1 kumpf 1.2 // ===================================================================
2 // Title: User-Security Shared Secret 2.7
3 // Filename: User27_SharedSecret.mof
4 // Version: 2.7.0
5 // Status: Final
6 // Date: 03/31/2003
7 // ===================================================================
8 // Copyright 2000-2003 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 kumpf 1.2 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 kumpf 1.2 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the concepts and classes related to
47 // shared secret security services and credentials.
48 //
49 // The object classes below are listed in an order that
50 // avoids forward references. Required objects, defined
51 // by other working groups, are omitted.
52 // ===================================================================
53 // Change Log for v2.7 - None
54 // ===================================================================
55
56 #pragma Locale ("en_US")
57
58
59 // ==================================================================
60 // SharedSecretService
61 // ==================================================================
62 [Version ("2.6.0"), Description (
63 "CIM_SharedSecretService is a service which ascertains "
64 kumpf 1.2 "whether messages received are from the Principal with "
65 "whom a secret is shared. Examples include a login "
66 "service that proves identity on the basis of knowledge of "
67 "the shared secret, or a transport integrity service (like "
68 "Kerberos provides) that includes a message authenticity "
69 "code that proves each message in the messsage stream came "
70 "from someone who knows the shared secret session key.") ]
71 class CIM_SharedSecretService : CIM_LocalCredentialManagementService {
72
73 [MaxLen (256), Description (
74 "The Algorithm used to convey the shared secret, such as "
75 "HMAC-MD5,or PLAINTEXT.") ]
76 string Algorithm;
77
78 [Description (
79 "The Protocol supported by the SharedSecretService.") ]
80 string Protocol;
81 };
82
83
84 // ==================================================================
85 kumpf 1.2 // SharedSecret
86 // ==================================================================
87 [Version ("2.6.0"), Description (
88 "CIM_SharedSecret is the secret shared between a Users Access "
89 "and a particular SharedSecret security service. Secrets "
90 "may be in the form of a password used for initial "
91 "authentication, or as with a session key, used as part of "
92 "a message authentication code to verify that a message "
93 "originated by the pricinpal with whom the secret is shared. "
94 "It is important to note that SharedSecret is not just the "
95 "password, but rather is the password used with a particular "
96 "security service.") ]
97 class CIM_SharedSecret : CIM_Credential {
98
99 [Propagated ("CIM_SharedSecretService.SystemCreationClassName"),
100 Key, MaxLen (256), Description ("The scoping System's CCN.") ]
101 string SystemCreationClassName;
102
103 [Propagated ("CIM_SharedSecretService.SystemName"), Key,
104 MaxLen (256),Description ("The scoping System's Name.") ]
105 string SystemName;
106 kumpf 1.2
107 [Propagated (
108 "CIM_SharedSecretService.CreationClassName"),
109 Key, MaxLen (256), Description ("The scoping Service's CCN.") ]
110 string ServiceCreationClassName;
111
112 [Propagated ("CIM_SharedSecretService.Name"),
113 Key, MaxLen (256), Description ("The scoping Service's Name.") ]
114 string ServiceName;
115
116 [Key, MaxLen (256), Description (
117 "RemoteID is the name by which the user is known at "
118 "the remote secret key authentication service.") ]
119 string RemoteID;
120
121 [Description (
122 "The secret known by the Users Access.") ]
123 string Secret;
124
125 [Description (
126 "The transformation algorithm, if any, used to "
127 kumpf 1.2 "protect passwords before use in the protocol. For "
128 "instance, Kerberos doesn't store passwords as the shared "
129 "secret, but rather, a hash of the password.") ]
130 string Algorithm;
131
132 [Description (
133 "The protocol with which the SharedSecret is used.") ]
134 string Protocol;
135 };
136
137
138 // ===================================================================
139 // SharedSecretIsShared
140 // ===================================================================
141 [Association, Version ("2.6.0"), Description (
142 "This relationship associates a SharedSecretService with the "
143 "SecretKey it verifies.") ]
144 class CIM_SharedSecretIsShared : CIM_ManagedCredential {
145
146 [Override ("Antecedent"), Min (1), Max (1),
147 Description ("The credential management service.") ]
148 kumpf 1.2 CIM_SharedSecretService REF Antecedent;
149
150 [Override ("Dependent"), Weak,
151 Description ("The managed credential.") ]
152 CIM_SharedSecret REF Dependent;
153 };
154
155
156 // ==================================================================
157 // NamedSharedIKESecret
158 // ==================================================================
159 [Version ("2.6.0"), Description (
160 "CIM_NamedSharedIKESecret indirectly represents a shared "
161 "secret credential. The local identity, IKEIdentity, "
162 "and the remote peer identity share the secret that is "
163 "named by the SharedSecretName. The SharedSecretName is "
164 "used SharedSecretService to reference the secret.") ]
165 class CIM_NamedSharedIKESecret : CIM_Credential {
166
167 [Propagated ("CIM_SharedSecretService.SystemCreationClassName"),
168 Key, MaxLen (256), Description ("The scoping System's CCN.") ]
169 kumpf 1.2 string SystemCreationClassName;
170
171 [Propagated ("CIM_SharedSecretService.SystemName"),
172 Key, MaxLen (256),Description ("The scoping System's Name.") ]
173 string SystemName;
174
175 [Propagated ("CIM_SharedSecretService.CreationClassName"),
176 Key, MaxLen (256), Description ("The scoping Service's CCN.") ]
177 string ServiceCreationClassName;
178
179 [Propagated ("CIM_SharedSecretService.Name"),
180 Key, MaxLen (256), Description ("The scoping Service's Name.") ]
181 string ServiceName;
182
183 [Key, MaxLen (256), Description (
184 "The local Identity with whom the direct trust "
185 "relationship exists."),
186 ModelCorrespondence {
187 "CIM_NamedSharedIKESecret.LocalIdentityType"} ]
188 string LocalIdentity;
189
190 kumpf 1.2 [Key, Description (
191 "LocalIdentityType is used to describe "
192 "the type of the LocalIdentity."),
193 ValueMap {"1", "2", "3", "4", "5", "6", "7", "8",
194 "9", "10", "11"},
195 Values {"IPV4_ADDR", "FQDN", "USER_FQDN",
196 "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
197 "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
198 "DER_ASN1_GN", "KEY_ID"},
199 ModelCorrespondence {
200 "CIM_NamedSharedIKESecret.LocalIdentity"} ]
201 uint16 LocalIdentityType;
202
203 [Key, MaxLen (256), Description (
204 "The peer identity with whom the direct trust "
205 "relationship exists."),
206 ModelCorrespondence {
207 "CIM_NamedSharedIKESecret.PeerIdentityType"} ]
208 string PeerIdentity;
209
210 [Key, Description (
211 kumpf 1.2 "PeerIdentityType is used to describe "
212 "the type of the PeerIdentity."),
213 ValueMap {"1", "2", "3", "4", "5", "6", "7", "8",
214 "9", "10", "11"},
215 Values {"IPV4_ADDR", "FQDN", "USER_FQDN",
216 "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
217 "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
218 "DER_ASN1_GN", "KEY_ID"},
219 ModelCorrespondence {
220 "CIM_NamedSharedIKESecret.PeerIdentity"} ]
221 uint16 PeerIdentityType;
222
223 [Description (
224 "SharedSecretName is an indirect reference "
225 "to a shared secret. The SecretService does not expose "
226 "the actual secret but rather provides access to the "
227 "secret via a name.") ]
228 string SharedSecretName;
229 };
230
231
232 kumpf 1.2 // ==================================================================
233 // IKESecretIsNamed
234 // ==================================================================
235 [Association, Version ("2.6.0"), Description (
236 "CIM_IKESecretIsNamed association provides the "
237 "relationship between a SharedSecretService and a "
238 "NamedSharedIKESecret.") ]
239 class CIM_IKESecretIsNamed : CIM_ManagedCredential {
240
241 [Override ("Antecedent"), Min (1), Max (1),
242 Description (
243 "The SharedSecretService that manages a "
244 "NamedSharedIKESecret.") ]
245 CIM_SharedSecretService REF Antecedent;
246
247 [Override ("Dependent"), Weak, Description (
248 "The managed NamedSharedIKESecret.") ]
249 CIM_NamedSharedIKESecret REF Dependent;
250 };
251
252
253 kumpf 1.2 // ===================================================================
254 // end of file
255 // ===================================================================
|