1 kumpf 1.2 // ===================================================================
2 // Title: User-Security Kerberos Services and Credentials 2.7
3 // Filename: User27_Kerberos.mof
4 // Version: 2.7.0
5 // Status: Final
6 // Date: 03/31/2003
7 // ===================================================================
8 // Copyright 2000-2003 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 kumpf 1.2 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 kumpf 1.2 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the classes modeling a Kerberos
47 // security service and credentials.
48 //
49 // The object classes below are listed in an order that
50 // avoids forward references. Required objects, defined
51 // by other working groups, are omitted.
52 // ===================================================================
53 // Change Log for v2.7
54 // CR784 - Promote 2 properties, Issued and Expired, from
55 // CIM_KerberosTicket to CIM_Credential.
56 // ===================================================================
57
58 #pragma Locale ("en_US")
59
60
61 // ==================================================================
62 // KerberosKeyDistributionCenter
63 // ==================================================================
64 kumpf 1.2 [Version ("2.6.0"), Description ("The Kerberos KDC.") ]
65 class CIM_KerberosKeyDistributionCenter :
66 CIM_CredentialManagementService {
67
68 [Override ("Name"),
69 Description ("The Realm served by this KDC.") ]
70 string Name;
71
72 [Description (
73 "The version of Kerberos supported by this service."),
74 ValueMap {"0", "1", "2", "3"},
75 Values {"V4", "V5", "DCE", "MS"} ]
76 uint16 Protocol[];
77 };
78
79
80 // ==================================================================
81 // KerberosTicket
82 // ==================================================================
83 [Version ("2.7.0"), Description (
84 "A CIM_KerberosTicket represents a credential issued by a "
85 kumpf 1.2 "particular Kerberos Key Distribution Center (KDC) "
86 "to a particular CIM_UsersAccess as the result of a "
87 "successful authentication process. There are two types of "
88 "tickets that a KDC may issue to a Users Access - a "
89 "TicketGranting ticket, which is used to protect and "
90 "authenticate communications between the Users Access and the "
91 "KDC, and a Session ticket, which the KDC issues to two "
92 "Users Access to allow them to communicate with each other.") ]
93 class CIM_KerberosTicket : CIM_Credential {
94
95 [Propagated (
96 "CIM_KerberosKeyDistributionCenter.SystemCreationClassName"),
97 Key, MaxLen (256), Description ("The scoping System's CCN.") ]
98 string SystemCreationClassName;
99
100 [Propagated ("CIM_KerberosKeyDistributionCenter.SystemName"),
101 Key, MaxLen (256), Description ("The scoping System's Name.") ]
102 string SystemName;
103
104 [Propagated (
105 "CIM_KerberosKeyDistributionCenter.CreationClassName"),
106 kumpf 1.2 Key, MaxLen (256), Description ("The scoping Service's CCN.") ]
107 string ServiceCreationClassName;
108
109 [Propagated ("CIM_KerberosKeyDistributionCenter.Name"),
110 Key, MaxLen (256), Description (
111 "The scoping Service's Name. The Kerberos KDC Realm of "
112 "CIM_KerberosTicket is used to record the security "
113 "authority, or Realm, name so that tickets issued by "
114 "different Realms can be separately managed and "
115 "enumerated.") ]
116 string ServiceName;
117
118 [Key, MaxLen (256), Description (
119 "The name of the service for which this ticket is used.") ]
120 string AccessesService;
121
122 [Key, MaxLen (256), Description (
123 "RemoteID is the name by which the user is known at "
124 "the KDC security service.") ]
125 string RemoteID;
126
127 kumpf 1.2 [Description (
128 "The Type of CIM_KerberosTicket is used to indicate whether "
129 "the ticket in question was issued by the Kerberos Key "
130 "Distribution Center (KDC) to support ongoing communication "
131 "between the Users Access and the KDC (\"TicketGranting\"), "
132 "or was issued by the KDC to support ongoing communication "
133 "between two Users Access entities (\"Session\")."),
134 ValueMap {"0", "1"},
135 Values {"Session", "TicketGranting"} ]
136 uint16 TicketType;
137 };
138
139
140 // ===================================================================
141 // KDCIssuesKerberosTicket
142 // ===================================================================
143 [Association, Version ("2.6.0"), Description (
144 "The KDC issues and owns Kerberos tickets. This association "
145 "captures the relationship between the KDC and its issued "
146 "tickets.") ]
147 class CIM_KDCIssuesKerberosTicket : CIM_ManagedCredential {
148 kumpf 1.2
149 [Override ("Antecedent"), Min (1), Max (1),
150 Description ("The issuing KDC.") ]
151 CIM_KerberosKeyDistributionCenter REF Antecedent;
152
153 [Override ("Dependent"), Weak,
154 Description ("The managed credential.") ]
155 CIM_KerberosTicket REF Dependent;
156 };
157
158
159 // ===================================================================
160 // end of file
161 // ===================================================================
|