1 kumpf 1.2 // ===================================================================
2 // Title: User-Security Accounts 2.7
3 // Filename: User27_Account.mof
4 // Version: 2.7.0
5 // Status: Final
6 // Date: 03/31/2003
7 // ===================================================================
8 // Copyright 2000-2003 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 kumpf 1.2 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 kumpf 1.2 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the concepts and classes related to
47 // Accounts.
48 //
49 // The object classes below are listed in an order that
50 // avoids forward references. Required objects, defined
51 // by other working groups, are omitted.
52 // ===================================================================
53 // Change Log for v2.7 - None
54 // ===================================================================
55
56 #pragma Locale ("en_US")
57
58
59 // ==================================================================
60 // Account
61 // ==================================================================
62 [Version ("2.6.0"), Description (
63 "CIM_Account is the information held by a SecurityService "
64 kumpf 1.2 "to track identity and privileges managed by that service. "
65 "Common examples of an Account are the entries in a UNIX "
66 "/etc/passwd file. Several kinds of security services use "
67 "various information from those entries - the /bin/login "
68 "program uses the account name ('root') and hashed password "
69 "to authenticate users, and the file service, for instance, "
70 "uses the UserID field ('0') and GroupID field ('0') to "
71 "record ownership and determine access control privileges "
72 "on files in the file system. This class is defined so as "
73 "to incorporate commonly-used LDAP attributes to permit "
74 "implementations to easily derive this information from "
75 "LDAP-accessible directories.") ]
76 class CIM_Account : CIM_LogicalElement {
77
78 [Propagated ("CIM_System.CreationClassName"), Key,
79 MaxLen (256), Description ("The scoping System's CCN.") ]
80 string SystemCreationClassName;
81
82 [Propagated ("CIM_System.Name"), Key,
83 MaxLen (256),Description ("The scoping System's Name.") ]
84 string SystemName;
85 kumpf 1.2
86 [Key, MaxLen (256), Description (
87 "CreationClassName indicates the name of the class or the "
88 "subclass used in the creation of an instance. When used "
89 "with the other key properties of this class, this property "
90 "allows all instances of this class and its subclasses to "
91 "be uniquely identified.") ]
92 string CreationClassName;
93
94 [Key, Override("Name"), MaxLen (1024), Description (
95 "The Name property defines the label by which the object is "
96 "known. The value of this property may be set to be the same "
97 "as that of the UserID property or, in the case of an "
98 "LDAP-derived instance, the Name property value may be set to "
99 "the distinguishedName of the LDAP-accessed object instance.") ]
100 string Name;
101
102 [MaxLen (256), Description (
103 "UserID is the value used by the SecurityService to "
104 "represent identity. For an authentication service, the "
105 "UserID may be the name of the user, or for an authorization "
106 kumpf 1.2 "service the value which serves as a handle to a mapping of "
107 "the identity.") ]
108 string UserID;
109
110 [Description (
111 "In the case of an LDAP-derived instance, the ObjectClass "
112 "property value(s) may be set to the objectClass attribute "
113 "values.") ]
114 string ObjectClass[];
115
116 [MaxLen (1024), Description (
117 "The Descriptions property values may contain human-readable "
118 "descriptions of the object. In the case of an LDAP-derived "
119 "instance, the description attribute may have multiple values "
120 "that, therefore, cannot be placed in the inherited "
121 "Description property.") ]
122 string Descriptions[];
123
124 [Description (
125 "Based on RFC1274, the host name of the system(s) for which "
126 "the account applies. The host name may be a fully-qualified "
127 kumpf 1.2 "DNS name or it may be an unqualified host name.") ]
128 string Host[];
129
130 [Description (
131 "This property contains the name of a locality, such as a "
132 "city, county or other geographic region.") ]
133 string LocalityName[];
134
135 [Required, Description (
136 "The name of the organization related to the account.") ]
137 string OrganizationName[];
138
139 [Description (
140 "The name of an organizational unit related to the account.") ]
141 string OU[];
142
143 [Description (
144 "In the case of an LDAP-derived instance, the See Also "
145 "property specifies distinguishedName of other Directory "
146 "objects which may be other aspects (in some sense) of the "
147 "same real world object.") ]
148 kumpf 1.2 string SeeAlso[];
149
150 [Octetstring, Description (
151 "Based on inetOrgPerson and for directory compatibility, the "
152 "User Certificate property may be used to specify a public key "
153 "certificate for the person.") ]
154 string UserCertificate[];
155
156 [Octetstring, Description (
157 "In the case of an LDAP-derived instance, the UserPassword "
158 "property may contain an encrypted password used to access "
159 "the person's resources in a directory.") ]
160 string UserPassword[];
161 };
162
163
164 // ===================================================================
165 // AccountOnSystem
166 // ===================================================================
167 [Association, Aggregation, Version ("2.6.0"), Description (
168 "A system (e.g., ApplicationSystem, ComputerSystem, AdminDomain) "
169 kumpf 1.2 "aggregates Accounts and scopes the uniqueness of the Account "
170 "names (i.e., userids).") ]
171 class CIM_AccountOnSystem : CIM_SystemComponent {
172
173 [Override ("GroupComponent"), Min (1), Max (1), Aggregate,
174 Description (
175 "The aggregating system also provides name scoping "
176 "for the Account.") ]
177 CIM_System REF GroupComponent;
178
179 [Override ("PartComponent"), Weak,
180 Description ("The subordinate Account.") ]
181 CIM_Account REF PartComponent;
182 };
183
184
185 // ===================================================================
186 // UsersAccount
187 // ===================================================================
188 [Association, Version ("2.6.0"), Description (
189 "This relationship associates UsersAccess with the Accounts "
190 kumpf 1.2 "with which they're able to interact.") ]
191 class CIM_UsersAccount : CIM_Dependency {
192
193 [Override ("Antecedent"),
194 Description ("The user's Account.") ]
195 CIM_Account REF Antecedent;
196
197 [Override ("Dependent"), Description (
198 "The User as identified by their UsersAccess instance.") ]
199 CIM_UsersAccess REF Dependent;
200 };
201
202
203 // ===================================================================
204 // AccountMapsToAccount
205 // ===================================================================
206 [Association, Version ("2.6.0"), Description (
207 "This relationship may be used to associate an Account used by an "
208 "AuthenticationService to an Account used for Authorization. For "
209 "instance, this mapping occurs naturally in the UNIX /etc/passwd "
210 "file, where the AuthenticationSerice Account ('root') is mapped "
211 kumpf 1.2 "to the AuthorizationService Account ('0'). The two are separate "
212 "accounts, as evidenced by the ability to have another "
213 "AuthenticationService Account which ALSO maps to the "
214 "AuthorizationService Account ('0') without ambiguity. This "
215 "association may be used for other account mappings as well such "
216 "as for coordinating single signon for multiple accounts for the "
217 "same user.") ]
218 class CIM_AccountMapsToAccount : CIM_Dependency {
219
220 [Override ("Antecedent"),
221 Description ("An Account.") ]
222 CIM_Account REF Antecedent;
223
224 [Override ("Dependent"),
225 Description ("A related Account.") ]
226 CIM_Account REF Dependent;
227 };
228
229
230 // ===================================================================
231 // SecurityServiceUsesAccount
232 kumpf 1.2 // ===================================================================
233 [Association, Version ("2.6.0"), Description (
234 "This relationship associates SecurityService instances to "
235 "the Accounts they use in the course of their work.") ]
236 class CIM_SecurityServiceUsesAccount : CIM_Dependency {
237
238 [Override ("Antecedent") ]
239 CIM_Account REF Antecedent;
240
241 [Override ("Dependent") ]
242 CIM_SecurityService REF Dependent;
243 };
244
245
246 // ==================================================================
247 // AccountManagementService
248 // ==================================================================
249 [Version ("2.6.0"), Description (
250 "CIM_AccountManagementService creates, manages, and if necessary "
251 "destroys Accounts on behalf of other SecuritySerices.") ]
252 class CIM_AccountManagementService : CIM_SecurityService {
253 kumpf 1.2 };
254
255
256 // ===================================================================
257 // ManagesAccount
258 // ===================================================================
259 [Association, Version ("2.6.0"), Description (
260 "This relationship associates the AccountManagement security "
261 "service to the Accounts for which it is responsible.") ]
262 class CIM_ManagesAccount : CIM_Dependency {
263
264 [Override ("Antecedent") ]
265 CIM_AccountManagementService REF Antecedent;
266
267 [Override ("Dependent") ]
268 CIM_Account REF Dependent;
269 };
270
271
272 // ===================================================================
273 // ManagesAccountOnSystem
274 kumpf 1.2 // ===================================================================
275 [Association, Version ("2.6.0"), Description (
276 "The CIM_ManagesAccountOnSystem provides the association between a "
277 "System and the AccountManagementService that manages accounts for "
278 "that system.") ]
279 class CIM_ManagesAccountOnSystem : CIM_SecurityServiceForSystem {
280
281 [Override ("Antecedent"), Description (
282 "An AccountManagementService that manages accounts for the "
283 "system.") ]
284 CIM_AccountManagementService REF Antecedent;
285
286 [Override ("Dependent"), Description (
287 "The system that is dependent on the AccountManagementService.") ]
288 CIM_System REF Dependent;
289 };
290
291
292 // ===================================================================
293 // end of file
294 // ===================================================================
|