used to associate an Account used by an "
2336 "AuthenticationService to an Account used for Authorization. For "
2337 "instance, this mapping occurs naturally in the UNIX /etc/passwd "
2338 "file, where the AuthenticationSerice Account ('root') is mapped "
2339 "to the AuthorizationService Account ('0'). The two are separate "
2340 "accounts, as evidenced by the ability to have another "
2341 "AuthenticationService Account which ALSO maps to the "
2342 "AuthorizationService Account ('0') without ambiguity. This "
2343 "association may be used for other account mappings as well such "
2344 "as for coordinating single signon for multiple accounts for the "
2345 "same user.") ]
2346 class CIM_AccountMapsToAccount : CIM_Dependency
2347 {
2348 [Override ("Antecedent"),
2349 Description ( "An Account") ]
2350 CIM_Account REF Antecedent;
2351 [Override ("Dependent"),
2352 Description ( "A related Account")]
2353 karl 1.1 CIM_Account REF Dependent;
2354 };
2355
2356 // ===================================================================
2357 // SecurityServiceUsesAccount
2358 // ===================================================================
2359 [Association, Description (
2360 "This relationship associates SecurityService instances to "
2361 "the Accounts they use in the course of their work.") ]
2362 class CIM_SecurityServiceUsesAccount : CIM_Dependency
2363 {
2364 [ Override ("Antecedent") ]
2365 CIM_Account REF Antecedent;
2366 [ Override ("Dependent") ]
2367 CIM_SecurityService REF Dependent;
2368 };
2369
2370
2371 // ===================================================================
2372 // ManagesAccount
2373 // ===================================================================
2374 karl 1.1 [Association, Description (
2375 "This relationship associates the AccountManagement security "
2376 "service to the Accounts for which it is responsible.") ]
2377 class CIM_ManagesAccount:CIM_Dependency
2378 {
2379 [ Override ("Antecedent") ]
2380 CIM_AccountManagementService REF Antecedent;
2381 [ Override ("Dependent") ]
2382 CIM_Account REF Dependent;
2383 };
2384
2385 // ===================================================================
2386 // ServiceUsesSecurityService
2387 // ===================================================================
2388 [Association, Description (
2389 "This relationship associates a Services with the Security "
2390 "Service it uses.") ]
2391 class CIM_ServiceUsesSecurityService : CIM_ServiceServiceDependency
2392 {
2393 [ Override ("Antecedent") ]
2394 CIM_SecurityService REF Antecedent;
2395 karl 1.1 [ Override ("Dependent") ]
2396 CIM_Service REF Dependent;
2397 };
2398
2399 // ===================================================================
2400 // SecurityServiceForSystem
2401 // ===================================================================
2402 [Association, Description (
2403 "The CIM_SecurityServiceForSystem provides the association between "
2404 "a System and a SecurityService that provides services for that "
2405 "system." ) ]
2406 class CIM_SecurityServiceForSystem : CIM_ProvidesServiceToElement
2407 {
2408 [Override ("Antecedent"), Description (
2409 "The SecurityService that provides services for the system.")]
2410 CIM_SecurityService REF Antecedent;
2411 [Override ("Dependent"), Description (
2412 "The system that is dependent on the security service.")]
2413 CIM_System REF Dependent;
2414 };
2415
2416 karl 1.1
2417 // ===================================================================
2418 // ManagesAccountOnSystem
2419 // ===================================================================
2420 [Association, Description (
2421 "The CIM_ManagesAccountOnSystem provides the association between a "
2422 "System and the AccountManagementService that manages accounts for "
2423 "that system." ) ]
2424 class CIM_ManagesAccountOnSystem:CIM_SecurityServiceForSystem
2425 {
2426 [Override ("Antecedent"), Description (
2427 "An AccountManagementService that manages accounts for the "
2428 "system.")]
2429 CIM_AccountManagementService REF Antecedent;
2430 [Override ("Dependent"), Description (
2431 "The system that is dependent on the AccountManagementService."
2432 )]
2433 CIM_System REF Dependent;
2434 };
2435
2436 // ==================================================================
2437 karl 1.1 // TrustHierarchy
2438 // ==================================================================
2439 [Association, Description (
2440 "CIM_TrustHierarchy is an association between two "
2441 "CredentialManagementService instances that establishes "
2442 "the trust hierarchy between them.") ]
2443 class CIM_TrustHierarchy:CIM_Dependency
2444 {
2445 [Override ("Antecedent"), Max (1),
2446 Description ("The superior CredentialManagementService "
2447 "from which the dependent service gets its authority.") ]
2448 CIM_CredentialManagementService REF Antecedent;
2449 [Override ("Dependent"), Description (
2450 "The subordinate CredentialManagementService.") ]
2451 CIM_CredentialManagementService REF Dependent;
2452 };
2453
2454 // ==================================================================
2455 // UsersCredential
2456 // ==================================================================
2457 [Association, Description (
2458 karl 1.1 "CIM_UsersCredential is an association used to establish the "
2459 "credentials that may be used for a UsersAccess to a system or "
2460 "set of systems. " )]
2461 class CIM_UsersCredential : CIM_Dependency
2462 {
2463 [Override ("Antecedent"),
2464 Description ("The issued credential that may be used.") ]
2465 CIM_Credential REF Antecedent;
2466 [Override ("Dependent"),
2467 Description ("The UsersAccess that has use of a credential") ]
2468 CIM_UsersAccess REF Dependent;
2469 };
2470
2471 // ===================================================================
2472 // PublicPrivateKeyPair
2473 // ===================================================================
2474 [Association, Description (
2475 "This relationship associates a PublicKeyCertificate with "
2476 "the Principal who has the PrivateKey used with the "
2477 "PublicKey. The PrivateKey is not modeled, since it is not "
2478 "a data element that ever SHOULD be accessible via "
2479 karl 1.1 "management applications, other than key recovery services, "
2480 "which are outside our scope.") ]
2481 class CIM_PublicPrivateKeyPair:CIM_UsersCredential
2482 {
2483 [ Override ("Antecedent") ]
2484 CIM_PublicKeyCertificate REF Antecedent;
2485 [ Override ("Dependent") ]
2486 CIM_UsersAccess REF Dependent;
2487 [Description ( "The Certificate may be used for signature only "
2488 "or for confidentiality as well as signature"),
2489 Values { "SignOnly", "ConfidentialityOrSignature"} ]
2490 uint16 Use;
2491 boolean NonRepudiation;
2492 boolean BackedUp;
2493 [Description ("The repository in which the certificate is "
2494 "backed up.")]
2495 string Repository;
2496 };
2497
2498
2499 // ===================================================================
2500 karl 1.1 // CAHasPublicCertificate
2501 // ===================================================================
2502 [Association, Description (
2503 "A CertificateAuthority may have certificates issued by other CAs. "
2504 "This association is essentially an optimization of the CA having "
2505 "a UsersAccess instance with an association to a certificate thus "
2506 "mapping more closely to LDAP-based certificate authority "
2507 "implementations.") ]
2508 class CIM_CAHasPublicCertificate:CIM_Dependency
2509 {
2510 [Max (1), Override ("Antecedent"),
2511 Description ("The Certificate used by the CA")]
2512 CIM_PublicKeyCertificate REF Antecedent;
2513 [Override ("Dependent"),
2514 Description ("The CA that uses a Certificate")]
2515 CIM_CertificateAuthority REF Dependent;
2516 };
2517
2518
2519 // ===================================================================
2520 // ManagedCredential
2521 karl 1.1 // ===================================================================
2522 [Association, Description (
2523 "This relationship associates a CredentialManagementService "
2524 "with the Credential it manages.") ]
2525 class CIM_ManagedCredential:CIM_Dependency
2526 {
2527 [Override ("Antecedent"), Min (1), Max (1),
2528 Description ( "The credential management service")]
2529 CIM_CredentialManagementService REF Antecedent;
2530 [Override ("Dependent"),
2531 Description ( "The managed credential")]
2532 CIM_Credential REF Dependent;
2533 };
2534
2535 // ===================================================================
2536 // CASignsPublicKeyCertificate
2537 // ===================================================================
2538 [Association, Description (
2539 "This relationship associates a CertificateAuthority with "
2540 "the certificates it signs.") ]
2541 class CIM_CASignsPublicKeyCertificate:CIM_ManagedCredential
2542 karl 1.1 {
2543 [Override ("Antecedent"), Min (1), Max (1),
2544 Description ( "The CA which signed the certificate")]
2545 CIM_CertificateAuthority REF Antecedent;
2546 [Override ("Dependent"), Weak,
2547 Description ( "The certificate issued by the CA")]
2548 CIM_PublicKeyCertificate REF Dependent;
2549 string SerialNumber;
2550 [ Octetstring ]
2551 uint8 Signature[];
2552 datetime Expires;
2553 string CRLDistributionPoint[];
2554 };
2555
2556 // ==================================================================
2557 // LocallyManagedPublicKey
2558 // ==================================================================
2559 [Association, Description (
2560 "CIM_LocallyManagedPublicKey association provides the "
2561 "relationship between a PublicKeyManagementService and an "
2562 "UnsignedPublicKey.") ]
2563 karl 1.1 class CIM_LocallyManagedPublicKey:CIM_ManagedCredential
2564 {
2565 [Override ("Antecedent"), Min (1), Max (1),
2566 Description ("The PublicKeyManagementService that manages "
2567 "an unsigned public key.") ]
2568 CIM_PublicKeyManagementService REF Antecedent;
2569 [Override ("Dependent"), Weak, Description (
2570 "An unsigned public key.") ]
2571 CIM_UnsignedPublicKey REF Dependent;
2572 };
2573
2574 // ===================================================================
2575 // SharedSecretIsShared
2576 // ===================================================================
2577 [Association, Description (
2578 "This relationship associates a SharedSecretService with the "
2579 "SecretKey it verifies.") ]
2580 class CIM_SharedSecretIsShared : CIM_ManagedCredential
2581 {
2582 [Override ("Antecedent"), Min (1), Max (1),
2583 Description ("The credential management service")]
2584 karl 1.1 CIM_SharedSecretService REF Antecedent;
2585 [Override ("Dependent"), Weak,
2586 Description ( "The managed credential")]
2587 CIM_SharedSecret REF Dependent;
2588 };
2589
2590 // ==================================================================
2591 // IKESecretIsNamed
2592 // ==================================================================
2593 [Association, Description (
2594 "CIM_IKESecretIsNamed association provides the "
2595 "relationship between a SharedSecretService and a "
2596 "NamedSharedIKESecret.") ]
2597 class CIM_IKESecretIsNamed:CIM_ManagedCredential
2598 {
2599 [Override ("Antecedent"), Min (1), Max (1),
2600 Description ("The SharedSecretService that manages a "
2601 "NamedSharedIKESecret.")]
2602 CIM_SharedSecretService REF Antecedent;
2603 [Override ("Dependent"), Weak, Description (
2604 "The managed NamedSharedIKESecret.") ]
2605 karl 1.1 CIM_NamedSharedIKESecret REF Dependent;
2606 };
2607
2608 // ===================================================================
2609 // KDCIssuesKerberosTicket
2610 // ===================================================================
2611 [Association, Description (
2612 "The KDC issues and owns Kerberos tickets. This association "
2613 "captures the relationship between the KDC and its issued tickets."
2614 ) ]
2615 class CIM_KDCIssuesKerberosTicket:CIM_ManagedCredential
2616 {
2617 [Override ("Antecedent"), Min (1), Max (1),
2618 Description ( "The issuing KDC") ]
2619 CIM_KerberosKeyDistributionCenter REF Antecedent;
2620 [Override ("Dependent"), Weak,
2621 Description ( "The managed credential")]
2622 CIM_KerberosTicket REF Dependent;
2623 };
2624
2625 // ===================================================================
2626 karl 1.1 // NotaryVerifiesBiometric
2627 // ===================================================================
2628 [Association, Description (
2629 "This relationship associates a Notary service with the "
2630 "Users Access whose biometric information is verified.") ]
2631 class CIM_NotaryVerifiesBiometric : CIM_Dependency
2632 {
2633 [Override ("Antecedent"),
2634 Description ("The Notary service that verifies biometric "
2635 "information ") ]
2636 CIM_Notary REF Antecedent;
2637 [Override ("Dependent"),
2638 Description ( "The UsersAccess that represents a person using "
2639 "biometric information for authentication.")]
2640 CIM_UsersAccess REF Dependent;
2641 };
2642
2643
2644 // ==================================================================
2645 // HostedAuthenticationRequirement
2646 // ==================================================================
2647 karl 1.1 [Association, Description (
2648 "CIM_HostedAuthenticationRequirement is an association used to "
2649 "provide the namespace scoping of AuthenticationRequirement. The "
2650 "hosted requirements may or may not apply to resources on the "
2651 "hosting system." )]
2652 class CIM_HostedAuthenticationRequirement : CIM_Dependency
2653 {
2654 [Min (1), Max (1), Override ("Antecedent"),
2655 Description ("The hosting system") ]
2656 CIM_System REF Antecedent;
2657 [Override ("Dependent"), Weak,
2658 Description ("The hosted AuthenticationRequirement") ]
2659 CIM_AuthenticationRequirement REF Dependent;
2660 };
2661
2662 // ==================================================================
2663 // AuthenticateForUse
2664 // ==================================================================
2665 [Association, Description (
2666 "CIM_AuthenticateForUse is an association used to provide an "
2667 "AuthenticationService with the AuthenticationRequirement it "
2668 karl 1.1 "needs to do its job.")]
2669 class CIM_AuthenticateForUse : CIM_Dependency
2670 {
2671 [Override ("Antecedent"),
2672 Description ("AuthenticationRequirement for use") ]
2673 CIM_AuthenticationRequirement REF Antecedent;
2674 [Override ("Dependent"),
2675 Description ("AuthenticationService that uses the requirements"
2676 ) ]
2677 CIM_AuthenticationService REF Dependent;
2678 };
2679
2680 // ==================================================================
2681 // RequireCredentialsFrom
2682 // ==================================================================
2683 [Association, Description (
2684 "CIM_RequireCredentialsFrom is an association used to require "
2685 "that credentials are issued by particular Credential Management "
2686 "Services in order to authenticate a user." )]
2687 class CIM_RequireCredentialsFrom : CIM_Dependency
2688 {
2689 karl 1.1 [Override ("Antecedent"),
2690 Description ("CredentialManagementService from which "
2691 "credentials are accepted for the associated "
2692 "AuthenticationRequirement.") ]
2693 CIM_CredentialManagementService REF Antecedent;
2694 [Override ("Dependent"),
2695 Description ("AuthenticationRequirement that limit acceptable "
2696 "credentials. ") ]
2697 CIM_AuthenticationRequirement REF Dependent;
2698 };
2699
2700 // ==================================================================
2701 // AuthenticationTarget
2702 // ==================================================================
2703 [Association, Description (
2704 "CIM_AuthenticationTarget is an association used to apply "
2705 "authentication requirements for access to specific resources. "
2706 "For example, a shared secret may be sufficient for access to "
2707 "unclassified resources, but for confidential resources, a "
2708 "stronger authentication may be required." )]
2709 class CIM_AuthenticationTarget : CIM_Dependency
2710 karl 1.1 {
2711 [Override ("Antecedent"),
2712 Description ("AuthenticationRequirement that apply to "
2713 "specific resources") ]
2714 CIM_AuthenticationRequirement REF Antecedent;
2715 [Override ("Dependent"),
2716 Description ("Target resources that may be in a Collection or "
2717 "an individual ManagedElement. These resources are protected "
2718 "by the AuthenticationRequirement.") ]
2719 CIM_ManagedElement REF Dependent;
2720 };
2721
2722 // ==================================================================
2723 // HostedACI
2724 // ==================================================================
2725 [Association, Description (
2726 "CIM_HostedACI is an association used to provide the namespace "
2727 "scoping of AccessControlInformation. The hosted ACI may or may "
2728 "not apply to resources on the hosting system." )]
2729 class CIM_HostedACI : CIM_Dependency
2730 {
2731 karl 1.1 [Min (1), Max (1), Override ("Antecedent"),
2732 Description ("The hosting system") ]
2733 CIM_System REF Antecedent;
2734 [Override ("Dependent"), Weak,
2735 Description ("The hosted AccessControlInformation") ]
2736 CIM_AccessControlInformation REF Dependent;
2737 };
2738
2739 // ==================================================================
2740 // AuthorizedUse
2741 // ==================================================================
2742 [Association, Description (
2743 "CIM_AuthorizedUse is an association used to provide an "
2744 "AuthorizationService with the AccessControlInformation it needs "
2745 "to do its job." )]
2746 class CIM_AuthorizedUse : CIM_Dependency
2747 {
2748 [Override ("Antecedent"),
2749 Description ("AccessControlInformation") ]
2750 CIM_AccessControlInformation REF Antecedent;
2751 [Override ("Dependent"),
2752 karl 1.1 Description ("AuthorizationService that uses an ACI.") ]
2753 CIM_AuthorizationService REF Dependent;
2754 };
2755
2756 // ==================================================================
2757 // AuthorizationSubject
2758 // ==================================================================
2759 [Association, Description (
2760 "CIM_AuthorizationSubject is an association used to apply "
2761 "authorization decisions to specific subjects (i.e., users). The "
2762 "subjects may be identified directly or they may be aggregated "
2763 "into a collection that may, in turn, use the MemberPrincipal "
2764 "association to provide further indirection in the specification "
2765 "of the subject set." )]
2766 class CIM_AuthorizationSubject : CIM_Dependency
2767 {
2768 [Override ("Antecedent"), Description (
2769 "AccessControlInformation that applies to a subject set.") ]
2770 CIM_AccessControlInformation REF Antecedent;
2771 [Override ("Dependent"), Description (
2772 "The subject set may be specified as a collection or as a set "
2773 karl 1.1 "of associations to ManagedElements that represent users.") ]
2774 CIM_ManagedElement REF Dependent;
2775 };
2776
2777 // ==================================================================
2778 // AuthorizationTarget
2779 // ==================================================================
2780 [Association, Description (
2781 "CIM_AuthorizationTarget is an association used to apply "
2782 "authorization decisions to specific target resources. The "
2783 "target resources may be aggregated into a collection or may be "
2784 "represented as a set of associations to ManagedElements." )]
2785 class CIM_AuthorizationTarget : CIM_Dependency
2786 {
2787 [Override ("Antecedent"), Description (
2788 "AccessControlInformation that applies to the target set.") ]
2789 CIM_AccessControlInformation REF Antecedent;
2790 [Override ("Dependent"), Description (
2791 "The target set of resources may be specified as a collection "
2792 "or as a set of associations to ManagedElements that represent "
2793 "target resources.") ]
2794 karl 1.1 CIM_ManagedElement REF Dependent;
2795 };
2796
2797
2798 // End of file
2799
2800
2801
2802
|