1 karl 1.2 // ===================================================================
2 // Title: User-Security MOF Specification 2.6
3 // Filename: CIM_User26.mof
4 // Version: 2.6.0
5 // Status: Final
6 // Date: 06/04/2002
7 // ===================================================================
8 // Copyright 2000-2002 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 karl 1.2 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party’s
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 karl 1.2 // ===================================================================
44 // Description: These object classes define the user and security
45 // model for CIM and include classes needed to represent
46 // users, groups and organizational entities as well as
47 // security services and authentication/authorization
48 // information.
49 //
50 // The object classes below are listed in an order that
51 // avoids forward references. Required objects, defined
52 // by other working groups, are omitted.
53 // ===================================================================
54 // 14 Mar 2000 - Version 2.3
55 //
56 // 09 Jun 2000 - ERRATA to Version 2.3 creating V2.4
57 // - CR493a, Correction of Antecedent/Dependent references
58 // References are reversed from the original 2.3 model
59 // - CR497: Corrections to antecedent/dependent references
60 // 1. ElementAsUser should run between an ME and a
61 // UsersAccess. Both references are ME in the MOF.
62 // UsersAccess is the Dependent reference.
63 //
64 karl 1.2 // 2. ManagesAccount should subclass from Dependency.
65 //
66 // 3. ServiceUsesSecurityService - antecedent and
67 // dependent are backwards. SecurityService should
68 // be the antecedent and Service the dependent.
69 //
70 // 4. SecurityServiceForSystem - should subclass from
71 // ProvidesServiceToElement.
72 //
73 // 5. UsersCredentials - The antecedent and dependent
74 // references are backwards. The UsersAccess is
75 // dependent on the Credentials - the credentials
76 // are the antecedent.
77 //
78 // 6. The change in UsersCredentials affects
79 // PublicPrivateKeyPair, since it inherits from
80 // UsersCredentials.
81 //
82 // 7. CAHasPublicCertificate - The antecedent and
83 // dependent references are backwards. The CA USES
84 // the public certificate - therefore, it is dependent
85 karl 1.2 // on the certificate.
86 //
87 // 8. AuthenticateForUse - The antecedent and
88 // dependent are backwards. The association "provides
89 // an AuthenticationService with the
90 // AuthenticationRequirement it needs to do its job".
91 // AuthenticationService is Dependent on the
92 // Requirement.
93 //
94 // 9. RequireCredentialsFrom - Antecedent and
95 // dependent are backwards. The requirement is for
96 // a specific credential mgmt service - the service
97 // has no dependencies at all on the requirement.
98 //
99 // 10. AuthenticationTarget - Clarification that the
100 // "target" is dependent on the requirement to protect
101 // it.
102 //
103 // 11. AuthorizedUse - The antecedent and dependent
104 // are backwards since the description says that the
105 // association "provides an AuthorizationService
106 karl 1.2 // with the AccessControlInformation it needs to do
107 // its job". AuthorizationService is Dependent on the
108 // ACI.
109 //
110 // 21 June 2000 - ERRATA to Version 2.3 creating Version 2.4
111 // - CR515: CIM Account keys. CIM_Account currently has two
112 // local keys, Name and UserID.
113 // The intent was to have CreationClassName and Name
114 // as keys where name could be set to a value equal to
115 // the UserID or to some other value, e.g., a DN from
116 // a directory.
117 //
118 // 10 Nov 2000 - Changes to Version 2.4 creating V2.5
119 // - CR544a, Adds classes and properties needed for Network
120 // IPsec submodel.
121 // Classes added are:
122 // CredentialManagementSAP
123 // LocalCredentialManagementService
124 // PublicKeyManagementService
125 // UnsignedPublicKey
126 // NamedSharedIKESecret
127 karl 1.2 // TrustHierarchy
128 // LocallyManagedPublicKey
129 // IKESecretIsNamed
130 // Properties added are:
131 // CertificateAuthority.CADistinguishedName
132 // CertificateAuthority.MaxChainLength
133 // CertificateAuthority.CRLRefreshFrequency
134 // - CR560, ERRATA renames KerberosTicket.Type to
135 // KerberosTicket.TicketType and changes it from an
136 // array to a scalar property
137 //
138 // 23 Jan 2001 - ERRATA to Version 2.5 creating V2.6
139 // - CR591, Corrections to PROPAGATE qualifiers on
140 // Credential Subclasses
141 //
142 // 17 May 2001 - ERRATA to Version 2.5 creating V2.6
143 // - CR606, Corrections to aggregations to add
144 // 'aggregate' qualifier
145 //
146 // 10 March 2001 - Add Version qualifier to all classes (CR746)
147 //
148 karl 1.2 // ===================================================================
149
150 // ===================================================================
151 // === Pragmas ===
152 // ===================================================================
153 #pragma Locale ("en_US")
154
155 // ==================================================================
156 // === Data class definitions ===
157 // ==================================================================
158
159
160 // ==================================================================
161 // Group
162 // ==================================================================
163 [Version ("2.6.0"), Description (
164 "The Group class is used to collect ManagedElements into groups. "
165 "This class is defined so as to incorporate commonly-used LDAP "
166 "attributes to permit implementations to easily derive this "
167 "information from LDAP-accessible directories. This class's "
168 "properties are a subset of a related class, "
169 karl 1.2 "OtherGroupInformation, which defines all the group properties "
170 "and in array form for directory compatibility.") ]
171 class CIM_Group : CIM_Collection {
172 [Key, MaxLen (256), Description (
173 "CreationClassName indicates the name of the class or the "
174 "subclass used in the creation of an instance. When used "
175 "with the other key properties of this class, this property "
176 "allows all instances of this class and its subclasses to "
177 "be uniquely identified.") ]
178 string CreationClassName;
179 [Key, MaxLen (1024), Description (
180 "The Name property defines the label by which the object is "
181 "known. In the case of an LDAP-derived instance, the Name "
182 "property value may be set to the distinguishedName of the "
183 "LDAP-accessed object instance.") ]
184 string Name;
185 [MaxLen (128), Description (
186 "The BusinessCategory property may be used to describe the "
187 "kind of business activity performed by the members of the "
188 "group.") ]
189 string BusinessCategory;
190 karl 1.2 [Required, Description (
191 "A Common Name is a (possibly ambiguous) name by which the "
192 "group is commonly known in some limited scope (such as an "
193 "organization) and conforms to the naming conventions of the "
194 "country or culture with which it is associated.") ]
195 string CommonName;
196 };
197
198 // ==================================================================
199 // OtherGroupInformation
200 // ==================================================================
201 [Version ("2.6.0"), Description (
202 "The OtherGroupInformation class provides additional information "
203 "about an associated Group instance. This class is defined so as "
204 "to incorporate commonly-used LDAP attributes to permit "
205 "implementations to easily derive this information from "
206 "LDAP-accessible directories.") ]
207 class CIM_OtherGroupInformation : CIM_ManagedElement {
208 [Key, MaxLen (256), Description (
209 "CreationClassName indicates the name of the class or the "
210 "subclass used in the creation of an instance. When used "
211 karl 1.2 "with the other key properties of this class, this property "
212 "allows all instances of this class and its subclasses to "
213 "be uniquely identified.") ]
214 string CreationClassName;
215 [Key, MaxLen (1024), Description (
216 "The Name property defines the label by which the object is "
217 "known. In the case of an LDAP-derived instance, the Name "
218 "property value may be set to the distinguishedName of the "
219 "LDAP-accessed object instance.") ]
220 string Name;
221 [Description (
222 "In the case of an LDAP-derived instance, the ObjectClass "
223 "property value(s) may be set to the objectClass attribute "
224 "values.") ]
225 string ObjectClass[];
226 [MaxLen (128), Description (
227 "The BusinessCategory property may be used to describe the "
228 "kind of business activity performed by the members of the "
229 "group.") ]
230 string BusinessCategory[];
231 [Description (
232 karl 1.2 "A Common Name is a (possibly ambiguous) name by which the "
233 "group is commonly known in some limited scope (such as an "
234 "organization) and conforms to the naming conventions of the "
235 "country or culture with which it is associated.") ]
236 string CommonName[];
237 [MaxLen (1024), Description (
238 "The Descriptions property values may contain human-readable "
239 "descriptions of the object. In the case of an LDAP-derived "
240 "instance, the description attribute may have multiple values "
241 "that, therefore, cannot be placed in the inherited "
242 "Description property.") ]
243 string Descriptions[];
244 [Description (
245 "The name of an organization related to the group.") ]
246 string OrganizationName[];
247 [Description (
248 "The name of an organizational unit related to the group.") ]
249 string OU[];
250 [Description (
251 "The Owner property specifies the name of some object that "
252 "has some responsibility for the group. In the case of an "
253 karl 1.2 "LDAP-derived instance, a property value for Owner may be a "
254 "distinguishedName of owning persons, groups, roles, etc.") ]
255 string Owner[];
256 [Description (
257 "In the case of an LDAP-derived instance, the See Also "
258 "property specifies distinguishedName of other Directory "
259 "objects which may be other aspects (in some sense) of the "
260 "same real world object.") ]
261 string SeeAlso[];
262 };
263
264 // ==================================================================
265 // Role
266 // ==================================================================
267 [Version ("2.6.0"), Description (
268 "The Role object class is used to represent a position or set of "
269 "responsibilities within an organization, organizational unit or "
270 "system administration scope and is filled by a person or persons "
271 "(or non-human entities represented by ManagedSystemElement "
272 "subclasses) that may be explicitly or implicitly members of this "
273 "collection subclass. The class is defined so as to incorporate "
274 karl 1.2 "commonly-used LDAP attributes to permit implementations to "
275 "easily derive this information from LDAP-accessible directories. "
276 "The members of a role are frequently called role occupants. "
277 "This class's properties are a subset of a related class, "
278 "OtherRoleInformation, which defines all the group properties "
279 "and in array form for directory compatibility.") ]
280 class CIM_Role : CIM_Collection {
281 [Key, MaxLen (256), Description (
282 "CreationClassName indicates the name of the class or the "
283 "subclass used in the creation of an instance. When used "
284 "with the other key properties of this class, this property "
285 "allows all instances of this class and its subclasses to "
286 "be uniquely identified.") ]
287 string CreationClassName;
288 [Key, MaxLen (1024),Description (
289 "The Name property defines the label by which the object is "
290 "known. In the case of an LDAP-derived instance, the Name "
291 "property value may be set to the distinguishedName of the "
292 "LDAP-accessed object instance.") ]
293 string Name;
294 [MaxLen (128), Description (
295 karl 1.2 "This property may be used to describe the kind of business "
296 "activity performed by the members (role occupants) in the "
297 "position or set of responsibilities represented by the "
298 "Role.") ]
299 string BusinessCategory;
300 [Required, Description (
301 "A Common Name is a (possibly ambiguous) name by which the "
302 "role is commonly known in some limited scope (such as an "
303 "organization) and conforms to the naming conventions of the "
304 "country or culture with which it is associated.") ]
305 string CommonName;
306 };
307
308 // ==================================================================
309 // OtherRoleInformation
310 // ==================================================================
311 [Version ("2.6.0"), Description (
312 "The OtherRoleInformation class is used to provide additional "
313 "information about an associated Role instance. This class is "
314 "defined so as to incorporate commonly-used LDAP attributes to "
315 "permit implementations to easily derive this information from "
316 karl 1.2 "LDAP-accessible directories.") ]
317 class CIM_OtherRoleInformation : CIM_ManagedElement {
318 [Key, MaxLen (256), Description (
319 "CreationClassName indicates the name of the class or the "
320 "subclass used in the creation of an instance. When used "
321 "with the other key properties of this class, this property "
322 "allows all instances of this class and its subclasses to "
323 "be uniquely identified.") ]
324 string CreationClassName;
325 [Key, MaxLen (1024),Description (
326 "The Name property defines the label by which the object is "
327 "known. In the case of an LDAP-derived instance, the Name "
328 "property value may be set to the distinguishedName of the "
329 "LDAP-accessed object instance.") ]
330 string Name;
331 [Description (
332 "In the case of an LDAP-derived instance, the ObjectClass "
333 "property value(s) may be set to the objectClass attribute "
334 "values.") ]
335 string ObjectClass[];
336 [MaxLen (128), Description (
337 karl 1.2 "This property may be used to describe the kind of business "
338 "activity performed by the members (role occupants) in the "
339 "position or set of responsibilities represented by the "
340 "Role.") ]
341 string BusinessCategory[];
342 [Description (
343 "A Common Name is a (possibly ambiguous) name by which the "
344 "role is commonly known in some limited scope (such as an "
345 "organization) and conforms to the naming conventions of the "
346 "country or culture with which it is associated.") ]
347 string CommonName[];
348 [MaxLen (1024), Description (
349 "The Descriptions property values may contain human-readable "
350 "descriptions of the object. In the case of an LDAP-derived "
351 "instance, the description attribute may have multiple values "
352 "that, therefore, cannot be placed in the inherited "
353 "Description property.") ]
354 string Descriptions[];
355 [MaxLen (128), Description (
356 "This property is used for the role occupants' telegram "
357 "service.") ]
358 karl 1.2 string DestinationIndicator[];
359 [Description (
360 "The role occupants' facsimile telephone number.") ]
361 string FacsimileTelephoneNumber[];
362 [MaxLen (16), Description (
363 "The role occupants' International ISDN number.") ]
364 string InternationaliSDNNumber[];
365 [Description (
366 "The name of an organizational unit related to the role.") ]
367 string OU[];
368 [MaxLen (128), Description (
369 "The Physical Delivery Office Name property specifies the name "
370 "of the city, village, etc. where a physical delivery office "
371 "is situated.") ]
372 string PhysicalDeliveryOfficeName[];
373 [Description (
374 "The Postal Address property values specify the address "
375 "information required for the physical delivery of postal "
376 "messages by the postal authority to the role occupants.") ]
377 string PostalAddress[];
378 [MaxLen (40), Description (
379 karl 1.2 "The Postal Code property specifies the postal code for the "
380 "role occupants. If this value is present it will be part of "
381 "the object's postal address.") ]
382 string PostalCode[];
383 [MaxLen (40), Description (
384 "The Post Office Box property specifies the Post Office Box "
385 "by which the role occupants will receive physical postal "
386 "delivery. If present, the property value is part of the "
387 "object's postal address.") ]
388 string PostOfficeBox[];
389 [Description (
390 "The Preferred Delivery Method property specifies the "
391 "role occupants' preferred method to be used for contacting "
392 "them in their role.") ]
393 string PreferredDeliveryMethod;
394 [Description (
395 "This property specifies a postal address suitable for receipt "
396 "of telegrams or expedited documents, where it is necessary to "
397 "have the recipient accept delivery.") ]
398 string RegisteredAddress[];
399 [Description (
400 karl 1.2 "In the case of an LDAP-derived instance, the See Also "
401 "property specifies distinguishedName of other Directory "
402 "objects which may be other aspects (in some sense) of the "
403 "same real world object.") ]
404 string SeeAlso[];
405 [Description (
406 "The State or Province Name property specifies a state or "
407 "province.") ]
408 string StateOrProvince[];
409 [MaxLen (128), Description (
410 "The Street Address property specifies a site for the local "
411 "distribution and physical delivery in a postal address, i.e. "
412 "the street name, place, avenue, and the number.") ]
413 string Street[];
414 [MaxLen (32), Description (
415 "The Telephone Number property specifies a telephone number of "
416 "the role occupants, e.g. + 44 582 10101).") ]
417 string TelephoneNumber[];
418 [Description (
419 "The Teletex Terminal Identifier property specifies the "
420 "Teletex terminal identifier (and, optionally, parameters) for "
421 karl 1.2 "a teletex terminal associated with the role occupants.") ]
422 string TeletexTerminalIdentifier[];
423 [Description (
424 "The Telex Number property specifies the telex number, country "
425 "code, and answerback code of a telex terminal for the "
426 "role occupants.") ]
427 string TelexNumber[];
428 [MaxLen (15), Description (
429 "An X.121 address for the role occupants.") ]
430 string X121Address[];
431 };
432
433 // ==================================================================
434 // OrganizationalEntity
435 // ==================================================================
436 [Abstract, Version ("2.6.0"), Description (
437 "OrganizationalEntity is an abstract class from which classes "
438 "that fit into an organizational structure are derived.") ]
439 class CIM_OrganizationalEntity : CIM_ManagedElement {
440 };
441
442 karl 1.2 // ==================================================================
443 // Organization
444 // ==================================================================
445 [Version ("2.6.0"), Description (
446 "The Organization class is used to represent an organization such "
447 "as a corporation or other autonomous entity. The class is "
448 "defined so as to incorporate commonly-used LDAP attributes to "
449 "permit implementations to easily derive this information from "
450 "LDAP-accessible directories. This class's properties are a "
451 "subset of a related class, OtherOrganizationInformation, which "
452 "defines all the group properties and in array form for "
453 "directory compatibility.") ]
454 class CIM_Organization : CIM_OrganizationalEntity {
455 [Key, MaxLen (256), Description (
456 "CreationClassName indicates the name of the class or the "
457 "subclass used in the creation of an instance. When used "
458 "with the other key properties of this class, this property "
459 "allows all instances of this class and its subclasses to "
460 "be uniquely identified.") ]
461 string CreationClassName;
462 [Key, MaxLen (1024),Description (
463 karl 1.2 "The Name property defines the label by which the object is "
464 "known. In the case of an LDAP-derived instance, the Name "
465 "property value may be set to the distinguishedName of the "
466 "LDAP-accessed object instance.") ]
467 string Name;
468 [MaxLen (128), Description (
469 "This property describes the kind of business performed by an "
470 "organization.") ]
471 string BusinessCategory;
472 [Description (
473 "The organization's facsimile telephone number.") ]
474 string FacsimileTelephoneNumber;
475 [Description (
476 "This property contains the name of a locality, such as a "
477 "city, county or other geographic region.") ]
478 string LocalityName;
479 [Description (
480 "Based on RFC1274, the mail box addresses for the organization "
481 "as defined in RFC822.") ]
482 string Mail;
483 [Required, Description (
484 karl 1.2 "The name of the organization.") ]
485 string OrganizationName;
486 [Description (
487 "The Postal Address property values specify the address "
488 "information required for the physical delivery of postal "
489 "messages by the postal authority to the organization.") ]
490 string PostalAddress[];
491 [MaxLen (40), Description (
492 "The Postal Code property specifies the postal code of the "
493 "organization. If this value is present it will be part of "
494 "the object's postal address.") ]
495 string PostalCode;
496 [Description (
497 "The State or Province Name property specifies a state or "
498 "province.") ]
499 string StateOrProvince;
500 [MaxLen (32), Description (
501 "The Telephone Number property specifies a telephone number of "
502 "the organization, e.g. + 44 582 10101).") ]
503 string TelephoneNumber;
504 };
505 karl 1.2
506 // ==================================================================
507 // OtherOrganizationInformation
508 // ==================================================================
509 [Version ("2.6.0"), Description (
510 "The OtherOrganizationInformation class is used to provide "
511 "additional information about an associated Organization instance. "
512 "This class is defined so as to incorporate commonly-used LDAP "
513 "attributes to permit implementations to easily derive this "
514 "information from LDAP-accessible directories.") ]
515 class CIM_OtherOrganizationInformation : CIM_ManagedElement {
516 [Key, MaxLen (256), Description (
517 "CreationClassName indicates the name of the class or the "
518 "subclass used in the creation of an instance. When used "
519 "with the other key properties of this class, this property "
520 "allows all instances of this class and its subclasses to "
521 "be uniquely identified.") ]
522 string CreationClassName;
523 [Key, MaxLen (1024),Description (
524 "The Name property defines the label by which the object is "
525 "known. In the case of an LDAP-derived instance, the Name "
526 karl 1.2 "property value may be set to the distinguishedName of the "
527 "LDAP-accessed object instance.") ]
528 string Name;
529 [Description (
530 "In the case of an LDAP-derived instance, the ObjectClass "
531 "property value(s) may be set to the objectClass attribute "
532 "values.") ]
533 string ObjectClass[];
534 [MaxLen (128), Description (
535 "This property describes the kind of business performed by an "
536 "organization.") ]
537 string BusinessCategory[];
538 [MaxLen (1024), Description (
539 "The Descriptions property values may contain human-readable "
540 "descriptions of the object. In the case of an LDAP-derived "
541 "instance, the description attribute may have multiple values "
542 "that, therefore, cannot be placed in the inherited "
543 "Description property.") ]
544 string Descriptions[];
545 [MaxLen (128), Description (
546 "This property is used for the organization's telegram "
547 karl 1.2 "service.") ]
548 string DestinationIndicator[];
549 [Description (
550 "The organization's facsimile telephone number.") ]
551 string FacsimileTelephoneNumber[];
552 [MaxLen (16), Description (
553 "The organization's International ISDN number.") ]
554 string InternationaliSDNNumber[];
555 [Description (
556 "Uniform Resource Identifier with optional label as defined in "
557 "RFC2079.") ]
558 string LabeledURI[];
559 [Description (
560 "This property contains the name of a locality, such as a "
561 "city, county or other geographic region.") ]
562 string LocalityName[];
563 [Description (
564 "Based on RFC1274, the mail box addresses for the organization "
565 "as defined in RFC822.") ]
566 string Mail[];
567 [Description (
568 karl 1.2 "The manager for the organization. In the case of an "
569 "LDAP-derived instance, the Manager property value may contain "
570 "the distinguishedName of the Manager.") ]
571 string Manager[];
572 [Description (
573 "The name of the organization.") ]
574 string OrganizationName[];
575 [Description (
576 "Based on RFC1274, this property may be used for electronic "
577 "mail box addresses other than RFC822 and X.400.") ]
578 string OtherMailbox[];
579 [MaxLen (128), Description (
580 "The Physical Delivery Office Name property specifies the name "
581 "of the city, village, etc. where a physical delivery office "
582 "is situated.") ]
583 string PhysicalDeliveryOfficeName[];
584 [Description (
585 "The Postal Address property values specify the address "
586 "information required for the physical delivery of postal "
587 "messages by the postal authority to the organization.") ]
588 string PostalAddress[];
589 karl 1.2 [MaxLen (40), Description (
590 "The Postal Code property specifies the postal code of the "
591 "organization. If this value is present it will be part of "
592 "the object's postal address.") ]
593 string PostalCode[];
594 [MaxLen (40), Description (
595 "The Post Office Box property specifies the Post Office Box "
596 "by which the organization will receive physical postal "
597 "delivery. If present, the property value is part of the "
598 "object's postal address.") ]
599 string PostOfficeBox[];
600 [Description (
601 "The Preferred Delivery Method property specifies the "
602 "organization's preferred method to be used for communicating "
603 "with it.") ]
604 string PreferredDeliveryMethod;
605 [Description (
606 "This property specifies a postal address suitable for receipt "
607 "of telegrams or expedited documents, where it is necessary to "
608 "have the recipient accept delivery.") ]
609 string RegisteredAddress[];
610 karl 1.2 [Description (
611 "This property value is for use by X.500 clients in "
612 "constructing search filters.") ]
613 string SearchGuide[];
614 [Description (
615 "In the case of an LDAP-derived instance, the See Also "
616 "property specifies distinguishedName of other Directory "
617 "objects which may be other aspects (in some sense) of the "
618 "same real world object.") ]
619 string SeeAlso[];
620 [Description (
621 "The State or Province Name property specifies a state or "
622 "province.") ]
623 string StateOrProvince[];
624 [MaxLen (128), Description (
625 "The Street Address property specifies a site for the local "
626 "distribution and physical delivery in a postal address, i.e. "
627 "the street name, place, avenue, and the number.") ]
628 string Street[];
629 [MaxLen (32), Description (
630 "The Telephone Number property specifies a telephone number of "
631 karl 1.2 "the organization, e.g. + 44 582 10101).") ]
632 string TelephoneNumber[];
633 [Description (
634 "The Teletex Terminal Identifier property specifies the "
635 "Teletex terminal identifier (and, optionally, parameters) for "
636 "a teletex terminal associated with the organization.") ]
637 string TeletexTerminalIdentifier[];
638 [Description (
639 "The Telex Number property specifies the telex number, country "
640 "code, and answerback code of a telex terminal for the "
641 "organization.") ]
642 string TelexNumber[];
643 [Octetstring, Description (
644 "An image of the organization logo.") ]
645 string ThumbnailLogo[];
646 [Description (
647 "A unique identifier that may be assigned in an environment to "
648 "differentiate between uses of a given named organization "
649 "instance.") ]
650 string UniqueIdentifier[];
651 [Octetstring, Description (
652 karl 1.2 "In the case of an LDAP-derived instance, the UserPassword "
653 "property may contain an encrypted password used to access "
654 "the organization's resources in a directory.") ]
655 string UserPassword[];
656 [MaxLen (15), Description (
657 "An X.121 address for the organization.") ]
658 string X121Address[];
659 };
660
661 // ==================================================================
662 // OrgUnit
663 // ==================================================================
664 [Version ("2.6.0"), Description (
665 "The OrgUnit class is used to represent a sub-unit of an "
666 "organization such a division or department. The class is "
667 "defined so as to incorporate commonly-used LDAP attributes to "
668 "permit implementations to easily derive this information from "
669 "LDAP-accessible directories. This class's properties are a "
670 "subset of a related class, OtherOrgUnitInformation, which "
671 "defines all the group properties and in array form for "
672 "directory compatibility.") ]
673 karl 1.2 class CIM_OrgUnit : CIM_OrganizationalEntity {
674 [Key, MaxLen (256), Description (
675 "CreationClassName indicates the name of the class or the "
676 "subclass used in the creation of an instance. When used "
677 "with the other key properties of this class, this property "
678 "allows all instances of this class and its subclasses to "
679 "be uniquely identified.") ]
680 string CreationClassName;
681 [Key, MaxLen (1024),Description (
682 "The Name property defines the label by which the object is "
683 "known. In the case of an LDAP-derived instance, the Name "
684 "property value may be set to the distinguishedName of the "
685 "LDAP-accessed object instance.") ]
686 string Name;
687 [MaxLen (128), Description (
688 "This property describes the kind of business performed by an "
689 "organizational unit.") ]
690 string BusinessCategory;
691 [Description (
692 "The organizational unit's facsimile telephone number.") ]
693 string FacsimileTelephoneNumber;
694 karl 1.2 [Description (
695 "This property contains the name of a locality, such as a "
696 "city, county or other geographic region.") ]
697 string LocalityName;
698 [Required, Description (
699 "The name of the organizational unit.") ]
700 string OU;
701 [Description (
702 "The Postal Address property values specify the address "
703 "information required for the physical delivery of postal "
704 "messages by the postal authority to the organizational "
705 "unit.") ]
706 string PostalAddress[];
707 [MaxLen (40), Description (
708 "The Postal Code property specifies the postal code of the "
709 "organizational unit. If this value is present it will be "
710 "part of the object's postal address.") ]
711 string PostalCode;
712 [Description (
713 "The State or Province Name property specifies a state or "
714 "province.") ]
715 karl 1.2 string StateOrProvince;
716 [MaxLen (32), Description (
717 "The Telephone Number property specifies a telephone number of "
718 "the organizational unit, e.g. + 44 582 10101).") ]
719 string TelephoneNumber;
720 };
721
722 // ==================================================================
723 // OtherOrgUnitInformation
724 // ==================================================================
725 [Version ("2.6.0"), Description (
726 "The OtherOrgUnitInformation class is used to provide "
727 "additional information about an associated OrgUnit instance. "
728 "This class is defined so as to incorporate commonly-used LDAP "
729 "attributes to permit implementations to easily derive this "
730 "information from LDAP-accessible directories.") ]
731 class CIM_OtherOrgUnitInformation : CIM_ManagedElement {
732 [Key, MaxLen (256), Description (
733 "CreationClassName indicates the name of the class or the "
734 "subclass used in the creation of an instance. When used "
735 "with the other key properties of this class, this property "
736 karl 1.2 "allows all instances of this class and its subclasses to "
737 "be uniquely identified.") ]
738 string CreationClassName;
739 [Key, MaxLen (1024),Description (
740 "The Name property defines the label by which the object is "
741 "known. In the case of an LDAP-derived instance, the Name "
742 "property value may be set to the distinguishedName of the "
743 "LDAP-accessed object instance.") ]
744 string Name;
745 [Description (
746 "In the case of an LDAP-derived instance, the ObjectClass "
747 "property value(s) may be set to the objectClass attribute "
748 "values.") ]
749 string ObjectClass[];
750 [MaxLen (128), Description (
751 "This property describes the kind of business performed by an "
752 "organizational unit.") ]
753 string BusinessCategory[];
754 [MaxLen (1024), Description (
755 "The Descriptions property values may contain human-readable "
756 "descriptions of the object. In the case of an LDAP-derived "
757 karl 1.2 "instance, the description attribute may have multiple values "
758 "that, therefore, cannot be placed in the inherited "
759 "Description property.") ]
760 string Descriptions[];
761 [MaxLen (128), Description (
762 "This property is used for the organizational unit's telegram "
763 "service.") ]
764 string DestinationIndicator[];
765 [Description (
766 "The organizational unit's facsimile telephone number.") ]
767 string FacsimileTelephoneNumber[];
768 [MaxLen (16), Description (
769 "The organizational unit's International ISDN number.") ]
770 string InternationaliSDNNumber[];
771 [Description (
772 "This property contains the name of a locality, such as a "
773 "city, county or other geographic region.") ]
774 string LocalityName[];
775 [Description (
776 "The name of the organizational unit.") ]
777 string OU[];
778 karl 1.2 [MaxLen (128), Description (
779 "The Physical Delivery Office Name property specifies the name "
780 "of the city, village, etc. where a physical delivery office "
781 "is situated.") ]
782 string PhysicalDeliveryOfficeName[];
783 [Description (
784 "The Postal Address property values specify the address "
785 "information required for the physical delivery of postal "
786 "messages by the postal authority to the organizational "
787 "unit.") ]
788 string PostalAddress[];
789 [MaxLen (40), Description (
790 "The Postal Code property specifies the postal code of the "
791 "organizational unit. If this value is present it will be "
792 "part of the object's postal address.") ]
793 string PostalCode[];
794 [MaxLen (40), Description (
795 "The Post Office Box property specifies the Post Office Box "
796 "by which the organizational unit will receive physical "
797 "postal delivery. If present, the property value is part of "
798 "the object's postal address.") ]
799 karl 1.2 string PostOfficeBox[];
800 [Description (
801 "The Preferred Delivery Method property specifies the "
802 "organizational unit's preferred method to be used for "
803 "communicating with it.") ]
804 string PreferredDeliveryMethod;
805 [Description (
806 "This property value is for use by X.500 clients in "
807 "constructing search filters.") ]
808 string SearchGuide[];
809 [Description (
810 "In the case of an LDAP-derived instance, the See Also "
811 "property specifies distinguishedName of other Directory "
812 "objects which may be other aspects (in some sense) of the "
813 "same real world object.") ]
814 string SeeAlso[];
815 [Description (
816 "The State or Province Name property specifies a state or "
817 "province.") ]
818 string StateOrProvince[];
819 [MaxLen (128), Description (
820 karl 1.2 "The Street Address property specifies a site for the local "
821 "distribution and physical delivery in a postal address, i.e. "
822 "the street name, place, avenue, and the number.") ]
823 string Street[];
824 [MaxLen (32), Description (
825 "The Telephone Number property specifies a telephone number of "
826 "the organizational unit, e.g. + 44 582 10101).") ]
827 string TelephoneNumber[];
828 [Description (
829 "The Teletex Terminal Identifier property specifies the "
830 "Teletex terminal identifier (and, optionally, parameters) for "
831 "a teletex terminal associated with the organizational "
832 "unit.") ]
833 string TeletexTerminalIdentifier[];
834 [Description (
835 "The Telex Number property specifies the telex number, country "
836 "code, and answerback code of a telex terminal for the "
837 "organization.") ]
838 string TelexNumber[];
839 [Octetstring, Description (
840 "In the case of an LDAP-derived instance, the UserPassword "
841 karl 1.2 "property may contain an encrypted password used to access "
842 "the organizational unit's resources in a directory.") ]
843 string UserPassword[];
844 [MaxLen (15), Description (
845 "An X.121 address for the organization.") ]
846 string X121Address[];
847 };
848
849 // ==================================================================
850 // UserEntity
851 // ==================================================================
852 [Abstract, Version ("2.6.0"), Description (
853 "UserEntity is an abstract class that represents users.") ]
854 class CIM_UserEntity : CIM_OrganizationalEntity {
855 };
856
857 // ==================================================================
858 // Person
859 // ==================================================================
860 [Version ("2.6.0"), Description (
861 "The Person object class is used to represent people. The class "
862 karl 1.2 "is defined so as to incorporate commonly-used LDAP attributes to "
863 "permit implementations to easily derive this information from "
864 "LDAP-accessible directories. This class's properties are a "
865 "subset of a related class, OtherPersonInformation, which "
866 "defines all the group properties and in array form for "
867 "directory compatibility.") ]
868 class CIM_Person : CIM_UserEntity {
869 [Key, MaxLen (256), Description (
870 "CreationClassName indicates the name of the class or the "
871 "subclass used in the creation of an instance. When used "
872 "with the other key properties of this class, this property "
873 "allows all instances of this class and its subclasses to "
874 "be uniquely identified.") ]
875 string CreationClassName;
876 [Key, MaxLen (1024),Description (
877 "The Name property defines the label by which the object is "
878 "known. In the case of an LDAP-derived instance, the Name "
879 "property value may be set to the distinguishedName of the "
880 "LDAP-accessed object instance.") ]
881 string Name;
882 [MaxLen (128), Description (
883 karl 1.2 "This property describes the kind of business performed by an "
884 "organization.") ]
885 string BusinessCategory;
886 [Required, Description (
887 "A Common Name is a (possibly ambiguous) name by which the "
888 "role is commonly known in some limited scope (such as an "
889 "organization) and conforms to the naming conventions of the "
890 "country or culture with which it is associated.") ]
891 string CommonName;
892 [Description (
893 "Based on inetOrgPerson, the Employee Number property "
894 "specifies a numeric or an alphanumeric identifier assigned to "
895 "a person.") ]
896 string EmployeeNumber;
897 [Description (
898 "Based on inetOrgPerson, the Employee Type property is used to "
899 "identify the employer to employee relationship. Typical "
900 "values used may include 'Contractor', 'Employee', 'Intern', "
901 "'Temp', 'External', and 'Unknown' but any value may be "
902 "used.") ]
903 string EmployeeType;
904 karl 1.2 [Description (
905 "The person's facsimile telephone number.") ]
906 string FacsimileTelephoneNumber;
907 [MaxLen (32), Description (
908 "Based on RFC1274, the Home Phone property specifies a home "
909 "telephone number for the person, e.g. + 44 582 10101).") ]
910 string HomePhone;
911 [Description (
912 "The Home Postal Address property values specify the home "
913 "address information required for the physical delivery of "
914 "postal messages by the postal authority.") ]
915 string HomePostalAddress[];
916 [Description (
917 "From inetOrgPerson, the JPEG Phto property values may be used "
918 "for one or more images of a person using the JPEG File "
919 "Interchange Format.") ]
920 string JPEGPhoto;
921 [Description (
922 "This property contains the name of a locality, such as a "
923 "city, county or other geographic region.") ]
924 string LocalityName;
925 karl 1.2 [Description (
926 "Based on RFC1274, the mail box addresses for the person "
927 "as defined in RFC822.") ]
928 string Mail;
929 [Description (
930 "The person's manager within the organization. In the case of "
931 "an LDAP-derived instance, the Manager property value may "
932 "contain the distinguishedName of the Manager.") ]
933 string Manager;
934 [MaxLen (32), Description (
935 "Based on RFC1274, the Mobile Phone property specifies a "
936 "mobile telephone number for the person, e.g. + 44 582 10101).") ]
937 string Mobile;
938 [Description (
939 "The name of an organizational unit related to the person.") ]
940 string OU;
941 [MaxLen (32), Description (
942 "Based on RFC1274, the Pager property specifies a pager "
943 "telephone number for the person, e.g. + 44 582 10101).") ]
944 string Pager;
945 [Description (
946 karl 1.2 "The Postal Address property values specify the address "
947 "information required for the physical delivery of postal "
948 "messages by the postal authority to the person.") ]
949 string PostalAddress[];
950 [MaxLen (40), Description (
951 "The Postal Code property specifies the postal code of the "
952 "organization. If this value is present it will be part of "
953 "the object's postal address.") ]
954 string PostalCode;
955 [Description (
956 "Based on inetOrgPerson, the person's preferred written or "
957 "spoken language.") ]
958 string PreferredLanguage;
959 [Description (
960 "Based on RFC1274, the Secretary property may be used to "
961 "specify a secretary for the person. In the case of an "
962 "LDAP-derived object instance, the value may be a "
963 "distinguishedName.") ]
964 string Secretary;
965 [Description (
966 "The State or Province Name property specifies a state or "
967 karl 1.2 "province.") ]
968 string StateOrProvince;
969 [Required, Description (
970 "The Surname property specifies the linguistic construct that "
971 "normally is inherited by an individual from the individual's "
972 "parent or assumed by marriage, and by which the individual is "
973 "commonly known.") ]
974 string Surname;
975 [MaxLen (32), Description (
976 "The Telephone Number property specifies a telephone number of "
977 "the organization, e.g. + 44 582 10101).") ]
978 string TelephoneNumber;
979 [Description (
980 "The Title property may be used to specify the person's "
981 "designated position or function of the object within an "
982 "organization, e.g., Manager, Vice-President, etc.") ]
983 string Title;
984 };
985
986 // ==================================================================
987 // OtherPersonInformation
988 karl 1.2 // ==================================================================
989 [Version ("2.6.0"), Description (
990 "The OtherPersonInformation class is used to provide "
991 "additional information about an associated Person instance. "
992 "This class is defined so as to incorporate commonly-used LDAP "
993 "attributes to permit implementations to easily derive this "
994 "information from LDAP-accessible directories.") ]
995 class CIM_OtherPersonInformation : CIM_UserEntity {
996 [Key, MaxLen (256), Description (
997 "CreationClassName indicates the name of the class or the "
998 "subclass used in the creation of an instance. When used "
999 "with the other key properties of this class, this property "
1000 "allows all instances of this class and its subclasses to "
1001 "be uniquely identified.") ]
1002 string CreationClassName;
1003 [Key, MaxLen (1024), Description (
1004 "The Name property defines the label by which the object is "
1005 "known. In the case of an LDAP-derived instance, the Name "
1006 "property value may be set to the distinguishedName of the "
1007 "LDAP-accessed object instance.") ]
1008 string Name;
1009 karl 1.2 [Description (
1010 "In the case of an LDAP-derived instance, the ObjectClass "
1011 "property value(s) may be set to the objectClass attribute "
1012 "values.") ]
1013 string ObjectClass[];
1014 [Octetstring, Description (
1015 "The Audio property may be used to store an audio clip of the "
1016 "person.") ]
1017 string Audio[];
1018 [MaxLen (128), Description (
1019 "This property describes the kind of business performed by an "
1020 "organization.") ]
1021 string BusinessCategory[];
1022 [MaxLen (128), Description (
1023 "The Car License property is used to record the values of the "
1024 "vehicle license or registration plate associated with an "
1025 "individual.") ]
1026 string CarLicense[];
1027 [Description (
1028 "A Common Name is a (possibly ambiguous) name by which the "
1029 "role is commonly known in some limited scope (such as an "
1030 karl 1.2 "organization) and conforms to the naming conventions of the "
1031 "country or culture with which it is associated.") ]
1032 string CommonName[];
1033 [Description (
1034 "The Country Name property specifies a country as defined in "
1035 "ISO 3166.") ]
1036 string CountryName[];
1037 [Description (
1038 "Based on inetOrgPerson, the Department Number is a code for "
1039 "department to which a person belongs. This can be strictly "
1040 "numeric (e.g., 1234) or alphanumeric (e.g., ABC/123).") ]
1041 string DepartmentNumber[];
1042 [MaxLen (1024), Description (
1043 "The Descriptions property values may contain human-readable "
1044 "descriptions of the object. In the case of an LDAP-derived "
1045 "instance, the description attribute may have multiple values "
1046 "that, therefore, cannot be placed in the inherited "
1047 "Description property.") ]
1048 string Descriptions[];
1049 [MaxLen (128), Description (
1050 "This property is used for the organization's telegram "
1051 karl 1.2 "service.") ]
1052 string DestinationIndicator[];
1053 [Description (
1054 "Based on inetOrgPerson, the Display Name property values are "
1055 "used when displaying an entry.") ]
1056 string DisplayName[];
1057 [Description (
1058 "Based on inetOrgPerson, the Employee Number property "
1059 "specifies a numeric or an alphanumeric identifier assigned to "
1060 "a person.") ]
1061 string EmployeeNumber;
1062 [Description (
1063 "Based on inetOrgPerson, the Employee Type property is used to "
1064 "identify the employer to employee relationship. Typical "
1065 "values used may include 'Contractor', 'Employee', 'Intern', "
1066 "'Temp', 'External', and 'Unknown' but any value may be "
1067 "used.") ]
1068 string EmployeeType[];
1069 [Description (
1070 "The person's facsimile telephone number.") ]
1071 string FacsimileTelephoneNumber[];
1072 karl 1.2 [Description (
1073 "Based on liPerson, the GenerationQualifier property specifies "
1074 "a name qualifier that represents the person's generation "
1075 "(e.g., JR., III, etc.).") ]
1076 string GenerationQualifier[];
1077 [Description (
1078 "The Given Name property is used for the part of a person's "
1079 "name that is not their surname nor their middle name.") ]
1080 string GivenName[];
1081 [Description (
1082 "Based on liPerson, the Home Fax property specifies the "
1083 "person's facsimile telephone number at home.") ]
1084 string HomeFax[];
1085 [MaxLen (32), Description (
1086 "Based on RFC1274, the Home Phone property specifies a home "
1087 "telephone number for the person, e.g. + 44 582 10101).") ]
1088 string HomePhone[];
1089 [Description (
1090 "The Home Postal Address property values specify the home "
1091 "address information required for the physical delivery of "
1092 "postal messages by the postal authority.") ]
1093 karl 1.2 string HomePostalAddress[];
1094 [Description (
1095 "Based on inetOrgPerson, the Initials property specifies the "
1096 "first letters of the person's name, typically the property "
1097 "values will exclude the first letter of the surname.") ]
1098 string Initials[];
1099 [MaxLen (16), Description (
1100 "The person's International ISDN number.") ]
1101 string InternationaliSDNNumber[];
1102 [Description (
1103 "From inetOrgPerson, the JPEG Phto property values may be used "
1104 "for one or more images of a person using the JPEG File "
1105 "Interchange Format.") ]
1106 string JPEGPhoto[];
1107 [Description (
1108 "Uniform Resource Identifier with optional label as defined in "
1109 "RFC2079.") ]
1110 string LabeledURI[];
1111 [Description (
1112 "This property contains the name of a locality, such as a "
1113 "city, county or other geographic region.") ]
1114 karl 1.2 string LocalityName[];
1115 [Description (
1116 "Based on RFC1274, the mail box addresses for the person "
1117 "as defined in RFC822.") ]
1118 string Mail[];
1119 [Description (
1120 "The person's manager within the organization. In the case of "
1121 "an LDAP-derived instance, the Manager property value may "
1122 "contain the distinguishedName of the Manager.") ]
1123 string Manager[];
1124 [Description (
1125 "Based on liPerson, the middle name of the person.") ]
1126 string MiddleName[];
1127 [MaxLen (32), Description (
1128 "Based on RFC1274, the Mobile Phone property specifies a "
1129 "mobile telephone number for the person, e.g. + 44 582 10101).") ]
1130 string Mobile[];
1131 [Required, Description (
1132 "The name of the person's organization.") ]
1133 string OrganizationName[];
1134 [Description (
1135 karl 1.2 "Based on RFC1274, the OrganizationalStatus property specifies "
1136 "a category by which a person is often referred to within an "
1137 "organization. Examples of usage in academia might include "
1138 "undergraduate student, researcher, lecturer, etc.") ]
1139 string OrganizationalStatus[];
1140 [Description (
1141 "Based on RFC1274, this property may be used for electronic "
1142 "mail box addresses other than RFC822 and X.400.") ]
1143 string OtherMailbox[];
1144 [Description (
1145 "The name of an organizational unit related to the person.") ]
1146 string OU[];
1147 [MaxLen (32), Description (
1148 "Based on RFC1274, the Pager property specifies a pager "
1149 "telephone number for the person, e.g. + 44 582 10101).") ]
1150 string Pager[];
1151 [Description (
1152 "Based on liPerson, the PersonalTitle property may be used to "
1153 "specify the person's personal title such as Mr., Ms., Dr., "
1154 "Prof. etc.") ]
1155 string PersonalTitle[];
1156 karl 1.2 [Octetstring, Description (
1157 "Based on RFC1274, the Photo property may be used to specify a "
1158 "photograph for the person encoded in G3 fax as explained in "
1159 "recommendation T.4, with an ASN.1 wrapper to make it "
1160 "compatible with an X.400 BodyPart as defined in X.420.") ]
1161 string Photo[];
1162 [MaxLen (128), Description (
1163 "The Physical Delivery Office Name property specifies the name "
1164 "of the city, village, etc. where a physical delivery office "
1165 "is situated.") ]
1166 string PhysicalDeliveryOfficeName[];
1167 [Description (
1168 "The Postal Address property values specify the address "
1169 "information required for the physical delivery of postal "
1170 "messages by the postal authority to the person.") ]
1171 string PostalAddress[];
1172 [MaxLen (40), Description (
1173 "The Postal Code property specifies the postal code of the "
1174 "organization. If this value is present it will be part of "
1175 "the object's postal address.") ]
1176 string PostalCode[];
1177 karl 1.2 [MaxLen (40), Description (
1178 "The Post Office Box property specifies the Post Office Box "
1179 "by which the person will receive physical postal delivery. "
1180 "If present, the property value is part of the object's postal "
1181 "address.") ]
1182 string PostOfficeBox[];
1183 [Description (
1184 "The Preferred Delivery Method property specifies the "
1185 "preferred method to be used for contacting the person.") ]
1186 string PreferredDeliveryMethod;
1187 [Description (
1188 "Based on inetOrgPerson, the person's preferred written or "
1189 "spoken language.") ]
1190 string PreferredLanguage;
1191 [Description (
1192 "This property specifies a postal address suitable for receipt "
1193 "of telegrams or expedited documents, where it is necessary to "
1194 "have the recipient accept delivery.") ]
1195 string RegisteredAddress[];
1196 [Description (
1197 "Based on RFC1274, the Room Number property specifies the room "
1198 karl 1.2 "number for the person.") ]
1199 string RoomNumber[];
1200 [Description (
1201 "Based on RFC1274, the Secretary property may be used to "
1202 "specify a secretary for the person. In the case of an "
1203 "LDAP-derived object instance, the value may be a "
1204 "distinguishedName.") ]
1205 string Secretary[];
1206 [Description (
1207 "In the case of an LDAP-derived instance, the See Also "
1208 "property specifies distinguishedName of other Directory "
1209 "objects which may be other aspects (in some sense) of the "
1210 "same real world object.") ]
1211 string SeeAlso[];
1212 [Description (
1213 "The State or Province Name property specifies a state or "
1214 "province.") ]
1215 string StateOrProvince[];
1216 [MaxLen (128), Description (
1217 "The Street Address property specifies a site for the local "
1218 "distribution and physical delivery in a postal address, i.e. "
1219 karl 1.2 "the street name, place, avenue, and the number.") ]
1220 string Street[];
1221 [Description (
1222 "The Surname property specifies the linguistic construct that "
1223 "normally is inherited by an individual from the individual's "
1224 "parent or assumed by marriage, and by which the individual is "
1225 "commonly known.") ]
1226 string Surname[];
1227 [MaxLen (32), Description (
1228 "The Telephone Number property specifies a telephone number of "
1229 "the organization, e.g. + 44 582 10101).") ]
1230 string TelephoneNumber[];
1231 [Description (
1232 "The Teletex Terminal Identifier property specifies the "
1233 "Teletex terminal identifier (and, optionally, parameters) for "
1234 "a teletex terminal associated with the organization.") ]
1235 string TeletexTerminalIdentifier[];
1236 [Description (
1237 "The Telex Number property specifies the telex number, country "
1238 "code, and answerback code of a telex terminal for the "
1239 "organization.") ]
1240 karl 1.2 string TelexNumber[];
1241 [Octetstring, Description (
1242 "A small image of the person's organization logo.") ]
1243 string ThumbnailLogo[];
1244 [Octetstring, Description (
1245 "A small image of the person.") ]
1246 string ThumbnailPhoto[];
1247 [Description (
1248 "The Title property may be used to specify the person's "
1249 "designated position or function of the object within an "
1250 "organization, e.g., Manager, Vice-President, etc.") ]
1251 string Title[];
1252 [Description (
1253 "Based on RFC1274, the UserID property may be used to specify "
1254 "a computer system login name.") ]
1255 string UserID[];
1256 [Description (
1257 "A unique identifier that may be assigned in an environment to "
1258 "differentiate between uses of a given named person instance.") ]
1259 string UniqueIdentifier[];
1260 [Octetstring, Description (
1261 karl 1.2 "Based on inetOrgPerson and for directory compatibility, the "
1262 "User Certificate property may be used to specify a public key "
1263 "certificate for the person.") ]
1264 string UserCertificate[];
1265 [Octetstring, Description (
1266 "In the case of an LDAP-derived instance, the UserPassword "
1267 "property may contain an encrypted password used to access "
1268 "the person's resources in a directory.") ]
1269 string UserPassword[];
1270 [Octetstring, Description (
1271 "Based on inetOrgPerson and for directory compatibility, the "
1272 "UserPKCS12 property value may be used to provide a format "
1273 "for exchange of personal identity information. The property "
1274 "values are PFX PDUs stored as Octetstrings.") ]
1275 string UserPKCS12[];
1276 [Octetstring, Description (
1277 "Based on inetOrgPerson, the User S/MIME Certificate property "
1278 "may be used to specify the person's an S/MIME (RFC1847) "
1279 "signed message with a zero-length body. It contains the "
1280 "entire certificate chain and the signed attribute that "
1281 "describes their algorithm capabilities. If available, this "
1282 karl 1.2 "property is preferred over the UserCertificate property for "
1283 "S/MIME applications.") ]
1284 string UserSMIMECertificate[];
1285 [MaxLen (15), Description (
1286 "An X.121 address for the organization.") ]
1287 string X121Address[];
1288 [Octetstring, Description (
1289 "An X.500 specified unique identifier that may be assigned in "
1290 "an environment to differentiate between uses of a given named "
1291 "person object instance.") ]
1292 string X500UniqueIdentifier[];
1293 };
1294
1295 // ==================================================================
1296 // UsersAccess
1297 // ==================================================================
1298 [Version ("2.6.0"), Description (
1299 "The UsersAccess object class is used to specify a system user "
1300 "that permitted access to system resources. The ManagedElement "
1301 "that has access to system resources (represented in the model in "
1302 "the ElementAsUser association) may be a person, a service, a "
1303 karl 1.2 "service access point or any collection thereof. Whereas the "
1304 "Account class represents the user's relationship to a system "
1305 "from the perspective of the security services of the system, the "
1306 "UserAccess class represents the relationships to the systems "
1307 "independent of a particular system or service.") ]
1308 class CIM_UsersAccess : CIM_UserEntity {
1309 [Key, MaxLen (256), Description (
1310 "CreationClassName indicates the name of the class or the "
1311 "subclass used in the creation of an instance. When used "
1312 "with the other key properties of this class, this property "
1313 "allows all instances of this class and its subclasses to "
1314 "be uniquely identified.") ]
1315 string CreationClassName;
1316 [Key, MaxLen (256), Description (
1317 "The Name property defines the label by which the object is "
1318 "known.") ]
1319 string Name;
1320 [Key, Description (
1321 "The ElementID property uniquely specifies the ManagedElement "
1322 "object instance that is the user represented by the "
1323 "UsersAccess object instance. The ElementID is formatted "
1324 karl 1.2 "similarly to a model path except that the property-value "
1325 "pairs are ordered in alphabetical order (US ASCII lexical "
1326 "order).") ]
1327 string ElementID;
1328 [Description (
1329 "Biometric information used to identify a person. The "
1330 "property value is left null or set to 'N/A' for non-human "
1331 "user or a user not using biometric information for "
1332 "authentication."),
1333 ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8"},
1334 Values {"N/A", "Other", "Facial", "Retina", "Mark", "Finger",
1335 "Voice", "DNA-RNA", "EEG"} ]
1336 uint16 Biometric[];
1337 };
1338
1339 // ==================================================================
1340 // Account
1341 // ==================================================================
1342 [Version ("2.6.0"), Description (
1343 "CIM_Account is the information held by a SecurityService "
1344 "to track identity and privileges managed by that service. "
1345 karl 1.2 "Common examples of an Account are the entries in a UNIX "
1346 "/etc/passwd file. Several kinds of security services use "
1347 "various information from those entries - the /bin/login "
1348 "program uses the account name ('root') and hashed password "
1349 "to authenticate users, and the file service, for instance, "
1350 "uses the UserID field ('0') and GroupID field ('0') to "
1351 "record ownership and determine access control privileges "
1352 "on files in the file system. This class is defined so as "
1353 "to incorporate commonly-used LDAP attributes to permit "
1354 "implementations to easily derive this information from "
1355 "LDAP-accessible directories.") ]
1356 class CIM_Account : CIM_LogicalElement {
1357 [Propagated ("CIM_System.CreationClassName"), Key,
1358 MaxLen (256), Description ("The scoping System's CCN.") ]
1359 string SystemCreationClassName;
1360 [Propagated ("CIM_System.Name"), Key,
1361 MaxLen (256),Description ("The scoping System's Name.") ]
1362 string SystemName;
1363 [Key, MaxLen (256), Description (
1364 "CreationClassName indicates the name of the class or the "
1365 "subclass used in the creation of an instance. When used "
1366 karl 1.2 "with the other key properties of this class, this property "
1367 "allows all instances of this class and its subclasses to "
1368 "be uniquely identified.") ]
1369 string CreationClassName;
1370 [Key, Override("Name"), MaxLen (1024), Description (
1371 "The Name property defines the label by which the object is "
1372 "known. The value of this property may be set to be the same "
1373 "as that of the UserID property or, in the case of an "
1374 "LDAP-derived instance, the Name property value may be set to "
1375 "the distinguishedName of the LDAP-accessed object instance.") ]
1376 string Name;
1377 [MaxLen (256), Description (
1378 "UserID is the value used by the SecurityService to "
1379 "represent identity. For an authentication service, the "
1380 "UserID may be the name of the user, or for an authorization "
1381 "service the value which serves as a handle to a mapping of "
1382 "the identity.") ]
1383 string UserID;
1384 [Description (
1385 "In the case of an LDAP-derived instance, the ObjectClass "
1386 "property value(s) may be set to the objectClass attribute "
1387 karl 1.2 "values.") ]
1388 string ObjectClass[];
1389 [MaxLen (1024), Description (
1390 "The Descriptions property values may contain human-readable "
1391 "descriptions of the object. In the case of an LDAP-derived "
1392 "instance, the description attribute may have multiple values "
1393 "that, therefore, cannot be placed in the inherited "
1394 "Description property.") ]
1395 string Descriptions[];
1396 [Description (
1397 "Based on RFC1274, the host name of the system(s) for which "
1398 "the account applies. The host name may be a fully-qualified "
1399 "DNS name or it may be an unqualified host name.") ]
1400 string Host[];
1401 [Description (
1402 "This property contains the name of a locality, such as a "
1403 "city, county or other geographic region.") ]
1404 string LocalityName[];
1405 [Required, Description (
1406 "The name of the organization related to the account.") ]
1407 string OrganizationName[];
1408 karl 1.2 [Description (
1409 "The name of an organizational unit related to the account.") ]
1410 string OU[];
1411 [Description (
1412 "In the case of an LDAP-derived instance, the See Also "
1413 "property specifies distinguishedName of other Directory "
1414 "objects which may be other aspects (in some sense) of the "
1415 "same real world object.") ]
1416 string SeeAlso[];
1417 [Octetstring, Description (
1418 "Based on inetOrgPerson and for directory compatibility, the "
1419 "User Certificate property may be used to specify a public key "
1420 "certificate for the person.") ]
1421 string UserCertificate[];
1422 [Octetstring, Description (
1423 "In the case of an LDAP-derived instance, the UserPassword "
1424 "property may contain an encrypted password used to access "
1425 "the person's resources in a directory.") ]
1426 string UserPassword[];
1427 };
1428
1429 karl 1.2 // ==================================================================
1430 // SecurityService
1431 // ==================================================================
1432 [Abstract, Version ("2.6.0"), Description (
1433 "A service providing security functionaity.") ]
1434 class CIM_SecurityService : CIM_Service {
1435 };
1436
1437 // ==================================================================
1438 // AccountManagementService
1439 // ==================================================================
1440 [Version ("2.6.0"), Description (
1441 "CIM_AccountManagementService creates, manages, and if necessary "
1442 "destroys Accounts on behalf of other SecuritySerices.") ]
1443 class CIM_AccountManagementService : CIM_SecurityService {
1444 };
1445
1446 // ==================================================================
1447 // AuthenticationService
1448 // ==================================================================
1449 [Version ("2.6.0"), Description (
1450 karl 1.2 "CIM_AuthenticationService verifies users' identities through "
1451 "some means. These services are decomposed into a subclass that "
1452 "provides credentials to users and a subclass that provides for "
1453 "the verification of the validity of a credential and, perhaps, "
1454 "the appropriateness of its use for access to target resources. "
1455 "The persistent state information used from one such verification "
1456 "to another is maintained in an Account for that Users Access on "
1457 "that AuthenticationService.") ]
1458 class CIM_AuthenticationService : CIM_SecurityService {
1459 };
1460
1461 // ==================================================================
1462 // VerificationService
1463 // ==================================================================
1464 [Version ("2.6.0"), Description (
1465 "CIM_VerificationService is the authentication service that "
1466 "verifies a credential for use and may also verify the "
1467 "appropriateness of a particular credential in conjunction with a "
1468 "particular target resource.") ]
1469 class CIM_VerificationService : CIM_AuthenticationService {
1470 };
1471 karl 1.2
1472 // ==================================================================
1473 // CredentialManagementService
1474 // ==================================================================
1475 [Version ("2.6.0"), Description (
1476 "CIM_CredentialManagementService issues credentials and manages "
1477 "the credential lifecycle.") ]
1478 class CIM_CredentialManagementService : CIM_AuthenticationService {
1479 };
1480
1481 // ==================================================================
1482 // CredentialManagementSAP
1483 // ==================================================================
1484 [Version ("2.6.0"), Description (
1485 "CIM_CredentialManagementSAP represents the ability to "
1486 "utilize or invoke a CredentialManagementService.") ]
1487 class CIM_CredentialManagementSAP : CIM_ServiceAccessPoint {
1488 [Description ("The URL for the access point.") ]
1489 string URL;
1490 };
1491
1492 karl 1.2 // ==================================================================
1493 // CertificateAuthority
1494 // ==================================================================
1495 [Version ("2.6.0"), Description (
1496 "A Certificate Authority (CA) is a credential "
1497 "management service that issues and cryptographically "
1498 "signs certificates thus acting as an trusted third-party "
1499 "intermediary in establishing trust relationships. The CA "
1500 "authenicates the holder of the private key related to the "
1501 "certificate's public key; the authenicated entity is "
1502 "represented by the UsersAccess class.") ]
1503 class CIM_CertificateAuthority : CIM_CredentialManagementService {
1504 [Description (
1505 "The CAPolicyStatement describes what care is taken by the "
1506 "CertificateAuthority when signing a new certificate. "
1507 "The CAPolicyStatment may be a dot-delimited ASN.1 OID "
1508 "string which identifies to the formal policy statement.") ]
1509 string CAPolicyStatement;
1510 [Description (
1511 "A CRL, or CertificateRevocationList, is a "
1512 "list of certificates which the CertificateAuthority has "
1513 karl 1.2 "revoked and which are not yet expired. Revocation is "
1514 "necessary when the private key associated with the public "
1515 "key of a certificate is lost or compromised, or when the "
1516 "person for whom the certificate is signed no longer is "
1517 "entitled to use the certificate."), Octetstring ]
1518 string CRL[];
1519 [Description (
1520 "Certificate Revocation Lists may be "
1521 "available from a number of distribution points. "
1522 "CRLDistributionPoint array values provide URIs for those "
1523 "distribution points.") ]
1524 string CRLDistributionPoint[];
1525 [Description (
1526 "Certificates refer to their issuing CA by "
1527 "its Distinguished Name (as defined in X.501)."), DN]
1528 string CADistinguishedName;
1529 [Description (
1530 "The frequency, expressed in hours, at which "
1531 "the CA will update its Certificate Revocation List. Zero "
1532 "implies that the refresh frequency is unknown."),
1533 Units("Hours") ]
1534 karl 1.2 uint8 CRLRefreshFrequency;
1535 [Description (
1536 "The maximum number of certificates in a "
1537 "certificate chain permitted for credentials issued by "
1538 "this certificate authority or it's subordinate CAs. \n"
1539 "The MaxChainLength of a superior CA in the trust "
1540 "hierarchy should be greater than this value and the "
1541 "MaxChainLength of a subordinate CA in the trust hierarchy "
1542 "should be less than this value.") ]
1543 uint8 MaxChainLength;
1544 };
1545
1546 // ==================================================================
1547 // KerberosKeyDistributionCenter
1548 // ==================================================================
1549 [Version ("2.6.0"), Description ("The Kerberos KDC.") ]
1550 class CIM_KerberosKeyDistributionCenter :
1551 CIM_CredentialManagementService {
1552 [Override ("Name"),
1553 Description ("The Realm served by this KDC.") ]
1554 string Name;
1555 karl 1.2 [Description (
1556 "The version of Kerberos supported by this service."),
1557 ValueMap {"0", "1", "2", "3"},
1558 Values {"V4", "V5", "DCE", "MS"} ]
1559 uint16 Protocol[];
1560 };
1561
1562 // ==================================================================
1563 // Notary
1564 // ==================================================================
1565 [Version ("2.6.0"), Description (
1566 "CIM_Notary is an AuthenticationService (credential "
1567 "management service) which compares the "
1568 "biometric characteristics of a person with the "
1569 "known characteristics of an Users Access, and determines "
1570 "whether the person is the UsersAccess. An example is "
1571 "a bank teller who compares a picture ID with the person "
1572 "trying to cash a check, or a biometric login service that "
1573 "uses voice recognition to identify a user.") ]
1574 class CIM_Notary : CIM_CredentialManagementService {
1575 [Description (
1576 karl 1.2 "The types of biometric information which "
1577 "this Notary can compare."),
1578 ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8"},
1579 Values {"N/A", "Other", "Facial", "Retina", "Mark",
1580 "Finger", "Voice", "DNA-RNA", "EEG"} ]
1581 uint16 Comparitors;
1582 [Description (
1583 "The SealProtocol is how the decision of the Notary is "
1584 "recorded for future use by parties who will rely on its "
1585 "decision. For instance, a drivers licence frequently "
1586 "includes tamper-resistent coatings and markings to protect "
1587 "the recorded decision that a driver, having various "
1588 "biometric characteristics of height, weight, hair and eye "
1589 "color, using a particular name, has features represented in "
1590 "a photograph of their face.") ]
1591 string SealProtocol;
1592 [Description (
1593 "CharterIssued documents when the Notary is first "
1594 "authorized, by whoever gave it responsibility, to perform "
1595 "its service.") ]
1596 datetime CharterIssued;
1597 karl 1.2 [Description (
1598 "CharterExpired documents when the Notary is no longer "
1599 "authorized, by whoever gave it responsibility, to perform "
1600 "its service.") ]
1601 datetime CharterExpired;
1602 };
1603
1604 // ==================================================================
1605 // LocalCredentialManagementService
1606 // ==================================================================
1607 [Version ("2.6.0"), Description (
1608 "CIM_LocalCredentialManagementService is a credential "
1609 "management service that provides local system "
1610 "management of credentials used by the local system.") ]
1611 class CIM_LocalCredentialManagementService :
1612 CIM_CredentialManagementService {
1613 };
1614
1615 // ==================================================================
1616 // SharedSecretService
1617 // ==================================================================
1618 karl 1.2 [Version ("2.6.0"), Description (
1619 "CIM_SharedSecretService is a service which ascertains "
1620 "whether messages received are from the Principal with "
1621 "whom a secret is shared. Examples include a login "
1622 "service that proves identity on the basis of knowledge of "
1623 "the shared secret, or a transport integrity service (like "
1624 "Kerberos provides) that includes a message authenticity "
1625 "code that proves each message in the messsage stream came "
1626 "from someone who knows the shared secret session key.") ]
1627 class CIM_SharedSecretService : CIM_LocalCredentialManagementService {
1628 [MaxLen (256), Description (
1629 "The Algorithm used to convey the shared secret, such as "
1630 "HMAC-MD5,or PLAINTEXT.") ]
1631 string Algorithm;
1632 [Description (
1633 "The Protocol supported by the SharedSecretService.") ]
1634 string Protocol;
1635 };
1636
1637 // ==================================================================
1638 // PublicKeyManagementService
1639 karl 1.2 // ==================================================================
1640 [Version ("2.6.0"), Description (
1641 "CIM_PublicKeyManagementService is a credential management "
1642 "service that provides local system management of public "
1643 "keys used by the local system.") ]
1644 class CIM_PublicKeyManagementService :
1645 CIM_LocalCredentialManagementService {
1646 };
1647
1648 // ==================================================================
1649 // Credential
1650 // ==================================================================
1651 [Abstract, Version ("2.6.0"), Description (
1652 "Subclasses of CIM_Credential define materials, "
1653 "information, or other data which are used to prove the "
1654 "identity of a CIM_UsersAccess to a particular "
1655 "CIM_SecurityService. Generally, there may be some shared "
1656 "information, or credential material which is used to "
1657 "identify and authenticate ones self in the process of "
1658 "gaining access to, or permission to use, an Account. "
1659 "Such credential material may be used to authenticate a "
1660 karl 1.2 "users access identity initially, as done by a "
1661 "CIM_AuthenticationService (see later), and additionally on "
1662 "an ongoing basis during the course of a connection or "
1663 "other security association, as proof that each received "
1664 "message or communication came from the owning user access of "
1665 "that credential material.") ]
1666 class CIM_Credential : CIM_ManagedElement {
1667 };
1668
1669 // ==================================================================
1670 // PublicKeyCertificate
1671 // ==================================================================
1672 [Version ("2.6.0"), Description (
1673 "A Public Key Certificate is a credential "
1674 "that is cryptographically signed by a trusted Certificate "
1675 "Authority (CA) and issued to an authenticated entity "
1676 "(e.g., human user, service,etc.) called the Subject in "
1677 "the certificate and represented by the UsersAccess class. "
1678 "The public key in the certificate is cryptographically "
1679 "related to a private key that is to be held and kept "
1680 "private by the authenticated Subject. The certificate "
1681 karl 1.2 "and its related private key can then be used for "
1682 "establishing trust relationships and securing "
1683 "communications with the Subject. Refer to the ITU/CCITT "
1684 "X.509 standard as an example of such certificates.") ]
1685 class CIM_PublicKeyCertificate : CIM_Credential {
1686 [Propagated ("CIM_CertificateAuthority.SystemCreationClassName"),
1687 Key, MaxLen (256), Description ("The scoping System's CCN.") ]
1688 string SystemCreationClassName;
1689 [Propagated ("CIM_CertificateAuthority.SystemName"),
1690 Key, MaxLen (256),Description ("The scoping System's Name.") ]
1691 string SystemName;
1692 [Propagated ("CIM_CertificateAuthority.CreationClassName"),
1693 Key, MaxLen (256), Description ("The scoping Service's CCN.") ]
1694 string ServiceCreationClassName;
1695 [Propagated ("CIM_CertificateAuthority.Name"),
1696 Key, MaxLen (256), Description ("The scoping Service's Name.") ]
1697 string ServiceName;
1698 [Key, MaxLen (256), Description (
1699 "Certificate subject identifier.") ]
1700 string Subject;
1701 [MaxLen (256), Description (
1702 karl 1.2 "Alternate subject identifier for the Certificate.") ]
1703 string AltSubject;
1704 [Description ("The DER-encoded raw public key."), Octetstring ]
1705 uint8 PublicKey[];
1706 };
1707
1708 // ==================================================================
1709 // UnsignedPublicKey
1710 // ==================================================================
1711 [Version ("2.6.0"), Description (
1712 "A CIM_UnsignedPublicKey represents an unsigned public "
1713 "key credential. The local UsersAccess (or subclass "
1714 "thereof) accepts the public key as authentic because of "
1715 "a direct trust relationship rather than via a third-party "
1716 "Certificate Authority.") ]
1717 class CIM_UnsignedPublicKey : CIM_Credential {
1718 [Propagated (
1719 "CIM_PublicKeyManagementService.SystemCreationClassName"),
1720 Key, MaxLen (256), Description ("The scoping System's CCN.") ]
1721 string SystemCreationClassName;
1722 [Propagated ("CIM_PublicKeyManagementService.SystemName"),
1723 karl 1.2 Key, MaxLen (256),Description ("The scoping System's Name.") ]
1724 string SystemName;
1725 [Propagated ("CIM_PublicKeyManagementService.CreationClassName"),
1726 Key, MaxLen (256), Description ("The scoping Service's CCN.") ]
1727 string ServiceCreationClassName;
1728 [Propagated ("CIM_PublicKeyManagementService.Name"),
1729 Key, MaxLen (256), Description ("The scoping Service's Name.") ]
1730 string ServiceName;
1731 [Key, MaxLen (256), Description (
1732 "The Identity of the Peer with whom a direct trust "
1733 "relationship exists. The public key may be used for "
1734 "security functions with the Peer."),
1735 ModelCorrespondence {
1736 "CIM_PublicKeyManagementService.PeerIdentityType"} ]
1737 string PeerIdentity;
1738 [Description (
1739 "PeerIdentityType is used to describe the "
1740 "type of the PeerIdentity. The currently defined values "
1741 "are used for IKE identities."),
1742 ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8",
1743 "9", "10", "11"},
1744 karl 1.2 Values {"Other", "IPV4_ADDR", "FQDN", "USER_FQDN",
1745 "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
1746 "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
1747 "DER_ASN1_GN", "KEY_ID"},
1748 ModelCorrespondence {
1749 "CIM_PublicKeyManagementService.PeerIdentity"} ]
1750 uint16 PeerIdentityType;
1751 [Description ("The DER-encoded raw public key."),
1752 Octetstring ]
1753 uint8 PublicKey[];
1754 };
1755
1756 // ==================================================================
1757 // KerberosTicket
1758 // ==================================================================
1759 [Version ("2.6.0"), Description (
1760 "A CIM_KerberosTicket represents a credential issued by a "
1761 "particular Kerberos Key Distribution Center (KDC) "
1762 "to a particular CIM_UsersAccess as the result of a "
1763 "successful authentication process. There are two types of "
1764 "tickets that a KDC may issue to a Users Access - a "
1765 karl 1.2 "TicketGranting ticket, which is used to protect and "
1766 "authenticate communications between the Users Access and the "
1767 "KDC, and a Session ticket, which the KDC issues to two "
1768 "Users Access to allow them to communicate with each other.") ]
1769 class CIM_KerberosTicket : CIM_Credential {
1770 [Propagated (
1771 "CIM_KerberosKeyDistributionCenter.SystemCreationClassName"),
1772 Key, MaxLen (256), Description ("The scoping System's CCN.") ]
1773 string SystemCreationClassName;
1774 [Propagated ("CIM_KerberosKeyDistributionCenter.SystemName"),
1775 Key, MaxLen (256), Description ("The scoping System's Name.") ]
1776 string SystemName;
1777 [Propagated (
1778 "CIM_KerberosKeyDistributionCenter.CreationClassName"),
1779 Key, MaxLen (256), Description ("The scoping Service's CCN.") ]
1780 string ServiceCreationClassName;
1781 [Propagated ("CIM_KerberosKeyDistributionCenter.Name"),
1782 Key, MaxLen (256), Description (
1783 "The scoping Service's Name. The Kerberos KDC Realm of "
1784 "CIM_KerberosTicket is used to record the security "
1785 "authority, or Realm, name so that tickets issued by "
1786 karl 1.2 "different Realms can be separately managed and "
1787 "enumerated.") ]
1788 string ServiceName;
1789 [Key, MaxLen (256), Description (
1790 "The name of the service for which this ticket is used.") ]
1791 string AccessesService;
1792 [Key, MaxLen (256), Description (
1793 "RemoteID is the name by which the user is known at "
1794 "the KDC security service.") ]
1795 string RemoteID;
1796 datetime Issued;
1797 datetime Expires;
1798 [Description (
1799 "The Type of CIM_KerberosTicket is used to indicate whether "
1800 "the ticket in question was issued by the Kerberos Key "
1801 "Distribution Center (KDC) to support ongoing communication "
1802 "between the Users Access and the KDC (\"TicketGranting\"), "
1803 "or was issued by the KDC to support ongoing communication "
1804 "between two Users Access entities (\"Session\")."),
1805 ValueMap {"0", "1"},
1806 Values {"Session", "TicketGranting"} ]
1807 karl 1.2 uint16 TicketType;
1808 };
1809
1810 // ==================================================================
1811 // SharedSecret
1812 // ==================================================================
1813 [Version ("2.6.0"), Description (
1814 "CIM_SharedSecret is the secret shared between a Users Access "
1815 "and a particular SharedSecret security service. Secrets "
1816 "may be in the form of a password used for initial "
1817 "authentication, or as with a session key, used as part of "
1818 "a message authentication code to verify that a message "
1819 "originated by the pricinpal with whom the secret is shared. "
1820 "It is important to note that SharedSecret is not just the "
1821 "password, but rather is the password used with a particular "
1822 "security service.") ]
1823 class CIM_SharedSecret : CIM_Credential {
1824 [Propagated ("CIM_SharedSecretService.SystemCreationClassName"),
1825 Key, MaxLen (256), Description ("The scoping System's CCN.") ]
1826 string SystemCreationClassName;
1827 [Propagated ("CIM_SharedSecretService.SystemName"), Key,
1828 karl 1.2 MaxLen (256),Description ("The scoping System's Name.") ]
1829 string SystemName;
1830 [Propagated (
1831 "CIM_SharedSecretService.CreationClassName"),
1832 Key, MaxLen (256), Description ("The scoping Service's CCN.") ]
1833 string ServiceCreationClassName;
1834 [Propagated ("CIM_SharedSecretService.Name"),
1835 Key, MaxLen (256), Description ("The scoping Service's Name.") ]
1836 string ServiceName;
1837 [Key, MaxLen (256), Description (
1838 "RemoteID is the name by which the user is known at "
1839 "the remote secret key authentication service.") ]
1840 string RemoteID;
1841 [Description (
1842 "The secret known by the Users Access.") ]
1843 string Secret;
1844 [Description (
1845 "The transformation algorithm, if any, used to "
1846 "protect passwords before use in the protocol. For "
1847 "instance, Kerberos doesn't store passwords as the shared "
1848 "secret, but rather, a hash of the password.") ]
1849 karl 1.2 string Algorithm;
1850 [Description (
1851 "The protocol with which the SharedSecret is used.") ]
1852 string Protocol;
1853 };
1854
1855 // ==================================================================
1856 // NamedSharedIKESecret
1857 // ==================================================================
1858 [Version ("2.6.0"), Description (
1859 "CIM_NamedSharedIKESecret indirectly represents a shared "
1860 "secret credential. The local identity, IKEIdentity, "
1861 "and the remote peer identity share the secret that is "
1862 "named by the SharedSecretName. The SharedSecretName is "
1863 "used SharedSecretService to reference the secret.") ]
1864 class CIM_NamedSharedIKESecret : CIM_Credential {
1865 [Propagated ("CIM_SharedSecretService.SystemCreationClassName"),
1866 Key, MaxLen (256), Description ("The scoping System's CCN.") ]
1867 string SystemCreationClassName;
1868 [Propagated ("CIM_SharedSecretService.SystemName"),
1869 Key, MaxLen (256),Description ("The scoping System's Name.") ]
1870 karl 1.2 string SystemName;
1871 [Propagated ("CIM_SharedSecretService.CreationClassName"),
1872 Key, MaxLen (256), Description ("The scoping Service's CCN.") ]
1873 string ServiceCreationClassName;
1874 [Propagated ("CIM_SharedSecretService.Name"),
1875 Key, MaxLen (256), Description ("The scoping Service's Name.") ]
1876 string ServiceName;
1877 [Key, MaxLen (256), Description (
1878 "The local Identity with whom the direct trust "
1879 "relationship exists."),
1880 ModelCorrespondence {
1881 "CIM_NamedSharedIKESecret.LocalIdentityType"} ]
1882 string LocalIdentity;
1883 [Key, Description (
1884 "LocalIdentityType is used to describe "
1885 "the type of the LocalIdentity."),
1886 ValueMap {"1", "2", "3", "4", "5", "6", "7", "8",
1887 "9", "10", "11"},
1888 Values {"IPV4_ADDR", "FQDN", "USER_FQDN",
1889 "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
1890 "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
1891 karl 1.2 "DER_ASN1_GN", "KEY_ID"},
1892 ModelCorrespondence {
1893 "CIM_NamedSharedIKESecret.LocalIdentity"} ]
1894 uint16 LocalIdentityType;
1895 [Key, MaxLen (256), Description (
1896 "The peer identity with whom the direct trust "
1897 "relationship exists."),
1898 ModelCorrespondence {
1899 "CIM_NamedSharedIKESecret.PeerIdentityType"} ]
1900 string PeerIdentity;
1901 [Key, Description (
1902 "PeerIdentityType is used to describe "
1903 "the type of the PeerIdentity."),
1904 ValueMap {"1", "2", "3", "4", "5", "6", "7", "8",
1905 "9", "10", "11"},
1906 Values {"IPV4_ADDR", "FQDN", "USER_FQDN",
1907 "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
1908 "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
1909 "DER_ASN1_GN", "KEY_ID"},
1910 ModelCorrespondence {
1911 "CIM_NamedSharedIKESecret.PeerIdentity"} ]
1912 karl 1.2 uint16 PeerIdentityType;
1913 [Description (
1914 "SharedSecretName is an indirect reference "
1915 "to a shared secret. The SecretService does not expose "
1916 "the actual secret but rather provides access to the "
1917 "secret via a name.") ]
1918 string SharedSecretName;
1919 };
1920
1921 // ==================================================================
1922 // AuthorizationService
1923 // ==================================================================
1924 [Version ("2.6.0"), Description (
1925 "CIM_AuthorizationService determines whether a user, by "
1926 "association with an Account used by the AuthorizationService, is "
1927 "permitted access a resource or set of resources.") ]
1928 class CIM_AuthorizationService : CIM_SecurityService {
1929 };
1930
1931 // ==================================================================
1932 // AuthenticationRequirement
1933 karl 1.2 // ==================================================================
1934 [Version ("2.6.0"), Description (
1935 "CIM_AuthenticationRequirement provides, through its "
1936 "associations, the authentication requirements for access to "
1937 "system resources. For a particular set of target resources, the "
1938 "AuthenticationService may require that credentials be issued by "
1939 "a specific CredentialManagementService. The "
1940 "AuthenticationRequirement class is weak to the system (e.g., "
1941 "Computer System or Administrative Domain) for which the "
1942 "requirements apply.") ]
1943 class CIM_AuthenticationRequirement : CIM_LogicalElement {
1944 [Propagated ("CIM_System.CreationClassName"), Key,
1945 MaxLen (256), Description ("Hosting system creation class name.") ]
1946 string SystemCreationClassName;
1947 [Propagated ("CIM_System.Name"), Key, MaxLen (256),
1948 Description ("Hosting system name.") ]
1949 string SystemName;
1950 [Key, MaxLen (256), Description (
1951 "CreationClassName indicates the name of the class or the "
1952 "subclass used in the creation of an instance. When used "
1953 "with the other key properties of this class, this property "
1954 karl 1.2 "allows all instances of this class and its subclasses to "
1955 "be uniquely identified.") ]
1956 string CreationClassName;
1957 [Key, MaxLen (256), Override ("Name"), Description (
1958 "The Name property defines the unique label, in the context of "
1959 "the hosting system, by which the AuthenticationRequirement "
1960 "is known.") ]
1961 string Name;
1962 [Description (
1963 "The SecurityClassification property specifies a named level "
1964 "of security associated with the AuthenticationRequirement, "
1965 "e.g., 'Confidential', 'Top Secret', etc.") ]
1966 string SecurityClassification;
1967 };
1968
1969 // ==================================================================
1970 // AccessControlInformation
1971 // ==================================================================
1972 [Version ("2.6.0"), Description (
1973 "CIM_AccessControlInformation provides, through its properties "
1974 "and its associations, the specification of the access rights "
1975 karl 1.2 "granted to a set of subject users to a set of target resources. "
1976 "The AccessControlInformation class is weak to the system (e.g., "
1977 "Computer System or Administrative Domain) for which the access "
1978 "controls apply.") ]
1979 class CIM_AccessControlInformation : CIM_LogicalElement {
1980 [Propagated ("CIM_System.CreationClassName"), Key, MaxLen (256),
1981 Description ("Hosting system creation class name.") ]
1982 string SystemCreationClassName;
1983 [Propagated ("CIM_System.Name"), Key, MaxLen (256),
1984 Description ("Hosting system name.") ]
1985 string SystemName;
1986 [Key, MaxLen (256), Description (
1987 "CreationClassName indicates the name of the class or the "
1988 "subclass used in the creation of an instance. When used "
1989 "with the other key properties of this class, this property "
1990 "allows all instances of this class and its subclasses to "
1991 "be uniquely identified.") ]
1992 string CreationClassName;
1993 [Key, MaxLen (256), Override ("Name"), Description (
1994 "The Name property defines the unique label, in the context of "
1995 "the hosting system, by which the AccessControlInformation "
1996 karl 1.2 "is known.") ]
1997 string Name;
1998 [Description (
1999 "The SecurityClassification property specifies a named level "
2000 "of security associated with the AccessControlInformation, "
2001 "e.g., 'Confidential', 'Top Secret', etc.") ]
2002 string SecurityClassification;
2003 [Description (
2004 "The AccessType property is an array of string values that "
2005 "specifies the type of access for which the corresponding "
2006 "permission applies. For example, it can be used to specify a "
2007 "generic access such as 'Read-only', 'Read/Write', etc. for "
2008 "file or record access control or it can be used to specifiy "
2009 "an entry point name for service access control."),
2010 ModelCorrespondence {
2011 "CIM_AccessControlInformation.AccessQualifier",
2012 "CIM_AccessControlInformation.Permission"} ]
2013 string AccessType[];
2014 [Description (
2015 "The AccessQualifier property is an array of string values "
2016 "may be used to further qualify the type of access for which "
2017 karl 1.2 "the corresponding permission applies. For example, it may be "
2018 "used to specify a set of parameters that are permitted or "
2019 "denied in conjunction with the corresponding AccessType entry "
2020 "point name."),
2021 ModelCorrespondence {
2022 "CIM_AccessControlInformation.AccessType",
2023 "CIM_AccessControlInformation.Permission"} ]
2024 string AccessQualifier[];
2025 [Description (
2026 "The Permission property is an array of string values "
2027 "indicating the permission that applies to the corrsponding "
2028 "AccessType and AccessQualifier array values. The values "
2029 "may be extended in subclasses to provide more specific access "
2030 "controls."),
2031 ValueMap {"Unknown", "Allow", "Deny", "Manage"},
2032 ModelCorrespondence {
2033 "CIM_AccessControlInformation.AccessType",
2034 "CIM_AccessControlInformation.AccessQualifier"} ]
2035 string Permission[];
2036 };
2037
2038 karl 1.2 // ==================================================================
2039 // === Association class definitions ===
2040 // ==================================================================
2041
2042 // Aggregations
2043
2044 // ==================================================================
2045 // MemberPrincipal
2046 // ==================================================================
2047 [Association, Aggregation, Version ("2.6.0"), Description (
2048 "CIM_MemberPrincipal is an aggregation used to establish "
2049 "membership of principals (i.e., users) in a Collection. That "
2050 "membership can be established either directly or indirectly as "
2051 "indicated in the UsersAccessBy property. For example, a user "
2052 "may be identified directly by their userid (i.e., Account object "
2053 "instance) or the user may be identified indirectly by realm from "
2054 "which a ticket was issued (i.e., CredentialManagementService "
2055 "object instance). The latter case is useful, for example, for "
2056 "specifying that only users identified by an internal credential "
2057 "service are permitted to access very sensitive information.") ]
2058 class CIM_MemberPrincipal : CIM_MemberOfCollection {
2059 karl 1.2 [Override ("Collection"), Aggregate ]
2060 CIM_Collection REF Collection;
2061 [Override ("Member") ]
2062 CIM_ManagedElement REF Member;
2063 [Description (
2064 "A MemberPrincipal may be identifed in several ways that may "
2065 "be either direct or indirect membership in the collection. \n"
2066 " - A 'UsersAccess' membership directly identifies the user by "
2067 "the UsersAccess object instance. \n"
2068 " - An 'Account' membership directly identifies the user by "
2069 "the Account object class instance. \n"
2070 " - A 'UsingElement' membership indirectly identifies the user "
2071 "by the ManagedElement object instance that has "
2072 "ElementAsUser associations to UsersAccess object "
2073 "instances. Hence, all UsersAccess instances are "
2074 "indirectly included in the collection."),
2075 ValueMap {"1", "2", "3", "4"},
2076 Values {"UsersAccess", "Account", "UsingElement",
2077 "CredentialManagementService"} ]
2078 uint16 UserAccessBy;
2079 };
2080 karl 1.2
2081 // ===================================================================
2082 // AccountOnSystem
2083 // ===================================================================
2084 [Association, Aggregation, Version ("2.6.0"), Description (
2085 "A system (e.g., ApplicationSystem, ComputerSystem, AdminDomain) "
2086 "aggregates Accounts and scopes the uniqueness of the Account "
2087 "names (i.e., userids).") ]
2088 class CIM_AccountOnSystem : CIM_SystemComponent {
2089 [Override ("GroupComponent"), Min (1), Max (1), Aggregate,
2090 Description (
2091 "The aggregating system also provides name scoping "
2092 "for the Account.") ]
2093 CIM_System REF GroupComponent;
2094 [Override ("PartComponent"), Weak,
2095 Description ("The subordinate Account.") ]
2096 CIM_Account REF PartComponent;
2097 };
2098
2099 // ==================================================================
2100 // OrgStructure
2101 karl 1.2 // ==================================================================
2102 [Association, Aggregation, Version ("2.6.0"), Description (
2103 "CIM_OrgStructure is an association used to establish parent-child "
2104 "relationships between OrganizationalEntity instances. This is "
2105 "used to capture organizational relationships between object "
2106 "instances such as those that are imported from an LDAP-accessible "
2107 "directory.") ]
2108 class CIM_OrgStructure {
2109 [Key, Max (1), Aggregate,
2110 Description ("The organizational parent in this association.") ]
2111 CIM_OrganizationalEntity REF Parent;
2112 [Key, Description (
2113 "The organizational child in this association, "
2114 "i.e., the sub-unit or other owned object instance.") ]
2115 CIM_OrganizationalEntity REF Child;
2116 };
2117
2118 // ==================================================================
2119 // CollectionInOrganization
2120 // ==================================================================
2121 [Association, Aggregation, Version ("2.6.0"), Description (
2122 karl 1.2 "CIM_CollectionInOrganization is an association used to establish "
2123 "a parent-child relationship between a collection and an 'owning' "
2124 "OrganizationalEntity. A single collection should not have both "
2125 "a CollectionInOrganization and a CollectionInSystem "
2126 "association.") ]
2127 class CIM_CollectionInOrganization {
2128 [Key, Max (1), Aggregate,
2129 Description (
2130 "The parent organization responsible for the collection.") ]
2131 CIM_OrganizationalEntity REF Parent;
2132 [Key, Description ("The collection.") ]
2133 CIM_Collection REF Child;
2134 };
2135
2136 // ==================================================================
2137 // CollectionInSystem
2138 // ==================================================================
2139 [Association, Aggregation, Version ("2.6.0"), Description (
2140 "CIM_CollectionInSystem is an association used to establish a "
2141 "parent-child relationship between a collection and an 'owning' "
2142 "System such as an AdminDomain or ComputerSystem. A single "
2143 karl 1.2 "collection should not have both a CollectionInOrganization and a "
2144 "CollectionInSystem association.") ]
2145 class CIM_CollectionInSystem {
2146 [Key, Max (1), Aggregate,
2147 Description (
2148 "The parent system responsible for the collection.") ]
2149 CIM_System REF Parent;
2150 [Key, Description ("The collection.") ]
2151 CIM_Collection REF Child;
2152 };
2153
2154 // Associations
2155
2156 // ==================================================================
2157 // ElementAsUser
2158 // ==================================================================
2159 [Association, Version ("2.6.0"), Description (
2160 "CIM_ElementAsUser is an association used to establish the "
2161 "'ownership' of UsersAccess object instances. That is, the "
2162 "ManagedElement may have UsersAccess to systems and, therefore, "
2163 "be 'users' on those systems. UsersAccess instances must have an "
2164 karl 1.2 "'owning' ManagedElement. Typically, the ManagedElements will be "
2165 "limited to Collection, Person, Service and ServiceAccessPoint. "
2166 "Other non-human ManagedElements that might be thought of as "
2167 "having UsersAccess (e.g., a device or system) have services that "
2168 "have the UsersAccess.") ]
2169 class CIM_ElementAsUser : CIM_Dependency {
2170 [Min (1), Max (1), Override ("Antecedent"),
2171 Description ("The ManagedElement that has UsersAccess.") ]
2172 CIM_ManagedElement REF Antecedent;
2173 [Override ("Dependent"),
2174 Description ("The 'owned' UsersAccess.") ]
2175 CIM_UsersAccess REF Dependent;
2176 };
2177
2178 // ==================================================================
2179 // MoreOrganizationInfo
2180 // ==================================================================
2181 [Association, Version ("2.6.0"), Description (
2182 "CIM_MoreOrganizationInfo is an association used to extend the "
2183 "information in a CIM_Organization class instance.") ]
2184 class CIM_MoreOrganizationInfo : CIM_Dependency {
2185 karl 1.2 [Max (1), Override ("Antecedent"),
2186 Description ("The Organization which has more information.") ]
2187 CIM_Organization REF Antecedent;
2188 [Min (0), Max (1), Override ("Dependent"),
2189 Description ("Additional data concerning the Organization.") ]
2190 CIM_OtherOrganizationInformation REF Dependent;
2191 };
2192
2193 // ==================================================================
2194 // MoreOrgUnitInfo
2195 // ==================================================================
2196 [Association, Version ("2.6.0"), Description (
2197 "CIM_MoreOrgUnitInfo is an association used to extend the "
2198 "information in an CIM_OrgUnit class instance.") ]
2199 class CIM_MoreOrgUnitInfo : CIM_Dependency {
2200 [Max (1), Override ("Antecedent"),
2201 Description ("The OrgUnit which has more information.") ]
2202 CIM_OrgUnit REF Antecedent;
2203 [Min (0), Max (1), Override ("Dependent"),
2204 Description ("Additional data concerning the OrgUnit.") ]
2205 CIM_OtherOrgUnitInformation REF Dependent;
2206 karl 1.2 };
2207
2208 // ==================================================================
2209 // MoreGroupInfo
2210 // ==================================================================
2211 [Association, Version ("2.6.0"), Description (
2212 "CIM_MoreGroupInfo is an association used to extend the "
2213 "information in a CIM_Group class instance.") ]
2214 class CIM_MoreGroupInfo : CIM_Dependency {
2215 [Max (1), Override ("Antecedent"),
2216 Description ("The Group which has more information.") ]
2217 CIM_Group REF Antecedent;
2218 [Min (0), Max (1), Override ("Dependent"),
2219 Description ("Additional data concerning the Group.") ]
2220 CIM_OtherGroupInformation REF Dependent;
2221 };
2222
2223 // ==================================================================
2224 // MoreRoleInfo
2225 // ==================================================================
2226 [Association, Version ("2.6.0"), Description (
2227 karl 1.2 "CIM_MoreRoleInfo is an association used to extend the "
2228 "information in a CIM_Role class instance.") ]
2229 class CIM_MoreRoleInfo : CIM_Dependency {
2230 [Max (1), Override ("Antecedent"),
2231 Description ("The Role which has more information.") ]
2232 CIM_Role REF Antecedent;
2233 [Min (0), Max (1), Override ("Dependent"),
2234 Description ("Additional data concerning the Role.") ]
2235 CIM_OtherRoleInformation REF Dependent;
2236 };
2237
2238 // ==================================================================
2239 // MorePersonInfo
2240 // ==================================================================
2241 [Association, Version ("2.6.0"), Description (
2242 "CIM_MorePersonInfo is an association used to extend the "
2243 "information in a CIM_Person class instance.") ]
2244 class CIM_MorePersonInfo : CIM_Dependency {
2245 [Max (1), Override ("Antecedent"),
2246 Description ("The Person which has more information.") ]
2247 CIM_Person REF Antecedent;
2248 karl 1.2 [Min (0), Max (1), Override ("Dependent"),
2249 Description ("Additional data concerning the Person.") ]
2250 CIM_OtherPersonInformation REF Dependent;
2251 };
2252
2253 // ==================================================================
2254 // SystemAdministrator
2255 // ==================================================================
2256 [Association, Version ("2.6.0"), Description (
2257 "CIM_SystemAdministrator is an association used to identify "
2258 "the UserEntity as a system administrator of a CIM_System.") ]
2259 class CIM_SystemAdministrator : CIM_Dependency {
2260 [Override ("Antecedent"), Description (
2261 "The administered system.") ]
2262 CIM_System REF Antecedent;
2263 [Override ("Dependent"), Description (
2264 "The UserEntity that provides the admininstrative function "
2265 "for the associated system.") ]
2266 CIM_UserEntity REF Dependent;
2267 };
2268
2269 karl 1.2 // ==================================================================
2270 // SystemAdministratorGroup
2271 // ==================================================================
2272 [Association, Version ("2.6.0"), Description (
2273 "CIM_SystemAdministratorGroup is an association used to identify "
2274 "a Group that has system administrator responsibilities for a "
2275 "CIM_System.") ]
2276 class CIM_SystemAdministratorGroup : CIM_Dependency {
2277 [Override ("Antecedent"),
2278 Description ("The administered system.") ]
2279 CIM_System REF Antecedent;
2280 [Override ("Dependent"),
2281 Description ("The Group of administrators.") ]
2282 CIM_Group REF Dependent;
2283 };
2284
2285 // ==================================================================
2286 // SystemAdministratorRole
2287 // ==================================================================
2288 [Association, Version ("2.6.0"), Description (
2289 "CIM_SystemAdministratorRole is an association used to identify "
2290 karl 1.2 "a system administrator Role for a CIM_System.") ]
2291 class CIM_SystemAdministratorRole : CIM_Dependency {
2292 [Override ("Antecedent"),
2293 Description ("The administered system.") ]
2294 CIM_System REF Antecedent;
2295 [Override ("Dependent"),
2296 Description ("The system administration role.") ]
2297 CIM_Role REF Dependent;
2298 };
2299
2300 // ===================================================================
2301 // UsersAccount
2302 // ===================================================================
2303 [Association, Version ("2.6.0"), Description (
2304 "This relationship associates UsersAccess with the Accounts "
2305 "with which they're able to interact.") ]
2306 class CIM_UsersAccount : CIM_Dependency {
2307 [Override ("Antecedent"),
2308 Description ("The user's Account.") ]
2309 CIM_Account REF Antecedent;
2310 [Override ("Dependent"), Description (
2311 karl 1.2 "The User as identified by their UsersAccess instance.") ]
2312 CIM_UsersAccess REF Dependent;
2313 };
2314
2315 // ===================================================================
2316 // AccountMapsToAccount
2317 // ===================================================================
2318 [Association, Version ("2.6.0"), Description (
2319 "This relationship may be used to associate an Account used by an "
2320 "AuthenticationService to an Account used for Authorization. For "
2321 "instance, this mapping occurs naturally in the UNIX /etc/passwd "
2322 "file, where the AuthenticationSerice Account ('root') is mapped "
2323 "to the AuthorizationService Account ('0'). The two are separate "
2324 "accounts, as evidenced by the ability to have another "
2325 "AuthenticationService Account which ALSO maps to the "
2326 "AuthorizationService Account ('0') without ambiguity. This "
2327 "association may be used for other account mappings as well such "
2328 "as for coordinating single signon for multiple accounts for the "
2329 "same user.") ]
2330 class CIM_AccountMapsToAccount : CIM_Dependency {
2331 [Override ("Antecedent"),
2332 karl 1.2 Description ("An Account.") ]
2333 CIM_Account REF Antecedent;
2334 [Override ("Dependent"),
2335 Description ("A related Account.") ]
2336 CIM_Account REF Dependent;
2337 };
2338
2339 // ===================================================================
2340 // SecurityServiceUsesAccount
2341 // ===================================================================
2342 [Association, Version ("2.6.0"), Description (
2343 "This relationship associates SecurityService instances to "
2344 "the Accounts they use in the course of their work.") ]
2345 class CIM_SecurityServiceUsesAccount : CIM_Dependency {
2346 [Override ("Antecedent") ]
2347 CIM_Account REF Antecedent;
2348 [Override ("Dependent") ]
2349 CIM_SecurityService REF Dependent;
2350 };
2351
2352 // ===================================================================
2353 karl 1.2 // ManagesAccount
2354 // ===================================================================
2355 [Association, Version ("2.6.0"), Description (
2356 "This relationship associates the AccountManagement security "
2357 "service to the Accounts for which it is responsible.") ]
2358 class CIM_ManagesAccount : CIM_Dependency {
2359 [Override ("Antecedent") ]
2360 CIM_AccountManagementService REF Antecedent;
2361 [Override ("Dependent") ]
2362 CIM_Account REF Dependent;
2363 };
2364
2365 // ===================================================================
2366 // ServiceUsesSecurityService
2367 // ===================================================================
2368 [Association, Version ("2.6.0"), Description (
2369 "This relationship associates a Service with the Security"
2370 "Services that it uses.") ]
2371 class CIM_ServiceUsesSecurityService : CIM_ServiceServiceDependency {
2372 [Override ("Antecedent") ]
2373 CIM_SecurityService REF Antecedent;
2374 karl 1.2 [Override ("Dependent") ]
2375 CIM_Service REF Dependent;
2376 };
2377
2378 // ===================================================================
2379 // SecurityServiceForSystem
2380 // ===================================================================
2381 [Association, Version ("2.6.0"), Description (
2382 "The CIM_SecurityServiceForSystem provides the association between "
2383 "a System and a SecurityService that provides services for that "
2384 "system.") ]
2385 class CIM_SecurityServiceForSystem : CIM_ProvidesServiceToElement {
2386 [Override ("Antecedent"), Description (
2387 "The SecurityService that provides services for the system.") ]
2388 CIM_SecurityService REF Antecedent;
2389 [Override ("Dependent"), Description (
2390 "The system that is dependent on the security service.") ]
2391 CIM_System REF Dependent;
2392 };
2393
2394 // ===================================================================
2395 karl 1.2 // ManagesAccountOnSystem
2396 // ===================================================================
2397 [Association, Version ("2.6.0"), Description (
2398 "The CIM_ManagesAccountOnSystem provides the association between a "
2399 "System and the AccountManagementService that manages accounts for "
2400 "that system.") ]
2401 class CIM_ManagesAccountOnSystem : CIM_SecurityServiceForSystem {
2402 [Override ("Antecedent"), Description (
2403 "An AccountManagementService that manages accounts for the "
2404 "system.") ]
2405 CIM_AccountManagementService REF Antecedent;
2406 [Override ("Dependent"), Description (
2407 "The system that is dependent on the AccountManagementService.") ]
2408 CIM_System REF Dependent;
2409 };
2410
2411 // ==================================================================
2412 // TrustHierarchy
2413 // ==================================================================
2414 [Association, Version ("2.6.0"), Description (
2415 "CIM_TrustHierarchy is an association between two "
2416 karl 1.2 "CredentialManagementService instances that establishes "
2417 "the trust hierarchy between them.") ]
2418 class CIM_TrustHierarchy : CIM_Dependency {
2419 [Override ("Antecedent"), Max (1),
2420 Description (
2421 "The superior CredentialManagementService "
2422 "from which the dependent service gets its authority.") ]
2423 CIM_CredentialManagementService REF Antecedent;
2424 [Override ("Dependent"), Description (
2425 "The subordinate CredentialManagementService.") ]
2426 CIM_CredentialManagementService REF Dependent;
2427 };
2428
2429 // ==================================================================
2430 // UsersCredential
2431 // ==================================================================
2432 [Association, Version ("2.6.0"), Description (
2433 "CIM_UsersCredential is an association used to establish the "
2434 "credentials that may be used for a UsersAccess to a system or "
2435 "set of systems.") ]
2436 class CIM_UsersCredential : CIM_Dependency {
2437 karl 1.2 [Override ("Antecedent"),
2438 Description ("The issued credential that may be used.") ]
2439 CIM_Credential REF Antecedent;
2440 [Override ("Dependent"),
2441 Description ("The UsersAccess that has use of a credential.") ]
2442 CIM_UsersAccess REF Dependent;
2443 };
2444
2445 // ===================================================================
2446 // PublicPrivateKeyPair
2447 // ===================================================================
2448 [Association, Version ("2.6.0"), Description (
2449 "This relationship associates a PublicKeyCertificate with "
2450 "the Principal who has the PrivateKey used with the "
2451 "PublicKey. The PrivateKey is not modeled, since it is not "
2452 "a data element that ever SHOULD be accessible via "
2453 "management applications, other than key recovery services, "
2454 "which are outside our scope.") ]
2455 class CIM_PublicPrivateKeyPair : CIM_UsersCredential {
2456 [Override ("Antecedent") ]
2457 CIM_PublicKeyCertificate REF Antecedent;
2458 karl 1.2 [Override ("Dependent") ]
2459 CIM_UsersAccess REF Dependent;
2460 [Description (
2461 "The Certificate may be used for signature only "
2462 "or for confidentiality as well as signature"),
2463 ValueMap {"0", "1"},
2464 Values {"SignOnly", "ConfidentialityOrSignature"} ]
2465 uint16 Use;
2466 boolean NonRepudiation;
2467 boolean BackedUp;
2468 [Description (
2469 "The repository in which the certificate is backed up.") ]
2470 string Repository;
2471 };
2472
2473 // ===================================================================
2474 // CAHasPublicCertificate
2475 // ===================================================================
2476 [Association, Version ("2.6.0"), Description (
2477 "A CertificateAuthority may have certificates issued by other CAs. "
2478 "This association is essentially an optimization of the CA having "
2479 karl 1.2 "a UsersAccess instance with an association to a certificate thus "
2480 "mapping more closely to LDAP-based certificate authority "
2481 "implementations.") ]
2482 class CIM_CAHasPublicCertificate : CIM_Dependency {
2483 [Max (1), Override ("Antecedent"),
2484 Description ("The Certificate used by the CA.") ]
2485 CIM_PublicKeyCertificate REF Antecedent;
2486 [Override ("Dependent"),
2487 Description ("The CA that uses a Certificate.") ]
2488 CIM_CertificateAuthority REF Dependent;
2489 };
2490
2491 // ===================================================================
2492 // ManagedCredential
2493 // ===================================================================
2494 [Association, Version ("2.6.0"), Description (
2495 "This relationship associates a CredentialManagementService "
2496 "with the Credential it manages.") ]
2497 class CIM_ManagedCredential : CIM_Dependency {
2498 [Override ("Antecedent"), Min (1), Max (1),
2499 Description ("The credential management service.") ]
2500 karl 1.2 CIM_CredentialManagementService REF Antecedent;
2501 [Override ("Dependent"),
2502 Description ("The managed credential.") ]
2503 CIM_Credential REF Dependent;
2504 };
2505
2506 // ===================================================================
2507 // CASignsPublicKeyCertificate
2508 // ===================================================================
2509 [Association, Version ("2.6.0"), Description (
2510 "This relationship associates a CertificateAuthority with "
2511 "the certificates it signs.") ]
2512 class CIM_CASignsPublicKeyCertificate : CIM_ManagedCredential {
2513 [Override ("Antecedent"), Min (1), Max (1),
2514 Description ("The CA which signed the certificate.") ]
2515 CIM_CertificateAuthority REF Antecedent;
2516 [Override ("Dependent"), Weak,
2517 Description ("The certificate issued by the CA.") ]
2518 CIM_PublicKeyCertificate REF Dependent;
2519 string SerialNumber;
2520 [Octetstring ]
2521 karl 1.2 uint8 Signature[];
2522 datetime Expires;
2523 string CRLDistributionPoint[];
2524 };
2525
2526 // ==================================================================
2527 // LocallyManagedPublicKey
2528 // ==================================================================
2529 [Association, Version ("2.6.0"), Description (
2530 "CIM_LocallyManagedPublicKey association provides the "
2531 "relationship between a PublicKeyManagementService and an "
2532 "UnsignedPublicKey.") ]
2533 class CIM_LocallyManagedPublicKey : CIM_ManagedCredential {
2534 [Override ("Antecedent"), Min (1), Max (1),
2535 Description (
2536 "The PublicKeyManagementService that manages "
2537 "an unsigned public key.") ]
2538 CIM_PublicKeyManagementService REF Antecedent;
2539 [Override ("Dependent"), Weak, Description (
2540 "An unsigned public key.") ]
2541 CIM_UnsignedPublicKey REF Dependent;
2542 karl 1.2 };
2543
2544 // ===================================================================
2545 // SharedSecretIsShared
2546 // ===================================================================
2547 [Association, Version ("2.6.0"), Description (
2548 "This relationship associates a SharedSecretService with the "
2549 "SecretKey it verifies.") ]
2550 class CIM_SharedSecretIsShared : CIM_ManagedCredential {
2551 [Override ("Antecedent"), Min (1), Max (1),
2552 Description ("The credential management service.") ]
2553 CIM_SharedSecretService REF Antecedent;
2554 [Override ("Dependent"), Weak,
2555 Description ("The managed credential.") ]
2556 CIM_SharedSecret REF Dependent;
2557 };
2558
2559 // ==================================================================
2560 // IKESecretIsNamed
2561 // ==================================================================
2562 [Association, Version ("2.6.0"), Description (
2563 karl 1.2 "CIM_IKESecretIsNamed association provides the "
2564 "relationship between a SharedSecretService and a "
2565 "NamedSharedIKESecret.") ]
2566 class CIM_IKESecretIsNamed : CIM_ManagedCredential {
2567 [Override ("Antecedent"), Min (1), Max (1),
2568 Description (
2569 "The SharedSecretService that manages a "
2570 "NamedSharedIKESecret.") ]
2571 CIM_SharedSecretService REF Antecedent;
2572 [Override ("Dependent"), Weak, Description (
2573 "The managed NamedSharedIKESecret.") ]
2574 CIM_NamedSharedIKESecret REF Dependent;
2575 };
2576
2577 // ===================================================================
2578 // KDCIssuesKerberosTicket
2579 // ===================================================================
2580 [Association, Version ("2.6.0"), Description (
2581 "The KDC issues and owns Kerberos tickets. This association "
2582 "captures the relationship between the KDC and its issued "
2583 "tickets.") ]
2584 karl 1.2 class CIM_KDCIssuesKerberosTicket : CIM_ManagedCredential {
2585 [Override ("Antecedent"), Min (1), Max (1),
2586 Description ("The issuing KDC.") ]
2587 CIM_KerberosKeyDistributionCenter REF Antecedent;
2588 [Override ("Dependent"), Weak,
2589 Description ("The managed credential.") ]
2590 CIM_KerberosTicket REF Dependent;
2591 };
2592
2593 // ===================================================================
2594 // NotaryVerifiesBiometric
2595 // ===================================================================
2596 [Association, Version ("2.6.0"), Description (
2597 "This relationship associates a Notary service with the "
2598 "Users Access whose biometric information is verified.") ]
2599 class CIM_NotaryVerifiesBiometric : CIM_Dependency {
2600 [Override ("Antecedent"), Description (
2601 "The Notary service that verifies biometric information.") ]
2602 CIM_Notary REF Antecedent;
2603 [Override ("Dependent"), Description (
2604 "The UsersAccess that represents a person using "
2605 karl 1.2 "biometric information for authentication.") ]
2606 CIM_UsersAccess REF Dependent;
2607 };
2608
2609 // ==================================================================
2610 // HostedAuthenticationRequirement
2611 // ==================================================================
2612 [Association, Version ("2.6.0"), Description (
2613 "CIM_HostedAuthenticationRequirement is an association used to "
2614 "provide the namespace scoping of AuthenticationRequirement. The "
2615 "hosted requirements may or may not apply to resources on the "
2616 "hosting system.") ]
2617 class CIM_HostedAuthenticationRequirement : CIM_Dependency {
2618 [Min (1), Max (1), Override ("Antecedent"),
2619 Description ("The hosting system.") ]
2620 CIM_System REF Antecedent;
2621 [Override ("Dependent"), Weak,
2622 Description ("The hosted AuthenticationRequirement.") ]
2623 CIM_AuthenticationRequirement REF Dependent;
2624 };
2625
2626 karl 1.2 // ==================================================================
2627 // AuthenticateForUse
2628 // ==================================================================
2629 [Association, Version ("2.6.0"), Description (
2630 "CIM_AuthenticateForUse is an association used to provide an "
2631 "AuthenticationService with the AuthenticationRequirement it "
2632 "needs to do its job.") ]
2633 class CIM_AuthenticateForUse : CIM_Dependency {
2634 [Override ("Antecedent"),
2635 Description ("AuthenticationRequirement for use.") ]
2636 CIM_AuthenticationRequirement REF Antecedent;
2637 [Override ("Dependent"), Description (
2638 "AuthenticationService that uses the requirements.") ]
2639 CIM_AuthenticationService REF Dependent;
2640 };
2641
2642 // ==================================================================
2643 // RequireCredentialsFrom
2644 // ==================================================================
2645 [Association, Version ("2.6.0"), Description (
2646 "CIM_RequireCredentialsFrom is an association used to require "
2647 karl 1.2 "that credentials are issued by particular Credential Management "
2648 "Services in order to authenticate a user.") ]
2649 class CIM_RequireCredentialsFrom : CIM_Dependency {
2650 [Override ("Antecedent"), Description (
2651 "CredentialManagementService from which credentials are "
2652 "accepted for the associated AuthenticationRequirement.") ]
2653 CIM_CredentialManagementService REF Antecedent;
2654 [Override ("Dependent"), Description (
2655 "AuthenticationRequirement that limit acceptable credentials.") ]
2656 CIM_AuthenticationRequirement REF Dependent;
2657 };
2658
2659 // ==================================================================
2660 // AuthenticationTarget
2661 // ==================================================================
2662 [Association, Version ("2.6.0"), Description (
2663 "CIM_AuthenticationTarget is an association used to apply "
2664 "authentication requirements for access to specific resources. "
2665 "For example, a shared secret may be sufficient for access to "
2666 "unclassified resources, but for confidential resources, a "
2667 "stronger authentication may be required.") ]
2668 karl 1.2 class CIM_AuthenticationTarget : CIM_Dependency {
2669 [Override ("Antecedent"), Description (
2670 "AuthenticationRequirement that apply to specific resources.") ]
2671 CIM_AuthenticationRequirement REF Antecedent;
2672 [Override ("Dependent"), Description (
2673 "Target resources that may be in a Collection or an "
2674 "individual ManagedElement. These resources are protected "
2675 "by the AuthenticationRequirement.") ]
2676 CIM_ManagedElement REF Dependent;
2677 };
2678
2679 // ==================================================================
2680 // HostedACI
2681 // ==================================================================
2682 [Association, Version ("2.6.0"), Description (
2683 "CIM_HostedACI is an association used to provide the namespace "
2684 "scoping of AccessControlInformation. The hosted ACI may or may "
2685 "not apply to resources on the hosting system.") ]
2686 class CIM_HostedACI : CIM_Dependency {
2687 [Min (1), Max (1), Override ("Antecedent"),
2688 Description ("The hosting system.") ]
2689 karl 1.2 CIM_System REF Antecedent;
2690 [Override ("Dependent"), Weak,
2691 Description ("The hosted AccessControlInformation.") ]
2692 CIM_AccessControlInformation REF Dependent;
2693 };
2694
2695 // ==================================================================
2696 // AuthorizedUse
2697 // ==================================================================
2698 [Association, Version ("2.6.0"), Description (
2699 "CIM_AuthorizedUse is an association used to provide an "
2700 "AuthorizationService with the AccessControlInformation it needs "
2701 "to do its job.") ]
2702 class CIM_AuthorizedUse : CIM_Dependency {
2703 [Override ("Antecedent"),
2704 Description ("Access Control Information.") ]
2705 CIM_AccessControlInformation REF Antecedent;
2706 [Override ("Dependent"),
2707 Description ("AuthorizationService that uses an ACI.") ]
2708 CIM_AuthorizationService REF Dependent;
2709 };
2710 karl 1.2
2711 // ==================================================================
2712 // AuthorizationSubject
2713 // ==================================================================
2714 [Association, Version ("2.6.0"), Description (
2715 "CIM_AuthorizationSubject is an association used to apply "
2716 "authorization decisions to specific subjects (i.e., users). The "
2717 "subjects may be identified directly or they may be aggregated "
2718 "into a collection that may, in turn, use the MemberPrincipal "
2719 "association to provide further indirection in the specification "
2720 "of the subject set.") ]
2721 class CIM_AuthorizationSubject : CIM_Dependency {
2722 [Override ("Antecedent"), Description (
2723 "AccessControlInformation that applies to a subject set.") ]
2724 CIM_AccessControlInformation REF Antecedent;
2725 [Override ("Dependent"), Description (
2726 "The subject set may be specified as a collection or as a set "
2727 "of associations to ManagedElements that represent users.") ]
2728 CIM_ManagedElement REF Dependent;
2729 };
2730
2731 karl 1.2 // ==================================================================
2732 // AuthorizationTarget
2733 // ==================================================================
2734 [Association, Version ("2.6.0"), Description (
2735 "CIM_AuthorizationTarget is an association used to apply "
2736 "authorization decisions to specific target resources. The "
2737 "target resources may be aggregated into a collection or may be "
2738 "represented as a set of associations to ManagedElements.") ]
2739 class CIM_AuthorizationTarget : CIM_Dependency {
2740 [Override ("Antecedent"), Description (
2741 "AccessControlInformation that applies to the target set.") ]
2742 CIM_AccessControlInformation REF Antecedent;
2743 [Override ("Dependent"), Description (
2744 "The target set of resources may be specified as a collection "
2745 "or as a set of associations to ManagedElements that represent "
2746 "target resources.") ]
2747 CIM_ManagedElement REF Dependent;
2748 };
2749
2750
2751 // ===================================================================
2752 karl 1.2 // end of file
2753 // ===================================================================
|