1 kumpf 1.2 // ===================================================================
2 // Title: User-Security Public Key Services and Credentials 2.7
3 // Filename: User27_PublicKey.mof
4 // Version: 2.7.0
5 // Status: Final
6 // Date: 04/02/2003
7 // ===================================================================
8 // Copyright 2000-2003 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 kumpf 1.2 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 kumpf 1.2 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the classes modeling public key
47 // security services, credentials and the certificate\
48 // authority.
49 //
50 // The object classes below are listed in an order that
51 // avoids forward references. Required objects, defined
52 // by other working groups, are omitted.
53 // ===================================================================
54 // Change Log for v2.7
55 // CR784 - Deprecate Expires property from CASignsPublicKeyCertificate
56 // CR980 - Take the Deprecation to Final status
57 // ===================================================================
58
59 #pragma Locale ("en_US")
60
61
62 // ==================================================================
63 // CertificateAuthority
64 kumpf 1.2 // ==================================================================
65 [Version ("2.6.0"), Description (
66 "A Certificate Authority (CA) is a credential "
67 "management service that issues and cryptographically "
68 "signs certificates thus acting as an trusted third-party "
69 "intermediary in establishing trust relationships. The CA "
70 "authenicates the holder of the private key related to the "
71 "certificate's public key; the authenicated entity is "
72 "represented by the UsersAccess class.") ]
73 class CIM_CertificateAuthority : CIM_CredentialManagementService {
74
75 [Description (
76 "The CAPolicyStatement describes what care is taken by the "
77 "CertificateAuthority when signing a new certificate. "
78 "The CAPolicyStatment may be a dot-delimited ASN.1 OID "
79 "string which identifies to the formal policy statement.") ]
80 string CAPolicyStatement;
81
82 [Octetstring, Description (
83 "A CRL, or CertificateRevocationList, is a "
84 "list of certificates which the CertificateAuthority has "
85 kumpf 1.2 "revoked and which are not yet expired. Revocation is "
86 "necessary when the private key associated with the public "
87 "key of a certificate is lost or compromised, or when the "
88 "person for whom the certificate is signed no longer is "
89 "entitled to use the certificate.") ]
90 string CRL[];
91
92 [Description (
93 "Certificate Revocation Lists may be "
94 "available from a number of distribution points. "
95 "CRLDistributionPoint array values provide URIs for those "
96 "distribution points.") ]
97 string CRLDistributionPoint[];
98
99 [Description (
100 "Certificates refer to their issuing CA by "
101 "its Distinguished Name (as defined in X.501)."), DN]
102 string CADistinguishedName;
103
104 [Description (
105 "The frequency, expressed in hours, at which "
106 kumpf 1.2 "the CA will update its Certificate Revocation List. Zero "
107 "implies that the refresh frequency is unknown."),
108 Units("Hours") ]
109 uint8 CRLRefreshFrequency;
110
111 [Description (
112 "The maximum number of certificates in a "
113 "certificate chain permitted for credentials issued by "
114 "this certificate authority or it's subordinate CAs. \n"
115 "The MaxChainLength of a superior CA in the trust "
116 "hierarchy should be greater than this value and the "
117 "MaxChainLength of a subordinate CA in the trust hierarchy "
118 "should be less than this value.") ]
119 uint8 MaxChainLength;
120 };
121
122
123 // ==================================================================
124 // PublicKeyManagementService
125 // ==================================================================
126 [Version ("2.6.0"), Description (
127 kumpf 1.2 "CIM_PublicKeyManagementService is a credential management "
128 "service that provides local system management of public "
129 "keys used by the local system.") ]
130 class CIM_PublicKeyManagementService :
131 CIM_LocalCredentialManagementService {
132 };
133
134
135 // ==================================================================
136 // PublicKeyCertificate
137 // ==================================================================
138 [Version ("2.6.0"), Description (
139 "A Public Key Certificate is a credential "
140 "that is cryptographically signed by a trusted Certificate "
141 "Authority (CA) and issued to an authenticated entity "
142 "(e.g., human user, service,etc.) called the Subject in "
143 "the certificate and represented by the UsersAccess class. "
144 "The public key in the certificate is cryptographically "
145 "related to a private key that is to be held and kept "
146 "private by the authenticated Subject. The certificate "
147 "and its related private key can then be used for "
148 kumpf 1.2 "establishing trust relationships and securing "
149 "communications with the Subject. Refer to the ITU/CCITT "
150 "X.509 standard as an example of such certificates.") ]
151 class CIM_PublicKeyCertificate : CIM_Credential {
152
153 [Propagated ("CIM_CertificateAuthority.SystemCreationClassName"),
154 Key, MaxLen (256), Description ("The scoping System's CCN.") ]
155 string SystemCreationClassName;
156
157 [Propagated ("CIM_CertificateAuthority.SystemName"),
158 Key, MaxLen (256),Description ("The scoping System's Name.") ]
159 string SystemName;
160
161 [Propagated ("CIM_CertificateAuthority.CreationClassName"),
162 Key, MaxLen (256), Description ("The scoping Service's CCN.") ]
163 string ServiceCreationClassName;
164
165 [Propagated ("CIM_CertificateAuthority.Name"),
166 Key, MaxLen (256), Description ("The scoping Service's Name.") ]
167 string ServiceName;
168
169 kumpf 1.2 [Key, MaxLen (256), Description (
170 "Certificate subject identifier.") ]
171 string Subject;
172
173 [MaxLen (256), Description (
174 "Alternate subject identifier for the Certificate.") ]
175 string AltSubject;
176
177 [Octetstring, Description ("The DER-encoded raw public key.") ]
178 uint8 PublicKey[];
179 };
180
181
182 // ===================================================================
183 // CAHasPublicCertificate
184 // ===================================================================
185 [Association, Version ("2.6.0"), Description (
186 "A CertificateAuthority may have certificates issued by other CAs. "
187 "This association is essentially an optimization of the CA having "
188 "a UsersAccess instance with an association to a certificate thus "
189 "mapping more closely to LDAP-based certificate authority "
190 kumpf 1.2 "implementations.") ]
191 class CIM_CAHasPublicCertificate : CIM_Dependency {
192
193 [Max (1), Override ("Antecedent"),
194 Description ("The Certificate used by the CA.") ]
195 CIM_PublicKeyCertificate REF Antecedent;
196
197 [Override ("Dependent"),
198 Description ("The CA that uses a Certificate.") ]
199 CIM_CertificateAuthority REF Dependent;
200 };
201
202
203 // ===================================================================
204 // CASignsPublicKeyCertificate
205 // ===================================================================
206 [Association, Version ("2.7.0"), Description (
207 "This relationship associates a CertificateAuthority with "
208 "the certificates it signs.") ]
209 class CIM_CASignsPublicKeyCertificate : CIM_ManagedCredential {
210
211 kumpf 1.2 [Override ("Antecedent"), Min (1), Max (1),
212 Description ("The CA which signed the certificate.") ]
213 CIM_CertificateAuthority REF Antecedent;
214
215 [Override ("Dependent"), Weak,
216 Description ("The certificate issued by the CA.") ]
217 CIM_PublicKeyCertificate REF Dependent;
218
219 [Description (
220 "The Serial Number.") ]
221 string SerialNumber;
222
223 [Octetstring, Description (
224 "The Signature.") ]
225 uint8 Signature[];
226
227 [Deprecated {"CIM_Credential.Expires"}, Description (
228 "The time it expires.") ]
229 datetime Expires;
230
231 [Description (
232 kumpf 1.2 "The Authority's revocation list distribution points.") ]
233 string CRLDistributionPoint[];
234 };
235
236
237 // ==================================================================
238 // UnsignedPublicKey
239 // ==================================================================
240 [Version ("2.6.0"), Description (
241 "A CIM_UnsignedPublicKey represents an unsigned public "
242 "key credential. The local UsersAccess (or subclass "
243 "thereof) accepts the public key as authentic because of "
244 "a direct trust relationship rather than via a third-party "
245 "Certificate Authority.") ]
246 class CIM_UnsignedPublicKey : CIM_Credential {
247
248 [Propagated (
249 "CIM_PublicKeyManagementService.SystemCreationClassName"),
250 Key, MaxLen (256), Description ("The scoping System's CCN.") ]
251 string SystemCreationClassName;
252
253 kumpf 1.2 [Propagated ("CIM_PublicKeyManagementService.SystemName"),
254 Key, MaxLen (256),Description ("The scoping System's Name.") ]
255 string SystemName;
256
257 [Propagated ("CIM_PublicKeyManagementService.CreationClassName"),
258 Key, MaxLen (256), Description ("The scoping Service's CCN.") ]
259 string ServiceCreationClassName;
260
261 [Propagated ("CIM_PublicKeyManagementService.Name"),
262 Key, MaxLen (256), Description ("The scoping Service's Name.") ]
263 string ServiceName;
264
265 [Key, MaxLen (256), Description (
266 "The Identity of the Peer with whom a direct trust "
267 "relationship exists. The public key may be used for "
268 "security functions with the Peer."),
269 ModelCorrespondence {
270 "CIM_PublicKeyManagementService.PeerIdentityType"} ]
271 string PeerIdentity;
272
273 [Description (
274 kumpf 1.2 "PeerIdentityType is used to describe the "
275 "type of the PeerIdentity. The currently defined values "
276 "are used for IKE identities."),
277 ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8",
278 "9", "10", "11"},
279 Values {"Other", "IPV4_ADDR", "FQDN", "USER_FQDN",
280 "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
281 "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
282 "DER_ASN1_GN", "KEY_ID"},
283 ModelCorrespondence {
284 "CIM_PublicKeyManagementService.PeerIdentity"} ]
285 uint16 PeerIdentityType;
286
287 [Octetstring, Description ("The DER-encoded raw public key.") ]
288 uint8 PublicKey[];
289 };
290
291
292 // ==================================================================
293 // LocallyManagedPublicKey
294 // ==================================================================
295 kumpf 1.2 [Association, Version ("2.6.0"), Description (
296 "CIM_LocallyManagedPublicKey association provides the "
297 "relationship between a PublicKeyManagementService and an "
298 "UnsignedPublicKey.") ]
299 class CIM_LocallyManagedPublicKey : CIM_ManagedCredential {
300
301 [Override ("Antecedent"), Min (1), Max (1),
302 Description (
303 "The PublicKeyManagementService that manages "
304 "an unsigned public key.") ]
305 CIM_PublicKeyManagementService REF Antecedent;
306
307 [Override ("Dependent"), Weak, Description (
308 "An unsigned public key.") ]
309 CIM_UnsignedPublicKey REF Dependent;
310 };
311
312
313 // ===================================================================
314 // end of file
315 // ===================================================================
|