1 mike 1.2 // ===================================================================
2 // Title: User-Security MOF specification 2.6
3 // Filename: CIM_UserSec26.mof
4 // Version: 2.6
5 // Release: 0
6 // Date: 05/17/2001
7 // Description: These object classes define the user and security
8 // model for CIM and includes classes needed to represent
9 // users, groups and organizational entities as well as
10 // security services and authentication and authorization
11 // information.
12 // The object classes below are listed in an order that
13 // avoids forward references. Required objects, defined
14 // by other working groups, are omitted.
15 // ===================================================================
16 // Author: DMTF User and Security Working Group
17 //
18 // 14 Mar 2000 - Version 2.3
19 //
20 // 09 Jun 2000 - ERRATA to Version 2.3 creating V2.4
21 // - CR493a, Correction of Antecedent/Dependent references
22 mike 1.2 // References are reversed from the original 2.3 model
23 // - CR497: Corrections to antecedent/dependent references
24 // 1. ElementAsUser should run between an ME and a
25 // UsersAccess. Both references are ME in the MOF.
26 // UsersAccess is the Dependent reference.
27 //
28 // 2. ManagesAccount should subclass from Dependency.
29 //
30 // 3. ServiceUsesSecurityService - antecedent and
31 // dependent are backwards. SecurityService should
32 // be the antecedent and Service the dependent.
33 //
34 // 4. SecurityServiceForSystem - should subclass from
35 // ProvidesServiceToElement.
36 //
37 // 5. UsersCredentials - The antecedent and dependent
38 // references are backwards. The UsersAccess is
39 // dependent on the Credentials - the credentials
40 // are the antecedent.
41 //
42 // 6. The change in UsersCredentials affects
43 mike 1.2 // PublicPrivateKeyPair, since it inherits from
44 // UsersCredentials.
45 //
46 // 7. CAHasPublicCertificate - The antecedent and
47 // dependent references are backwards. The CA USES
48 // the public certificate - therefore, it is dependent
49 // on the certificate.
50 //
51 // 8. AuthenticateForUse - The antecedent and
52 // dependent are backwards. The association "provides
53 // an AuthenticationService with the
54 // AuthenticationRequirement it needs to do its job".
55 // AuthenticationService is Dependent on the
56 // Requirement.
57 //
58 // 9. RequireCredentialsFrom - Antecedent and
59 // dependent are backwards. The requirement is for
60 // a specific credential mgmt service - the service
61 // has no dependencies at all on the requirement.
62 //
63 // 10. AuthenticationTarget - Clarification that the
64 mike 1.2 // "target" is dependent on the requirement to protect
65 // it.
66 //
67 // 11. AuthorizedUse - The antecedent and dependent
68 // are backwards since the description says that the
69 // association "provides an AuthorizationService
70 // with the AccessControlInformation it needs to do
71 // its job". AuthorizationService is Dependent on the
72 // ACI.
73 //
74 // 21 June 2000 - ERRATA to Version 2.3 creating Version 2.4
75 // - CR515: CIM Account keys. CIM_Account currently has two
76 // local keys, Name and UserID.
77 // The intent was to have CreationClassName and Name
78 // as keys where name could be set to a value equal to
79 // the UserID or to some other value, e.g., a DN from
80 // a directory.
81 //
82 // 10 Nov 2000 - Changes to Version 2.4 creating V2.5
83 // - CR544a, Adds classes and properties needed for Network
84 // IPsec submodel.
85 mike 1.2 // Classes added are:
86 // CredentialManagementSAP
87 // LocalCredentialManagementService
88 // PublicKeyManagementService
89 // UnsignedPublicKey
90 // NamedSharedIKESecret
91 // TrustHierarchy
92 // LocallyManagedPublicKey
93 // IKESecretIsNamed
94 // Properties added are:
95 // CertificateAuthority.CADistinguishedName
96 // CertificateAuthority.MaxChainLength
97 // CertificateAuthority.CRLRefreshFrequency
98 // - CR560, ERRATA renames KerberosTicket.Type to
99 // KerberosTicket.TicketType and changes it from an
100 // array to a scalar property
101 // 23 Jan 2001 - ERRATA to Version 2.5 creating V2.6
102 // - CR591, Corrections to PROPAGATE qualifiers on
103 // Credential Subclasses
104 //
105 // 17 May 2001 - ERRATA ti Versiin 2.5 creatung V2.6
106 mike 1.2 // - CR606, Corrections to aggregations to add
107 // 'aggregate' qualifier
108 //
109 // ===================================================================
110
111 // ===================================================================
112 // === Pragmas ===
113 // ===================================================================
114 #pragma Locale ("en_US")
115
116
117
118 // ==================================================================
119 // === Data class definitions ===
120 // ==================================================================
121
122
123 // ==================================================================
124 // Group
125 // ==================================================================
126 [Description (
127 mike 1.2 "The Group class is used to collect ManagedElements into groups. "
128 "This class is defined so as to incorporate commonly-used LDAP "
129 "attributes to permit implementations to easily derive this "
130 "information from LDAP-accessible directories. This class's "
131 "properties are a subset of a related class, "
132 "OtherGroupInformation, which defines all the group properties "
133 "and in array form for directory compatibility." ) ]
134 class CIM_Group : CIM_Collection
135 {
136 [Key, MaxLen (256), Description (
137 "CreationClassName indicates the name of the class or the "
138 "subclass used in the creation of an instance. When used "
139 "with the other key properties of this class, this property "
140 "allows all instances of this class and its subclasses to "
141 "be uniquely identified.")]
142 string CreationClassName;
143 [Key, MaxLen (1024), Description (
144 "The Name property defines the label by which the object is "
145 "known. In the case of an LDAP-derived instance, the Name "
146 "property value may be set to the distinguishedName of the "
147 "LDAP-accessed object instance.")]
148 mike 1.2 string Name;
149 [MaxLen (128), Description (
150 "The BusinessCategory property may be used to describe the "
151 "kind of business activity performed by the members of the "
152 "group.")]
153 string BusinessCategory;
154 [Required, Description (
155 "A Common Name is a (possibly ambiguous) name by which the "
156 "group is commonly known in some limited scope (such as an "
157 "organization) and conforms to the naming conventions of the "
158 "country or culture with which it is associated.")]
159 string CommonName;
160 };
161
162 // ==================================================================
163 // OtherGroupInformation
164 // ==================================================================
165 [Description (
166 "The OtherGroupInformation class provides additional information "
167 "about an associated Group instance. This class is defined so as "
168 "to incorporate commonly-used LDAP attributes to permit "
169 mike 1.2 "implementations to easily derive this information from "
170 "LDAP-accessible directories.") ]
171 class CIM_OtherGroupInformation : CIM_ManagedElement
172 {
173 [Key, MaxLen (256), Description (
174 "CreationClassName indicates the name of the class or the "
175 "subclass used in the creation of an instance. When used "
176 "with the other key properties of this class, this property "
177 "allows all instances of this class and its subclasses to "
178 "be uniquely identified.")]
179 string CreationClassName;
180 [Key, MaxLen (1024), Description (
181 "The Name property defines the label by which the object is "
182 "known. In the case of an LDAP-derived instance, the Name "
183 "property value may be set to the distinguishedName of the "
184 "LDAP-accessed object instance.")]
185 string Name;
186 [Description (
187 "In the case of an LDAP-derived instance, the ObjectClass "
188 "property value(s) may be set to the objectClass attribute "
189 "values.")]
190 mike 1.2 string ObjectClass[];
191 [MaxLen (128), Description (
192 "The BusinessCategory property may be used to describe the "
193 "kind of business activity performed by the members of the "
194 "group.")]
195 string BusinessCategory[];
196 [Description (
197 "A Common Name is a (possibly ambiguous) name by which the "
198 "group is commonly known in some limited scope (such as an "
199 "organization) and conforms to the naming conventions of the "
200 "country or culture with which it is associated.")]
201 string CommonName[];
202 [MaxLen (1024), Description (
203 "The Descriptions property values may contain human-readable "
204 "descriptions of the object. In the case of an LDAP-derived "
205 "instance, the description attribute may have multiple values "
206 "that, therefore, cannot be placed in the inherited "
207 "Description property.")]
208 string Descriptions[];
209 [Description (
210 "The name of an organization related to the group.")]
211 mike 1.2 string OrganizationName[];
212 [Description (
213 "The name of an organizational unit related to the group.")]
214 string OU[];
215 [Description (
216 "The Owner property specifies the name of some object that "
217 "has some responsibility for the group. In the case of an "
218 "LDAP-derived instance, a property value for Owner may be a "
219 "distinguishedName of owning persons, groups, roles, etc.")]
220 string Owner[];
221 [Description (
222 "In the case of an LDAP-derived instance, the See Also "
223 "property specifies distinguishedName of other Directory "
224 "objects which may be other aspects (in some sense) of the "
225 "same real world object.")]
226 string SeeAlso[];
227 };
228
229 // ==================================================================
230 // Role
231 // ==================================================================
232 mike 1.2 [Description (
233 "The Role object class is used to represent a position or set of "
234 "responsibilities within an organization, organizational unit or "
235 "system administration scope and is filled by a person or persons "
236 "(or non-human entities represented by ManagedSystemElement "
237 "subclasses) that may be explicitly or implicitly members of this "
238 "collection subclass. The class is defined so as to incorporate "
239 "commonly-used LDAP attributes to permit implementations to "
240 "easily derive this information from LDAP-accessible directories. "
241 "The members of a role are frequently called role occupants. "
242 "This class's properties are a subset of a related class, "
243 "OtherRoleInformation, which defines all the group properties "
244 "and in array form for directory compatibility. ")]
245 class CIM_Role : CIM_Collection
246 {
247 [Key, MaxLen (256), Description (
248 "CreationClassName indicates the name of the class or the "
249 "subclass used in the creation of an instance. When used "
250 "with the other key properties of this class, this property "
251 "allows all instances of this class and its subclasses to "
252 "be uniquely identified.")]
253 mike 1.2 string CreationClassName;
254 [Key, MaxLen (1024),Description (
255 "The Name property defines the label by which the object is "
256 "known. In the case of an LDAP-derived instance, the Name "
257 "property value may be set to the distinguishedName of the "
258 "LDAP-accessed object instance.")]
259 string Name;
260 [MaxLen (128), Description (
261 "This property may be used to describe the kind of business "
262 "activity performed by the members (role occupants) in the "
263 "position or set of responsibilities represented by the Role. "
264 )]
265 string BusinessCategory;
266 [Required, Description (
267 "A Common Name is a (possibly ambiguous) name by which the "
268 "role is commonly known in some limited scope (such as an "
269 "organization) and conforms to the naming conventions of the "
270 "country or culture with which it is associated.")]
271 string CommonName;
272 };
273
274 mike 1.2 // ==================================================================
275 // OtherRoleInformation
276 // ==================================================================
277 [Description (
278 "The OtherRoleInformation class is used to provide additional "
279 "information about an associated Role instance. This class is "
280 "defined so as to incorporate commonly-used LDAP attributes to "
281 "permit implementations to easily derive this information from "
282 "LDAP-accessible directories.") ]
283 class CIM_OtherRoleInformation : CIM_ManagedElement
284 {
285 [Key, MaxLen (256), Description (
286 "CreationClassName indicates the name of the class or the "
287 "subclass used in the creation of an instance. When used "
288 "with the other key properties of this class, this property "
289 "allows all instances of this class and its subclasses to "
290 "be uniquely identified.")]
291 string CreationClassName;
292 [Key, MaxLen (1024),Description (
293 "The Name property defines the label by which the object is "
294 "known. In the case of an LDAP-derived instance, the Name "
295 mike 1.2 "property value may be set to the distinguishedName of the "
296 "LDAP-accessed object instance.")]
297 string Name;
298 [Description (
299 "In the case of an LDAP-derived instance, the ObjectClass "
300 "property value(s) may be set to the objectClass attribute "
301 "values.")]
302 string ObjectClass[];
303 [MaxLen (128), Description (
304 "This property may be used to describe the kind of business "
305 "activity performed by the members (role occupants) in the "
306 "position or set of responsibilities represented by the Role. "
307 )]
308 string BusinessCategory[];
309 [Description (
310 "A Common Name is a (possibly ambiguous) name by which the "
311 "role is commonly known in some limited scope (such as an "
312 "organization) and conforms to the naming conventions of the "
313 "country or culture with which it is associated.")]
314 string CommonName[];
315 [MaxLen (1024), Description (
316 mike 1.2 "The Descriptions property values may contain human-readable "
317 "descriptions of the object. In the case of an LDAP-derived "
318 "instance, the description attribute may have multiple values "
319 "that, therefore, cannot be placed in the inherited "
320 "Description property.")]
321 string Descriptions[];
322 [MaxLen (128), Description (
323 "This property is used for the role occupants' telegram "
324 "service.")]
325 string DestinationIndicator[];
326 [Description (
327 "The role occupants' facsimile telephone number.")]
328 string FacsimileTelephoneNumber[];
329 [MaxLen (16), Description (
330 "The role occupants' International ISDN number.")]
331 string InternationaliSDNNumber[];
332 [Description (
333 "The name of an organizational unit related to the role.")]
334 string OU[];
335 [MaxLen (128), Description (
336 "The Physical Delivery Office Name property specifies the name "
337 mike 1.2 "of the city, village, etc. where a physical delivery office "
338 "is situated.")]
339 string PhysicalDeliveryOfficeName[];
340 [Description (
341 "The Postal Address property values specify the address "
342 "information required for the physical delivery of postal "
343 "messages by the postal authority to the role occupants.")]
344 string PostalAddress[];
345 [MaxLen (40), Description (
346 "The Postal Code property specifies the postal code for the "
347 "role occupants. If this value is present it will be part of "
348 "the object's postal address.")]
349 string PostalCode[];
350 [MaxLen (40), Description (
351 "The Post Office Box property specifies the Post Office Box "
352 "by which the role occupants will receive physical postal "
353 "delivery. If present, the property value is part of the "
354 "object's postal address.")]
355 string PostOfficeBox[];
356 [Description (
357 "The Preferred Delivery Method property specifies the "
358 mike 1.2 "role occupants' preferred method to be used for contacting "
359 "them in their role.")]
360 string PreferredDeliveryMethod;
361 [Description (
362 "This property specifies a postal address suitable for receipt "
363 "of telegrams or expedited documents, where it is necessary to "
364 "have the recipient accept delivery.")]
365 string RegisteredAddress[];
366 [Description (
367 "In the case of an LDAP-derived instance, the See Also "
368 "property specifies distinguishedName of other Directory "
369 "objects which may be other aspects (in some sense) of the "
370 "same real world object.")]
371 string SeeAlso[];
372 [Description (
373 "The State or Province Name property specifies a state or "
374 "province." )]
375 string StateOrProvince[];
376 [MaxLen (128), Description (
377 "The Street Address property specifies a site for the local "
378 "distribution and physical delivery in a postal address, i.e. "
379 mike 1.2 "the street name, place, avenue, and the number." )]
380 string Street[];
381 [MaxLen (32), Description (
382 "The Telephone Number property specifies a telephone number of "
383 "the role occupants, e.g. + 44 582 10101)." )]
384 string TelephoneNumber[];
385 [Description (
386 "The Teletex Terminal Identifier property specifies the "
387 "Teletex terminal identifier (and, optionally, parameters) for "
388 "a teletex terminal associated with the role occupants." )]
389 string TeletexTerminalIdentifier[];
390 [Description (
391 "The Telex Number property specifies the telex number, country "
392 "code, and answerback code of a telex terminal for the "
393 "role occupants." )]
394 string TelexNumber[];
395 [MaxLen (15), Description (
396 "An X.121 address for the role occupants.")]
397 string X121Address[];
398 };
399
400 mike 1.2 // ==================================================================
401 // OrganizationalEntity
402 // ==================================================================
403 [Abstract, Description (
404 "OrganizationalEntity is an abstract class from which classes "
405 "that fit into an organizational structure are derived.") ]
406 class CIM_OrganizationalEntity : CIM_ManagedElement
407 {
408 };
409
410 // ==================================================================
411 // Organization
412 // ==================================================================
413 [Description (
414 "The Organization class is used to represent an organization such "
415 "as a corporation or other autonomous entity. The class is "
416 "defined so as to incorporate commonly-used LDAP attributes to "
417 "permit implementations to easily derive this information from "
418 "LDAP-accessible directories. This class's properties are a "
419 "subset of a related class, OtherOrganizationInformation, which "
420 "defines all the group properties and in array form for "
421 mike 1.2 "directory compatibility.") ]
422 class CIM_Organization : CIM_OrganizationalEntity
423 {
424 [Key, MaxLen (256), Description (
425 "CreationClassName indicates the name of the class or the "
426 "subclass used in the creation of an instance. When used "
427 "with the other key properties of this class, this property "
428 "allows all instances of this class and its subclasses to "
429 "be uniquely identified.")]
430 string CreationClassName;
431 [Key, MaxLen (1024),Description (
432 "The Name property defines the label by which the object is "
433 "known. In the case of an LDAP-derived instance, the Name "
434 "property value may be set to the distinguishedName of the "
435 "LDAP-accessed object instance.")]
436 string Name;
437 [MaxLen (128), Description (
438 "This property describes the kind of business performed by an "
439 "organization.")]
440 string BusinessCategory;
441 [Description (
442 mike 1.2 "The organization's facsimile telephone number.")]
443 string FacsimileTelephoneNumber;
444 [Description (
445 "This property contains the name of a locality, such as a "
446 "city, county or other geographic region.")]
447 string LocalityName;
448 [Description (
449 "Based on RFC1274, the mail box addresses for the organization "
450 "as defined in RFC822.")]
451 string Mail;
452 [Required, Description (
453 "The name of the organization.")]
454 string OrganizationName;
455 [Description (
456 "The Postal Address property values specify the address "
457 "information required for the physical delivery of postal "
458 "messages by the postal authority to the organization.")]
459 string PostalAddress[];
460 [MaxLen (40), Description (
461 "The Postal Code property specifies the postal code of the "
462 "organization. If this value is present it will be part of "
463 mike 1.2 "the object's postal address.")]
464 string PostalCode;
465 [Description (
466 "The State or Province Name property specifies a state or "
467 "province." )]
468 string StateOrProvince;
469 [MaxLen (32), Description (
470 "The Telephone Number property specifies a telephone number of "
471 "the organization, e.g. + 44 582 10101)." )]
472 string TelephoneNumber;
473 };
474
475 // ==================================================================
476 // OtherOrganizationInformation
477 // ==================================================================
478 [Description (
479 "The OtherOrganizationInformation class is used to provide "
480 "additional information about an associated Organization instance. "
481 "This class is defined so as to incorporate commonly-used LDAP "
482 "attributes to permit implementations to easily derive this "
483 "information from LDAP-accessible directories.") ]
484 mike 1.2 class CIM_OtherOrganizationInformation : CIM_ManagedElement
485 {
486 [Key, MaxLen (256), Description (
487 "CreationClassName indicates the name of the class or the "
488 "subclass used in the creation of an instance. When used "
489 "with the other key properties of this class, this property "
490 "allows all instances of this class and its subclasses to "
491 "be uniquely identified.")]
492 string CreationClassName;
493 [Key, MaxLen (1024),Description (
494 "The Name property defines the label by which the object is "
495 "known. In the case of an LDAP-derived instance, the Name "
496 "property value may be set to the distinguishedName of the "
497 "LDAP-accessed object instance.")]
498 string Name;
499 [Description (
500 "In the case of an LDAP-derived instance, the ObjectClass "
501 "property value(s) may be set to the objectClass attribute "
502 "values.")]
503 string ObjectClass[];
504 [MaxLen (128), Description (
505 mike 1.2 "This property describes the kind of business performed by an "
506 "organization.")]
507 string BusinessCategory[];
508 [MaxLen (1024), Description (
509 "The Descriptions property values may contain human-readable "
510 "descriptions of the object. In the case of an LDAP-derived "
511 "instance, the description attribute may have multiple values "
512 "that, therefore, cannot be placed in the inherited "
513 "Description property.")]
514 string Descriptions[];
515 [MaxLen (128), Description (
516 "This property is used for the organization's telegram "
517 "service.")]
518 string DestinationIndicator[];
519 [Description (
520 "The organization's facsimile telephone number.")]
521 string FacsimileTelephoneNumber[];
522 [MaxLen (16), Description (
523 "The organization's International ISDN number.")]
524 string InternationaliSDNNumber[];
525 [Description (
526 mike 1.2 "Uniform Resource Identifier with optional label as defined in "
527 "RFC2079.")]
528 string LabeledURI[];
529 [Description (
530 "This property contains the name of a locality, such as a "
531 "city, county or other geographic region.")]
532 string LocalityName[];
533 [Description (
534 "Based on RFC1274, the mail box addresses for the organization "
535 "as defined in RFC822.")]
536 string Mail[];
537 [Description (
538 "The manager for the organization. In the case of an "
539 "LDAP-derived instance, the Manager property value may contain "
540 "the distinguishedName of the Manager.")]
541 string Manager[];
542 [Description (
543 "The name of the organization.")]
544 string OrganizationName[];
545 [Description (
546 "Based on RFC1274, this property may be used for electronic "
547 mike 1.2 "mail box addresses other than RFC822 and X.400.")]
548 string OtherMailbox[];
549 [MaxLen (128), Description (
550 "The Physical Delivery Office Name property specifies the name "
551 "of the city, village, etc. where a physical delivery office "
552 "is situated.")]
553 string PhysicalDeliveryOfficeName[];
554 [Description (
555 "The Postal Address property values specify the address "
556 "information required for the physical delivery of postal "
557 "messages by the postal authority to the organization.")]
558 string PostalAddress[];
559 [MaxLen (40), Description (
560 "The Postal Code property specifies the postal code of the "
561 "organization. If this value is present it will be part of "
562 "the object's postal address.")]
563 string PostalCode[];
564 [MaxLen (40), Description (
565 "The Post Office Box property specifies the Post Office Box "
566 "by which the organization will receive physical postal "
567 "delivery. If present, the property value is part of the "
568 mike 1.2 "object's postal address.")]
569 string PostOfficeBox[];
570 [Description (
571 "The Preferred Delivery Method property specifies the "
572 "organization's preferred method to be used for communicating "
573 "with it.")]
574 string PreferredDeliveryMethod;
575 [Description (
576 "This property specifies a postal address suitable for receipt "
577 "of telegrams or expedited documents, where it is necessary to "
578 "have the recipient accept delivery.")]
579 string RegisteredAddress[];
580 [Description (
581 "This property value is for use by X.500 clients in "
582 "constructing search filters.")]
583 string SearchGuide[];
584 [Description (
585 "In the case of an LDAP-derived instance, the See Also "
586 "property specifies distinguishedName of other Directory "
587 "objects which may be other aspects (in some sense) of the "
588 "same real world object.")]
589 mike 1.2 string SeeAlso[];
590 [Description (
591 "The State or Province Name property specifies a state or "
592 "province." )]
593 string StateOrProvince[];
594 [MaxLen (128), Description (
595 "The Street Address property specifies a site for the local "
596 "distribution and physical delivery in a postal address, i.e. "
597 "the street name, place, avenue, and the number." )]
598 string Street[];
599 [MaxLen (32), Description (
600 "The Telephone Number property specifies a telephone number of "
601 "the organization, e.g. + 44 582 10101)." )]
602 string TelephoneNumber[];
603 [Description (
604 "The Teletex Terminal Identifier property specifies the "
605 "Teletex terminal identifier (and, optionally, parameters) for "
606 "a teletex terminal associated with the organization." )]
607 string TeletexTerminalIdentifier[];
608 [Description (
609 "The Telex Number property specifies the telex number, country "
610 mike 1.2 "code, and answerback code of a telex terminal for the "
611 "organization." )]
612 string TelexNumber[];
613 [Octetstring, Description (
614 "An image of the organization logo")]
615 string ThumbnailLogo[];
616 [Description (
617 "A unique identifier that may be assigned in an environment to "
618 "differentiate between uses of a given named organization "
619 "instance.")]
620 string UniqueIdentifier[];
621 [Octetstring, Description (
622 "In the case of an LDAP-derived instance, the UserPassword "
623 "property may contain an encrypted password used to access "
624 "the organization's resources in a directory." )]
625 string UserPassword[];
626 [MaxLen (15), Description (
627 "An X.121 address for the organization.")]
628 string X121Address[];
629 };
630
631 mike 1.2 // ==================================================================
632 // OrgUnit
633 // ==================================================================
634 [Description (
635 "The OrgUnit class is used to represent a sub-unit of an "
636 "organization such a division or department. The class is "
637 "defined so as to incorporate commonly-used LDAP attributes to "
638 "permit implementations to easily derive this information from "
639 "LDAP-accessible directories. This class's properties are a "
640 "subset of a related class, OtherOrgUnitInformation, which "
641 "defines all the group properties and in array form for "
642 "directory compatibility. ") ]
643 class CIM_OrgUnit : CIM_OrganizationalEntity
644 {
645 [Key, MaxLen (256), Description (
646 "CreationClassName indicates the name of the class or the "
647 "subclass used in the creation of an instance. When used "
648 "with the other key properties of this class, this property "
649 "allows all instances of this class and its subclasses to "
650 "be uniquely identified.")]
651 string CreationClassName;
652 mike 1.2 [Key, MaxLen (1024),Description (
653 "The Name property defines the label by which the object is "
654 "known. In the case of an LDAP-derived instance, the Name "
655 "property value may be set to the distinguishedName of the "
656 "LDAP-accessed object instance.")]
657 string Name;
658 [MaxLen (128), Description (
659 "This property describes the kind of business performed by an "
660 "organizational unit.")]
661 string BusinessCategory;
662 [Description (
663 "The organizational unit's facsimile telephone number.")]
664 string FacsimileTelephoneNumber;
665 [Description (
666 "This property contains the name of a locality, such as a "
667 "city, county or other geographic region.")]
668 string LocalityName;
669 [Required, Description (
670 "The name of the organizational unit.")]
671 string OU;
672 [Description (
673 mike 1.2 "The Postal Address property values specify the address "
674 "information required for the physical delivery of postal "
675 "messages by the postal authority to the organizational unit."
676 )]
677 string PostalAddress[];
678 [MaxLen (40), Description (
679 "The Postal Code property specifies the postal code of the "
680 "organizational unit. If this value is present it will be "
681 "part of the object's postal address.")]
682 string PostalCode;
683 [Description (
684 "The State or Province Name property specifies a state or "
685 "province." )]
686 string StateOrProvince;
687 [MaxLen (32), Description (
688 "The Telephone Number property specifies a telephone number of "
689 "the organizational unit, e.g. + 44 582 10101)." )]
690 string TelephoneNumber;
691 };
692
693 // ==================================================================
694 mike 1.2 // OtherOrgUnitInformation
695 // ==================================================================
696 [Description (
697 "The OtherOrgUnitInformation class is used to provide "
698 "additional information about an associated OrgUnit instance. "
699 "This class is defined so as to incorporate commonly-used LDAP "
700 "attributes to permit implementations to easily derive this "
701 "information from LDAP-accessible directories.") ]
702 class CIM_OtherOrgUnitInformation : CIM_ManagedElement
703 {
704 [Key, MaxLen (256), Description (
705 "CreationClassName indicates the name of the class or the "
706 "subclass used in the creation of an instance. When used "
707 "with the other key properties of this class, this property "
708 "allows all instances of this class and its subclasses to "
709 "be uniquely identified.")]
710 string CreationClassName;
711 [Key, MaxLen (1024),Description (
712 "The Name property defines the label by which the object is "
713 "known. In the case of an LDAP-derived instance, the Name "
714 "property value may be set to the distinguishedName of the "
715 mike 1.2 "LDAP-accessed object instance.")]
716 string Name;
717 [Description (
718 "In the case of an LDAP-derived instance, the ObjectClass "
719 "property value(s) may be set to the objectClass attribute "
720 "values.")]
721 string ObjectClass[];
722 [MaxLen (128), Description (
723 "This property describes the kind of business performed by an "
724 "organizational unit.")]
725 string BusinessCategory[];
726 [MaxLen (1024), Description (
727 "The Descriptions property values may contain human-readable "
728 "descriptions of the object. In the case of an LDAP-derived "
729 "instance, the description attribute may have multiple values "
730 "that, therefore, cannot be placed in the inherited "
731 "Description property.")]
732 string Descriptions[];
733 [MaxLen (128), Description (
734 "This property is used for the organizational unit's telegram "
735 "service.")]
736 mike 1.2 string DestinationIndicator[];
737 [Description (
738 "The organizational unit's facsimile telephone number.")]
739 string FacsimileTelephoneNumber[];
740 [MaxLen (16), Description (
741 "The organizational unit's International ISDN number.")]
742 string InternationaliSDNNumber[];
743 [Description (
744 "This property contains the name of a locality, such as a "
745 "city, county or other geographic region.")]
746 string LocalityName[];
747 [Description (
748 "The name of the organizational unit.")]
749 string OU[];
750 [MaxLen (128), Description (
751 "The Physical Delivery Office Name property specifies the name "
752 "of the city, village, etc. where a physical delivery office "
753 "is situated.")]
754 string PhysicalDeliveryOfficeName[];
755 [Description (
756 "The Postal Address property values specify the address "
757 mike 1.2 "information required for the physical delivery of postal "
758 "messages by the postal authority to the organizational unit."
759 )]
760 string PostalAddress[];
761 [MaxLen (40), Description (
762 "The Postal Code property specifies the postal code of the "
763 "organizational unit. If this value is present it will be "
764 "part of the object's postal address.")]
765 string PostalCode[];
766 [MaxLen (40), Description (
767 "The Post Office Box property specifies the Post Office Box "
768 "by which the organizational unit will receive physical "
769 "postal delivery. If present, the property value is part of "
770 "the object's postal address.")]
771 string PostOfficeBox[];
772 [Description (
773 "The Preferred Delivery Method property specifies the "
774 "organizational unit's preferred method to be used for "
775 "communicating with it.")]
776 string PreferredDeliveryMethod;
777 [Description (
778 mike 1.2 "This property value is for use by X.500 clients in "
779 "constructing search filters.")]
780 string SearchGuide[];
781 [Description (
782 "In the case of an LDAP-derived instance, the See Also "
783 "property specifies distinguishedName of other Directory "
784 "objects which may be other aspects (in some sense) of the "
785 "same real world object.")]
786 string SeeAlso[];
787 [Description (
788 "The State or Province Name property specifies a state or "
789 "province." )]
790 string StateOrProvince[];
791 [MaxLen (128), Description (
792 "The Street Address property specifies a site for the local "
793 "distribution and physical delivery in a postal address, i.e. "
794 "the street name, place, avenue, and the number." )]
795 string Street[];
796 [MaxLen (32), Description (
797 "The Telephone Number property specifies a telephone number of "
798 "the organizational unit, e.g. + 44 582 10101)." )]
799 mike 1.2 string TelephoneNumber[];
800 [Description (
801 "The Teletex Terminal Identifier property specifies the "
802 "Teletex terminal identifier (and, optionally, parameters) for "
803 "a teletex terminal associated with the organizational unit."
804 )]
805 string TeletexTerminalIdentifier[];
806 [Description (
807 "The Telex Number property specifies the telex number, country "
808 "code, and answerback code of a telex terminal for the "
809 "organization." )]
810 string TelexNumber[];
811 [Octetstring, Description (
812 "In the case of an LDAP-derived instance, the UserPassword "
813 "property may contain an encrypted password used to access "
814 "the organizational unit's resources in a directory." )]
815 string UserPassword[];
816 [MaxLen (15), Description (
817 "An X.121 address for the organization.")]
818 string X121Address[];
819 };
820 mike 1.2
821 // ==================================================================
822 // UserEntity
823 // ==================================================================
824 [Abstract, Description (
825 "UserEntity is an abstract class that represents users.") ]
826 class CIM_UserEntity : CIM_OrganizationalEntity
827 {
828 };
829
830 // ==================================================================
831 // Person
832 // ==================================================================
833 [Description (
834 "The Person object class is used to represent people. The class "
835 "is defined so as to incorporate commonly-used LDAP attributes to "
836 "permit implementations to easily derive this information from "
837 "LDAP-accessible directories. This class's properties are a "
838 "subset of a related class, OtherPersonInformation, which "
839 "defines all the group properties and in array form for "
840 "directory compatibility. ") ]
841 mike 1.2 class CIM_Person : CIM_UserEntity
842 {
843 [Key, MaxLen (256), Description (
844 "CreationClassName indicates the name of the class or the "
845 "subclass used in the creation of an instance. When used "
846 "with the other key properties of this class, this property "
847 "allows all instances of this class and its subclasses to "
848 "be uniquely identified.")]
849 string CreationClassName;
850 [Key, MaxLen (1024),Description (
851 "The Name property defines the label by which the object is "
852 "known. In the case of an LDAP-derived instance, the Name "
853 "property value may be set to the distinguishedName of the "
854 "LDAP-accessed object instance.")]
855 string Name;
856 [MaxLen (128), Description (
857 "This property describes the kind of business performed by an "
858 "organization.")]
859 string BusinessCategory;
860 [Required, Description (
861 "A Common Name is a (possibly ambiguous) name by which the "
862 mike 1.2 "role is commonly known in some limited scope (such as an "
863 "organization) and conforms to the naming conventions of the "
864 "country or culture with which it is associated.")]
865 string CommonName;
866 [Description (
867 "Based on inetPrgPerson, the Employee Number property "
868 "specifies a numeric or an alphanumeric identifier assigned to "
869 "a person.")]
870 string EmployeeNumber;
871 [Description (
872 "Based on inetOrgPerson, the Employee Type property is used to "
873 "identify the employer to employee relationship. Typical "
874 "values used may include 'Contractor', 'Employee', 'Intern', "
875 "'Temp', 'External', and 'Unknown' but any value may be used."
876 )]
877 string EmployeeType;
878 [Description (
879 "The person's facsimile telephone number.")]
880 string FacsimileTelephoneNumber;
881 [MaxLen (32), Description (
882 "Based on RFC1274, the Home Phone property specifies a home "
883 mike 1.2 "telephone number for the person, e.g. + 44 582 10101)." )]
884 string HomePhone;
885 [Description (
886 "The Home Postal Address property values specify the home "
887 "address information required for the physical delivery of "
888 "postal messages by the postal authority.")]
889 string HomePostalAddress[];
890 [Description (
891 "From inetOrgPerson, the JPEG Phto property values may be used "
892 "for one or more images of a person using the JPEG File "
893 "Interchange Format.")]
894 string JPEGPhoto;
895 [Description (
896 "This property contains the name of a locality, such as a "
897 "city, county or other geographic region.")]
898 string LocalityName;
899 [Description (
900 "Based on RFC1274, the mail box addresses for the person "
901 "as defined in RFC822.")]
902 string Mail;
903 [Description (
904 mike 1.2 "The person's manager within the organization. In the case of "
905 "an LDAP-derived instance, the Manager property value may "
906 "contain the distinguishedName of the Manager.")]
907 string Manager;
908 [MaxLen (32), Description (
909 "Based on RFC1274, the Mobile Phone property specifies a "
910 "mobile telephone number for the person, e.g. + 44 582 10101)."
911 )]
912 string Mobile;
913 [Description (
914 "The name of an organizational unit related to the person.")]
915 string OU;
916 [MaxLen (32), Description (
917 "Based on RFC1274, the Pager property specifies a pager "
918 "telephone number for the person, e.g. + 44 582 10101).")]
919 string Pager;
920 [Description (
921 "The Postal Address property values specify the address "
922 "information required for the physical delivery of postal "
923 "messages by the postal authority to the person.")]
924 string PostalAddress[];
925 mike 1.2 [MaxLen (40), Description (
926 "The Postal Code property specifies the postal code of the "
927 "organization. If this value is present it will be part of "
928 "the object's postal address.")]
929 string PostalCode;
930 [Description (
931 "Based on inetOrgPerson, the person's preferred written or "
932 "spoken language.")]
933 string PreferredLanguage;
934 [Description (
935 "Based on RFC1274, the Secretary property may be used to "
936 "specify a secretary for the person. In the case of an "
937 "LDAP-derived object instance, the value may be a "
938 "distinguishedName.")]
939 string Secretary;
940 [Description (
941 "The State or Province Name property specifies a state or "
942 "province." )]
943 string StateOrProvince;
944 [Required, Description (
945 "The Surname property specifies the linguistic construct that "
946 mike 1.2 "normally is inherited by an individual from the individual's "
947 "parent or assumed by marriage, and by which the individual is "
948 "commonly known.")]
949 string Surname;
950 [MaxLen (32), Description (
951 "The Telephone Number property specifies a telephone number of "
952 "the organization, e.g. + 44 582 10101)." )]
953 string TelephoneNumber;
954 [Description (
955 "The Title property may be used to specify the person's "
956 "designated position or function of the object within an "
957 "organization, e.g., Manager, Vice-President, etc.")]
958 string Title;
959 };
960
961 // ==================================================================
962 // OtherPersonInformation
963 // ==================================================================
964 [Description (
965 "The OtherPersonInformation class is used to provide "
966 "additional information about an associated Person instance. "
967 mike 1.2 "This class is defined so as to incorporate commonly-used LDAP "
968 "attributes to permit implementations to easily derive this "
969 "information from LDAP-accessible directories.") ]
970 class CIM_OtherPersonInformation : CIM_UserEntity
971 {
972 [Key, MaxLen (256), Description (
973 "CreationClassName indicates the name of the class or the "
974 "subclass used in the creation of an instance. When used "
975 "with the other key properties of this class, this property "
976 "allows all instances of this class and its subclasses to "
977 "be uniquely identified.")]
978 string CreationClassName;
979 [Key, MaxLen (1024),Description (
980 "The Name property defines the label by which the object is "
981 "known. In the case of an LDAP-derived instance, the Name "
982 "property value may be set to the distinguishedName of the "
983 "LDAP-accessed object instance.")]
984 string Name;
985 [Description (
986 "In the case of an LDAP-derived instance, the ObjectClass "
987 "property value(s) may be set to the objectClass attribute "
988 mike 1.2 "values.")]
989 string ObjectClass[];
990 [Octetstring, Description (
991 "The Audio property may be used to store an audio clip of the "
992 "person.")]
993 string Audio[];
994 [MaxLen (128), Description (
995 "This property describes the kind of business performed by an "
996 "organization.")]
997 string BusinessCategory[];
998 [MaxLen (128), Description (
999 "The Car License property is used to record the values of the "
1000 "vehicle license or registration plate associated with an "
1001 "individual.")]
1002 string CarLicense[];
1003 [Description (
1004 "A Common Name is a (possibly ambiguous) name by which the "
1005 "role is commonly known in some limited scope (such as an "
1006 "organization) and conforms to the naming conventions of the "
1007 "country or culture with which it is associated.")]
1008 string CommonName[];
1009 mike 1.2 [Description (
1010 "The Country Name property specifies a country as defined in "
1011 "ISO 3166.")]
1012 string CountryName[];
1013 [Description (
1014 "Based on inetOrgPerson, the Department Number is a code for "
1015 "department to which a person belongs. This can be strictly "
1016 "numeric (e.g., 1234) or alphanumeric (e.g., ABC/123).")]
1017 string DepartmentNumber[];
1018 [MaxLen (1024), Description (
1019 "The Descriptions property values may contain human-readable "
1020 "descriptions of the object. In the case of an LDAP-derived "
1021 "instance, the description attribute may have multiple values "
1022 "that, therefore, cannot be placed in the inherited "
1023 "Description property.")]
1024 string Descriptions[];
1025 [MaxLen (128), Description (
1026 "This property is used for the organization's telegram "
1027 "service.")]
1028 string DestinationIndicator[];
1029 [Description (
1030 mike 1.2 "Based on inetOrgPerson, the Display Name property values are "
1031 "used when displaying an entry.")]
1032 string DisplayName[];
1033 [Description (
1034 "Based on inetPrgPerson, the Employee Number property "
1035 "specifies a numeric or an alphanumeric identifier assigned to "
1036 "a person.")]
1037 string EmployeeNumber;
1038 [Description (
1039 "Based on inetOrgPerson, the Employee Type property is used to "
1040 "identify the employer to employee relationship. Typical "
1041 "values used may include 'Contractor', 'Employee', 'Intern', "
1042 "'Temp', 'External', and 'Unknown' but any value may be used."
1043 )]
1044 string EmployeeType[];
1045 [Description (
1046 "The person's facsimile telephone number.")]
1047 string FacsimileTelephoneNumber[];
1048 [Description (
1049 "Based on liPerson, the GenerationQualifier property specifies "
1050 "a name qualifier that represents the person's generation "
1051 mike 1.2 "(e.g., JR., III, etc.).")]
1052 string GenerationQualifier[];
1053 [Description (
1054 "The Given Name property is used for the part of a person's "
1055 "name that is not their surname nor their middle name.")]
1056 string GivenName[];
1057 [Description (
1058 "Based on liPerson, the Home Fax property specifies the "
1059 "person's facsimile telephone number at home.")]
1060 string HomeFax[];
1061 [MaxLen (32), Description (
1062 "Based on RFC1274, the Home Phone property specifies a home "
1063 "telephone number for the person, e.g. + 44 582 10101)." )]
1064 string HomePhone[];
1065 [Description (
1066 "The Home Postal Address property values specify the home "
1067 "address information required for the physical delivery of "
1068 "postal messages by the postal authority.")]
1069 string HomePostalAddress[];
1070 [Description (
1071 "Based on inetOrgPerson, the Initials property specifies the "
1072 mike 1.2 "first letters of the person's name, typically the property "
1073 "values will exclude the first letter of the surname.")]
1074 string Initials[];
1075 [MaxLen (16), Description (
1076 "The person's International ISDN number.")]
1077 string InternationaliSDNNumber[];
1078 [Description (
1079 "From inetOrgPerson, the JPEG Phto property values may be used "
1080 "for one or more images of a person using the JPEG File "
1081 "Interchange Format.")]
1082 string JPEGPhoto[];
1083 [Description (
1084 "Uniform Resource Identifier with optional label as defined in "
1085 "RFC2079.")]
1086 string LabeledURI[];
1087 [Description (
1088 "This property contains the name of a locality, such as a "
1089 "city, county or other geographic region.")]
1090 string LocalityName[];
1091 [Description (
1092 "Based on RFC1274, the mail box addresses for the person "
1093 mike 1.2 "as defined in RFC822.")]
1094 string Mail[];
1095 [Description (
1096 "The person's manager within the organization. In the case of "
1097 "an LDAP-derived instance, the Manager property value may "
1098 "contain the distinguishedName of the Manager.")]
1099 string Manager[];
1100 [Description (
1101 "Based on liPerson, the middle name of the person.")]
1102 string MiddleName[];
1103 [MaxLen (32), Description (
1104 "Based on RFC1274, the Mobile Phone property specifies a "
1105 "mobile telephone number for the person, e.g. + 44 582 10101)."
1106 )]
1107 string Mobile[];
1108 [Required, Description (
1109 "The name of the person's organization.")]
1110 string OrganizationName[];
1111 [Description (
1112 "Based on RFC1274, the OrganizationalStatus property specifies "
1113 "a category by which a person is often referred to within an "
1114 mike 1.2 "organization. Examples of usage in academia might include "
1115 "undergraduate student, researcher, lecturer, etc.")]
1116 string OrganizationalStatus[];
1117 [Description (
1118 "Based on RFC1274, this property may be used for electronic "
1119 "mail box addresses other than RFC822 and X.400.")]
1120 string OtherMailbox[];
1121 [Description (
1122 "The name of an organizational unit related to the person.")]
1123 string OU[];
1124 [MaxLen (32), Description (
1125 "Based on RFC1274, the Pager property specifies a pager "
1126 "telephone number for the person, e.g. + 44 582 10101).")]
1127 string Pager[];
1128 [Description (
1129 "Based on liPerson, the PersonalTitle property may be used to "
1130 "specify the person's personal title such as Mr., Ms., Dr., "
1131 "Prof. etc.")]
1132 string PersonalTitle[];
1133 [Octetstring, Description (
1134 "Based on RFC1274, the Photo property may be used to specify a "
1135 mike 1.2 "photograph for the person encoded in G3 fax as explained in "
1136 "recommendation T.4, with an ASN.1 wrapper to make it "
1137 "compatible with an X.400 BodyPart as defined in X.420.")]
1138 string Photo[];
1139 [MaxLen (128), Description (
1140 "The Physical Delivery Office Name property specifies the name "
1141 "of the city, village, etc. where a physical delivery office "
1142 "is situated.")]
1143 string PhysicalDeliveryOfficeName[];
1144 [Description (
1145 "The Postal Address property values specify the address "
1146 "information required for the physical delivery of postal "
1147 "messages by the postal authority to the person.")]
1148 string PostalAddress[];
1149 [MaxLen (40), Description (
1150 "The Postal Code property specifies the postal code of the "
1151 "organization. If this value is present it will be part of "
1152 "the object's postal address.")]
1153 string PostalCode[];
1154 [MaxLen (40), Description (
1155 "The Post Office Box property specifies the Post Office Box "
1156 mike 1.2 "by which the person will receive physical postal delivery. "
1157 "If present, the property value is part of the object's postal "
1158 "address.")]
1159 string PostOfficeBox[];
1160 [Description (
1161 "The Preferred Delivery Method property specifies the "
1162 "preferred method to be used for contacting the person.")]
1163 string PreferredDeliveryMethod;
1164 [Description (
1165 "Based on inetOrgPerson, the person's preferred written or "
1166 "spoken language.")]
1167 string PreferredLanguage;
1168 [Description (
1169 "This property specifies a postal address suitable for receipt "
1170 "of telegrams or expedited documents, where it is necessary to "
1171 "have the recipient accept delivery.")]
1172 string RegisteredAddress[];
1173 [Description (
1174 "Based on RFC1274, the Room Number property specifies the room "
1175 "number for the person.")]
1176 string RoomNumber[];
1177 mike 1.2 [Description (
1178 "Based on RFC1274, the Secretary property may be used to "
1179 "specify a secretary for the person. In the case of an "
1180 "LDAP-derived object instance, the value may be a "
1181 "distinguishedName.")]
1182 string Secretary[];
1183 [Description (
1184 "In the case of an LDAP-derived instance, the See Also "
1185 "property specifies distinguishedName of other Directory "
1186 "objects which may be other aspects (in some sense) of the "
1187 "same real world object.")]
1188 string SeeAlso[];
1189 [Description (
1190 "The State or Province Name property specifies a state or "
1191 "province." )]
1192 string StateOrProvince[];
1193 [MaxLen (128), Description (
1194 "The Street Address property specifies a site for the local "
1195 "distribution and physical delivery in a postal address, i.e. "
1196 "the street name, place, avenue, and the number." )]
1197 string Street[];
1198 mike 1.2 [Description (
1199 "The Surname property specifies the linguistic construct that "
1200 "normally is inherited by an individual from the individual's "
1201 "parent or assumed by marriage, and by which the individual is "
1202 "commonly known.")]
1203 string Surname[];
1204 [MaxLen (32), Description (
1205 "The Telephone Number property specifies a telephone number of "
1206 "the organization, e.g. + 44 582 10101)." )]
1207 string TelephoneNumber[];
1208 [Description (
1209 "The Teletex Terminal Identifier property specifies the "
1210 "Teletex terminal identifier (and, optionally, parameters) for "
1211 "a teletex terminal associated with the organization." )]
1212 string TeletexTerminalIdentifier[];
1213 [Description (
1214 "The Telex Number property specifies the telex number, country "
1215 "code, and answerback code of a telex terminal for the "
1216 "organization." )]
1217 string TelexNumber[];
1218 [Octetstring, Description (
1219 mike 1.2 "A small image of the person's organization logo")]
1220 string ThumbnailLogo[];
1221 [Octetstring, Description (
1222 "A small image of the person.")]
1223 string ThumbnailPhoto[];
1224 [Description (
1225 "The Title property may be used to specify the person's "
1226 "designated position or function of the object within an "
1227 "organization, e.g., Manager, Vice-President, etc.")]
1228 string Title[];
1229 [Description (
1230 "Based on RFC1274, the UserID property may be used to specify "
1231 "a computer system login name.")]
1232 string UserID[];
1233 [Description (
1234 "A unique identifier that may be assigned in an environment to "
1235 "differentiate between uses of a given named person instance."
1236 )]
1237 string UniqueIdentifier[];
1238 [Octetstring, Description (
1239 "Based on inetOrgPerson and for directory compatibility, the "
1240 mike 1.2 "User Certificate property may be used to specify a public key "
1241 "certificate for the person.")]
1242 string UserCertificate[];
1243 [Octetstring, Description (
1244 "In the case of an LDAP-derived instance, the UserPassword "
1245 "property may contain an encrypted password used to access "
1246 "the person's resources in a directory." )]
1247 string UserPassword[];
1248 [Octetstring, Description (
1249 "Based on inetOrgPerson and for directory compatibility, the "
1250 "UserPKCS12 property value may be used to provides a format "
1251 "for exchange of personal identity information. The property "
1252 "values are PFX PDUs stored as Octetstrings.")]
1253 string UserPKCS12[];
1254 [Octetstring, Description (
1255 "Based on inetOrgPerson, the User S/MIME Certificate property "
1256 "may be used to specify the person's an S/MIME (RFC1847) "
1257 "signed message with a zero-length body. It contains the "
1258 "entire certificate chain and the signed attribute that "
1259 "describes their algorithm capabilities. If available, this "
1260 "property is preferred over the UserCertificate property for "
1261 mike 1.2 "S/MIME applications.")]
1262 string UserSMIMECertificate[];
1263 [MaxLen (15), Description (
1264 "An X.121 address for the organization.")]
1265 string X121Address[];
1266 [Octetstring, Description (
1267 "An X.500 specified unique identifier that may be assigned in "
1268 "an environment to differentiate between uses of a given named "
1269 "person object instance.")]
1270 string X500UniqueIdentifier[];
1271 };
1272
1273
1274 // ==================================================================
1275 // UsersAccess
1276 // ==================================================================
1277 [Description (
1278 "The UsersAccess object class is used to specify a system user "
1279 "that permitted access to system resources. The ManagedElement "
1280 "that has access to system resources (represented in the model in "
1281 "the ElementAsUser association) may be a person, a service, a "
1282 mike 1.2 "service access point or any collection thereof. Whereas the "
1283 "Account class represents the user's relationship to a system "
1284 "from the perspective of the security services of the system, the "
1285 "UserAccess class represents the relationships to the systems "
1286 "independent of a particular system or service.") ]
1287 class CIM_UsersAccess: CIM_UserEntity
1288 {
1289 [Key, MaxLen (256), Description (
1290 "CreationClassName indicates the name of the class or the "
1291 "subclass used in the creation of an instance. When used "
1292 "with the other key properties of this class, this property "
1293 "allows all instances of this class and its subclasses to "
1294 "be uniquely identified.")]
1295 string CreationClassName;
1296 [Key, MaxLen (256),Description (
1297 "The Name property defines the label by which the object is "
1298 "known.")]
1299 string Name;
1300 [Key, Description (
1301 "The ElementID property uniquely specifies the ManagedElement "
1302 "object instance that is the user represented by the "
1303 mike 1.2 "UsersAccess object instance. The ElementID is formatted "
1304 "similarly to a model path except that the property-value "
1305 "pairs are ordered in alphabetical order (US ASCII lexical "
1306 "order).")]
1307 string ElementID;
1308 [Description (
1309 "Biometric information used to identify a person. The "
1310 "property value is left null or set to 'N/A' for non-human "
1311 "user or a user not using biometric information for "
1312 "authentication."),
1313 Values { "N/A", "Other", "Facial", "Retina", "Mark", "Finger",
1314 "Voice", "DNA-RNA", "EEG"} ]
1315 uint16 Biometric[];
1316 };
1317
1318 // ==================================================================
1319 // Account
1320 // ==================================================================
1321 [Description (
1322 "CIM_Account is the information held by a SecurityService "
1323 "to track identity and privileges managed by that service. "
1324 mike 1.2 "Common examples of an Account are the entries in a UNIX "
1325 "/etc/passwd file. Several kinds of security services use "
1326 "various information from those entries - the /bin/login "
1327 "program uses the account name ('root') and hashed password "
1328 "to authenticate users, and the file service, for instance, "
1329 "uses the UserID field ('0') and GroupID field ('0') to "
1330 "record ownership and determine access control privileges "
1331 "on files in the file system. This class is defined so as "
1332 "to incorporate commonly-used LDAP attributes to permit "
1333 "implementations to easily derive this information from "
1334 "LDAP-accessible directories.") ]
1335 class CIM_Account:CIM_LogicalElement
1336 {
1337 [Propagated ("CIM_System.CreationClassName"), Key,
1338 MaxLen (256), Description ("Scoping System")]
1339 string SystemCreationClassName;
1340 [Propagated ("CIM_System.Name"), Key,
1341 MaxLen (256),Description ("Scoping System")]
1342 string SystemName;
1343 [Key, MaxLen (256), Description (
1344 "CreationClassName indicates the name of the class or the "
1345 mike 1.2 "subclass used in the creation of an instance. When used "
1346 "with the other key properties of this class, this property "
1347 "allows all instances of this class and its subclasses to "
1348 "be uniquely identified.")]
1349 string CreationClassName;
1350 [Key, Override("Name"), MaxLen (1024), Description (
1351 "The Name property defines the label by which the object is "
1352 "known. The value of this property may be set to be the same "
1353 "as that of the UserID property or, in the case of an "
1354 "LDAP-derived instance, the Name property value may be set to "
1355 "the distinguishedName of the LDAP-accessed object instance.")]
1356 string Name;
1357 [MaxLen (256), Description (
1358 "UserID is the value used by the SecurityService to "
1359 "represent identity. For an authentication service, the "
1360 "UserID may be the name of the user, or for an authorization "
1361 "service the value which serves as a handle to a mapping of "
1362 "the identity.") ]
1363 string UserID;
1364 [Description (
1365 "In the case of an LDAP-derived instance, the ObjectClass "
1366 mike 1.2 "property value(s) may be set to the objectClass attribute "
1367 "values.")]
1368 string ObjectClass[];
1369 [MaxLen (1024), Description (
1370 "The Descriptions property values may contain human-readable "
1371 "descriptions of the object. In the case of an LDAP-derived "
1372 "instance, the description attribute may have multiple values "
1373 "that, therefore, cannot be placed in the inherited "
1374 "Description property.")]
1375 string Descriptions[];
1376 [Description (
1377 "Based on RFC1274, the host name of the system(s) for which "
1378 "the account applies. The host name may be a fully-qualified "
1379 "DNS name or it may be an unqualified host name.")]
1380 string Host[];
1381 [Description (
1382 "This property contains the name of a locality, such as a "
1383 "city, county or other geographic region.")]
1384 string LocalityName[];
1385 [Required, Description (
1386 "The name of the organization related to the account.")]
1387 mike 1.2 string OrganizationName[];
1388 [Description (
1389 "The name of an organizational unit related to the account.")]
1390 string OU[];
1391 [Description (
1392 "In the case of an LDAP-derived instance, the See Also "
1393 "property specifies distinguishedName of other Directory "
1394 "objects which may be other aspects (in some sense) of the "
1395 "same real world object.")]
1396 string SeeAlso[];
1397 [Octetstring, Description (
1398 "Based on inetOrgPerson and for directory compatibility, the "
1399 "User Certificate property may be used to specify a public key "
1400 "certificate for the person.")]
1401 string UserCertificate[];
1402 [Octetstring, Description (
1403 "In the case of an LDAP-derived instance, the UserPassword "
1404 "property may contain an encrypted password used to access "
1405 "the person's resources in a directory." )]
1406 string UserPassword[];
1407 };
1408 mike 1.2
1409
1410 // ==================================================================
1411 // SecurityService
1412 // ==================================================================
1413 [ Abstract, Description (
1414 "CIM_SecurityService ...") ]
1415 class CIM_SecurityService:CIM_Service
1416 {
1417 };
1418
1419 // ==================================================================
1420 // AccountManagementService
1421 // ==================================================================
1422 [Description (
1423 "CIM_AccountManagementService creates, manages, and if necessary "
1424 "destroys Accounts on behalf of other SecuritySerices.") ]
1425 class CIM_AccountManagementService:CIM_SecurityService
1426 {
1427 };
1428
1429 mike 1.2 // ==================================================================
1430 // AuthenticationService
1431 // ==================================================================
1432 [Description (
1433 "CIM_AuthenticationService verifies users' identities through "
1434 "some means. These services are decomposed into a subclass that "
1435 "provides credentials to users and a subclass that provides for "
1436 "the verification of the validity of a credential and, perhaps, "
1437 "the appropriateness of its use for access to target resources. "
1438 "The persistent state information used from one such verification "
1439 "to another is maintained in an Account for that Users Access on "
1440 "that AuthenticationService.") ]
1441 class CIM_AuthenticationService:CIM_SecurityService
1442 {
1443 };
1444
1445 // ==================================================================
1446 // VerificationService
1447 // ==================================================================
1448 [Description (
1449 "CIM_VerificationService is the authentication service that "
1450 mike 1.2 "verifies a credential for use and may also verify the "
1451 "appropriateness of a particular credential in conjunction with a "
1452 "particular target resource.")]
1453 class CIM_VerificationService:CIM_AuthenticationService
1454 {
1455 };
1456
1457 // ==================================================================
1458 // CredentialManagementService
1459 // ==================================================================
1460 [Description (
1461 "CIM_CredentialManagementService issues credentials and manages "
1462 "the credential lifecycle.") ]
1463 class CIM_CredentialManagementService:CIM_AuthenticationService
1464 {
1465 };
1466
1467 // ==================================================================
1468 // CredentialManagementSAP
1469 // ==================================================================
1470 [Description (
1471 mike 1.2 "CIM_CredentialManagementSAP represents the ability to "
1472 "utilize or invoke a CredentialManagementService.") ]
1473 class CIM_CredentialManagementSAP:CIM_ServiceAccessPoint
1474 {
1475 [Description ("The URL for the access point.") ]
1476 string URL;
1477 };
1478
1479 // ==================================================================
1480 // CertificateAuthority
1481 // ==================================================================
1482 [Description ("A Certificate Authority (CA) is a credential "
1483 "management service that issues and cryptographically "
1484 "signs certificates thus acting as an trusted third-party "
1485 "intermediary in establishing trust relationships. The CA "
1486 "authenicates the holder of the private key related to the "
1487 "certificate's public key; the authenicated entity is "
1488 "represented by the UsersAccess class.") ]
1489 class CIM_CertificateAuthority:CIM_CredentialManagementService
1490 {
1491 [Description (
1492 mike 1.2 "The CAPolicyStatement describes what care is taken by the "
1493 "CertificateAuthority when signing a new certificate. "
1494 "The CAPolicyStatment may be a dot-delimited ASN.1 OID "
1495 "string which identifies to the formal policy statement.") ]
1496 string CAPolicyStatement;
1497 [Description ( "A CRL, or CertificateRevocationList, is a "
1498 "list of certificates which the CertificateAuthority has "
1499 "revoked and which are not yet expired. Revocation is "
1500 "necessary when the private key associated with the public "
1501 "key of a certificate is lost or compromised, or when the "
1502 "person for whom the certificate is signed no longer is "
1503 "entitled to use the certificate."), Octetstring ]
1504 string CRL[];
1505 [Description ("Certificate Revocation Lists may be "
1506 "available from a number of distribution points. "
1507 "CRLDistributionPoint array values provide URIs for those "
1508 "distribution points.")]
1509 string CRLDistributionPoint[];
1510 [Description ( "Certificates refer to their issuing CA by "
1511 "its Distinguished Name (as defined in X.501)."), DN]
1512 string CADistinguishedName;
1513 mike 1.2 [Description ( "The frequency, expressed in hours, at which "
1514 "the CA will update its Certificate Revocation List. Zero "
1515 "implies that the refresh frequency is unknown."),
1516 Units("Hours")]
1517 uint8 CRLRefreshFrequency;
1518 [Description ( "The maximum number of certificates in a "
1519 "certificate chain permitted for credentials issued by "
1520 "this certificate authority or it's subordinate CAs.\n"
1521 "The MaxChainLength of a superior CA in the trust "
1522 "hierarchy should be greater than this value and the "
1523 "MaxChainLength of a subordinate CA in the trust hierarchy "
1524 "should be less than this value.")]
1525 uint8 MaxChainLength;
1526 };
1527
1528
1529 // ==================================================================
1530 // KerberosKeyDistributionCenter
1531 // ==================================================================
1532 [Description (
1533 "CIM_KerberosKeyDistributionCenter ...") ]
1534 mike 1.2 class CIM_KerberosKeyDistributionCenter:CIM_CredentialManagementService
1535 {
1536 [Override ("Name"),
1537 Description ("The Realm served by this KDC.")]
1538 string Name;
1539 [Description ("The version of Kerberos supported by this "
1540 "service."),
1541 Values {"V4", "V5", "DCE", "MS"} ]
1542 uint16 Protocol[];
1543 };
1544
1545
1546 // ==================================================================
1547 // Notary
1548 // ==================================================================
1549 [Description (
1550 "CIM_Notary is an AuthenticationService (credential "
1551 "management service) which compares the "
1552 "biometric characteristics of a person with the "
1553 "known characteristics of an Users Access, and determines "
1554 "whether the person is the UsersAccess. An example is "
1555 mike 1.2 "a bank teller who compares a picture ID with the person "
1556 "trying to cash a check, or a biometric login service that "
1557 "uses voice recognition to identify a user.") ]
1558 class CIM_Notary:CIM_CredentialManagementService
1559 {
1560 [Description ( "The types of biometric information which "
1561 "this Notary can compare."),
1562 Values { "N/A", "Other", "Facial", "Retina", "Mark",
1563 "Finger", "Voice", "DNA-RNA", "EEG"} ]
1564 uint16 Comparitors;
1565 [Description (
1566 "The SealProtocol is how the decision of the Notary is "
1567 "recorded for future use by parties who will rely on its "
1568 "decision. For instance, a drivers licence frequently "
1569 "includes tamper-resistent coatings and markings to protect "
1570 "the recorded decision that a driver, having various "
1571 "biometric characteristics of height, weight, hair and eye "
1572 "color, using a particular name, has features represented in "
1573 "a photograph of their face.")]
1574 string SealProtocol;
1575 [Description (
1576 mike 1.2 "CharterIssued documents when the Notary is first "
1577 "authorized, by whoever gave it responsibility, to perform "
1578 "its service.")]
1579 datetime CharterIssued;
1580 [Description (
1581 "CharterExpired documents when the Notary is no longer "
1582 "authorized, by whoever gave it responsibility, to perform "
1583 "its service.")]
1584 datetime CharterExpired;
1585 };
1586
1587
1588 // ==================================================================
1589 // LocalCredentialManagementService
1590 // ==================================================================
1591 [Description (
1592 "CIM_LocalCredentialManagementService is a credential "
1593 "management service that provides local system "
1594 "management of credentials used by the local system.") ]
1595 class CIM_LocalCredentialManagementService:CIM_CredentialManagementService
1596 {
1597 mike 1.2 };
1598
1599 // ==================================================================
1600 // SharedSecretService
1601 // ==================================================================
1602 [Description (
1603 "CIM_SharedSecretService is a service which ascertains "
1604 "whether messages received are from the Principal with "
1605 "whom a secret is shared. Examples include a login "
1606 "service that proves identity on the basis of knowledge of "
1607 "the shared secret, or a transport integrity service (like "
1608 "Kerberos provides) that includes a message authenticity "
1609 "code that proves each message in the messsage stream came "
1610 "from someone who knows the shared secret session key.")]
1611 class CIM_SharedSecretService:CIM_LocalCredentialManagementService
1612 {
1613 [MaxLen (256), Description (
1614 "The Algorithm used to convey the shared secret, such as "
1615 "HMAC-MD5,or PLAINTEXT.") ]
1616 string Algorithm;
1617 [Description (
1618 mike 1.2 "The Protocol supported by the SharedSecretService.")]
1619 string Protocol;
1620 };
1621
1622 // ==================================================================
1623 // PublicKeyManagementService
1624 // ==================================================================
1625 [Description (
1626 "CIM_PublicKeyManagementService is a credential management "
1627 "service that provides local system management of public "
1628 "keys used by the local system.") ]
1629 class CIM_PublicKeyManagementService:CIM_LocalCredentialManagementService
1630 {
1631 };
1632
1633 // ==================================================================
1634 // Credential
1635 // ==================================================================
1636 [Abstract, Description (
1637 "Subclasses of CIM_Credential define materials, "
1638 "information, or other data which are used to prove the "
1639 mike 1.2 "identity of a CIM_UsersAccess to a particular "
1640 "CIM_SecurityService. Generally, there may be some shared "
1641 "information, or credential material which is used to "
1642 "identify and authenticate ones self in the process of "
1643 "gaining access to, or permission to use, an Account. "
1644 "Such credential material may be used to authenticate a "
1645 "users access identity initially, as done by a "
1646 "CIM_AuthenticationService (see later), and additionally on "
1647 "an ongoing basis during the course of a connection or "
1648 "other security association, as proof that each received "
1649 "message or communication came from the owning user access of "
1650 "that credential material.") ]
1651 class CIM_Credential:CIM_ManagedElement
1652 {
1653 };
1654
1655
1656 // ==================================================================
1657 // PublicKeyCertificate
1658 // ==================================================================
1659 [Description ("A Public Key Certificate is a credential "
1660 mike 1.2 "that is cryptographically signed by a trusted Certificate "
1661 "Authority (CA) and issued to an authenticated entity "
1662 "(e.g., human user, service,etc.) called the Subject in "
1663 "the certificate and represented by the UsersAccess class. "
1664 "The public key in the certificate is cryptographically "
1665 "related to a private key that is to be held and kept "
1666 "private by the authenticated Subject. The certificate "
1667 "and its related private key can then be used for "
1668 "establishing trust relationships and securing "
1669 "communications with the Subject. Refer to the ITU/CCITT "
1670 "X.509 standard as an example of such certificates.") ]
1671 class CIM_PublicKeyCertificate:CIM_Credential
1672 {
1673 [Propagated ("CIM_CertificateAuthority.SystemCreationClassName"),
1674 Key, MaxLen (256), Description ("Scoping System")]
1675 string SystemCreationClassName;
1676 [Propagated ("CIM_CertificateAuthority.SystemName"),
1677 Key, MaxLen (256),Description ("Scoping System")]
1678 string SystemName;
1679 [Propagated ("CIM_CertificateAuthority.CreationClassName"),
1680 Key, MaxLen (256), Description ("Scoping Service")]
1681 mike 1.2 string ServiceCreationClassName;
1682 [Propagated ("CIM_CertificateAuthority.Name"),
1683 Key, MaxLen (256), Description ("Scoping Service")]
1684 string ServiceName;
1685 [Key, MaxLen (256), Description (
1686 "Certificate subject identifier")]
1687 string Subject;
1688 [MaxLen (256), Description (
1689 "Alternate subject identifier for the Certificate.")]
1690 string AltSubject;
1691 [Description ("The DER-encoded raw public key."), Octetstring]
1692 uint8 PublicKey[];
1693 };
1694
1695 // ==================================================================
1696 // UnsignedPublicKey
1697 // ==================================================================
1698 [Description (
1699 "A CIM_UnsignedPublicKey represents an unsigned public "
1700 "key credential. The local UsersAccess (or subclass "
1701 "thereof) accepts the public key as authentic because of "
1702 mike 1.2 "a direct trust relationship rather than via a third-party "
1703 "Certificate Authority.") ]
1704 class CIM_UnsignedPublicKey:CIM_Credential
1705 {
1706 [Key, MaxLen (256), Description ("Scoping System"), Propagated ("CIM_PublicKeyManagementService.SystemCreationClassName")]
1707 string SystemCreationClassName;
1708 [Propagated ("CIM_PublicKeyManagementService.SystemName"),
1709 Key, MaxLen (256),Description ("Scoping System")]
1710 string SystemName;
1711 [Propagated ("CIM_PublicKeyManagementService.CreationClassName"),
1712 Key, MaxLen (256), Description ("Scoping Service")]
1713 string ServiceCreationClassName;
1714 [Propagated ("CIM_PublicKeyManagementService.Name"),
1715 Key, MaxLen (256), Description ("Scoping Service")]
1716 string ServiceName;
1717 [Key, MaxLen (256), Description (
1718 "The Identity of the Peer with whom a direct trust "
1719 "relationship exists. The public key may be used for "
1720 "security functions with the Peer."),
1721 ModelCorrespondence
1722 {"CIM_PublicKeyManagementService.PeerIdentityType" } ]
1723 mike 1.2 string PeerIdentity;
1724 [Description ("PeerIdentityType is used to describe the "
1725 "type of the PeerIdentity. The currently defined values "
1726 "are used for IKE identities."),
1727 ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8",
1728 "9", "10", "11"},
1729 Values {"Other", "IPV4_ADDR", "FQDN", "USER_FQDN",
1730 "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
1731 "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
1732 "DER_ASN1_GN", "KEY_ID"},
1733 ModelCorrespondence
1734 {"CIM_PublicKeyManagementService.PeerIdentity" } ]
1735 uint16 PeerIdentityType;
1736 [Description ("The DER-encoded raw public key."),
1737 Octetstring]
1738 uint8 PublicKey[];
1739 };
1740
1741 // ==================================================================
1742 // KerberosTicket
1743 // ==================================================================
1744 mike 1.2 [Description (
1745 "A CIM_KerberosTicket represents a credential issued by a "
1746 "particular Kerberos Key Distribution Center (KDC) "
1747 "to a particular CIM_UsersAccess as the result of a "
1748 "successful authentication process. There are two types of "
1749 "tickets that a KDC may issue to a Users Access - a "
1750 "TicketGranting ticket, which is used to protect and "
1751 "authenticate communications between the Users Access and the "
1752 "KDC, and a Session ticket, which the KDC issues to two "
1753 "Users Access to allow them to communicate with each other. "
1754 ) ]
1755 class CIM_KerberosTicket:CIM_Credential
1756 {
1757 [Key, MaxLen (256), Description ("Scoping System"), Propagated
1758 ("CIM_KerberosKeyDistributionCenter.SystemCreationClassName")]
1759 string SystemCreationClassName;
1760 [Propagated ("CIM_KerberosKeyDistributionCenter.SystemName"),
1761 Key, MaxLen (256),Description ("Scoping System")]
1762 string SystemName;
1763 [Key, MaxLen (256), Propagated
1764 ("CIM_KerberosKeyDistributionCenter.CreationClassName"),
1765 mike 1.2 Description ("Scoping Service")]
1766 string ServiceCreationClassName;
1767 [Propagated ("CIM_KerberosKeyDistributionCenter.Name"),
1768 Key, MaxLen (256),
1769 Description ("Scoping Service. The Kerberos KDC Realm of "
1770 "CIM_KerberosTicket is used to record the security "
1771 "authority, or Realm, name so that tickets issued by "
1772 "different Realms can be separately managed and "
1773 "enumerated.")]
1774 string ServiceName;
1775 [Key, MaxLen (256), Description ("The name of the service "
1776 "for which this ticket is used.")]
1777 string AccessesService;
1778 [Key, MaxLen (256), Description (
1779 "RemoteID is the name by which the user is known at "
1780 "the KDC security service.")]
1781 string RemoteID;
1782 datetime Issued;
1783 datetime Expires;
1784 [Description (
1785 "The Type of CIM_KerberosTicket is used to indicate whether "
1786 mike 1.2 "the ticket in question was issued by the Kerberos Key "
1787 "Distribution Center (KDC) to support ongoing communication "
1788 "between the Users Access and the KDC (\"TicketGranting\"), "
1789 "or was issued by the KDC to support ongoing communication "
1790 "between two Users Access entities (\"Session\")." ),
1791 Values {"Session", "TicketGranting"}]
1792 uint16 TicketType;
1793 };
1794
1795
1796 // ==================================================================
1797 // SharedSecret
1798 // ==================================================================
1799 [Description (
1800 "CIM_SharedSecret is the secret shared between a Users Access "
1801 "and a particular SharedSecret security service. Secrets "
1802 "may be in the form of a password used for initial "
1803 "authentication, or as with a session key, used as part of "
1804 "a message authentication code to verify that a message "
1805 "originated by the pricinpal with whom the secret is shared. "
1806 "It is important to note that SharedSecret is not just the "
1807 mike 1.2 "password, but rather is the password used with a particular "
1808 "security service.")]
1809 class CIM_SharedSecret:CIM_Credential
1810 {
1811 [Propagated ("CIM_SharedSecretService.SystemCreationClassName"),
1812 Key, MaxLen (256), Description ("Scoping System")]
1813 string SystemCreationClassName;
1814 [Propagated ("CIM_SharedSecretService.SystemName"), Key,
1815 MaxLen (256),Description ("Scoping System")]
1816 string SystemName;
1817 [Key, MaxLen (256), Propagated
1818 ("CIM_SharedSecretService.CreationClassName"),
1819 Description ("Scoping Service")]
1820 string ServiceCreationClassName;
1821 [Propagated ("CIM_SharedSecretService.Name"),
1822 Key, MaxLen (256),
1823 Description ("Scoping Service")]
1824 string ServiceName;
1825 [Key, MaxLen (256), Description (
1826 "RemoteID is the name by which the user is known at "
1827 "the remote secret key authentication service.")]
1828 mike 1.2 string RemoteID;
1829 [Description (
1830 "secret is the secret known by the Users Access.")]
1831 string secret;
1832 [Description (
1833 "algorithm names the transformation algorithm, if any, used "
1834 "to protect passwords before use in the protocol. For "
1835 "instance, Kerberos doesn't store passwords as the shared "
1836 "secret, but rather, a hash of the password.")]
1837 string algorithm;
1838 [Description (
1839 "protocol names the protocol with which the SharedSecret is "
1840 "used.")]
1841 string protocol;
1842 };
1843
1844 // ==================================================================
1845 // NamedSharedIKESecret
1846 // ==================================================================
1847 [Description (
1848 "CIM_NamedSharedIKESecret indirectly represents a shared "
1849 mike 1.2 "secret credential. The local identity, IKEIdentity, "
1850 "and the remote peer identity share the secret that is "
1851 "named by the SharedSecretName. The SharedSecretName is "
1852 "used SharedSecretService to reference the secret.") ]
1853 class CIM_NamedSharedIKESecret:CIM_Credential
1854 {
1855 [Propagated ("CIM_SharedSecretService.SystemCreationClassName"),
1856 Key, MaxLen (256), Description ("Scoping System")]
1857 string SystemCreationClassName;
1858 [Propagated ("CIM_SharedSecretService.SystemName"),
1859 Key, MaxLen (256),Description ("Scoping System")]
1860 string SystemName;
1861 [Propagated ("CIM_SharedSecretService.CreationClassName"),
1862 Key, MaxLen (256), Description ("Scoping Service")]
1863 string ServiceCreationClassName;
1864 [Propagated ("CIM_SharedSecretService.Name"),
1865 Key, MaxLen (256), Description ("Scoping Service")]
1866 string ServiceName;
1867 [Key, MaxLen (256), Description (
1868 "The local Identity with whom the direct trust "
1869 "relationship exists."),
1870 mike 1.2 ModelCorrespondence
1871 {"CIM_NamedSharedIKESecret.LocalIdentityType" } ]
1872 string LocalIdentity;
1873 [Key, Description ("LocalIdentityType is used to describe "
1874 "the type of the LocalIdentity."),
1875 ValueMap {"1", "2", "3", "4", "5", "6", "7", "8",
1876 "9", "10", "11"},
1877 Values {"IPV4_ADDR", "FQDN", "USER_FQDN",
1878 "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
1879 "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
1880 "DER_ASN1_GN", "KEY_ID"},
1881 ModelCorrespondence
1882 {"CIM_NamedSharedIKESecret.LocalIdentity" } ]
1883 uint16 LocalIdentityType;
1884 [Key, MaxLen (256), Description (
1885 "The peer identity with whom the direct trust "
1886 "relationship exists."),
1887 ModelCorrespondence
1888 {"CIM_NamedSharedIKESecret.PeerIdentityType" } ]
1889 string PeerIdentity;
1890 [Key, Description ("PeerIdentityType is used to describe "
1891 mike 1.2 "the type of the PeerIdentity."),
1892 ValueMap {"1", "2", "3", "4", "5", "6", "7", "8",
1893 "9", "10", "11"},
1894 Values {"IPV4_ADDR", "FQDN", "USER_FQDN",
1895 "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
1896 "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
1897 "DER_ASN1_GN", "KEY_ID"},
1898 ModelCorrespondence
1899 {"CIM_NamedSharedIKESecret.PeerIdentity" } ]
1900 uint16 PeerIdentityType;
1901 [Description ("SharedSecretName is an indirect reference "
1902 "to a shared secret. The SecretService does not expose "
1903 "the actual secret but rather provides access to the "
1904 "secret via a name.")]
1905 string SharedSecretName;
1906 };
1907
1908 // ==================================================================
1909 // AuthorizationService
1910 // ==================================================================
1911 [Description (
1912 mike 1.2 "CIM_AuthorizationService determines whether a user, by "
1913 "association with an Account used by the AuthorizationService, is "
1914 "permitted access a resource or set of resources.") ]
1915 class CIM_AuthorizationService:CIM_SecurityService
1916 {
1917 };
1918
1919 // ==================================================================
1920 // AuthenticationRequirement
1921 // ==================================================================
1922 [Description (
1923 "CIM_AuthenticationRequirement provides, through its "
1924 "associations, the authentication requirements for access to "
1925 "system resources. For a particular set of target resources, the "
1926 "AuthenticationService may require that credentials be issued by "
1927 "a specific CredentialManagementService. The "
1928 "AuthenticationRequirement class is weak to the system (e.g., "
1929 "Computer System or Administrative Domain) for which the "
1930 "requirements apply.")]
1931 class CIM_AuthenticationRequirement : CIM_LogicalElement
1932 {
1933 mike 1.2 [Key, MaxLen (256), Propagated ("CIM_System.CreationClassName"),
1934 Description ("Hosting system creation class name")]
1935 string SystemCreationClassName;
1936 [Key, MaxLen (256), Propagated ("CIM_System.Name"),
1937 Description ("Hosting system name")]
1938 string SystemName;
1939 [Key, MaxLen (256), Description (
1940 "CreationClassName indicates the name of the class or the "
1941 "subclass used in the creation of an instance. When used "
1942 "with the other key properties of this class, this property "
1943 "allows all instances of this class and its subclasses to "
1944 "be uniquely identified.")]
1945 string CreationClassName;
1946 [Key, MaxLen (256), Override ("Name"), Description (
1947 "The Name property defines the unique label, in the context of "
1948 "the hosting system, by which the AuthenticationRequirement "
1949 "is known.")]
1950 string Name;
1951 [Description (
1952 "The SecurityClassification property specifies a named level "
1953 "of security associated with the AuthenticationRequirement, "
1954 mike 1.2 "e.g., 'Confidential', 'Top Secret', etc.")]
1955 string SecurityClassification;
1956 };
1957
1958
1959 // ==================================================================
1960 // AccessControlInformation
1961 // ==================================================================
1962 [Description (
1963 "CIM_AccessControlInformation provides, through its properties "
1964 "and its associations, the specification of the access rights "
1965 "granted to a set of subject users to a set of target resources. "
1966 "The AccessControlInformation class is weak to the system (e.g., "
1967 "Computer System or Administrative Domain) for which the access "
1968 "controls apply.")]
1969 class CIM_AccessControlInformation: CIM_LogicalElement
1970 {
1971 [Key, MaxLen (256), Propagated ("CIM_System.CreationClassName"),
1972 Description ("Hosting system creation class name")]
1973 string SystemCreationClassName;
1974 [Key, MaxLen (256), Propagated ("CIM_System.Name"),
1975 mike 1.2 Description ("Hosting system name")]
1976 string SystemName;
1977 [Key, MaxLen (256), Description (
1978 "CreationClassName indicates the name of the class or the "
1979 "subclass used in the creation of an instance. When used "
1980 "with the other key properties of this class, this property "
1981 "allows all instances of this class and its subclasses to "
1982 "be uniquely identified.")]
1983 string CreationClassName;
1984 [Key, MaxLen (256), Override ("Name"), Description (
1985 "The Name property defines the unique label, in the context of "
1986 "the hosting system, by which the AccessControlInformation "
1987 "is known.")]
1988 string Name;
1989 [Description (
1990 "The SecurityClassification property specifies a named level "
1991 "of security associated with the AccessControlInformation, "
1992 "e.g., 'Confidential', 'Top Secret', etc.")]
1993 string SecurityClassification;
1994 [Description (
1995 "The AccessType property is an array of string values that "
1996 mike 1.2 "specifies the type of access for which the corresponding "
1997 "permission applies. For example, it can be used to specify a "
1998 "generic access such as 'Read-only', 'Read/Write', etc. for "
1999 "file or record access control or it can be used to specifiy "
2000 "an entry point name for service access control."),
2001 ModelCorrespondence {
2002 "CIM_AccessControlInformation.AccessQualifier",
2003 "CIM_AccessControlInformation.Permission" } ]
2004 string AccessType[];
2005 [Description (
2006 "The AccessQualifier property is an array of string values "
2007 "may be used to further qualify the type of access for which "
2008 "the corresponding permission applies. For example, it may be "
2009 "used to specify a set of parameters that are permitted or "
2010 "denied in conjunction with the corresponding AccessType entry "
2011 "point name."),
2012 ModelCorrespondence {
2013 "CIM_AccessControlInformation.AccessType",
2014 "CIM_AccessControlInformation.Permission" } ]
2015 string AccessQualifier[];
2016 [Description (
2017 mike 1.2 "The Permission property is an array of string values "
2018 "indicating the permission that applies to the corrsponding "
2019 "AccessType and AccessQualifier array values. The values "
2020 "may be extended in subclasses to provide more specific access "
2021 "controls."),
2022 ValueMap {"Unknown", "Allow", "Deny", "Manage"},
2023 ModelCorrespondence {
2024 "CIM_AccessControlInformation.AccessType",
2025 "CIM_AccessControlInformation.AccessQualifier" } ]
2026 string Permission[];
2027 };
2028
2029 // ==================================================================
2030 // === Association class definitions ===
2031 // ==================================================================
2032
2033 // Aggregations
2034
2035 // ==================================================================
2036 // MemberPrincipal
2037 // ==================================================================
2038 mike 1.2 [Association, Aggregation, Description (
2039 "CIM_MemberPrincipal is an aggregation used to establish "
2040 "membership of principals (i.e., users) in a Collection. That "
2041 "membership can be established either directly or indirectly as "
2042 "indicated in the UsersAccessBy property. For example, a user "
2043 "may be identified directly by their userid (i.e., Account object "
2044 "instance) or the user may be identified indirectly by realm from "
2045 "which a ticket was issued (i.e., CredentialManagementService "
2046 "object instance). The latter case is useful, for example, for "
2047 "specifying that only users identified by an internal credential "
2048 "service are permitted to access very sensitive information." ) ]
2049 class CIM_MemberPrincipal: CIM_MemberOfCollection
2050 {
2051 [Override ("Collection"), Aggregate ]
2052 CIM_Collection REF Collection;
2053 [Override ("Member") ]
2054 CIM_ManagedElement REF Member;
2055 [Description (
2056 "A MemberPrincipal may be identifed in several ways that may "
2057 "be either direct or indirect membership in the collection. "
2058 " - A 'UsersAccess' membership directly identifies the user by "
2059 mike 1.2 " the UsersAccess object instance. "
2060 " - An 'Account' membership directly identifies the user by "
2061 " the Account object class instance. "
2062 " - A 'UsingElement' membership indirectly identifies the user "
2063 " by the ManagedElement object instance that has "
2064 " ElementAsUser associations to UsersAccess object "
2065 " instances. Hence, all UsersAccess instances are "
2066 " indirectly included in the collection. "),
2067 ValueMap {"1", "2", "3", "4" },
2068 Values {"UsersAccess", "Account", "UsingElement",
2069 "CredentialManagementService"} ]
2070 uint16 UserAccessBy;
2071 };
2072
2073
2074 // ===================================================================
2075 // AccountOnSystem
2076 // ===================================================================
2077 [Association, Aggregation, Description (
2078 "A system (e.g., ApplicationSystem, ComputerSystem, AdminDomain) "
2079 "aggregates Accounts and scopes the uniqueness of the Account "
2080 mike 1.2 "names (i.e., userids).") ]
2081 class CIM_AccountOnSystem : CIM_SystemComponent
2082 {
2083 [Override ("GroupComponent"), Min (1), Max (1), Aggregate,
2084 Description ("The aggregating system also provides name scoping "
2085 "for the Account.")]
2086 CIM_System REF GroupComponent;
2087 [Override ("PartComponent"), Weak,
2088 Description ("The subordinate Account")]
2089 CIM_Account REF PartComponent;
2090 };
2091
2092 // ==================================================================
2093 // OrgStructure
2094 // ==================================================================
2095 [Association, Aggregation, Description (
2096 "CIM_OrgStructure is an association used to establish parent-child "
2097 "relationships between OrganizationalEntity instances. This is "
2098 "used to capture organizational relationships between object "
2099 "instances such as those that are imported from an LDAP-accessible "
2100 "directory.") ]
2101 mike 1.2 class CIM_OrgStructure
2102 {
2103 [Key, Max (1), Aggregate,
2104 Description ("The organizational parent in this association.") ]
2105 CIM_OrganizationalEntity REF Parent;
2106 [Key,
2107 Description ("The organizational child in this association, "
2108 "i.e., the sub-unit or other owned object instance.") ]
2109 CIM_OrganizationalEntity REF Child;
2110 };
2111
2112 // ==================================================================
2113 // CollectionInOrganization
2114 // ==================================================================
2115 [Association, Aggregation, Description (
2116 "CIM_CollectionInOrganization is an association used to establish "
2117 "a parent-child relationship between a collection and an 'owning' "
2118 "OrganizationalEntity. A single collection should not have both "
2119 "a CollectionInOrganization and a CollectionInSystem association."
2120 )]
2121 class CIM_CollectionInOrganization
2122 mike 1.2 {
2123 [Key, Max (1), Aggregate,
2124 Description ("The parent organization responsible for the "
2125 "collection.") ]
2126 CIM_OrganizationalEntity REF Parent;
2127 [Key,
2128 Description ("The collection") ]
2129 CIM_Collection REF Child;
2130 };
2131
2132 // ==================================================================
2133 // CollectionInSystem
2134 // ==================================================================
2135 [Association, Aggregation, Description (
2136 "CIM_CollectionInSystem is an association used to establish a "
2137 "parent-child relationship between a collection and an 'owning' "
2138 "System such as an AdminDomain or ComputerSystem. A single "
2139 "collection should not have both a CollectionInOrganization and a "
2140 "CollectionInSystem association." )]
2141 class CIM_CollectionInSystem
2142 {
2143 mike 1.2 [Key, Max (1), Aggregate,
2144 Description ("The parent system responsible for the "
2145 "collection.") ]
2146 CIM_System REF Parent;
2147 [Key,
2148 Description ("The collection") ]
2149 CIM_Collection REF Child;
2150 };
2151
2152 // Associations
2153
2154 // ==================================================================
2155 // ElementAsUser
2156 // ==================================================================
2157 [Association, Description (
2158 "CIM_ElementAsUser is an association used to establish the "
2159 "'ownership' of UsersAccess object instances. That is, the "
2160 "ManagedElement may have UsersAccess to systems and, therefore, "
2161 "be 'users' on those systems. UsersAccess instances must have an "
2162 "'owning' ManagedElement. Typically, the ManagedElements will be "
2163 "limited to Collection, Person, Service and ServiceAccessPoint. "
2164 mike 1.2 "Other non-human ManagedElements that might be thought of as "
2165 "having UsersAccess (e.g., a device or system) have services that "
2166 "have the UsersAccess.")]
2167 class CIM_ElementAsUser : CIM_Dependency
2168 {
2169 [Min (1), Max (1), Override ("Antecedent"),
2170 Description ("The ManagedElement that has UsersAccess") ]
2171 CIM_ManagedElement REF Antecedent;
2172 [Override ("Dependent"),
2173 Description ("The 'owned' UsersAccess") ]
2174 CIM_UsersAccess REF Dependent;
2175 };
2176
2177
2178 // ==================================================================
2179 // MoreOrganizationInfo
2180 // ==================================================================
2181 [Association, Description (
2182 "CIM_MoreOrganizationInfo is an association used to extend the "
2183 "information in a CIM_Organization class instance."
2184 )]
2185 mike 1.2 class CIM_MoreOrganizationInfo : CIM_Dependency
2186 {
2187 [Max (1), Override ("Antecedent"),
2188 Description (" "
2189 " ") ]
2190 CIM_Organization REF Antecedent;
2191 [Min (0), Max (1), Override ("Dependent"),
2192 Description (" ") ]
2193 CIM_OtherOrganizationInformation REF Dependent;
2194 };
2195
2196 // ==================================================================
2197 // MoreOrgUnitInfo
2198 // ==================================================================
2199 [Association, Description (
2200 "CIM_MoreOrgUnitInfo is an association used to extend the "
2201 "information in an CIM_OrgUnit class instance."
2202 )]
2203 class CIM_MoreOrgUnitInfo : CIM_Dependency
2204 {
2205 [Max (1), Override ("Antecedent"),
2206 mike 1.2 Description (" "
2207 " ") ]
2208 CIM_OrgUnit REF Antecedent;
2209 [Min (0), Max (1), Override ("Dependent"),
2210 Description (" ") ]
2211 CIM_OtherOrgUnitInformation REF Dependent;
2212 };
2213
2214 // ==================================================================
2215 // MoreGroupInfo
2216 // ==================================================================
2217 [Association, Description (
2218 "CIM_MoreGroupInfo is an association used to extend the "
2219 "information in a CIM_Group class instance."
2220 )]
2221 class CIM_MoreGroupInfo : CIM_Dependency
2222 {
2223 [Max (1), Override ("Antecedent"),
2224 Description (" "
2225 " ") ]
2226 CIM_Group REF Antecedent;
2227 mike 1.2 [Min (0), Max (1), Override ("Dependent"),
2228 Description (" ") ]
2229 CIM_OtherGroupInformation REF Dependent;
2230 };
2231
2232 // ==================================================================
2233 // MoreRoleInfo
2234 // ==================================================================
2235 [Association, Description (
2236 "CIM_MoreRoleInfo is an association used to extend the "
2237 "information in a CIM_Role class instance."
2238 )]
2239 class CIM_MoreRoleInfo : CIM_Dependency
2240 {
2241 [Max (1), Override ("Antecedent"),
2242 Description (" "
2243 " ") ]
2244 CIM_Role REF Antecedent;
2245 [Min (0), Max (1), Override ("Dependent"),
2246 Description (" ") ]
2247 CIM_OtherRoleInformation REF Dependent;
2248 mike 1.2 };
2249
2250 // ==================================================================
2251 // MorePersonInfo
2252 // ==================================================================
2253 [Association, Description (
2254 "CIM_MorePersonInfo is an association used to extend the "
2255 "information in a CIM_Person class instance."
2256 )]
2257 class CIM_MorePersonInfo : CIM_Dependency
2258 {
2259 [Max (1), Override ("Antecedent"),
2260 Description (" "
2261 " ") ]
2262 CIM_Person REF Antecedent;
2263 [Min (0), Max (1), Override ("Dependent"),
2264 Description (" ") ]
2265 CIM_OtherPersonInformation REF Dependent;
2266 };
2267
2268
2269 mike 1.2 // ==================================================================
2270 // SystemAdministrator
2271 // ==================================================================
2272 [Association, Description (
2273 "CIM_SystemAdministrator is an association used to identify "
2274 "the UserEntity as a system administrator of a CIM_System." ) ]
2275 class CIM_SystemAdministrator: CIM_Dependency
2276 {
2277 [Override ("Antecedent"), Description (
2278 "The administered system.") ]
2279 CIM_System REF Antecedent;
2280 [Override ("Dependent"), Description (
2281 "The UserEntity that provides the admininstrative function "
2282 "for the associated system.") ]
2283 CIM_UserEntity REF Dependent;
2284
2285 };
2286
2287 // ==================================================================
2288 // SystemAdministratorGroup
2289 // ==================================================================
2290 mike 1.2 [Association, Description (
2291 "CIM_SystemAdministratorGroup is an association used to identify "
2292 "a Group that has system administrator responsibilities for a "
2293 "CIM_System. " )]
2294 class CIM_SystemAdministratorGroup : CIM_Dependency
2295 {
2296 [Override ("Antecedent"),
2297 Description ("The administered system") ]
2298 CIM_System REF Antecedent;
2299 [Override ("Dependent"),
2300 Description ("The Group of administrators") ]
2301 CIM_Group REF Dependent;
2302 };
2303
2304 // ==================================================================
2305 // SystemAdministratorRole
2306 // ==================================================================
2307 [Association, Description (
2308 "CIM_SystemAdministratorRole is an association used to identify "
2309 "a system administrator Role for a CIM_System.")]
2310 class CIM_SystemAdministratorRole : CIM_Dependency
2311 mike 1.2 {
2312 [Override ("Antecedent"),
2313 Description ("The administered system") ]
2314 CIM_System REF Antecedent;
2315 [Override ("Dependent"),
2316 Description ("The system administration role") ]
2317 CIM_Role REF Dependent;
2318 };
2319
2320 // ===================================================================
2321 // UsersAccount
2322 // ===================================================================
2323 [Association, Description (
2324 "This relationship associates UsersAccess with the Accounts "
2325 "with which they're able to interact.") ]
2326 class CIM_UsersAccount : CIM_Dependency
2327 {
2328 [Override ("Antecedent"),
2329 Description ( "The user's Account") ]
2330 CIM_Account REF Antecedent;
2331 [Override ("Dependent"),
2332 mike 1.2 Description ( "The User as identified by their UsersAccess "
2333 "instance")]
2334 CIM_UsersAccess REF Dependent;
2335 };
2336
2337
2338 // ===================================================================
2339 // AccountMapsToAccount
2340 // ===================================================================
2341 [Association, Description (
2342 "This relationship may be used to associate an Account used by an "
2343 "AuthenticationService to an Account used for Authorization. For "
2344 "instance, this mapping occurs naturally in the UNIX /etc/passwd "
2345 "file, where the AuthenticationSerice Account ('root') is mapped "
2346 "to the AuthorizationService Account ('0'). The two are separate "
2347 "accounts, as evidenced by the ability to have another "
2348 "AuthenticationService Account which ALSO maps to the "
2349 "AuthorizationService Account ('0') without ambiguity. This "
2350 "association may be used for other account mappings as well such "
2351 "as for coordinating single signon for multiple accounts for the "
2352 "same user.") ]
2353 mike 1.2 class CIM_AccountMapsToAccount : CIM_Dependency
2354 {
2355 [Override ("Antecedent"),
2356 Description ( "An Account") ]
2357 CIM_Account REF Antecedent;
2358 [Override ("Dependent"),
2359 Description ( "A related Account")]
2360 CIM_Account REF Dependent;
2361 };
2362
2363 // ===================================================================
2364 // SecurityServiceUsesAccount
2365 // ===================================================================
2366 [Association, Description (
2367 "This relationship associates SecurityService instances to "
2368 "the Accounts they use in the course of their work.") ]
2369 class CIM_SecurityServiceUsesAccount : CIM_Dependency
2370 {
2371 [ Override ("Antecedent") ]
2372 CIM_Account REF Antecedent;
2373 [ Override ("Dependent") ]
2374 mike 1.2 CIM_SecurityService REF Dependent;
2375 };
2376
2377
2378 // ===================================================================
2379 // ManagesAccount
2380 // ===================================================================
2381 [Association, Description (
2382 "This relationship associates the AccountManagement security "
2383 "service to the Accounts for which it is responsible.") ]
2384 class CIM_ManagesAccount:CIM_Dependency
2385 {
2386 [ Override ("Antecedent") ]
2387 CIM_AccountManagementService REF Antecedent;
2388 [ Override ("Dependent") ]
2389 CIM_Account REF Dependent;
2390 };
2391
2392 // ===================================================================
2393 // ServiceUsesSecurityService
2394 // ===================================================================
2395 mike 1.2 [Association, Description (
2396 "This relationship associates a Services with the Security "
2397 "Service it uses.") ]
2398 class CIM_ServiceUsesSecurityService : CIM_ServiceServiceDependency
2399 {
2400 [ Override ("Antecedent") ]
2401 CIM_SecurityService REF Antecedent;
2402 [ Override ("Dependent") ]
2403 CIM_Service REF Dependent;
2404 };
2405
2406 // ===================================================================
2407 // SecurityServiceForSystem
2408 // ===================================================================
2409 [Association, Description (
2410 "The CIM_SecurityServiceForSystem provides the association between "
2411 "a System and a SecurityService that provides services for that "
2412 "system." ) ]
2413 class CIM_SecurityServiceForSystem : CIM_ProvidesServiceToElement
2414 {
2415 [Override ("Antecedent"), Description (
2416 mike 1.2 "The SecurityService that provides services for the system.")]
2417 CIM_SecurityService REF Antecedent;
2418 [Override ("Dependent"), Description (
2419 "The system that is dependent on the security service.")]
2420 CIM_System REF Dependent;
2421 };
2422
2423
2424 // ===================================================================
2425 // ManagesAccountOnSystem
2426 // ===================================================================
2427 [Association, Description (
2428 "The CIM_ManagesAccountOnSystem provides the association between a "
2429 "System and the AccountManagementService that manages accounts for "
2430 "that system." ) ]
2431 class CIM_ManagesAccountOnSystem:CIM_SecurityServiceForSystem
2432 {
2433 [Override ("Antecedent"), Description (
2434 "An AccountManagementService that manages accounts for the "
2435 "system.")]
2436 CIM_AccountManagementService REF Antecedent;
2437 mike 1.2 [Override ("Dependent"), Description (
2438 "The system that is dependent on the AccountManagementService."
2439 )]
2440 CIM_System REF Dependent;
2441 };
2442
2443 // ==================================================================
2444 // TrustHierarchy
2445 // ==================================================================
2446 [Association, Description (
2447 "CIM_TrustHierarchy is an association between two "
2448 "CredentialManagementService instances that establishes "
2449 "the trust hierarchy between them.") ]
2450 class CIM_TrustHierarchy:CIM_Dependency
2451 {
2452 [Override ("Antecedent"), Max (1),
2453 Description ("The superior CredentialManagementService "
2454 "from which the dependent service gets its authority.") ]
2455 CIM_CredentialManagementService REF Antecedent;
2456 [Override ("Dependent"), Description (
2457 "The subordinate CredentialManagementService.") ]
2458 mike 1.2 CIM_CredentialManagementService REF Dependent;
2459 };
2460
2461 // ==================================================================
2462 // UsersCredential
2463 // ==================================================================
2464 [Association, Description (
2465 "CIM_UsersCredential is an association used to establish the "
2466 "credentials that may be used for a UsersAccess to a system or "
2467 "set of systems. " )]
2468 class CIM_UsersCredential : CIM_Dependency
2469 {
2470 [Override ("Antecedent"),
2471 Description ("The issued credential that may be used.") ]
2472 CIM_Credential REF Antecedent;
2473 [Override ("Dependent"),
2474 Description ("The UsersAccess that has use of a credential") ]
2475 CIM_UsersAccess REF Dependent;
2476 };
2477
2478 // ===================================================================
2479 mike 1.2 // PublicPrivateKeyPair
2480 // ===================================================================
2481 [Association, Description (
2482 "This relationship associates a PublicKeyCertificate with "
2483 "the Principal who has the PrivateKey used with the "
2484 "PublicKey. The PrivateKey is not modeled, since it is not "
2485 "a data element that ever SHOULD be accessible via "
2486 "management applications, other than key recovery services, "
2487 "which are outside our scope.") ]
2488 class CIM_PublicPrivateKeyPair:CIM_UsersCredential
2489 {
2490 [ Override ("Antecedent") ]
2491 CIM_PublicKeyCertificate REF Antecedent;
2492 [ Override ("Dependent") ]
2493 CIM_UsersAccess REF Dependent;
2494 [Description ( "The Certificate may be used for signature only "
2495 "or for confidentiality as well as signature"),
2496 Values { "SignOnly", "ConfidentialityOrSignature"} ]
2497 uint16 Use;
2498 boolean NonRepudiation;
2499 boolean BackedUp;
2500 mike 1.2 [Description ("The repository in which the certificate is "
2501 "backed up.")]
2502 string Repository;
2503 };
2504
2505
2506 // ===================================================================
2507 // CAHasPublicCertificate
2508 // ===================================================================
2509 [Association, Description (
2510 "A CertificateAuthority may have certificates issued by other CAs. "
2511 "This association is essentially an optimization of the CA having "
2512 "a UsersAccess instance with an association to a certificate thus "
2513 "mapping more closely to LDAP-based certificate authority "
2514 "implementations.") ]
2515 class CIM_CAHasPublicCertificate:CIM_Dependency
2516 {
2517 [Max (1), Override ("Antecedent"),
2518 Description ("The Certificate used by the CA")]
2519 CIM_PublicKeyCertificate REF Antecedent;
2520 [Override ("Dependent"),
2521 mike 1.2 Description ("The CA that uses a Certificate")]
2522 CIM_CertificateAuthority REF Dependent;
2523 };
2524
2525
2526 // ===================================================================
2527 // ManagedCredential
2528 // ===================================================================
2529 [Association, Description (
2530 "This relationship associates a CredentialManagementService "
2531 "with the Credential it manages.") ]
2532 class CIM_ManagedCredential:CIM_Dependency
2533 {
2534 [Override ("Antecedent"), Min (1), Max (1),
2535 Description ( "The credential management service")]
2536 CIM_CredentialManagementService REF Antecedent;
2537 [Override ("Dependent"),
2538 Description ( "The managed credential")]
2539 CIM_Credential REF Dependent;
2540 };
2541
2542 mike 1.2 // ===================================================================
2543 // CASignsPublicKeyCertificate
2544 // ===================================================================
2545 [Association, Description (
2546 "This relationship associates a CertificateAuthority with "
2547 "the certificates it signs.") ]
2548 class CIM_CASignsPublicKeyCertificate:CIM_ManagedCredential
2549 {
2550 [Override ("Antecedent"), Min (1), Max (1),
2551 Description ( "The CA which signed the certificate")]
2552 CIM_CertificateAuthority REF Antecedent;
2553 [Override ("Dependent"), Weak,
2554 Description ( "The certificate issued by the CA")]
2555 CIM_PublicKeyCertificate REF Dependent;
2556 string SerialNumber;
2557 [ Octetstring ]
2558 uint8 Signature[];
2559 datetime Expires;
2560 string CRLDistributionPoint[];
2561 };
2562
2563 mike 1.2 // ==================================================================
2564 // LocallyManagedPublicKey
2565 // ==================================================================
2566 [Association, Description (
2567 "CIM_LocallyManagedPublicKey association provides the "
2568 "relationship between a PublicKeyManagementService and an "
2569 "UnsignedPublicKey.") ]
2570 class CIM_LocallyManagedPublicKey:CIM_ManagedCredential
2571 {
2572 [Override ("Antecedent"), Min (1), Max (1),
2573 Description ("The PublicKeyManagementService that manages "
2574 "an unsigned public key.") ]
2575 CIM_PublicKeyManagementService REF Antecedent;
2576 [Override ("Dependent"), Weak, Description (
2577 "An unsigned public key.") ]
2578 CIM_UnsignedPublicKey REF Dependent;
2579 };
2580
2581 // ===================================================================
2582 // SharedSecretIsShared
2583 // ===================================================================
2584 mike 1.2 [Association, Description (
2585 "This relationship associates a SharedSecretService with the "
2586 "SecretKey it verifies.") ]
2587 class CIM_SharedSecretIsShared : CIM_ManagedCredential
2588 {
2589 [Override ("Antecedent"), Min (1), Max (1),
2590 Description ("The credential management service")]
2591 CIM_SharedSecretService REF Antecedent;
2592 [Override ("Dependent"), Weak,
2593 Description ( "The managed credential")]
2594 CIM_SharedSecret REF Dependent;
2595 };
2596
2597 // ==================================================================
2598 // IKESecretIsNamed
2599 // ==================================================================
2600 [Association, Description (
2601 "CIM_IKESecretIsNamed association provides the "
2602 "relationship between a SharedSecretService and a "
2603 "NamedSharedIKESecret.") ]
2604 class CIM_IKESecretIsNamed:CIM_ManagedCredential
2605 mike 1.2 {
2606 [Override ("Antecedent"), Min (1), Max (1),
2607 Description ("The SharedSecretService that manages a "
2608 "NamedSharedIKESecret.")]
2609 CIM_SharedSecretService REF Antecedent;
2610 [Override ("Dependent"), Weak, Description (
2611 "The managed NamedSharedIKESecret.") ]
2612 CIM_NamedSharedIKESecret REF Dependent;
2613 };
2614
2615 // ===================================================================
2616 // KDCIssuesKerberosTicket
2617 // ===================================================================
2618 [Association, Description (
2619 "The KDC issues and owns Kerberos tickets. This association "
2620 "captures the relationship between the KDC and its issued tickets."
2621 ) ]
2622 class CIM_KDCIssuesKerberosTicket:CIM_ManagedCredential
2623 {
2624 [Override ("Antecedent"), Min (1), Max (1),
2625 Description ( "The issuing KDC") ]
2626 mike 1.2 CIM_KerberosKeyDistributionCenter REF Antecedent;
2627 [Override ("Dependent"), Weak,
2628 Description ( "The managed credential")]
2629 CIM_KerberosTicket REF Dependent;
2630 };
2631
2632 // ===================================================================
2633 // NotaryVerifiesBiometric
2634 // ===================================================================
2635 [Association, Description (
2636 "This relationship associates a Notary service with the "
2637 "Users Access whose biometric information is verified.") ]
2638 class CIM_NotaryVerifiesBiometric : CIM_Dependency
2639 {
2640 [Override ("Antecedent"),
2641 Description ("The Notary service that verifies biometric "
2642 "information ") ]
2643 CIM_Notary REF Antecedent;
2644 [Override ("Dependent"),
2645 Description ( "The UsersAccess that represents a person using "
2646 "biometric information for authentication.")]
2647 mike 1.2 CIM_UsersAccess REF Dependent;
2648 };
2649
2650
2651 // ==================================================================
2652 // HostedAuthenticationRequirement
2653 // ==================================================================
2654 [Association, Description (
2655 "CIM_HostedAuthenticationRequirement is an association used to "
2656 "provide the namespace scoping of AuthenticationRequirement. The "
2657 "hosted requirements may or may not apply to resources on the "
2658 "hosting system." )]
2659 class CIM_HostedAuthenticationRequirement : CIM_Dependency
2660 {
2661 [Min (1), Max (1), Override ("Antecedent"),
2662 Description ("The hosting system") ]
2663 CIM_System REF Antecedent;
2664 [Override ("Dependent"), Weak,
2665 Description ("The hosted AuthenticationRequirement") ]
2666 CIM_AuthenticationRequirement REF Dependent;
2667 };
2668 mike 1.2
2669 // ==================================================================
2670 // AuthenticateForUse
2671 // ==================================================================
2672 [Association, Description (
2673 "CIM_AuthenticateForUse is an association used to provide an "
2674 "AuthenticationService with the AuthenticationRequirement it "
2675 "needs to do its job.")]
2676 class CIM_AuthenticateForUse : CIM_Dependency
2677 {
2678 [Override ("Antecedent"),
2679 Description ("AuthenticationRequirement for use") ]
2680 CIM_AuthenticationRequirement REF Antecedent;
2681 [Override ("Dependent"),
2682 Description ("AuthenticationService that uses the requirements"
2683 ) ]
2684 CIM_AuthenticationService REF Dependent;
2685 };
2686
2687 // ==================================================================
2688 // RequireCredentialsFrom
2689 mike 1.2 // ==================================================================
2690 [Association, Description (
2691 "CIM_RequireCredentialsFrom is an association used to require "
2692 "that credentials are issued by particular Credential Management "
2693 "Services in order to authenticate a user." )]
2694 class CIM_RequireCredentialsFrom : CIM_Dependency
2695 {
2696 [Override ("Antecedent"),
2697 Description ("CredentialManagementService from which "
2698 "credentials are accepted for the associated "
2699 "AuthenticationRequirement.") ]
2700 CIM_CredentialManagementService REF Antecedent;
2701 [Override ("Dependent"),
2702 Description ("AuthenticationRequirement that limit acceptable "
2703 "credentials. ") ]
2704 CIM_AuthenticationRequirement REF Dependent;
2705 };
2706
2707 // ==================================================================
2708 // AuthenticationTarget
2709 // ==================================================================
2710 mike 1.2 [Association, Description (
2711 "CIM_AuthenticationTarget is an association used to apply "
2712 "authentication requirements for access to specific resources. "
2713 "For example, a shared secret may be sufficient for access to "
2714 "unclassified resources, but for confidential resources, a "
2715 "stronger authentication may be required." )]
2716 class CIM_AuthenticationTarget : CIM_Dependency
2717 {
2718 [Override ("Antecedent"),
2719 Description ("AuthenticationRequirement that apply to "
2720 "specific resources") ]
2721 CIM_AuthenticationRequirement REF Antecedent;
2722 [Override ("Dependent"),
2723 Description ("Target resources that may be in a Collection or "
2724 "an individual ManagedElement. These resources are protected "
2725 "by the AuthenticationRequirement.") ]
2726 CIM_ManagedElement REF Dependent;
2727 };
2728
2729 // ==================================================================
2730 // HostedACI
2731 mike 1.2 // ==================================================================
2732 [Association, Description (
2733 "CIM_HostedACI is an association used to provide the namespace "
2734 "scoping of AccessControlInformation. The hosted ACI may or may "
2735 "not apply to resources on the hosting system." )]
2736 class CIM_HostedACI : CIM_Dependency
2737 {
2738 [Min (1), Max (1), Override ("Antecedent"),
2739 Description ("The hosting system") ]
2740 CIM_System REF Antecedent;
2741 [Override ("Dependent"), Weak,
2742 Description ("The hosted AccessControlInformation") ]
2743 CIM_AccessControlInformation REF Dependent;
2744 };
2745
2746 // ==================================================================
2747 // AuthorizedUse
2748 // ==================================================================
2749 [Association, Description (
2750 "CIM_AuthorizedUse is an association used to provide an "
2751 "AuthorizationService with the AccessControlInformation it needs "
2752 mike 1.2 "to do its job." )]
2753 class CIM_AuthorizedUse : CIM_Dependency
2754 {
2755 [Override ("Antecedent"),
2756 Description ("AccessControlInformation") ]
2757 CIM_AccessControlInformation REF Antecedent;
2758 [Override ("Dependent"),
2759 Description ("AuthorizationService that uses an ACI.") ]
2760 CIM_AuthorizationService REF Dependent;
2761 };
2762
2763 // ==================================================================
2764 // AuthorizationSubject
2765 // ==================================================================
2766 [Association, Description (
2767 "CIM_AuthorizationSubject is an association used to apply "
2768 "authorization decisions to specific subjects (i.e., users). The "
2769 "subjects may be identified directly or they may be aggregated "
2770 "into a collection that may, in turn, use the MemberPrincipal "
2771 "association to provide further indirection in the specification "
2772 "of the subject set." )]
2773 mike 1.2 class CIM_AuthorizationSubject : CIM_Dependency
2774 {
2775 [Override ("Antecedent"), Description (
2776 "AccessControlInformation that applies to a subject set.") ]
2777 CIM_AccessControlInformation REF Antecedent;
2778 [Override ("Dependent"), Description (
2779 "The subject set may be specified as a collection or as a set "
2780 "of associations to ManagedElements that represent users.") ]
2781 CIM_ManagedElement REF Dependent;
2782 };
2783
2784 // ==================================================================
2785 // AuthorizationTarget
2786 // ==================================================================
2787 [Association, Description (
2788 "CIM_AuthorizationTarget is an association used to apply "
2789 "authorization decisions to specific target resources. The "
2790 "target resources may be aggregated into a collection or may be "
2791 "represented as a set of associations to ManagedElements." )]
2792 class CIM_AuthorizationTarget : CIM_Dependency
2793 {
2794 mike 1.2 [Override ("Antecedent"), Description (
2795 "AccessControlInformation that applies to the target set.") ]
2796 CIM_AccessControlInformation REF Antecedent;
2797 [Override ("Dependent"), Description (
2798 "The target set of resources may be specified as a collection "
2799 "or as a set of associations to ManagedElements that represent "
2800 "target resources.") ]
2801 CIM_ManagedElement REF Dependent;
2802 };
2803
2804
2805 // End of file
2806
2807
2808
2809
|
Return to
CIM_User26.mof
CVS log
Up to [Pegasus] / pegasus / Schemas / CIM26Prelim