1 kumpf 1.2 // ===================================================================
2 // Title: User-Security Users Access 2.7
3 // Filename: User27_UsersAccess.mof
4 // Version: 2.7.0
5 // Status: Final
6 // Date: 04/04/2003
7 // ===================================================================
8 // Copyright 2000-2003 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 kumpf 1.2 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 kumpf 1.2 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the concepts and classes related to
47 // users' access to a target, and a notary service that
48 // may verify biometrics defined in the UsersAccess class.
49 //
50 // The object classes below are listed in an order that
51 // avoids forward references. Required objects, defined
52 // by other working groups, are omitted.
53 // ===================================================================
54 // Change Log for v2.7 - None
55 // ===================================================================
56
57 #pragma Locale ("en_US")
58
59
60 // ==================================================================
61 // UsersAccess
62 // ==================================================================
63 [Version ("2.6.0"), Description (
64 kumpf 1.2 "The UsersAccess object class is used to specify a system user "
65 "that permitted access to system resources. The ManagedElement "
66 "that has access to system resources (represented in the model in "
67 "the ElementAsUser association) may be a person, a service, a "
68 "service access point or any collection thereof. Whereas the "
69 "Account class represents the user's relationship to a system "
70 "from the perspective of the security services of the system, the "
71 "UserAccess class represents the relationships to the systems "
72 "independent of a particular system or service.") ]
73 class CIM_UsersAccess : CIM_UserEntity {
74
75 [Key, MaxLen (256), Description (
76 "CreationClassName indicates the name of the class or the "
77 "subclass used in the creation of an instance. When used "
78 "with the other key properties of this class, this property "
79 "allows all instances of this class and its subclasses to "
80 "be uniquely identified.") ]
81 string CreationClassName;
82
83 [Key, MaxLen (256), Description (
84 "The Name property defines the label by which the object is "
85 kumpf 1.2 "known.") ]
86 string Name;
87
88 [Key, Description (
89 "The ElementID property uniquely specifies the ManagedElement "
90 "object instance that is the user represented by the "
91 "UsersAccess object instance. The ElementID is formatted "
92 "similarly to a model path except that the property-value "
93 "pairs are ordered in alphabetical order (US ASCII lexical "
94 "order).") ]
95 string ElementID;
96
97 [Description (
98 "Biometric information used to identify a person. The "
99 "property value is left null or set to 'N/A' for non-human "
100 "user or a user not using biometric information for "
101 "authentication."),
102 ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8"},
103 Values {"N/A", "Other", "Facial", "Retina", "Mark", "Finger",
104 "Voice", "DNA-RNA", "EEG"} ]
105 uint16 Biometric[];
106 kumpf 1.2 };
107
108
109 // ==================================================================
110 // ElementAsUser
111 // ==================================================================
112 [Association, Version ("2.6.0"), Description (
113 "CIM_ElementAsUser is an association used to establish the "
114 "'ownership' of UsersAccess object instances. That is, the "
115 "ManagedElement may have UsersAccess to systems and, therefore, "
116 "be 'users' on those systems. UsersAccess instances must have an "
117 "'owning' ManagedElement. Typically, the ManagedElements will be "
118 "limited to Collection, Person, Service and ServiceAccessPoint. "
119 "Other non-human ManagedElements that might be thought of as "
120 "having UsersAccess (e.g., a device or system) have services that "
121 "have the UsersAccess.") ]
122 class CIM_ElementAsUser : CIM_Dependency {
123
124 [Min (1), Max (1), Override ("Antecedent"),
125 Description ("The ManagedElement that has UsersAccess.") ]
126 CIM_ManagedElement REF Antecedent;
127 kumpf 1.2
128 [Override ("Dependent"),
129 Description ("The 'owned' UsersAccess.") ]
130 CIM_UsersAccess REF Dependent;
131 };
132
133
134 // ==================================================================
135 // UsersCredential
136 // ==================================================================
137 [Association, Version ("2.6.0"), Description (
138 "CIM_UsersCredential is an association used to establish the "
139 "credentials that may be used for a UsersAccess to a system or "
140 "set of systems.") ]
141 class CIM_UsersCredential : CIM_Dependency {
142
143 [Override ("Antecedent"),
144 Description ("The issued credential that may be used.") ]
145 CIM_Credential REF Antecedent;
146
147 [Override ("Dependent"),
148 kumpf 1.2 Description ("The UsersAccess that has use of a credential.") ]
149 CIM_UsersAccess REF Dependent;
150 };
151
152
153 // ==================================================================
154 // Notary
155 // ==================================================================
156 [Version ("2.6.0"), Description (
157 "CIM_Notary is an AuthenticationService (credential "
158 "management service) which compares the "
159 "biometric characteristics of a person with the "
160 "known characteristics of a Users Access, and determines "
161 "whether the person is the UsersAccess. An example is "
162 "a bank teller who compares a picture ID with the person "
163 "trying to cash a check, or a biometric login service that "
164 "uses voice recognition to identify a user.") ]
165 class CIM_Notary : CIM_CredentialManagementService {
166
167 [Description (
168 "The types of biometric information which "
169 kumpf 1.2 "this Notary can compare."),
170 ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8"},
171 Values {"N/A", "Other", "Facial", "Retina", "Mark",
172 "Finger", "Voice", "DNA-RNA", "EEG"} ]
173 uint16 Comparitors;
174
175 [Description (
176 "The SealProtocol is how the decision of the Notary is "
177 "recorded for future use by parties who will rely on its "
178 "decision. For instance, a drivers licence frequently "
179 "includes tamper-resistent coatings and markings to protect "
180 "the recorded decision that a driver, having various "
181 "biometric characteristics of height, weight, hair and eye "
182 "color, using a particular name, has features represented in "
183 "a photograph of their face.") ]
184 string SealProtocol;
185
186 [Description (
187 "CharterIssued documents when the Notary is first "
188 "authorized, by whoever gave it responsibility, to perform "
189 "its service.") ]
190 kumpf 1.2 datetime CharterIssued;
191
192 [Description (
193 "CharterExpired documents when the Notary is no longer "
194 "authorized, by whoever gave it responsibility, to perform "
195 "its service.") ]
196 datetime CharterExpired;
197 };
198
199
200 // ===================================================================
201 // NotaryVerifiesBiometric
202 // ===================================================================
203 [Association, Version ("2.6.0"), Description (
204 "This relationship associates a Notary service with the "
205 "Users Access whose biometric information is verified.") ]
206 class CIM_NotaryVerifiesBiometric : CIM_Dependency {
207
208 [Override ("Antecedent"), Description (
209 "The Notary service that verifies biometric information.") ]
210 CIM_Notary REF Antecedent;
211 kumpf 1.2
212 [Override ("Dependent"), Description (
213 "The UsersAccess that represents a person using "
214 "biometric information for authentication.") ]
215 CIM_UsersAccess REF Dependent;
216 };
217
218
219 // ===================================================================
220 // PublicPrivateKeyPair
221 // ===================================================================
222 [Association, Version ("2.6.0"), Description (
223 "This relationship associates a PublicKeyCertificate with "
224 "the Principal who has the PrivateKey used with the "
225 "PublicKey. The PrivateKey is not modeled, since it is not "
226 "a data element that ever SHOULD be accessible via "
227 "management applications, other than key recovery services, "
228 "which are outside our scope.") ]
229 class CIM_PublicPrivateKeyPair : CIM_UsersCredential {
230
231 [Override ("Antecedent") ]
232 kumpf 1.2 CIM_PublicKeyCertificate REF Antecedent;
233
234 [Override ("Dependent") ]
235 CIM_UsersAccess REF Dependent;
236
237 [Description (
238 "The Certificate may be used for signature only "
239 "or for confidentiality as well as signature."),
240 ValueMap {"0", "1"},
241 Values {"SignOnly", "ConfidentialityOrSignature"} ]
242 uint16 Use;
243
244 [Description (
245 "Indicates if the certificate can be NonRepudiation.") ]
246 boolean NonRepudiation;
247
248 [Description (
249 "Indicates if the certificate can be backed up.") ]
250 boolean BackedUp;
251
252 [Description (
253 kumpf 1.2 "The repository in which the certificate is backed up.") ]
254 string Repository;
255 };
256
257
258 // ===================================================================
259 // end of file
260 // ===================================================================
|