pegasus/Schemas/CIM26Prelim/Attic/CIM_User26.mof - diff

Return to CIM_User26.mof CVS log

Up to [Pegasus] / pegasus / Schemas / CIM26Prelim / Attic

Diff for /pegasus/Schemas/CIM26Prelim/Attic/CIM_User26.mof between version 1.1 and 1.2

version 1.1, 2001/08/07 11:08:23

version 1.2, 2001/12/13 14:53:18

Line 0

Line 1

// ===================================================================

// Title: User-Security MOF specification 2.6

// Filename: CIM_UserSec26.mof

// Version: 2.6

// Release: 0

// Date: 05/17/2001

// Description: These object classes define the user and security

// model for CIM and includes classes needed to represent

// users, groups and organizational entities as well as

// security services and authentication and authorization

// information.

// The object classes below are listed in an order that

// avoids forward references. Required objects, defined

// by other working groups, are omitted.

// ===================================================================

// Author: DMTF User and Security Working Group

// 14 Mar 2000 - Version 2.3

// 09 Jun 2000 - ERRATA to Version 2.3 creating V2.4

// - CR493a, Correction of Antecedent/Dependent references

// References are reversed from the original 2.3 model

// - CR497: Corrections to antecedent/dependent references

// 1. ElementAsUser should run between an ME and a

// UsersAccess. Both references are ME in the MOF.

// UsersAccess is the Dependent reference.

// 2. ManagesAccount should subclass from Dependency.

// 3. ServiceUsesSecurityService - antecedent and

// dependent are backwards. SecurityService should

// be the antecedent and Service the dependent.

// 4. SecurityServiceForSystem - should subclass from

// ProvidesServiceToElement.

// 5. UsersCredentials - The antecedent and dependent

// references are backwards. The UsersAccess is

// dependent on the Credentials - the credentials

// are the antecedent.

// 6. The change in UsersCredentials affects

// PublicPrivateKeyPair, since it inherits from

// UsersCredentials.

// 7. CAHasPublicCertificate - The antecedent and

// dependent references are backwards. The CA USES

// the public certificate - therefore, it is dependent

// on the certificate.

// 8. AuthenticateForUse - The antecedent and

// dependent are backwards. The association "provides

// an AuthenticationService with the

// AuthenticationRequirement it needs to do its job".

// AuthenticationService is Dependent on the

// Requirement.

// 9. RequireCredentialsFrom - Antecedent and

// dependent are backwards. The requirement is for

// a specific credential mgmt service - the service

// has no dependencies at all on the requirement.

// 10. AuthenticationTarget - Clarification that the

// "target" is dependent on the requirement to protect

// it.

// 11. AuthorizedUse - The antecedent and dependent

// are backwards since the description says that the

// association "provides an AuthorizationService

// with the AccessControlInformation it needs to do

// its job". AuthorizationService is Dependent on the

// ACI.

// 21 June 2000 - ERRATA to Version 2.3 creating Version 2.4

// - CR515: CIM Account keys. CIM_Account currently has two

// local keys, Name and UserID.

// The intent was to have CreationClassName and Name

// as keys where name could be set to a value equal to

// the UserID or to some other value, e.g., a DN from

// a directory.

// 10 Nov 2000 - Changes to Version 2.4 creating V2.5

// - CR544a, Adds classes and properties needed for Network

// IPsec submodel.

// Classes added are:

// CredentialManagementSAP

// LocalCredentialManagementService

// PublicKeyManagementService

// UnsignedPublicKey

// NamedSharedIKESecret

// TrustHierarchy

// LocallyManagedPublicKey

// IKESecretIsNamed

// Properties added are:

// CertificateAuthority.CADistinguishedName

// CertificateAuthority.MaxChainLength

// CertificateAuthority.CRLRefreshFrequency

// - CR560, ERRATA renames KerberosTicket.Type to

// KerberosTicket.TicketType and changes it from an

// array to a scalar property

// 23 Jan 2001 - ERRATA to Version 2.5 creating V2.6

// - CR591, Corrections to PROPAGATE qualifiers on

// Credential Subclasses

// 17 May 2001 - ERRATA ti Versiin 2.5 creatung V2.6

// - CR606, Corrections to aggregations to add

// 'aggregate' qualifier

// ===================================================================

// === Pragmas ===

// ===================================================================

#pragma Locale ("en_US")

// ==================================================================

// === Data class definitions ===

// ==================================================================

// Group

// ==================================================================

[Description (

"The Group class is used to collect ManagedElements into groups. "

"This class is defined so as to incorporate commonly-used LDAP "

"attributes to permit implementations to easily derive this "

"information from LDAP-accessible directories. This class's "

"properties are a subset of a related class, "

"OtherGroupInformation, which defines all the group properties "

"and in array form for directory compatibility." ) ]

class CIM_Group : CIM_Collection

{

[Key, MaxLen (256), Description (

"CreationClassName indicates the name of the class or the "

"subclass used in the creation of an instance. When used "

"with the other key properties of this class, this property "

"allows all instances of this class and its subclasses to "

"be uniquely identified.")]

string CreationClassName;

[Key, MaxLen (1024), Description (

"The Name property defines the label by which the object is "

"known. In the case of an LDAP-derived instance, the Name "

"property value may be set to the distinguishedName of the "

"LDAP-accessed object instance.")]

string Name;

[MaxLen (128), Description (

"The BusinessCategory property may be used to describe the "

"kind of business activity performed by the members of the "

"group.")]

string BusinessCategory;

[Required, Description (

"A Common Name is a (possibly ambiguous) name by which the "

"group is commonly known in some limited scope (such as an "

"organization) and conforms to the naming conventions of the "

"country or culture with which it is associated.")]

string CommonName;

};

// ==================================================================

// OtherGroupInformation

// ==================================================================

[Description (

"The OtherGroupInformation class provides additional information "

"about an associated Group instance. This class is defined so as "

"to incorporate commonly-used LDAP attributes to permit "

"implementations to easily derive this information from "

"LDAP-accessible directories.") ]

class CIM_OtherGroupInformation : CIM_ManagedElement

{

[Key, MaxLen (256), Description (

"CreationClassName indicates the name of the class or the "

"subclass used in the creation of an instance. When used "

"with the other key properties of this class, this property "

"allows all instances of this class and its subclasses to "

"be uniquely identified.")]

string CreationClassName;

[Key, MaxLen (1024), Description (

"The Name property defines the label by which the object is "

"known. In the case of an LDAP-derived instance, the Name "

"property value may be set to the distinguishedName of the "

"LDAP-accessed object instance.")]

string Name;

[Description (

"In the case of an LDAP-derived instance, the ObjectClass "

"property value(s) may be set to the objectClass attribute "

"values.")]

string ObjectClass[];

[MaxLen (128), Description (

"The BusinessCategory property may be used to describe the "

"kind of business activity performed by the members of the "

"group.")]

string BusinessCategory[];

[Description (

"A Common Name is a (possibly ambiguous) name by which the "

"group is commonly known in some limited scope (such as an "

"organization) and conforms to the naming conventions of the "

"country or culture with which it is associated.")]

string CommonName[];

[MaxLen (1024), Description (

"The Descriptions property values may contain human-readable "

"descriptions of the object. In the case of an LDAP-derived "

"instance, the description attribute may have multiple values "

"that, therefore, cannot be placed in the inherited "

"Description property.")]

string Descriptions[];

[Description (

"The name of an organization related to the group.")]

string OrganizationName[];

[Description (

"The name of an organizational unit related to the group.")]

string OU[];

[Description (

"The Owner property specifies the name of some object that "

"has some responsibility for the group. In the case of an "

"LDAP-derived instance, a property value for Owner may be a "

"distinguishedName of owning persons, groups, roles, etc.")]

string Owner[];

[Description (

"In the case of an LDAP-derived instance, the See Also "

"property specifies distinguishedName of other Directory "

"objects which may be other aspects (in some sense) of the "

"same real world object.")]

string SeeAlso[];

};

// ==================================================================

// Role

// ==================================================================

[Description (

"The Role object class is used to represent a position or set of "

"responsibilities within an organization, organizational unit or "

"system administration scope and is filled by a person or persons "

"(or non-human entities represented by ManagedSystemElement "

"subclasses) that may be explicitly or implicitly members of this "

"collection subclass. The class is defined so as to incorporate "

"commonly-used LDAP attributes to permit implementations to "

"easily derive this information from LDAP-accessible directories. "

"The members of a role are frequently called role occupants. "

"This class's properties are a subset of a related class, "

"OtherRoleInformation, which defines all the group properties "

"and in array form for directory compatibility. ")]

class CIM_Role : CIM_Collection

{

[Key, MaxLen (256), Description (

"CreationClassName indicates the name of the class or the "

"subclass used in the creation of an instance. When used "

"with the other key properties of this class, this property "

"allows all instances of this class and its subclasses to "

"be uniquely identified.")]

string CreationClassName;

[Key, MaxLen (1024),Description (

"The Name property defines the label by which the object is "

"known. In the case of an LDAP-derived instance, the Name "

"property value may be set to the distinguishedName of the "

"LDAP-accessed object instance.")]

string Name;

[MaxLen (128), Description (

"This property may be used to describe the kind of business "

"activity performed by the members (role occupants) in the "

"position or set of responsibilities represented by the Role. "

)]

string BusinessCategory;

[Required, Description (

"A Common Name is a (possibly ambiguous) name by which the "

"role is commonly known in some limited scope (such as an "

"organization) and conforms to the naming conventions of the "

"country or culture with which it is associated.")]

string CommonName;

};

// ==================================================================

// OtherRoleInformation

// ==================================================================

[Description (

"The OtherRoleInformation class is used to provide additional "

"information about an associated Role instance. This class is "

"defined so as to incorporate commonly-used LDAP attributes to "

"permit implementations to easily derive this information from "

"LDAP-accessible directories.") ]

class CIM_OtherRoleInformation : CIM_ManagedElement

{

[Key, MaxLen (256), Description (

"CreationClassName indicates the name of the class or the "

"subclass used in the creation of an instance. When used "

"with the other key properties of this class, this property "

"allows all instances of this class and its subclasses to "

"be uniquely identified.")]

string CreationClassName;

[Key, MaxLen (1024),Description (

"The Name property defines the label by which the object is "

"known. In the case of an LDAP-derived instance, the Name "

"property value may be set to the distinguishedName of the "

"LDAP-accessed object instance.")]

string Name;

[Description (

"In the case of an LDAP-derived instance, the ObjectClass "

"property value(s) may be set to the objectClass attribute "

"values.")]

string ObjectClass[];

[MaxLen (128), Description (

"This property may be used to describe the kind of business "

"activity performed by the members (role occupants) in the "

"position or set of responsibilities represented by the Role. "

)]

string BusinessCategory[];

[Description (

"A Common Name is a (possibly ambiguous) name by which the "

"role is commonly known in some limited scope (such as an "

"organization) and conforms to the naming conventions of the "

"country or culture with which it is associated.")]

string CommonName[];

[MaxLen (1024), Description (

"The Descriptions property values may contain human-readable "

"descriptions of the object. In the case of an LDAP-derived "

"instance, the description attribute may have multiple values "

"that, therefore, cannot be placed in the inherited "

"Description property.")]

string Descriptions[];

[MaxLen (128), Description (

"This property is used for the role occupants' telegram "

"service.")]

string DestinationIndicator[];

[Description (

"The role occupants' facsimile telephone number.")]

string FacsimileTelephoneNumber[];

[MaxLen (16), Description (

"The role occupants' International ISDN number.")]

string InternationaliSDNNumber[];

[Description (

"The name of an organizational unit related to the role.")]

string OU[];

[MaxLen (128), Description (

"The Physical Delivery Office Name property specifies the name "

"of the city, village, etc. where a physical delivery office "

"is situated.")]

string PhysicalDeliveryOfficeName[];

[Description (

"The Postal Address property values specify the address "

"information required for the physical delivery of postal "

"messages by the postal authority to the role occupants.")]

string PostalAddress[];

[MaxLen (40), Description (

"The Postal Code property specifies the postal code for the "

"role occupants. If this value is present it will be part of "

"the object's postal address.")]

string PostalCode[];

[MaxLen (40), Description (

"The Post Office Box property specifies the Post Office Box "

"by which the role occupants will receive physical postal "

"delivery. If present, the property value is part of the "

"object's postal address.")]

string PostOfficeBox[];

[Description (

"The Preferred Delivery Method property specifies the "

"role occupants' preferred method to be used for contacting "

"them in their role.")]

string PreferredDeliveryMethod;

[Description (

"This property specifies a postal address suitable for receipt "

"of telegrams or expedited documents, where it is necessary to "

"have the recipient accept delivery.")]

string RegisteredAddress[];

[Description (

"In the case of an LDAP-derived instance, the See Also "

"property specifies distinguishedName of other Directory "

"objects which may be other aspects (in some sense) of the "

"same real world object.")]

string SeeAlso[];

[Description (

"The State or Province Name property specifies a state or "

"province." )]

string StateOrProvince[];

[MaxLen (128), Description (

"The Street Address property specifies a site for the local "

"distribution and physical delivery in a postal address, i.e. "

"the street name, place, avenue, and the number." )]

string Street[];

[MaxLen (32), Description (

"The Telephone Number property specifies a telephone number of "

"the role occupants, e.g. + 44 582 10101)." )]

string TelephoneNumber[];

[Description (

"The Teletex Terminal Identifier property specifies the "

"Teletex terminal identifier (and, optionally, parameters) for "

"a teletex terminal associated with the role occupants." )]

string TeletexTerminalIdentifier[];

[Description (

"The Telex Number property specifies the telex number, country "

"code, and answerback code of a telex terminal for the "

"role occupants." )]

string TelexNumber[];

[MaxLen (15), Description (

"An X.121 address for the role occupants.")]

string X121Address[];

};

// ==================================================================

// OrganizationalEntity

// ==================================================================

[Abstract, Description (

"OrganizationalEntity is an abstract class from which classes "

"that fit into an organizational structure are derived.") ]

class CIM_OrganizationalEntity : CIM_ManagedElement

{

};

// ==================================================================

// Organization

// ==================================================================

[Description (

"The Organization class is used to represent an organization such "

"as a corporation or other autonomous entity. The class is "

"defined so as to incorporate commonly-used LDAP attributes to "

"permit implementations to easily derive this information from "

"LDAP-accessible directories. This class's properties are a "

"subset of a related class, OtherOrganizationInformation, which "

"defines all the group properties and in array form for "

"directory compatibility.") ]

class CIM_Organization : CIM_OrganizationalEntity

{

[Key, MaxLen (256), Description (

"CreationClassName indicates the name of the class or the "

"subclass used in the creation of an instance. When used "

"with the other key properties of this class, this property "

"allows all instances of this class and its subclasses to "

"be uniquely identified.")]

string CreationClassName;

[Key, MaxLen (1024),Description (

"The Name property defines the label by which the object is "

"known. In the case of an LDAP-derived instance, the Name "

"property value may be set to the distinguishedName of the "

"LDAP-accessed object instance.")]

string Name;

[MaxLen (128), Description (

"This property describes the kind of business performed by an "

"organization.")]

string BusinessCategory;

[Description (

"The organization's facsimile telephone number.")]

string FacsimileTelephoneNumber;

[Description (

"This property contains the name of a locality, such as a "

"city, county or other geographic region.")]

string LocalityName;

[Description (

"Based on RFC1274, the mail box addresses for the organization "

"as defined in RFC822.")]

string Mail;

[Required, Description (

"The name of the organization.")]

string OrganizationName;

[Description (

"The Postal Address property values specify the address "

"information required for the physical delivery of postal "

"messages by the postal authority to the organization.")]

string PostalAddress[];

[MaxLen (40), Description (

"The Postal Code property specifies the postal code of the "

"organization. If this value is present it will be part of "

"the object's postal address.")]

string PostalCode;

[Description (

"The State or Province Name property specifies a state or "

"province." )]

string StateOrProvince;

[MaxLen (32), Description (

"The Telephone Number property specifies a telephone number of "

"the organization, e.g. + 44 582 10101)." )]

string TelephoneNumber;

};

// ==================================================================

// OtherOrganizationInformation

// ==================================================================

[Description (

"The OtherOrganizationInformation class is used to provide "

"additional information about an associated Organization instance. "

"This class is defined so as to incorporate commonly-used LDAP "

"attributes to permit implementations to easily derive this "

"information from LDAP-accessible directories.") ]

class CIM_OtherOrganizationInformation : CIM_ManagedElement

{

[Key, MaxLen (256), Description (

"CreationClassName indicates the name of the class or the "

"subclass used in the creation of an instance. When used "

"with the other key properties of this class, this property "

"allows all instances of this class and its subclasses to "

"be uniquely identified.")]

string CreationClassName;

[Key, MaxLen (1024),Description (

"The Name property defines the label by which the object is "

"known. In the case of an LDAP-derived instance, the Name "

"property value may be set to the distinguishedName of the "

"LDAP-accessed object instance.")]

string Name;

[Description (

"In the case of an LDAP-derived instance, the ObjectClass "

"property value(s) may be set to the objectClass attribute "

"values.")]

string ObjectClass[];

[MaxLen (128), Description (

"This property describes the kind of business performed by an "

"organization.")]

string BusinessCategory[];

[MaxLen (1024), Description (

"The Descriptions property values may contain human-readable "

"descriptions of the object. In the case of an LDAP-derived "

"instance, the description attribute may have multiple values "

"that, therefore, cannot be placed in the inherited "

"Description property.")]

string Descriptions[];

[MaxLen (128), Description (

"This property is used for the organization's telegram "

"service.")]

string DestinationIndicator[];

[Description (

"The organization's facsimile telephone number.")]

string FacsimileTelephoneNumber[];

[MaxLen (16), Description (

"The organization's International ISDN number.")]

string InternationaliSDNNumber[];

[Description (

"Uniform Resource Identifier with optional label as defined in "

"RFC2079.")]

string LabeledURI[];

[Description (

"This property contains the name of a locality, such as a "

"city, county or other geographic region.")]

string LocalityName[];

[Description (

"Based on RFC1274, the mail box addresses for the organization "

"as defined in RFC822.")]

string Mail[];

[Description (

"The manager for the organization. In the case of an "

"LDAP-derived instance, the Manager property value may contain "

"the distinguishedName of the Manager.")]

string Manager[];

[Description (

"The name of the organization.")]

string OrganizationName[];

[Description (

"Based on RFC1274, this property may be used for electronic "

"mail box addresses other than RFC822 and X.400.")]

string OtherMailbox[];

[MaxLen (128), Description (

"The Physical Delivery Office Name property specifies the name "

"of the city, village, etc. where a physical delivery office "

"is situated.")]

string PhysicalDeliveryOfficeName[];

[Description (

"The Postal Address property values specify the address "

"information required for the physical delivery of postal "

"messages by the postal authority to the organization.")]

string PostalAddress[];

[MaxLen (40), Description (

"The Postal Code property specifies the postal code of the "

"organization. If this value is present it will be part of "

"the object's postal address.")]

string PostalCode[];

[MaxLen (40), Description (

"The Post Office Box property specifies the Post Office Box "

"by which the organization will receive physical postal "

"delivery. If present, the property value is part of the "

"object's postal address.")]

string PostOfficeBox[];

[Description (

"The Preferred Delivery Method property specifies the "

"organization's preferred method to be used for communicating "

"with it.")]

string PreferredDeliveryMethod;

[Description (

"This property specifies a postal address suitable for receipt "

"of telegrams or expedited documents, where it is necessary to "

"have the recipient accept delivery.")]

string RegisteredAddress[];

[Description (

"This property value is for use by X.500 clients in "

"constructing search filters.")]

string SearchGuide[];

[Description (

"In the case of an LDAP-derived instance, the See Also "

"property specifies distinguishedName of other Directory "

"objects which may be other aspects (in some sense) of the "

"same real world object.")]

string SeeAlso[];

[Description (

"The State or Province Name property specifies a state or "

"province." )]

string StateOrProvince[];

[MaxLen (128), Description (

"The Street Address property specifies a site for the local "

"distribution and physical delivery in a postal address, i.e. "

"the street name, place, avenue, and the number." )]

string Street[];

[MaxLen (32), Description (

"The Telephone Number property specifies a telephone number of "

"the organization, e.g. + 44 582 10101)." )]

string TelephoneNumber[];

[Description (

"The Teletex Terminal Identifier property specifies the "

"Teletex terminal identifier (and, optionally, parameters) for "

"a teletex terminal associated with the organization." )]

string TeletexTerminalIdentifier[];

[Description (

"The Telex Number property specifies the telex number, country "

"code, and answerback code of a telex terminal for the "

"organization." )]

string TelexNumber[];

[Octetstring, Description (

"An image of the organization logo")]

string ThumbnailLogo[];

[Description (

"A unique identifier that may be assigned in an environment to "

"differentiate between uses of a given named organization "

"instance.")]

string UniqueIdentifier[];

[Octetstring, Description (

"In the case of an LDAP-derived instance, the UserPassword "

"property may contain an encrypted password used to access "

"the organization's resources in a directory." )]

string UserPassword[];

[MaxLen (15), Description (

"An X.121 address for the organization.")]

string X121Address[];

};

// ==================================================================

// OrgUnit

// ==================================================================

[Description (

"The OrgUnit class is used to represent a sub-unit of an "

"organization such a division or department. The class is "

"defined so as to incorporate commonly-used LDAP attributes to "

"permit implementations to easily derive this information from "

"LDAP-accessible directories. This class's properties are a "

"subset of a related class, OtherOrgUnitInformation, which "

"defines all the group properties and in array form for "

"directory compatibility. ") ]

class CIM_OrgUnit : CIM_OrganizationalEntity

{

[Key, MaxLen (256), Description (

"CreationClassName indicates the name of the class or the "

"subclass used in the creation of an instance. When used "

"with the other key properties of this class, this property "

"allows all instances of this class and its subclasses to "

"be uniquely identified.")]

string CreationClassName;

[Key, MaxLen (1024),Description (

"The Name property defines the label by which the object is "

"known. In the case of an LDAP-derived instance, the Name "

"property value may be set to the distinguishedName of the "

"LDAP-accessed object instance.")]

string Name;

[MaxLen (128), Description (

"This property describes the kind of business performed by an "

"organizational unit.")]

string BusinessCategory;

[Description (

"The organizational unit's facsimile telephone number.")]

string FacsimileTelephoneNumber;

[Description (

"This property contains the name of a locality, such as a "

"city, county or other geographic region.")]

string LocalityName;

[Required, Description (

"The name of the organizational unit.")]

string OU;

[Description (

"The Postal Address property values specify the address "

"information required for the physical delivery of postal "

"messages by the postal authority to the organizational unit."

)]

string PostalAddress[];

[MaxLen (40), Description (

"The Postal Code property specifies the postal code of the "

"organizational unit. If this value is present it will be "

"part of the object's postal address.")]

string PostalCode;

[Description (

"The State or Province Name property specifies a state or "

"province." )]

string StateOrProvince;

[MaxLen (32), Description (

"The Telephone Number property specifies a telephone number of "

"the organizational unit, e.g. + 44 582 10101)." )]

string TelephoneNumber;

};

// ==================================================================

// OtherOrgUnitInformation

// ==================================================================

[Description (

"The OtherOrgUnitInformation class is used to provide "

"additional information about an associated OrgUnit instance. "

"This class is defined so as to incorporate commonly-used LDAP "

"attributes to permit implementations to easily derive this "

"information from LDAP-accessible directories.") ]

class CIM_OtherOrgUnitInformation : CIM_ManagedElement

{

[Key, MaxLen (256), Description (

"CreationClassName indicates the name of the class or the "

"subclass used in the creation of an instance. When used "

"with the other key properties of this class, this property "

"allows all instances of this class and its subclasses to "

"be uniquely identified.")]

string CreationClassName;

[Key, MaxLen (1024),Description (

"The Name property defines the label by which the object is "

"known. In the case of an LDAP-derived instance, the Name "

"property value may be set to the distinguishedName of the "

"LDAP-accessed object instance.")]

string Name;

[Description (

"In the case of an LDAP-derived instance, the ObjectClass "

"property value(s) may be set to the objectClass attribute "

"values.")]

string ObjectClass[];

[MaxLen (128), Description (

"This property describes the kind of business performed by an "

"organizational unit.")]

string BusinessCategory[];

[MaxLen (1024), Description (

"The Descriptions property values may contain human-readable "

"descriptions of the object. In the case of an LDAP-derived "

"instance, the description attribute may have multiple values "

"that, therefore, cannot be placed in the inherited "

"Description property.")]

string Descriptions[];

[MaxLen (128), Description (

"This property is used for the organizational unit's telegram "

"service.")]

string DestinationIndicator[];

[Description (

"The organizational unit's facsimile telephone number.")]

string FacsimileTelephoneNumber[];

[MaxLen (16), Description (

"The organizational unit's International ISDN number.")]

string InternationaliSDNNumber[];

[Description (

"This property contains the name of a locality, such as a "

"city, county or other geographic region.")]

string LocalityName[];

[Description (

"The name of the organizational unit.")]

string OU[];

[MaxLen (128), Description (

"The Physical Delivery Office Name property specifies the name "

"of the city, village, etc. where a physical delivery office "

"is situated.")]

string PhysicalDeliveryOfficeName[];

[Description (

"The Postal Address property values specify the address "

"information required for the physical delivery of postal "

"messages by the postal authority to the organizational unit."

)]

string PostalAddress[];

[MaxLen (40), Description (

"The Postal Code property specifies the postal code of the "

"organizational unit. If this value is present it will be "

"part of the object's postal address.")]

string PostalCode[];

[MaxLen (40), Description (

"The Post Office Box property specifies the Post Office Box "

"by which the organizational unit will receive physical "

"postal delivery. If present, the property value is part of "

"the object's postal address.")]

string PostOfficeBox[];

[Description (

"The Preferred Delivery Method property specifies the "

"organizational unit's preferred method to be used for "

"communicating with it.")]

string PreferredDeliveryMethod;

[Description (

"This property value is for use by X.500 clients in "

"constructing search filters.")]

string SearchGuide[];

[Description (

"In the case of an LDAP-derived instance, the See Also "

"property specifies distinguishedName of other Directory "

"objects which may be other aspects (in some sense) of the "

"same real world object.")]

string SeeAlso[];

[Description (

"The State or Province Name property specifies a state or "

"province." )]

string StateOrProvince[];

[MaxLen (128), Description (

"The Street Address property specifies a site for the local "

"distribution and physical delivery in a postal address, i.e. "

"the street name, place, avenue, and the number." )]

string Street[];

[MaxLen (32), Description (

"The Telephone Number property specifies a telephone number of "

"the organizational unit, e.g. + 44 582 10101)." )]

string TelephoneNumber[];

[Description (

"The Teletex Terminal Identifier property specifies the "

"Teletex terminal identifier (and, optionally, parameters) for "

"a teletex terminal associated with the organizational unit."

)]

string TeletexTerminalIdentifier[];

[Description (

"The Telex Number property specifies the telex number, country "

"code, and answerback code of a telex terminal for the "

"organization." )]

string TelexNumber[];

[Octetstring, Description (

"In the case of an LDAP-derived instance, the UserPassword "

"property may contain an encrypted password used to access "

"the organizational unit's resources in a directory." )]

string UserPassword[];

[MaxLen (15), Description (

"An X.121 address for the organization.")]

string X121Address[];

};

// ==================================================================

// UserEntity

// ==================================================================

[Abstract, Description (

"UserEntity is an abstract class that represents users.") ]

class CIM_UserEntity : CIM_OrganizationalEntity

{

};

// ==================================================================

// Person

// ==================================================================

[Description (

"The Person object class is used to represent people. The class "

"is defined so as to incorporate commonly-used LDAP attributes to "

"permit implementations to easily derive this information from "

"LDAP-accessible directories. This class's properties are a "

"subset of a related class, OtherPersonInformation, which "

"defines all the group properties and in array form for "

"directory compatibility. ") ]

class CIM_Person : CIM_UserEntity

{

[Key, MaxLen (256), Description (

"CreationClassName indicates the name of the class or the "

"subclass used in the creation of an instance. When used "

"with the other key properties of this class, this property "

"allows all instances of this class and its subclasses to "

"be uniquely identified.")]

string CreationClassName;

[Key, MaxLen (1024),Description (

"The Name property defines the label by which the object is "

"known. In the case of an LDAP-derived instance, the Name "

"property value may be set to the distinguishedName of the "

"LDAP-accessed object instance.")]

string Name;

[MaxLen (128), Description (

"This property describes the kind of business performed by an "

"organization.")]

string BusinessCategory;

[Required, Description (

"A Common Name is a (possibly ambiguous) name by which the "

"role is commonly known in some limited scope (such as an "

"organization) and conforms to the naming conventions of the "

"country or culture with which it is associated.")]

string CommonName;

[Description (

"Based on inetPrgPerson, the Employee Number property "

"specifies a numeric or an alphanumeric identifier assigned to "

"a person.")]

string EmployeeNumber;

[Description (

"Based on inetOrgPerson, the Employee Type property is used to "

"identify the employer to employee relationship. Typical "

"values used may include 'Contractor', 'Employee', 'Intern', "

"'Temp', 'External', and 'Unknown' but any value may be used."

)]

string EmployeeType;

[Description (

"The person's facsimile telephone number.")]

string FacsimileTelephoneNumber;

[MaxLen (32), Description (

"Based on RFC1274, the Home Phone property specifies a home "

"telephone number for the person, e.g. + 44 582 10101)." )]

string HomePhone;

[Description (

"The Home Postal Address property values specify the home "

"address information required for the physical delivery of "

"postal messages by the postal authority.")]

string HomePostalAddress[];

[Description (

"From inetOrgPerson, the JPEG Phto property values may be used "

"for one or more images of a person using the JPEG File "

"Interchange Format.")]

string JPEGPhoto;

[Description (

"This property contains the name of a locality, such as a "

"city, county or other geographic region.")]

string LocalityName;

[Description (

"Based on RFC1274, the mail box addresses for the person "

"as defined in RFC822.")]

string Mail;

[Description (

"The person's manager within the organization. In the case of "

"an LDAP-derived instance, the Manager property value may "

"contain the distinguishedName of the Manager.")]

string Manager;

[MaxLen (32), Description (

"Based on RFC1274, the Mobile Phone property specifies a "

"mobile telephone number for the person, e.g. + 44 582 10101)."

)]

string Mobile;

[Description (

"The name of an organizational unit related to the person.")]

string OU;

[MaxLen (32), Description (

"Based on RFC1274, the Pager property specifies a pager "

"telephone number for the person, e.g. + 44 582 10101).")]

string Pager;

[Description (

"The Postal Address property values specify the address "

"information required for the physical delivery of postal "

"messages by the postal authority to the person.")]

string PostalAddress[];

[MaxLen (40), Description (

"The Postal Code property specifies the postal code of the "

"organization. If this value is present it will be part of "

"the object's postal address.")]

string PostalCode;

[Description (

"Based on inetOrgPerson, the person's preferred written or "

"spoken language.")]

string PreferredLanguage;

[Description (

"Based on RFC1274, the Secretary property may be used to "

"specify a secretary for the person. In the case of an "

"LDAP-derived object instance, the value may be a "

"distinguishedName.")]

string Secretary;

[Description (

"The State or Province Name property specifies a state or "

"province." )]

string StateOrProvince;

[Required, Description (

"The Surname property specifies the linguistic construct that "

"normally is inherited by an individual from the individual's "

"parent or assumed by marriage, and by which the individual is "

"commonly known.")]

string Surname;

[MaxLen (32), Description (

"The Telephone Number property specifies a telephone number of "

"the organization, e.g. + 44 582 10101)." )]

string TelephoneNumber;

[Description (

"The Title property may be used to specify the person's "

"designated position or function of the object within an "

"organization, e.g., Manager, Vice-President, etc.")]

string Title;

};

// ==================================================================

// OtherPersonInformation

// ==================================================================

[Description (

"The OtherPersonInformation class is used to provide "

"additional information about an associated Person instance. "

"This class is defined so as to incorporate commonly-used LDAP "

"attributes to permit implementations to easily derive this "

"information from LDAP-accessible directories.") ]

class CIM_OtherPersonInformation : CIM_UserEntity

{

[Key, MaxLen (256), Description (

"CreationClassName indicates the name of the class or the "

"subclass used in the creation of an instance. When used "

"with the other key properties of this class, this property "

"allows all instances of this class and its subclasses to "

"be uniquely identified.")]

string CreationClassName;

[Key, MaxLen (1024),Description (

"The Name property defines the label by which the object is "

"known. In the case of an LDAP-derived instance, the Name "

"property value may be set to the distinguishedName of the "

"LDAP-accessed object instance.")]

string Name;

[Description (

"In the case of an LDAP-derived instance, the ObjectClass "

"property value(s) may be set to the objectClass attribute "

"values.")]

string ObjectClass[];

[Octetstring, Description (

"The Audio property may be used to store an audio clip of the "

"person.")]

string Audio[];

[MaxLen (128), Description (

"This property describes the kind of business performed by an "

"organization.")]

string BusinessCategory[];

[MaxLen (128), Description (

"The Car License property is used to record the values of the "

"vehicle license or registration plate associated with an "

"individual.")]

string CarLicense[];

[Description (

"A Common Name is a (possibly ambiguous) name by which the "

"role is commonly known in some limited scope (such as an "

"organization) and conforms to the naming conventions of the "

"country or culture with which it is associated.")]

string CommonName[];

[Description (

"The Country Name property specifies a country as defined in "

"ISO 3166.")]

string CountryName[];

[Description (

"Based on inetOrgPerson, the Department Number is a code for "

"department to which a person belongs. This can be strictly "

"numeric (e.g., 1234) or alphanumeric (e.g., ABC/123).")]

string DepartmentNumber[];

[MaxLen (1024), Description (

"The Descriptions property values may contain human-readable "

"descriptions of the object. In the case of an LDAP-derived "

"instance, the description attribute may have multiple values "

"that, therefore, cannot be placed in the inherited "

"Description property.")]

string Descriptions[];

[MaxLen (128), Description (

"This property is used for the organization's telegram "

"service.")]

string DestinationIndicator[];

[Description (

"Based on inetOrgPerson, the Display Name property values are "

"used when displaying an entry.")]

string DisplayName[];

[Description (

"Based on inetPrgPerson, the Employee Number property "

"specifies a numeric or an alphanumeric identifier assigned to "

"a person.")]

string EmployeeNumber;

[Description (

"Based on inetOrgPerson, the Employee Type property is used to "

"identify the employer to employee relationship. Typical "

"values used may include 'Contractor', 'Employee', 'Intern', "

"'Temp', 'External', and 'Unknown' but any value may be used."

)]

string EmployeeType[];

[Description (

"The person's facsimile telephone number.")]

string FacsimileTelephoneNumber[];

[Description (

"Based on liPerson, the GenerationQualifier property specifies "

"a name qualifier that represents the person's generation "

"(e.g., JR., III, etc.).")]

string GenerationQualifier[];

[Description (

"The Given Name property is used for the part of a person's "

"name that is not their surname nor their middle name.")]

string GivenName[];

[Description (

"Based on liPerson, the Home Fax property specifies the "

"person's facsimile telephone number at home.")]

string HomeFax[];

[MaxLen (32), Description (

"Based on RFC1274, the Home Phone property specifies a home "

"telephone number for the person, e.g. + 44 582 10101)." )]

string HomePhone[];

[Description (

"The Home Postal Address property values specify the home "

"address information required for the physical delivery of "

"postal messages by the postal authority.")]

string HomePostalAddress[];

[Description (

"Based on inetOrgPerson, the Initials property specifies the "

"first letters of the person's name, typically the property "

"values will exclude the first letter of the surname.")]

string Initials[];

[MaxLen (16), Description (

"The person's International ISDN number.")]

string InternationaliSDNNumber[];

[Description (

"From inetOrgPerson, the JPEG Phto property values may be used "

"for one or more images of a person using the JPEG File "

"Interchange Format.")]

string JPEGPhoto[];

[Description (

"Uniform Resource Identifier with optional label as defined in "

"RFC2079.")]

string LabeledURI[];

[Description (

"This property contains the name of a locality, such as a "

"city, county or other geographic region.")]

string LocalityName[];

[Description (

"Based on RFC1274, the mail box addresses for the person "

"as defined in RFC822.")]

string Mail[];

[Description (

"The person's manager within the organization. In the case of "

"an LDAP-derived instance, the Manager property value may "

"contain the distinguishedName of the Manager.")]

string Manager[];

[Description (

"Based on liPerson, the middle name of the person.")]

string MiddleName[];

[MaxLen (32), Description (

"Based on RFC1274, the Mobile Phone property specifies a "

"mobile telephone number for the person, e.g. + 44 582 10101)."

)]

string Mobile[];

[Required, Description (

"The name of the person's organization.")]

string OrganizationName[];

[Description (

"Based on RFC1274, the OrganizationalStatus property specifies "

"a category by which a person is often referred to within an "

"organization. Examples of usage in academia might include "

"undergraduate student, researcher, lecturer, etc.")]

string OrganizationalStatus[];

[Description (

"Based on RFC1274, this property may be used for electronic "

"mail box addresses other than RFC822 and X.400.")]

string OtherMailbox[];

[Description (

"The name of an organizational unit related to the person.")]

string OU[];

[MaxLen (32), Description (

"Based on RFC1274, the Pager property specifies a pager "

"telephone number for the person, e.g. + 44 582 10101).")]

string Pager[];

[Description (

"Based on liPerson, the PersonalTitle property may be used to "

"specify the person's personal title such as Mr., Ms., Dr., "

"Prof. etc.")]

string PersonalTitle[];

[Octetstring, Description (

"Based on RFC1274, the Photo property may be used to specify a "

"photograph for the person encoded in G3 fax as explained in "

"recommendation T.4, with an ASN.1 wrapper to make it "

"compatible with an X.400 BodyPart as defined in X.420.")]

string Photo[];

[MaxLen (128), Description (

"The Physical Delivery Office Name property specifies the name "

"of the city, village, etc. where a physical delivery office "

"is situated.")]

string PhysicalDeliveryOfficeName[];

[Description (

"The Postal Address property values specify the address "

"information required for the physical delivery of postal "

"messages by the postal authority to the person.")]

string PostalAddress[];

[MaxLen (40), Description (

"The Postal Code property specifies the postal code of the "

"organization. If this value is present it will be part of "

"the object's postal address.")]

string PostalCode[];

[MaxLen (40), Description (

"The Post Office Box property specifies the Post Office Box "

"by which the person will receive physical postal delivery. "

"If present, the property value is part of the object's postal "

"address.")]

string PostOfficeBox[];

[Description (

"The Preferred Delivery Method property specifies the "

"preferred method to be used for contacting the person.")]

string PreferredDeliveryMethod;

[Description (

"Based on inetOrgPerson, the person's preferred written or "

"spoken language.")]

string PreferredLanguage;

[Description (

"This property specifies a postal address suitable for receipt "

"of telegrams or expedited documents, where it is necessary to "

"have the recipient accept delivery.")]

string RegisteredAddress[];

[Description (

"Based on RFC1274, the Room Number property specifies the room "

"number for the person.")]

string RoomNumber[];

[Description (

"Based on RFC1274, the Secretary property may be used to "

"specify a secretary for the person. In the case of an "

"LDAP-derived object instance, the value may be a "

"distinguishedName.")]

string Secretary[];

[Description (

"In the case of an LDAP-derived instance, the See Also "

"property specifies distinguishedName of other Directory "

"objects which may be other aspects (in some sense) of the "

"same real world object.")]

string SeeAlso[];

[Description (

"The State or Province Name property specifies a state or "

"province." )]

string StateOrProvince[];

[MaxLen (128), Description (

"The Street Address property specifies a site for the local "

"distribution and physical delivery in a postal address, i.e. "

"the street name, place, avenue, and the number." )]

string Street[];

[Description (

"The Surname property specifies the linguistic construct that "

"normally is inherited by an individual from the individual's "

"parent or assumed by marriage, and by which the individual is "

"commonly known.")]

string Surname[];

[MaxLen (32), Description (

"The Telephone Number property specifies a telephone number of "

"the organization, e.g. + 44 582 10101)." )]

string TelephoneNumber[];

[Description (

"The Teletex Terminal Identifier property specifies the "

"Teletex terminal identifier (and, optionally, parameters) for "

"a teletex terminal associated with the organization." )]

string TeletexTerminalIdentifier[];

[Description (

"The Telex Number property specifies the telex number, country "

"code, and answerback code of a telex terminal for the "

"organization." )]

string TelexNumber[];

[Octetstring, Description (

"A small image of the person's organization logo")]

string ThumbnailLogo[];

[Octetstring, Description (

"A small image of the person.")]

string ThumbnailPhoto[];

[Description (

"The Title property may be used to specify the person's "

"designated position or function of the object within an "

"organization, e.g., Manager, Vice-President, etc.")]

string Title[];

[Description (

"Based on RFC1274, the UserID property may be used to specify "

"a computer system login name.")]

string UserID[];

[Description (

"A unique identifier that may be assigned in an environment to "

"differentiate between uses of a given named person instance."

)]

string UniqueIdentifier[];

[Octetstring, Description (

"Based on inetOrgPerson and for directory compatibility, the "

"User Certificate property may be used to specify a public key "

"certificate for the person.")]

string UserCertificate[];

[Octetstring, Description (

"In the case of an LDAP-derived instance, the UserPassword "

"property may contain an encrypted password used to access "

"the person's resources in a directory." )]

string UserPassword[];

[Octetstring, Description (

"Based on inetOrgPerson and for directory compatibility, the "

"UserPKCS12 property value may be used to provides a format "

"for exchange of personal identity information. The property "

"values are PFX PDUs stored as Octetstrings.")]

string UserPKCS12[];

[Octetstring, Description (

"Based on inetOrgPerson, the User S/MIME Certificate property "

"may be used to specify the person's an S/MIME (RFC1847) "

"signed message with a zero-length body. It contains the "

"entire certificate chain and the signed attribute that "

"describes their algorithm capabilities. If available, this "

"property is preferred over the UserCertificate property for "

"S/MIME applications.")]

string UserSMIMECertificate[];

[MaxLen (15), Description (

"An X.121 address for the organization.")]

string X121Address[];

[Octetstring, Description (

"An X.500 specified unique identifier that may be assigned in "

"an environment to differentiate between uses of a given named "

"person object instance.")]

string X500UniqueIdentifier[];

};

// ==================================================================

// UsersAccess

// ==================================================================

[Description (

"The UsersAccess object class is used to specify a system user "

"that permitted access to system resources. The ManagedElement "

"that has access to system resources (represented in the model in "

"the ElementAsUser association) may be a person, a service, a "

"service access point or any collection thereof. Whereas the "

"Account class represents the user's relationship to a system "

"from the perspective of the security services of the system, the "

"UserAccess class represents the relationships to the systems "

"independent of a particular system or service.") ]

class CIM_UsersAccess: CIM_UserEntity

{

[Key, MaxLen (256), Description (

"CreationClassName indicates the name of the class or the "

"subclass used in the creation of an instance. When used "

"with the other key properties of this class, this property "

"allows all instances of this class and its subclasses to "

"be uniquely identified.")]

string CreationClassName;

[Key, MaxLen (256),Description (

"The Name property defines the label by which the object is "

"known.")]

string Name;

[Key, Description (

"The ElementID property uniquely specifies the ManagedElement "

"object instance that is the user represented by the "

"UsersAccess object instance. The ElementID is formatted "

"similarly to a model path except that the property-value "

"pairs are ordered in alphabetical order (US ASCII lexical "

"order).")]

string ElementID;

[Description (

"Biometric information used to identify a person. The "

"property value is left null or set to 'N/A' for non-human "

"user or a user not using biometric information for "

"authentication."),

Values { "N/A", "Other", "Facial", "Retina", "Mark", "Finger",

"Voice", "DNA-RNA", "EEG"} ]

uint16 Biometric[];

};

// ==================================================================

// Account

// ==================================================================

[Description (

"CIM_Account is the information held by a SecurityService "

"to track identity and privileges managed by that service. "

"Common examples of an Account are the entries in a UNIX "

"/etc/passwd file. Several kinds of security services use "

"various information from those entries - the /bin/login "

"program uses the account name ('root') and hashed password "

"to authenticate users, and the file service, for instance, "

"uses the UserID field ('0') and GroupID field ('0') to "

"record ownership and determine access control privileges "

"on files in the file system. This class is defined so as "

"to incorporate commonly-used LDAP attributes to permit "

"implementations to easily derive this information from "

"LDAP-accessible directories.") ]

class CIM_Account:CIM_LogicalElement

{

[Propagated ("CIM_System.CreationClassName"), Key,

MaxLen (256), Description ("Scoping System")]

string SystemCreationClassName;

[Propagated ("CIM_System.Name"), Key,

MaxLen (256),Description ("Scoping System")]

string SystemName;

[Key, MaxLen (256), Description (

"CreationClassName indicates the name of the class or the "

"subclass used in the creation of an instance. When used "

"with the other key properties of this class, this property "

"allows all instances of this class and its subclasses to "

"be uniquely identified.")]

string CreationClassName;

[Key, Override("Name"), MaxLen (1024), Description (

"The Name property defines the label by which the object is "

"known. The value of this property may be set to be the same "

"as that of the UserID property or, in the case of an "

"LDAP-derived instance, the Name property value may be set to "

"the distinguishedName of the LDAP-accessed object instance.")]

string Name;

[MaxLen (256), Description (

"UserID is the value used by the SecurityService to "

"represent identity. For an authentication service, the "

"UserID may be the name of the user, or for an authorization "

"service the value which serves as a handle to a mapping of "

"the identity.") ]

string UserID;

[Description (

"In the case of an LDAP-derived instance, the ObjectClass "

"property value(s) may be set to the objectClass attribute "

"values.")]

string ObjectClass[];

[MaxLen (1024), Description (

"The Descriptions property values may contain human-readable "

"descriptions of the object. In the case of an LDAP-derived "

"instance, the description attribute may have multiple values "

"that, therefore, cannot be placed in the inherited "

"Description property.")]

string Descriptions[];

[Description (

"Based on RFC1274, the host name of the system(s) for which "

"the account applies. The host name may be a fully-qualified "

"DNS name or it may be an unqualified host name.")]

string Host[];

[Description (

"This property contains the name of a locality, such as a "

"city, county or other geographic region.")]

string LocalityName[];

[Required, Description (

"The name of the organization related to the account.")]

string OrganizationName[];

[Description (

"The name of an organizational unit related to the account.")]

string OU[];

[Description (

"In the case of an LDAP-derived instance, the See Also "

"property specifies distinguishedName of other Directory "

"objects which may be other aspects (in some sense) of the "

"same real world object.")]

string SeeAlso[];

[Octetstring, Description (

"Based on inetOrgPerson and for directory compatibility, the "

"User Certificate property may be used to specify a public key "

"certificate for the person.")]

string UserCertificate[];

[Octetstring, Description (

"In the case of an LDAP-derived instance, the UserPassword "

"property may contain an encrypted password used to access "

"the person's resources in a directory." )]

string UserPassword[];

};

// ==================================================================

// SecurityService

// ==================================================================

[ Abstract, Description (

"CIM_SecurityService ...") ]

class CIM_SecurityService:CIM_Service

{

};

// ==================================================================

// AccountManagementService

// ==================================================================

[Description (

"CIM_AccountManagementService creates, manages, and if necessary "

"destroys Accounts on behalf of other SecuritySerices.") ]

class CIM_AccountManagementService:CIM_SecurityService

{

};

// ==================================================================

// AuthenticationService

// ==================================================================

[Description (

"CIM_AuthenticationService verifies users' identities through "

"some means. These services are decomposed into a subclass that "

"provides credentials to users and a subclass that provides for "

"the verification of the validity of a credential and, perhaps, "

"the appropriateness of its use for access to target resources. "

"The persistent state information used from one such verification "

"to another is maintained in an Account for that Users Access on "

"that AuthenticationService.") ]

class CIM_AuthenticationService:CIM_SecurityService

{

};

// ==================================================================

// VerificationService

// ==================================================================

[Description (

"CIM_VerificationService is the authentication service that "

"verifies a credential for use and may also verify the "

"appropriateness of a particular credential in conjunction with a "

"particular target resource.")]

class CIM_VerificationService:CIM_AuthenticationService

{

};

// ==================================================================

// CredentialManagementService

// ==================================================================

[Description (

"CIM_CredentialManagementService issues credentials and manages "

"the credential lifecycle.") ]

class CIM_CredentialManagementService:CIM_AuthenticationService

{

};

// ==================================================================

// CredentialManagementSAP

// ==================================================================

[Description (

"CIM_CredentialManagementSAP represents the ability to "

"utilize or invoke a CredentialManagementService.") ]

class CIM_CredentialManagementSAP:CIM_ServiceAccessPoint

{

[Description ("The URL for the access point.") ]

string URL;

};

// ==================================================================

// CertificateAuthority

// ==================================================================

[Description ("A Certificate Authority (CA) is a credential "

"management service that issues and cryptographically "

"signs certificates thus acting as an trusted third-party "

"intermediary in establishing trust relationships. The CA "

"authenicates the holder of the private key related to the "

"certificate's public key; the authenicated entity is "

"represented by the UsersAccess class.") ]

class CIM_CertificateAuthority:CIM_CredentialManagementService

{

[Description (

"The CAPolicyStatement describes what care is taken by the "

"CertificateAuthority when signing a new certificate. "

"The CAPolicyStatment may be a dot-delimited ASN.1 OID "

"string which identifies to the formal policy statement.") ]

string CAPolicyStatement;

[Description ( "A CRL, or CertificateRevocationList, is a "

"list of certificates which the CertificateAuthority has "

"revoked and which are not yet expired. Revocation is "

"necessary when the private key associated with the public "

"key of a certificate is lost or compromised, or when the "

"person for whom the certificate is signed no longer is "

"entitled to use the certificate."), Octetstring ]

string CRL[];

[Description ("Certificate Revocation Lists may be "

"available from a number of distribution points. "

"CRLDistributionPoint array values provide URIs for those "

"distribution points.")]

string CRLDistributionPoint[];

[Description ( "Certificates refer to their issuing CA by "

"its Distinguished Name (as defined in X.501)."), DN]

string CADistinguishedName;

[Description ( "The frequency, expressed in hours, at which "

"the CA will update its Certificate Revocation List. Zero "

"implies that the refresh frequency is unknown."),

Units("Hours")]

uint8 CRLRefreshFrequency;

[Description ( "The maximum number of certificates in a "

"certificate chain permitted for credentials issued by "

"this certificate authority or it's subordinate CAs.\n"

"The MaxChainLength of a superior CA in the trust "

"hierarchy should be greater than this value and the "

"MaxChainLength of a subordinate CA in the trust hierarchy "

"should be less than this value.")]

uint8 MaxChainLength;

};

// ==================================================================

// KerberosKeyDistributionCenter

// ==================================================================

[Description (

"CIM_KerberosKeyDistributionCenter ...") ]

class CIM_KerberosKeyDistributionCenter:CIM_CredentialManagementService

{

[Override ("Name"),

Description ("The Realm served by this KDC.")]

string Name;

[Description ("The version of Kerberos supported by this "

"service."),

Values {"V4", "V5", "DCE", "MS"} ]

uint16 Protocol[];

};

// ==================================================================

// Notary

// ==================================================================

[Description (

"CIM_Notary is an AuthenticationService (credential "

"management service) which compares the "

"biometric characteristics of a person with the "

"known characteristics of an Users Access, and determines "

"whether the person is the UsersAccess. An example is "

"a bank teller who compares a picture ID with the person "

"trying to cash a check, or a biometric login service that "

"uses voice recognition to identify a user.") ]

class CIM_Notary:CIM_CredentialManagementService

{

[Description ( "The types of biometric information which "

"this Notary can compare."),

Values { "N/A", "Other", "Facial", "Retina", "Mark",

"Finger", "Voice", "DNA-RNA", "EEG"} ]

uint16 Comparitors;

[Description (

"The SealProtocol is how the decision of the Notary is "

"recorded for future use by parties who will rely on its "

"decision. For instance, a drivers licence frequently "

"includes tamper-resistent coatings and markings to protect "

"the recorded decision that a driver, having various "

"biometric characteristics of height, weight, hair and eye "

"color, using a particular name, has features represented in "

"a photograph of their face.")]

string SealProtocol;

[Description (

"CharterIssued documents when the Notary is first "

"authorized, by whoever gave it responsibility, to perform "

"its service.")]

datetime CharterIssued;

[Description (

"CharterExpired documents when the Notary is no longer "

"authorized, by whoever gave it responsibility, to perform "

"its service.")]

datetime CharterExpired;

};

// ==================================================================

// LocalCredentialManagementService

// ==================================================================

[Description (

"CIM_LocalCredentialManagementService is a credential "

"management service that provides local system "

"management of credentials used by the local system.") ]

class CIM_LocalCredentialManagementService:CIM_CredentialManagementService

{

};

// ==================================================================

// SharedSecretService

// ==================================================================

[Description (

"CIM_SharedSecretService is a service which ascertains "

"whether messages received are from the Principal with "

"whom a secret is shared. Examples include a login "

"service that proves identity on the basis of knowledge of "

"the shared secret, or a transport integrity service (like "

"Kerberos provides) that includes a message authenticity "

"code that proves each message in the messsage stream came "

"from someone who knows the shared secret session key.")]

class CIM_SharedSecretService:CIM_LocalCredentialManagementService

{

[MaxLen (256), Description (

"The Algorithm used to convey the shared secret, such as "

"HMAC-MD5,or PLAINTEXT.") ]

string Algorithm;

[Description (

"The Protocol supported by the SharedSecretService.")]

string Protocol;

};

// ==================================================================

// PublicKeyManagementService

// ==================================================================

[Description (

"CIM_PublicKeyManagementService is a credential management "

"service that provides local system management of public "

"keys used by the local system.") ]

class CIM_PublicKeyManagementService:CIM_LocalCredentialManagementService

{

};

// ==================================================================

// Credential

// ==================================================================

[Abstract, Description (

"Subclasses of CIM_Credential define materials, "

"information, or other data which are used to prove the "

"identity of a CIM_UsersAccess to a particular "

"CIM_SecurityService. Generally, there may be some shared "

"information, or credential material which is used to "

"identify and authenticate ones self in the process of "

"gaining access to, or permission to use, an Account. "

"Such credential material may be used to authenticate a "

"users access identity initially, as done by a "

"CIM_AuthenticationService (see later), and additionally on "

"an ongoing basis during the course of a connection or "

"other security association, as proof that each received "

"message or communication came from the owning user access of "

"that credential material.") ]

class CIM_Credential:CIM_ManagedElement

{

};

// ==================================================================

// PublicKeyCertificate

// ==================================================================

[Description ("A Public Key Certificate is a credential "

"that is cryptographically signed by a trusted Certificate "

"Authority (CA) and issued to an authenticated entity "

"(e.g., human user, service,etc.) called the Subject in "

"the certificate and represented by the UsersAccess class. "

"The public key in the certificate is cryptographically "

"related to a private key that is to be held and kept "

"private by the authenticated Subject. The certificate "

"and its related private key can then be used for "

"establishing trust relationships and securing "

"communications with the Subject. Refer to the ITU/CCITT "

"X.509 standard as an example of such certificates.") ]

class CIM_PublicKeyCertificate:CIM_Credential

{

[Propagated ("CIM_CertificateAuthority.SystemCreationClassName"),

Key, MaxLen (256), Description ("Scoping System")]

string SystemCreationClassName;

[Propagated ("CIM_CertificateAuthority.SystemName"),

Key, MaxLen (256),Description ("Scoping System")]

string SystemName;

[Propagated ("CIM_CertificateAuthority.CreationClassName"),

Key, MaxLen (256), Description ("Scoping Service")]

string ServiceCreationClassName;

[Propagated ("CIM_CertificateAuthority.Name"),

Key, MaxLen (256), Description ("Scoping Service")]

string ServiceName;

[Key, MaxLen (256), Description (

"Certificate subject identifier")]

string Subject;

[MaxLen (256), Description (

"Alternate subject identifier for the Certificate.")]

string AltSubject;

[Description ("The DER-encoded raw public key."), Octetstring]

uint8 PublicKey[];

};

// ==================================================================

// UnsignedPublicKey

// ==================================================================

[Description (

"A CIM_UnsignedPublicKey represents an unsigned public "

"key credential. The local UsersAccess (or subclass "

"thereof) accepts the public key as authentic because of "

"a direct trust relationship rather than via a third-party "

"Certificate Authority.") ]

class CIM_UnsignedPublicKey:CIM_Credential

{

[Key, MaxLen (256), Description ("Scoping System"), Propagated ("CIM_PublicKeyManagementService.SystemCreationClassName")]

string SystemCreationClassName;

[Propagated ("CIM_PublicKeyManagementService.SystemName"),

Key, MaxLen (256),Description ("Scoping System")]

string SystemName;

[Propagated ("CIM_PublicKeyManagementService.CreationClassName"),

Key, MaxLen (256), Description ("Scoping Service")]

string ServiceCreationClassName;

[Propagated ("CIM_PublicKeyManagementService.Name"),

Key, MaxLen (256), Description ("Scoping Service")]

string ServiceName;

[Key, MaxLen (256), Description (

"The Identity of the Peer with whom a direct trust "

"relationship exists. The public key may be used for "

"security functions with the Peer."),

ModelCorrespondence

{"CIM_PublicKeyManagementService.PeerIdentityType" } ]

string PeerIdentity;

[Description ("PeerIdentityType is used to describe the "

"type of the PeerIdentity. The currently defined values "

"are used for IKE identities."),

ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8",

"9", "10", "11"},

Values {"Other", "IPV4_ADDR", "FQDN", "USER_FQDN",

"IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",

"IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",

"DER_ASN1_GN", "KEY_ID"},

ModelCorrespondence

{"CIM_PublicKeyManagementService.PeerIdentity" } ]

uint16 PeerIdentityType;

[Description ("The DER-encoded raw public key."),

Octetstring]

uint8 PublicKey[];

};

// ==================================================================

// KerberosTicket

// ==================================================================

[Description (

"A CIM_KerberosTicket represents a credential issued by a "

"particular Kerberos Key Distribution Center (KDC) "

"to a particular CIM_UsersAccess as the result of a "

"successful authentication process. There are two types of "

"tickets that a KDC may issue to a Users Access - a "

"TicketGranting ticket, which is used to protect and "

"authenticate communications between the Users Access and the "

"KDC, and a Session ticket, which the KDC issues to two "

"Users Access to allow them to communicate with each other. "

) ]

class CIM_KerberosTicket:CIM_Credential

{

[Key, MaxLen (256), Description ("Scoping System"), Propagated

("CIM_KerberosKeyDistributionCenter.SystemCreationClassName")]

string SystemCreationClassName;

[Propagated ("CIM_KerberosKeyDistributionCenter.SystemName"),

Key, MaxLen (256),Description ("Scoping System")]

string SystemName;

[Key, MaxLen (256), Propagated

("CIM_KerberosKeyDistributionCenter.CreationClassName"),

Description ("Scoping Service")]

string ServiceCreationClassName;

[Propagated ("CIM_KerberosKeyDistributionCenter.Name"),

Key, MaxLen (256),

Description ("Scoping Service. The Kerberos KDC Realm of "

"CIM_KerberosTicket is used to record the security "

"authority, or Realm, name so that tickets issued by "

"different Realms can be separately managed and "

"enumerated.")]

string ServiceName;

[Key, MaxLen (256), Description ("The name of the service "

"for which this ticket is used.")]

string AccessesService;

[Key, MaxLen (256), Description (

"RemoteID is the name by which the user is known at "

"the KDC security service.")]

string RemoteID;

datetime Issued;

datetime Expires;

[Description (

"The Type of CIM_KerberosTicket is used to indicate whether "

"the ticket in question was issued by the Kerberos Key "

"Distribution Center (KDC) to support ongoing communication "

"between the Users Access and the KDC (\"TicketGranting\"), "

"or was issued by the KDC to support ongoing communication "

"between two Users Access entities (\"Session\")." ),

Values {"Session", "TicketGranting"}]

uint16 TicketType;

};

// ==================================================================

// SharedSecret

// ==================================================================

[Description (

"CIM_SharedSecret is the secret shared between a Users Access "

"and a particular SharedSecret security service. Secrets "

"may be in the form of a password used for initial "

"authentication, or as with a session key, used as part of "

"a message authentication code to verify that a message "

"originated by the pricinpal with whom the secret is shared. "

"It is important to note that SharedSecret is not just the "

"password, but rather is the password used with a particular "

"security service.")]

class CIM_SharedSecret:CIM_Credential

{

[Propagated ("CIM_SharedSecretService.SystemCreationClassName"),

Key, MaxLen (256), Description ("Scoping System")]

string SystemCreationClassName;

[Propagated ("CIM_SharedSecretService.SystemName"), Key,

MaxLen (256),Description ("Scoping System")]

string SystemName;

[Key, MaxLen (256), Propagated

("CIM_SharedSecretService.CreationClassName"),

Description ("Scoping Service")]

string ServiceCreationClassName;

[Propagated ("CIM_SharedSecretService.Name"),

Key, MaxLen (256),

Description ("Scoping Service")]

string ServiceName;

[Key, MaxLen (256), Description (

"RemoteID is the name by which the user is known at "

"the remote secret key authentication service.")]

string RemoteID;

[Description (

"secret is the secret known by the Users Access.")]

string secret;

[Description (

"algorithm names the transformation algorithm, if any, used "

"to protect passwords before use in the protocol. For "

"instance, Kerberos doesn't store passwords as the shared "

"secret, but rather, a hash of the password.")]

string algorithm;

[Description (

"protocol names the protocol with which the SharedSecret is "

"used.")]

string protocol;

};

// ==================================================================

// NamedSharedIKESecret

// ==================================================================

[Description (

"CIM_NamedSharedIKESecret indirectly represents a shared "

"secret credential. The local identity, IKEIdentity, "

"and the remote peer identity share the secret that is "

"named by the SharedSecretName. The SharedSecretName is "

"used SharedSecretService to reference the secret.") ]

class CIM_NamedSharedIKESecret:CIM_Credential

{

[Propagated ("CIM_SharedSecretService.SystemCreationClassName"),

Key, MaxLen (256), Description ("Scoping System")]

string SystemCreationClassName;

[Propagated ("CIM_SharedSecretService.SystemName"),

Key, MaxLen (256),Description ("Scoping System")]

string SystemName;

[Propagated ("CIM_SharedSecretService.CreationClassName"),

Key, MaxLen (256), Description ("Scoping Service")]

string ServiceCreationClassName;

[Propagated ("CIM_SharedSecretService.Name"),

Key, MaxLen (256), Description ("Scoping Service")]

string ServiceName;

[Key, MaxLen (256), Description (

"The local Identity with whom the direct trust "

"relationship exists."),

ModelCorrespondence

{"CIM_NamedSharedIKESecret.LocalIdentityType" } ]

string LocalIdentity;

[Key, Description ("LocalIdentityType is used to describe "

"the type of the LocalIdentity."),

ValueMap {"1", "2", "3", "4", "5", "6", "7", "8",

"9", "10", "11"},

Values {"IPV4_ADDR", "FQDN", "USER_FQDN",

"IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",

"IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",

"DER_ASN1_GN", "KEY_ID"},

ModelCorrespondence

{"CIM_NamedSharedIKESecret.LocalIdentity" } ]

uint16 LocalIdentityType;

[Key, MaxLen (256), Description (

"The peer identity with whom the direct trust "

"relationship exists."),

ModelCorrespondence

{"CIM_NamedSharedIKESecret.PeerIdentityType" } ]

string PeerIdentity;

[Key, Description ("PeerIdentityType is used to describe "

"the type of the PeerIdentity."),

ValueMap {"1", "2", "3", "4", "5", "6", "7", "8",

"9", "10", "11"},

Values {"IPV4_ADDR", "FQDN", "USER_FQDN",

"IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",

"IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",

"DER_ASN1_GN", "KEY_ID"},

ModelCorrespondence

{"CIM_NamedSharedIKESecret.PeerIdentity" } ]

uint16 PeerIdentityType;

[Description ("SharedSecretName is an indirect reference "

"to a shared secret. The SecretService does not expose "

"the actual secret but rather provides access to the "

"secret via a name.")]

string SharedSecretName;

};

// ==================================================================

// AuthorizationService

// ==================================================================

[Description (

"CIM_AuthorizationService determines whether a user, by "

"association with an Account used by the AuthorizationService, is "

"permitted access a resource or set of resources.") ]

class CIM_AuthorizationService:CIM_SecurityService

{

};

// ==================================================================

// AuthenticationRequirement

// ==================================================================

[Description (

"CIM_AuthenticationRequirement provides, through its "

"associations, the authentication requirements for access to "

"system resources. For a particular set of target resources, the "

"AuthenticationService may require that credentials be issued by "

"a specific CredentialManagementService. The "

"AuthenticationRequirement class is weak to the system (e.g., "

"Computer System or Administrative Domain) for which the "

"requirements apply.")]

class CIM_AuthenticationRequirement : CIM_LogicalElement

{

[Key, MaxLen (256), Propagated ("CIM_System.CreationClassName"),

Description ("Hosting system creation class name")]

string SystemCreationClassName;

[Key, MaxLen (256), Propagated ("CIM_System.Name"),

Description ("Hosting system name")]

string SystemName;

[Key, MaxLen (256), Description (

"CreationClassName indicates the name of the class or the "

"subclass used in the creation of an instance. When used "

"with the other key properties of this class, this property "

"allows all instances of this class and its subclasses to "

"be uniquely identified.")]

string CreationClassName;

[Key, MaxLen (256), Override ("Name"), Description (

"The Name property defines the unique label, in the context of "

"the hosting system, by which the AuthenticationRequirement "

"is known.")]

string Name;

[Description (

"The SecurityClassification property specifies a named level "

"of security associated with the AuthenticationRequirement, "

"e.g., 'Confidential', 'Top Secret', etc.")]

string SecurityClassification;

};

// ==================================================================

// AccessControlInformation

// ==================================================================

[Description (

"CIM_AccessControlInformation provides, through its properties "

"and its associations, the specification of the access rights "

"granted to a set of subject users to a set of target resources. "

"The AccessControlInformation class is weak to the system (e.g., "

"Computer System or Administrative Domain) for which the access "

"controls apply.")]

class CIM_AccessControlInformation: CIM_LogicalElement

{

[Key, MaxLen (256), Propagated ("CIM_System.CreationClassName"),

Description ("Hosting system creation class name")]

string SystemCreationClassName;

[Key, MaxLen (256), Propagated ("CIM_System.Name"),

Description ("Hosting system name")]

string SystemName;

[Key, MaxLen (256), Description (

"CreationClassName indicates the name of the class or the "

"subclass used in the creation of an instance. When used "

"with the other key properties of this class, this property "

"allows all instances of this class and its subclasses to "

"be uniquely identified.")]

string CreationClassName;

[Key, MaxLen (256), Override ("Name"), Description (

"The Name property defines the unique label, in the context of "

"the hosting system, by which the AccessControlInformation "

"is known.")]

string Name;

[Description (

"The SecurityClassification property specifies a named level "

"of security associated with the AccessControlInformation, "

"e.g., 'Confidential', 'Top Secret', etc.")]

string SecurityClassification;

[Description (

"The AccessType property is an array of string values that "

"specifies the type of access for which the corresponding "

"permission applies. For example, it can be used to specify a "

"generic access such as 'Read-only', 'Read/Write', etc. for "

"file or record access control or it can be used to specifiy "

"an entry point name for service access control."),

ModelCorrespondence {

"CIM_AccessControlInformation.AccessQualifier",

"CIM_AccessControlInformation.Permission" } ]

string AccessType[];

[Description (

"The AccessQualifier property is an array of string values "

"may be used to further qualify the type of access for which "

"the corresponding permission applies. For example, it may be "

"used to specify a set of parameters that are permitted or "

"denied in conjunction with the corresponding AccessType entry "

"point name."),

ModelCorrespondence {

"CIM_AccessControlInformation.AccessType",

"CIM_AccessControlInformation.Permission" } ]

string AccessQualifier[];

[Description (

"The Permission property is an array of string values "

"indicating the permission that applies to the corrsponding "

"AccessType and AccessQualifier array values. The values "

"may be extended in subclasses to provide more specific access "

"controls."),

ValueMap {"Unknown", "Allow", "Deny", "Manage"},

ModelCorrespondence {

"CIM_AccessControlInformation.AccessType",

"CIM_AccessControlInformation.AccessQualifier" } ]

string Permission[];

};

// ==================================================================

// === Association class definitions ===

// ==================================================================

// Aggregations

// ==================================================================

// MemberPrincipal

// ==================================================================

[Association, Aggregation, Description (

"CIM_MemberPrincipal is an aggregation used to establish "

"membership of principals (i.e., users) in a Collection. That "

"membership can be established either directly or indirectly as "

"indicated in the UsersAccessBy property. For example, a user "

"may be identified directly by their userid (i.e., Account object "

"instance) or the user may be identified indirectly by realm from "

"which a ticket was issued (i.e., CredentialManagementService "

"object instance). The latter case is useful, for example, for "

"specifying that only users identified by an internal credential "

"service are permitted to access very sensitive information." ) ]

class CIM_MemberPrincipal: CIM_MemberOfCollection

{

[Override ("Collection"), Aggregate ]

CIM_Collection REF Collection;

[Override ("Member") ]

CIM_ManagedElement REF Member;

[Description (

"A MemberPrincipal may be identifed in several ways that may "

"be either direct or indirect membership in the collection. "

" - A 'UsersAccess' membership directly identifies the user by "

" the UsersAccess object instance. "

" - An 'Account' membership directly identifies the user by "

" the Account object class instance. "

" - A 'UsingElement' membership indirectly identifies the user "

" by the ManagedElement object instance that has "

" ElementAsUser associations to UsersAccess object "

" instances. Hence, all UsersAccess instances are "

" indirectly included in the collection. "),

ValueMap {"1", "2", "3", "4" },

Values {"UsersAccess", "Account", "UsingElement",

"CredentialManagementService"} ]

uint16 UserAccessBy;

};

// ===================================================================

// AccountOnSystem

// ===================================================================

[Association, Aggregation, Description (

"A system (e.g., ApplicationSystem, ComputerSystem, AdminDomain) "

"aggregates Accounts and scopes the uniqueness of the Account "

"names (i.e., userids).") ]

class CIM_AccountOnSystem : CIM_SystemComponent

{

[Override ("GroupComponent"), Min (1), Max (1), Aggregate,

Description ("The aggregating system also provides name scoping "

"for the Account.")]

CIM_System REF GroupComponent;

[Override ("PartComponent"), Weak,

Description ("The subordinate Account")]

CIM_Account REF PartComponent;

};

// ==================================================================

// OrgStructure

// ==================================================================

[Association, Aggregation, Description (

"CIM_OrgStructure is an association used to establish parent-child "

"relationships between OrganizationalEntity instances. This is "

"used to capture organizational relationships between object "

"instances such as those that are imported from an LDAP-accessible "

"directory.") ]

class CIM_OrgStructure

{

[Key, Max (1), Aggregate,

Description ("The organizational parent in this association.") ]

CIM_OrganizationalEntity REF Parent;

[Key,

Description ("The organizational child in this association, "

"i.e., the sub-unit or other owned object instance.") ]

CIM_OrganizationalEntity REF Child;

};

// ==================================================================

// CollectionInOrganization

// ==================================================================

[Association, Aggregation, Description (

"CIM_CollectionInOrganization is an association used to establish "

"a parent-child relationship between a collection and an 'owning' "

"OrganizationalEntity. A single collection should not have both "

"a CollectionInOrganization and a CollectionInSystem association."

)]

class CIM_CollectionInOrganization

{

[Key, Max (1), Aggregate,

Description ("The parent organization responsible for the "

"collection.") ]

CIM_OrganizationalEntity REF Parent;

[Key,

Description ("The collection") ]

CIM_Collection REF Child;

};

// ==================================================================

// CollectionInSystem

// ==================================================================

[Association, Aggregation, Description (

"CIM_CollectionInSystem is an association used to establish a "

"parent-child relationship between a collection and an 'owning' "

"System such as an AdminDomain or ComputerSystem. A single "

"collection should not have both a CollectionInOrganization and a "

"CollectionInSystem association." )]

class CIM_CollectionInSystem

{

[Key, Max (1), Aggregate,

Description ("The parent system responsible for the "

"collection.") ]

CIM_System REF Parent;

[Key,

Description ("The collection") ]

CIM_Collection REF Child;

};

// Associations

// ==================================================================

// ElementAsUser

// ==================================================================

[Association, Description (

"CIM_ElementAsUser is an association used to establish the "

"'ownership' of UsersAccess object instances. That is, the "

"ManagedElement may have UsersAccess to systems and, therefore, "

"be 'users' on those systems. UsersAccess instances must have an "

"'owning' ManagedElement. Typically, the ManagedElements will be "

"limited to Collection, Person, Service and ServiceAccessPoint. "

"Other non-human ManagedElements that might be thought of as "

"having UsersAccess (e.g., a device or system) have services that "

"have the UsersAccess.")]

class CIM_ElementAsUser : CIM_Dependency

{

[Min (1), Max (1), Override ("Antecedent"),

Description ("The ManagedElement that has UsersAccess") ]

CIM_ManagedElement REF Antecedent;

[Override ("Dependent"),

Description ("The 'owned' UsersAccess") ]

CIM_UsersAccess REF Dependent;

};

// ==================================================================

// MoreOrganizationInfo

// ==================================================================

[Association, Description (

"CIM_MoreOrganizationInfo is an association used to extend the "

"information in a CIM_Organization class instance."

)]

class CIM_MoreOrganizationInfo : CIM_Dependency

{

[Max (1), Override ("Antecedent"),

Description (" "

" ") ]

CIM_Organization REF Antecedent;

[Min (0), Max (1), Override ("Dependent"),

Description (" ") ]

CIM_OtherOrganizationInformation REF Dependent;

};

// ==================================================================

// MoreOrgUnitInfo

// ==================================================================

[Association, Description (

"CIM_MoreOrgUnitInfo is an association used to extend the "

"information in an CIM_OrgUnit class instance."

)]

class CIM_MoreOrgUnitInfo : CIM_Dependency

{

[Max (1), Override ("Antecedent"),

Description (" "

" ") ]

CIM_OrgUnit REF Antecedent;

[Min (0), Max (1), Override ("Dependent"),

Description (" ") ]

CIM_OtherOrgUnitInformation REF Dependent;

};

// ==================================================================

// MoreGroupInfo

// ==================================================================

[Association, Description (

"CIM_MoreGroupInfo is an association used to extend the "

"information in a CIM_Group class instance."

)]

class CIM_MoreGroupInfo : CIM_Dependency

{

[Max (1), Override ("Antecedent"),

Description (" "

" ") ]

CIM_Group REF Antecedent;

[Min (0), Max (1), Override ("Dependent"),

Description (" ") ]

CIM_OtherGroupInformation REF Dependent;

};

// ==================================================================

// MoreRoleInfo

// ==================================================================

[Association, Description (

"CIM_MoreRoleInfo is an association used to extend the "

"information in a CIM_Role class instance."

)]

class CIM_MoreRoleInfo : CIM_Dependency

{

[Max (1), Override ("Antecedent"),

Description (" "

" ") ]

CIM_Role REF Antecedent;

[Min (0), Max (1), Override ("Dependent"),

Description (" ") ]

CIM_OtherRoleInformation REF Dependent;

};

// ==================================================================

// MorePersonInfo

// ==================================================================

[Association, Description (

"CIM_MorePersonInfo is an association used to extend the "

"information in a CIM_Person class instance."

)]

class CIM_MorePersonInfo : CIM_Dependency

{

[Max (1), Override ("Antecedent"),

Description (" "

" ") ]

CIM_Person REF Antecedent;

[Min (0), Max (1), Override ("Dependent"),

Description (" ") ]

CIM_OtherPersonInformation REF Dependent;

};

// ==================================================================

// SystemAdministrator

// ==================================================================

[Association, Description (

"CIM_SystemAdministrator is an association used to identify "

"the UserEntity as a system administrator of a CIM_System." ) ]

class CIM_SystemAdministrator: CIM_Dependency

{

[Override ("Antecedent"), Description (

"The administered system.") ]

CIM_System REF Antecedent;

[Override ("Dependent"), Description (

"The UserEntity that provides the admininstrative function "

"for the associated system.") ]

CIM_UserEntity REF Dependent;

};

// ==================================================================

// SystemAdministratorGroup

// ==================================================================

[Association, Description (

"CIM_SystemAdministratorGroup is an association used to identify "

"a Group that has system administrator responsibilities for a "

"CIM_System. " )]

class CIM_SystemAdministratorGroup : CIM_Dependency

{

[Override ("Antecedent"),

Description ("The administered system") ]

CIM_System REF Antecedent;

[Override ("Dependent"),

Description ("The Group of administrators") ]

CIM_Group REF Dependent;

};

// ==================================================================

// SystemAdministratorRole

// ==================================================================

[Association, Description (

"CIM_SystemAdministratorRole is an association used to identify "

"a system administrator Role for a CIM_System.")]

class CIM_SystemAdministratorRole : CIM_Dependency

{

[Override ("Antecedent"),

Description ("The administered system") ]

CIM_System REF Antecedent;

[Override ("Dependent"),

Description ("The system administration role") ]

CIM_Role REF Dependent;

};

// ===================================================================

// UsersAccount

// ===================================================================

[Association, Description (

"This relationship associates UsersAccess with the Accounts "

"with which they're able to interact.") ]

class CIM_UsersAccount : CIM_Dependency

{

[Override ("Antecedent"),

Description ( "The user's Account") ]

CIM_Account REF Antecedent;

[Override ("Dependent"),

Description ( "The User as identified by their UsersAccess "

"instance")]

CIM_UsersAccess REF Dependent;

};

// ===================================================================

// AccountMapsToAccount

// ===================================================================

[Association, Description (

"This relationship may be used to associate an Account used by an "

"AuthenticationService to an Account used for Authorization. For "

"instance, this mapping occurs naturally in the UNIX /etc/passwd "

"file, where the AuthenticationSerice Account ('root') is mapped "

"to the AuthorizationService Account ('0'). The two are separate "

"accounts, as evidenced by the ability to have another "

"AuthenticationService Account which ALSO maps to the "

"AuthorizationService Account ('0') without ambiguity. This "

"association may be used for other account mappings as well such "

"as for coordinating single signon for multiple accounts for the "

"same user.") ]

class CIM_AccountMapsToAccount : CIM_Dependency

{

[Override ("Antecedent"),

Description ( "An Account") ]

CIM_Account REF Antecedent;

[Override ("Dependent"),

Description ( "A related Account")]

CIM_Account REF Dependent;

};

// ===================================================================

// SecurityServiceUsesAccount

// ===================================================================

[Association, Description (

"This relationship associates SecurityService instances to "

"the Accounts they use in the course of their work.") ]

class CIM_SecurityServiceUsesAccount : CIM_Dependency

{

[ Override ("Antecedent") ]

CIM_Account REF Antecedent;

[ Override ("Dependent") ]

CIM_SecurityService REF Dependent;

};

// ===================================================================

// ManagesAccount

// ===================================================================

[Association, Description (

"This relationship associates the AccountManagement security "

"service to the Accounts for which it is responsible.") ]

class CIM_ManagesAccount:CIM_Dependency

{

[ Override ("Antecedent") ]

CIM_AccountManagementService REF Antecedent;

[ Override ("Dependent") ]

CIM_Account REF Dependent;

};

// ===================================================================

// ServiceUsesSecurityService

// ===================================================================

[Association, Description (

"This relationship associates a Services with the Security "

"Service it uses.") ]

class CIM_ServiceUsesSecurityService : CIM_ServiceServiceDependency

{

[ Override ("Antecedent") ]

CIM_SecurityService REF Antecedent;

[ Override ("Dependent") ]

CIM_Service REF Dependent;

};

// ===================================================================

// SecurityServiceForSystem

// ===================================================================

[Association, Description (

"The CIM_SecurityServiceForSystem provides the association between "

"a System and a SecurityService that provides services for that "

"system." ) ]

class CIM_SecurityServiceForSystem : CIM_ProvidesServiceToElement

{

[Override ("Antecedent"), Description (

"The SecurityService that provides services for the system.")]

CIM_SecurityService REF Antecedent;

[Override ("Dependent"), Description (

"The system that is dependent on the security service.")]

CIM_System REF Dependent;

};

// ===================================================================

// ManagesAccountOnSystem

// ===================================================================

[Association, Description (

"The CIM_ManagesAccountOnSystem provides the association between a "

"System and the AccountManagementService that manages accounts for "

"that system." ) ]

class CIM_ManagesAccountOnSystem:CIM_SecurityServiceForSystem

{

[Override ("Antecedent"), Description (

"An AccountManagementService that manages accounts for the "

"system.")]

CIM_AccountManagementService REF Antecedent;

[Override ("Dependent"), Description (

"The system that is dependent on the AccountManagementService."

)]

CIM_System REF Dependent;

};

// ==================================================================

// TrustHierarchy

// ==================================================================

[Association, Description (

"CIM_TrustHierarchy is an association between two "

"CredentialManagementService instances that establishes "

"the trust hierarchy between them.") ]

class CIM_TrustHierarchy:CIM_Dependency

{

[Override ("Antecedent"), Max (1),

Description ("The superior CredentialManagementService "

"from which the dependent service gets its authority.") ]

CIM_CredentialManagementService REF Antecedent;

[Override ("Dependent"), Description (

"The subordinate CredentialManagementService.") ]

CIM_CredentialManagementService REF Dependent;

};

// ==================================================================

// UsersCredential

// ==================================================================

[Association, Description (

"CIM_UsersCredential is an association used to establish the "

"credentials that may be used for a UsersAccess to a system or "

"set of systems. " )]

class CIM_UsersCredential : CIM_Dependency

{

[Override ("Antecedent"),

Description ("The issued credential that may be used.") ]

CIM_Credential REF Antecedent;

[Override ("Dependent"),

Description ("The UsersAccess that has use of a credential") ]

CIM_UsersAccess REF Dependent;

};

// ===================================================================

// PublicPrivateKeyPair

// ===================================================================

[Association, Description (

"This relationship associates a PublicKeyCertificate with "

"the Principal who has the PrivateKey used with the "

"PublicKey. The PrivateKey is not modeled, since it is not "

"a data element that ever SHOULD be accessible via "

"management applications, other than key recovery services, "

"which are outside our scope.") ]

class CIM_PublicPrivateKeyPair:CIM_UsersCredential

{

[ Override ("Antecedent") ]

CIM_PublicKeyCertificate REF Antecedent;

[ Override ("Dependent") ]

CIM_UsersAccess REF Dependent;

[Description ( "The Certificate may be used for signature only "

"or for confidentiality as well as signature"),

Values { "SignOnly", "ConfidentialityOrSignature"} ]

uint16 Use;

boolean NonRepudiation;

boolean BackedUp;

[Description ("The repository in which the certificate is "

"backed up.")]

string Repository;

};

// ===================================================================

// CAHasPublicCertificate

// ===================================================================

[Association, Description (

"A CertificateAuthority may have certificates issued by other CAs. "

"This association is essentially an optimization of the CA having "

"a UsersAccess instance with an association to a certificate thus "

"mapping more closely to LDAP-based certificate authority "

"implementations.") ]

class CIM_CAHasPublicCertificate:CIM_Dependency

{

[Max (1), Override ("Antecedent"),

Description ("The Certificate used by the CA")]

CIM_PublicKeyCertificate REF Antecedent;

[Override ("Dependent"),

Description ("The CA that uses a Certificate")]

CIM_CertificateAuthority REF Dependent;

};

// ===================================================================

// ManagedCredential

// ===================================================================

[Association, Description (

"This relationship associates a CredentialManagementService "

"with the Credential it manages.") ]

class CIM_ManagedCredential:CIM_Dependency

{

[Override ("Antecedent"), Min (1), Max (1),

Description ( "The credential management service")]

CIM_CredentialManagementService REF Antecedent;

[Override ("Dependent"),

Description ( "The managed credential")]

CIM_Credential REF Dependent;

};

// ===================================================================

// CASignsPublicKeyCertificate

// ===================================================================

[Association, Description (

"This relationship associates a CertificateAuthority with "

"the certificates it signs.") ]

class CIM_CASignsPublicKeyCertificate:CIM_ManagedCredential

{

[Override ("Antecedent"), Min (1), Max (1),

Description ( "The CA which signed the certificate")]

CIM_CertificateAuthority REF Antecedent;

[Override ("Dependent"), Weak,

Description ( "The certificate issued by the CA")]

CIM_PublicKeyCertificate REF Dependent;

string SerialNumber;

[ Octetstring ]

uint8 Signature[];

datetime Expires;

string CRLDistributionPoint[];

};

// ==================================================================

// LocallyManagedPublicKey

// ==================================================================

[Association, Description (

"CIM_LocallyManagedPublicKey association provides the "

"relationship between a PublicKeyManagementService and an "

"UnsignedPublicKey.") ]

class CIM_LocallyManagedPublicKey:CIM_ManagedCredential

{

[Override ("Antecedent"), Min (1), Max (1),

Description ("The PublicKeyManagementService that manages "

"an unsigned public key.") ]

CIM_PublicKeyManagementService REF Antecedent;

[Override ("Dependent"), Weak, Description (

"An unsigned public key.") ]

CIM_UnsignedPublicKey REF Dependent;

};

// ===================================================================

// SharedSecretIsShared

// ===================================================================

[Association, Description (

"This relationship associates a SharedSecretService with the "

"SecretKey it verifies.") ]

class CIM_SharedSecretIsShared : CIM_ManagedCredential

{

[Override ("Antecedent"), Min (1), Max (1),

Description ("The credential management service")]

CIM_SharedSecretService REF Antecedent;

[Override ("Dependent"), Weak,

Description ( "The managed credential")]

CIM_SharedSecret REF Dependent;

};

// ==================================================================

// IKESecretIsNamed

// ==================================================================

[Association, Description (

"CIM_IKESecretIsNamed association provides the "

"relationship between a SharedSecretService and a "

"NamedSharedIKESecret.") ]

class CIM_IKESecretIsNamed:CIM_ManagedCredential

{

[Override ("Antecedent"), Min (1), Max (1),

Description ("The SharedSecretService that manages a "

"NamedSharedIKESecret.")]

CIM_SharedSecretService REF Antecedent;

[Override ("Dependent"), Weak, Description (

"The managed NamedSharedIKESecret.") ]

CIM_NamedSharedIKESecret REF Dependent;

};

// ===================================================================

// KDCIssuesKerberosTicket

// ===================================================================

[Association, Description (

"The KDC issues and owns Kerberos tickets. This association "

"captures the relationship between the KDC and its issued tickets."

) ]

class CIM_KDCIssuesKerberosTicket:CIM_ManagedCredential

{

[Override ("Antecedent"), Min (1), Max (1),

Description ( "The issuing KDC") ]

CIM_KerberosKeyDistributionCenter REF Antecedent;

[Override ("Dependent"), Weak,

Description ( "The managed credential")]

CIM_KerberosTicket REF Dependent;

};

// ===================================================================

// NotaryVerifiesBiometric

// ===================================================================

[Association, Description (

"This relationship associates a Notary service with the "

"Users Access whose biometric information is verified.") ]

class CIM_NotaryVerifiesBiometric : CIM_Dependency

{

[Override ("Antecedent"),

Description ("The Notary service that verifies biometric "

"information ") ]

CIM_Notary REF Antecedent;

[Override ("Dependent"),

Description ( "The UsersAccess that represents a person using "

"biometric information for authentication.")]

CIM_UsersAccess REF Dependent;

};

// ==================================================================

// HostedAuthenticationRequirement

// ==================================================================

[Association, Description (

"CIM_HostedAuthenticationRequirement is an association used to "

"provide the namespace scoping of AuthenticationRequirement. The "

"hosted requirements may or may not apply to resources on the "

"hosting system." )]

class CIM_HostedAuthenticationRequirement : CIM_Dependency

{

[Min (1), Max (1), Override ("Antecedent"),

Description ("The hosting system") ]

CIM_System REF Antecedent;

[Override ("Dependent"), Weak,

Description ("The hosted AuthenticationRequirement") ]

CIM_AuthenticationRequirement REF Dependent;

};

// ==================================================================

// AuthenticateForUse

// ==================================================================

[Association, Description (

"CIM_AuthenticateForUse is an association used to provide an "

"AuthenticationService with the AuthenticationRequirement it "

"needs to do its job.")]

class CIM_AuthenticateForUse : CIM_Dependency

{

[Override ("Antecedent"),

Description ("AuthenticationRequirement for use") ]

CIM_AuthenticationRequirement REF Antecedent;

[Override ("Dependent"),

Description ("AuthenticationService that uses the requirements"

) ]

CIM_AuthenticationService REF Dependent;

};

// ==================================================================

// RequireCredentialsFrom

// ==================================================================

[Association, Description (

"CIM_RequireCredentialsFrom is an association used to require "

"that credentials are issued by particular Credential Management "

"Services in order to authenticate a user." )]

class CIM_RequireCredentialsFrom : CIM_Dependency

{

[Override ("Antecedent"),

Description ("CredentialManagementService from which "

"credentials are accepted for the associated "

"AuthenticationRequirement.") ]

CIM_CredentialManagementService REF Antecedent;

[Override ("Dependent"),

Description ("AuthenticationRequirement that limit acceptable "

"credentials. ") ]

CIM_AuthenticationRequirement REF Dependent;

};

// ==================================================================

// AuthenticationTarget

// ==================================================================

[Association, Description (

"CIM_AuthenticationTarget is an association used to apply "

"authentication requirements for access to specific resources. "

"For example, a shared secret may be sufficient for access to "

"unclassified resources, but for confidential resources, a "

"stronger authentication may be required." )]

class CIM_AuthenticationTarget : CIM_Dependency

{

[Override ("Antecedent"),

Description ("AuthenticationRequirement that apply to "

"specific resources") ]

CIM_AuthenticationRequirement REF Antecedent;

[Override ("Dependent"),

Description ("Target resources that may be in a Collection or "

"an individual ManagedElement. These resources are protected "

"by the AuthenticationRequirement.") ]

CIM_ManagedElement REF Dependent;

};

// ==================================================================

// HostedACI

// ==================================================================

[Association, Description (

"CIM_HostedACI is an association used to provide the namespace "

"scoping of AccessControlInformation. The hosted ACI may or may "

"not apply to resources on the hosting system." )]

class CIM_HostedACI : CIM_Dependency

{

[Min (1), Max (1), Override ("Antecedent"),

Description ("The hosting system") ]

CIM_System REF Antecedent;

[Override ("Dependent"), Weak,

Description ("The hosted AccessControlInformation") ]

CIM_AccessControlInformation REF Dependent;

};

// ==================================================================

// AuthorizedUse

// ==================================================================

[Association, Description (

"CIM_AuthorizedUse is an association used to provide an "

"AuthorizationService with the AccessControlInformation it needs "

"to do its job." )]

class CIM_AuthorizedUse : CIM_Dependency

{

[Override ("Antecedent"),

Description ("AccessControlInformation") ]

CIM_AccessControlInformation REF Antecedent;

[Override ("Dependent"),

Description ("AuthorizationService that uses an ACI.") ]

CIM_AuthorizationService REF Dependent;

};

// ==================================================================

// AuthorizationSubject

// ==================================================================

[Association, Description (

"CIM_AuthorizationSubject is an association used to apply "

"authorization decisions to specific subjects (i.e., users). The "

"subjects may be identified directly or they may be aggregated "

"into a collection that may, in turn, use the MemberPrincipal "

"association to provide further indirection in the specification "

"of the subject set." )]

class CIM_AuthorizationSubject : CIM_Dependency

{

[Override ("Antecedent"), Description (

"AccessControlInformation that applies to a subject set.") ]

CIM_AccessControlInformation REF Antecedent;

[Override ("Dependent"), Description (

"The subject set may be specified as a collection or as a set "

"of associations to ManagedElements that represent users.") ]

CIM_ManagedElement REF Dependent;

};

// ==================================================================

// AuthorizationTarget

// ==================================================================

[Association, Description (

"CIM_AuthorizationTarget is an association used to apply "

"authorization decisions to specific target resources. The "

"target resources may be aggregated into a collection or may be "

"represented as a set of associations to ManagedElements." )]

class CIM_AuthorizationTarget : CIM_Dependency

{

[Override ("Antecedent"), Description (

"AccessControlInformation that applies to the target set.") ]

CIM_AccessControlInformation REF Antecedent;

[Override ("Dependent"), Description (

"The target set of resources may be specified as a collection "

"or as a set of associations to ManagedElements that represent "

"target resources.") ]

CIM_ManagedElement REF Dependent;

};

// End of file

Legend:

Removed from v.1.1
changed lines
	Added in v.1.2

No CVS admin address has been configured