1 tony 1.1 // ==================================================================
2 // Title: Policy Model 2.8
3 // Filename: CIM_Policy28.MOF
4 // Version: 2.8
5 // Status: Final
6 // Date: Jan 26, 2004
7 // ===================================================================
8 // Copyright 2000-2004 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 tony 1.1 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 tony 1.1 // ===================================================================
44 // Description: The Policy Model provides a framework for specifying
45 // configuration and operational information in a scalable
46 // way using rules composed of conditions and actions.
47 //
48 // The object classes below are listed in an order that
49 // avoids forward references. Required objects, defined
50 // by other working groups, are omitted.
51 // ===================================================================
52 // CIM V2.8 Changes (Company Review)
53 // DMTFCR1104 -Replace the class definition of
54 // AuthenticationCondition
55 // Add the following class defintions:
56 // SharedSecretAuthentication, AccountAuthentication,
57 // BiometricAuthentication, NetworkingIDAuthentication,
58 // PublicPrivateKeyAuthentication, KerberosAuthentication,
59 // DocumentAuthentication, ChallengeQuestionAuthentication
60 // (Deleted in Final),
61 // and PhysicalCredentialAuthentication
62 // DMTFCR1105 - Generalize the SACondition class (from the Networks)
63 // to be PacketFilterCondition and defined here in Policy.
64 tony 1.1 // Add FilterOfPacketCondition and AcceptCredentialFrom
65 // class definitions.
66 // Move FilterOfPacketCondition to Network_IPsecPolicy to
67 // avoid a forward reference.
68 // DMTFCR1106 - Add DoActionLogging property to PolicyAction
69 // Add NetworkPacketAction class definition
70 // Add RejectConnectionAction class definition
71 // DMTFCR1128 - Change subclassing of PolicyInSystem from
72 // Dependency to HostedDependency.
73 //
74 // CIM V2.8 Changes
75 // DMTFCR1057 - Explicit declaration of PolicySets that apply to
76 // ManagedElements, via PolicyRoleCollections
77 // DMTFCR1058 - Activate/deactivate PolicySets which match a
78 // particular PolicyRole on a particular ManagedElement
79 // DMTFCR1060 - Add AuthenticationCondition and AuthenticationRule
80 // subclasses of PolicyCondition/PolicyRule
81 //
82 // CIM V2.7 Changes
83 // DMTFCR985 - Promote Deprecations to V2.7 Final
84 // DMTFCR960 - Remove Weak Qualifier from PolicyRoleCollection and
85 tony 1.1 // derive from SystemSpecificCollection instead of Collection
86 // DMTFCR930 - Implementation Experience with the Policy 2.7 Model
87 // - Move PolicyRule.Enabled to PolicySet.Enabled
88 // - Move PolicyTimePeriodCondition up to PolicySet and
89 // make clear how to specify global time period with respect
90 // a given time zone
91 // - Deprecate policy role combinations
92 // - Add Unconditional to PolicyRule.ConditionListType
93 // - Deprecate PolicyRule.Mandatory
94 // CIMCR914 - Added propagated keys in PolicyRoleCollection
95 // CIMCR906 - Add text to PolicySetComponent's Description and the
96 // class' Priority property to indicate that the values
97 // of Priority must be unique
98 // With promotion of Component to ManagedElement,
99 // added CIM_Component as superclass of CIM_PolicyComponent
100 // (there is no other change to the semantics or syntax)
101 // CIMCR625 - Add CompoundPolicyCondition as PolicyCondition
102 // subclass
103 // - Add PolicyConditionStructure abstract aggregation as a
104 // subclass of PolicyComponent
105 // - Change derivation of PolicyConditionInPolicyRule from
106 tony 1.1 // PolicyComponent to PolicyConditionStructure and move
107 // GroupNumber and ConditionNegated properties up to parent
108 // class
109 // - Add PolicyConditionInPolicyCondition aggregation as a
110 // subclass of PolicyConditionStructure
111 // - Add PolicyRoleCollection as Collection subclass
112 // - Add ElementInPolicyRoleCollection as MemberOfCollection
113 // subclass
114 // - Add PolicyRoleCollectionInSystem as Dependency subclass
115 //
116 // CIM V2.6 Changes
117 // CIMCR614 - Add CompoundPolicyAction
118 // - Add CompoundPolicyAction as a subclass of PolicyAction
119 // - Add PolicyActionStructure abstract aggregation as a
120 // subclass of PolicyComponent
121 // - Change derivation of PolicyActionInPolicyRule from
122 // PolicyComponent to PolicyActionStructure and, thus,
123 // move ActionOrder property up to parent class
124 // - Add PolicyActionInPolicyAction aggregation as a
125 // subclass of PolicyActionStructure
126 // CIMCR597a - PCIMe updates
127 tony 1.1 // - Edit Policy description
128 // - Add PolicySet & derive PolicyGroup & PolicyRule
129 // - Deprecate PolicyRule.Priority for
130 // PolicySetComponent.Priority
131 // - Remove PolicyRule.PolicyRoles (it's in PolicySet)
132 // - Add PolicyRule.ExecutionStrategy
133 // - Deprecate PolicyRepository & replace with
134 // ReusablePolicyContainer
135 // - Add PolicySetInSystem
136 // - Add PolicySetComponent & deprecate ...InPolicyGroup
137 // & derive PolicyGroupInSystem & PolicyRuleInSystem
138 // - Add ContainedDomain (to Core)
139 // & deprecate PolicyRepositoryInPolicyRepository
140 // - Add ReusablePolicy & deprecate ...InPolicyRepository
141 // ==================================================================
142
143 #pragma Locale ("en-US")
144
145
146 // ==================================================================
147 // Compile prerequisite: Core, Network and User MOFs
148 tony 1.1 // Network MOF is needed for FilterList, and the User MOF for
149 // CredentialManagementService
150 // ==================================================================
151
152
153 // ==================================================================
154 // Policy
155 // ==================================================================
156 [Abstract, Version ( "2.6.0" ), Description (
157 "An abstract class defining the common properties of the policy "
158 "managed elements derived from CIM_Policy. The subclasses are "
159 "used to create rules and groups of rules that work together to "
160 "form a coherent set of policies within an administrative "
161 "domain or set of domains.")]
162 class CIM_Policy : CIM_ManagedElement {
163
164 [Description (
165 "A user-friendly name of this policy-related object.")]
166 string CommonName;
167
168 [Description (
169 tony 1.1 "An array of keywords for characterizing / categorizing "
170 "policy objects. Keywords are of one of two types: \n"
171 "- Keywords defined in this and other MOFs, or in DMTF white "
172 "papers. These keywords provide a vendor- independent, "
173 "installation-independent way of characterizing policy "
174 "objects. \n"
175 "- Installation-dependent keywords for characterizing policy "
176 "objects. Examples include 'Engineering', 'Billing', and "
177 "'Review in December 2000'. \n"
178 "This MOF defines the following keywords: 'UNKNOWN', "
179 "'CONFIGURATION', 'USAGE', 'SECURITY', 'SERVICE', "
180 "'MOTIVATIONAL', 'INSTALLATION', and 'EVENT'. These concepts "
181 "are self-explanatory and are further discussed in the "
182 "SLA/Policy White Paper. One additional keyword is defined: "
183 "'POLICY'. The role of this keyword is to identify "
184 "policy-related instances that may not be otherwise "
185 "identifiable, in some implementations. The keyword 'POLICY' "
186 "is NOT mutually exclusive of the other keywords specified "
187 "above.")]
188 string PolicyKeywords[];
189 };
190 tony 1.1
191
192 // ==================================================================
193 // PolicySet
194 // ==================================================================
195 [Abstract, Version ( "2.8.0" ), Description (
196 "PolicySet is an abstract class that represents a set of "
197 "policies that form a coherent set. The set of contained "
198 "policies has a common decision strategy and a common set of "
199 "policy roles (defined via the PolicySetInRole Collection "
200 "association). Subclasses include PolicyGroup and PolicyRule.")]
201 class CIM_PolicySet : CIM_Policy {
202
203 [Description (
204 "PolicyDecisionStrategy defines the evaluation method used "
205 "for policies contained in the PolicySet. FirstMatching "
206 "enforces the actions of the first rule that evaluates to "
207 "TRUE. It is the only value currently defined."),
208 ValueMap { "1" },
209 Values { "First Matching" }]
210 uint16 PolicyDecisionStrategy;
211 tony 1.1
212 [Deprecated { "CIM_PolicySetInRoleCollection" }, Description (
213 "The PolicyRoles property represents the roles associated "
214 "with a PolicySet. All contained PolicySet instances inherit "
215 "the values of the PolicyRoles of the aggregating PolicySet "
216 "but the values are not copied. A contained PolicySet "
217 "instance may, however, add additional PolicyRoles to those "
218 "it inherits from its aggregating PolicySet(s). Each value "
219 "in PolicyRoles multi-valued property represents a role for "
220 "which the PolicySet applies, i.e., the PolicySet should be "
221 "used by any enforcement point that assumes any of the "
222 "listed PolicyRoles values. \n"
223 "\n"
224 "Although not officially designated as 'role combinations', "
225 "multiple roles may be specified using the form: \n"
226 "<RoleName>[&&<RoleName>]* \n"
227 "where the individual role names appear in alphabetical "
228 "order (according to the collating sequence for UCS-2). "
229 "Implementations may treat PolicyRoles values that are "
230 "specified as 'role combinations' as simple strings. \n"
231 "\n"
232 tony 1.1 "This property is deprecated in lieu of the use of an "
233 "association, CIM_PolicySetInRoleCollection. The latter is a "
234 "more explicit and less error-prone approach to modeling "
235 "that a PolicySet has one or more PolicyRoles.")]
236 string PolicyRoles[];
237
238 [Description (
239 "Indicates whether this PolicySet is administratively "
240 "enabled, administratively disabled, or enabled for debug. "
241 "The \"EnabledForDebug\" property value is deprecated and, "
242 "when it or any value not understood by the receiver is "
243 "specified, the receiving enforcement point treats the "
244 "PolicySet as \"Disabled\". To determine if a PolicySet is "
245 "\"Enabled\", the containment hierarchy specified by the "
246 "PolicySetComponent aggregation is examined and the Enabled "
247 "property values of the hierarchy are ANDed together. Thus, "
248 "for example, everything aggregated by a PolicyGroup may be "
249 "disabled by setting the Enabled property in the PolicyGroup "
250 "instance to \"Disabled\" without changing the Enabled "
251 "property values of any of the aggregated instances. The "
252 "default value is 1 (\"Enabled\")."),
253 tony 1.1 ValueMap { "1", "2", "3" },
254 Values { "Enabled", "Disabled", "Enabled For Debug" }]
255 uint16 Enabled = 1;
256 };
257
258
259 // ==================================================================
260 // PolicyGroup
261 // ==================================================================
262 [Version ( "2.6.0" ), Description (
263 "An aggregation of PolicySet instances (PolicyGroups and/or "
264 "PolicyRules) that have the same decision strategy and inherit "
265 "policy roles. PolicyGroup instances are defined and named "
266 "relative to the CIM_System that provides their context.")]
267 class CIM_PolicyGroup : CIM_PolicySet {
268
269 [Key, Propagated ( "CIM_System.CreationClassName" ),
270 Description (
271 "The scoping System's CreationClassName."),
272 MaxLen ( 256 )]
273 string SystemCreationClassName;
274 tony 1.1
275 [Key, Propagated ( "CIM_System.Name" ), Description (
276 "The scoping System's Name."),
277 MaxLen ( 256 )]
278 string SystemName;
279
280 [Key, Description (
281 "CreationClassName indicates the name of the class or the "
282 "subclass used in the creation of an instance. When used "
283 "with the other key properties of this class, this property "
284 "allows all instances of this class and its subclasses to be "
285 "uniquely identified."),
286 MaxLen ( 256 )]
287 string CreationClassName;
288
289 [Key, Description (
290 "A user-friendly name of this PolicyGroup."),
291 MaxLen ( 256 )]
292 string PolicyGroupName;
293 };
294
295 tony 1.1
296 // ==================================================================
297 // PolicyRule
298 // ==================================================================
299 [Version ( "2.7.0" ), Description (
300 "The central class used for representing the 'If Condition then "
301 "Action' semantics of a policy rule. A PolicyRule condition, in "
302 "the most general sense, is represented as either an ORed set "
303 "of ANDed conditions (Disjunctive Normal Form, or DNF) or an "
304 "ANDed set of ORed conditions (Conjunctive Normal Form, or "
305 "CNF). Individual conditions may either be negated (NOT C) or "
306 "unnegated (C). The actions specified by a PolicyRule are to be "
307 "performed if and only if the PolicyRule condition (whether it "
308 "is represented in DNF or CNF) evaluates to TRUE. \n"
309 "\n"
310 "The conditions and actions associated with a PolicyRule are "
311 "modeled, respectively, with subclasses of PolicyCondition and "
312 "PolicyAction. These condition and action objects are tied to "
313 "instances of PolicyRule by the PolicyConditionInPolicyRule and "
314 "PolicyActionInPolicyRule aggregations. \n"
315 "\n"
316 tony 1.1 "A PolicyRule may also be associated with one or more policy "
317 "time periods, indicating the schedule according to which the "
318 "policy rule is active and inactive. In this case it is the "
319 "PolicySetValidityPeriod aggregation that provides this "
320 "linkage. \n"
321 "\n"
322 "The PolicyRule class uses the property ConditionListType, to "
323 "indicate whether the conditions for the rule are in DNF "
324 "(disjunctive normal form), CNF (conjunctive normal form) or, "
325 "in the case of a rule with no conditions, as an "
326 "UnconditionalRule. The PolicyConditionInPolicyRule aggregation "
327 "contains two additional properties to complete the "
328 "representation of the Rule's conditional expression. The first "
329 "of these properties is an integer to partition the referenced "
330 "PolicyConditions into one or more groups, and the second is a "
331 "Boolean to indicate whether a referenced Condition is negated. "
332 "An example shows how ConditionListType and these two "
333 "additional properties provide a unique representation of a set "
334 "of PolicyConditions in either DNF or CNF. \n"
335 "\n"
336 "Suppose we have a PolicyRule that aggregates five "
337 tony 1.1 "PolicyConditions C1 through C5, with the following values in "
338 "the properties of the five PolicyConditionInPolicyRule "
339 "associations: \n"
340 "C1: GroupNumber = 1, ConditionNegated = FALSE \n"
341 "C2: GroupNumber = 1, ConditionNegated = TRUE \n"
342 "C3: GroupNumber = 1, ConditionNegated = FALSE \n"
343 "C4: GroupNumber = 2, ConditionNegated = FALSE \n"
344 "C5: GroupNumber = 2, ConditionNegated = FALSE \n"
345 "\n"
346 "If ConditionListType = DNF, then the overall condition for the "
347 "PolicyRule is: \n"
348 "(C1 AND (NOT C2) AND C3) OR (C4 AND C5) \n"
349 "\n"
350 "On the other hand, if ConditionListType = CNF, then the "
351 "overall condition for the PolicyRule is: \n"
352 "(C1 OR (NOT C2) OR C3) AND (C4 OR C5) \n"
353 "\n"
354 "In both cases, there is an unambiguous specification of the "
355 "overall condition that is tested to determine whether to "
356 "perform the PolicyActions associated with the PolicyRule. \n"
357 "\n"
358 tony 1.1 "PolicyRule instances may also be used to aggregate other "
359 "PolicyRules and/or PolicyGroups. When used in this way to "
360 "implement nested rules, the conditions of the aggregating rule "
361 "apply to the subordinate rules as well. However, any side "
362 "effects of condition evaluation or the execution of actions "
363 "MUST NOT affect the result of the evaluation of other "
364 "conditions evaluated by the rule engine in the same evaluation "
365 "pass. That is, an implementation of a rule engine MAY evaluate "
366 "all conditions in any order before applying the priority and "
367 "determining which actions are to be executed.")]
368 class CIM_PolicyRule : CIM_PolicySet {
369
370 [Key, Propagated ( "CIM_System.CreationClassName" ),
371 Description (
372 "The scoping System's CreationClassName."),
373 MaxLen ( 256 )]
374 string SystemCreationClassName;
375
376 [Key, Propagated ( "CIM_System.Name" ), Description (
377 "The scoping System's Name."),
378 MaxLen ( 256 )]
379 tony 1.1 string SystemName;
380
381 [Key, Description (
382 "CreationClassName indicates the name of the class or the "
383 "subclass used in the creation of an instance. When used "
384 "with the other key properties of this class, this property "
385 "allows all instances of this class and its subclasses to be "
386 "uniquely identified."),
387 MaxLen ( 256 )]
388 string CreationClassName;
389
390 [Key, Description (
391 "A user-friendly name of this PolicyRule."),
392 MaxLen ( 256 )]
393 string PolicyRuleName;
394
395 [Description (
396 "Indicates whether the list of PolicyConditions associated "
397 "with this PolicyRule is in disjunctive normal form (DNF), "
398 "conjunctive normal form (CNF), or has no conditions (i.e., "
399 "is an UnconditionalRule) and is automatically evaluated to "
400 tony 1.1 "\"True.\" The default value is 1 (\"DNF\")."),
401 ValueMap { "0", "1", "2" },
402 Values { "Unconditional Rule", "DNF", "CNF" }]
403 uint16 ConditionListType = 1;
404
405 [Description (
406 "A free-form string that can be used to provide guidelines "
407 "on how this PolicyRule should be used.")]
408 string RuleUsage;
409
410 [Deprecated { "CIM_PolicySetComponent.Priority" }, Description (
411 "PolicyRule.Priority is deprecated and replaced by providing "
412 "the priority for a rule (and a group) in the context of the "
413 "aggregating PolicySet instead of the priority being used "
414 "for all aggregating PolicySet instances. Thus, the "
415 "assignment of priority values is much simpler. \n"
416 "\n"
417 "A non-negative integer for prioritizing this Policy Rule "
418 "relative to other Rules. A larger value indicates a higher "
419 "priority. The default value is 0.")]
420 uint16 Priority=0;
421 tony 1.1
422 [Deprecated { "No Value" }, Description (
423 "A flag indicating that the evaluation of the Policy "
424 "Conditions and execution of PolicyActions (if the "
425 "Conditions evaluate to TRUE) is required. The evaluation of "
426 "a PolicyRule MUST be attempted if the Mandatory property "
427 "value is TRUE. If the Mandatory property is FALSE, then the "
428 "evaluation of the Rule is 'best effort' and MAY be ignored.")]
429 boolean Mandatory;
430
431 [Description (
432 "This property gives a policy administrator a way of "
433 "specifying how the ordering of the PolicyActions associated "
434 "with this PolicyRule is to be interpreted. Three values are "
435 "supported: \n"
436 "o mandatory(1): Do the actions in the indicated order, or "
437 "don't do them at all. \n"
438 "o recommended(2): Do the actions in the indicated order if "
439 "you can, but if you can't do them in this order, do them in "
440 "another order if you can. \n"
441 "o dontCare(3): Do them -- I don't care about the order. \n"
442 tony 1.1 "The default value is 3 (\"DontCare\")."),
443 ValueMap { "1", "2", "3" },
444 Values { "Mandatory", "Recommended", "Dont Care" }]
445 uint16 SequencedActions = 3;
446
447 [Description (
448 "ExecutionStrategy defines the strategy to be used in "
449 "executing the sequenced actions aggregated by this "
450 "PolicyRule. There are three execution strategies: \n"
451 "\n"
452 "Do Until Success - execute actions according to predefined "
453 "order, until successful execution of a single action. \n"
454 "Do All - execute ALL actions which are part of the modeled "
455 "set, according to their predefined order. Continue doing "
456 "this, even if one or more of the actions fails. \n"
457 "Do Until Failure - execute actions according to predefined "
458 "order, until the first failure in execution of an action "
459 "instance."),
460 ValueMap { "1", "2", "3" },
461 Values { "Do Until Success", "Do All", "Do Until Failure" }]
462 uint16 ExecutionStrategy;
463 tony 1.1 };
464
465
466 // ==================================================================
467 // AuthenticationRule
468 // ==================================================================
469 [Version ( "2.8.0" ), Description (
470 "A class representing a company's and/or administrator's "
471 "authentication requirements for a CIM_Identity. The "
472 "PolicyConditions collected by an instance of "
473 "AuthenticationRule describe the various requirements under "
474 "which a CIM_Identity's CurrentlyAuthenticated Boolean is set "
475 "to TRUE. Note that the CIM_Identities which are authenticated "
476 "are tied to the Rule by the association, PolicySet "
477 "AppliesToElement. \n"
478 "\n"
479 "At this time, there are no actions associated with this "
480 "PolicyRule. This is because the actions are implicit. When the "
481 "conditions of the rule are met, then the "
482 "CurrentlyAuthenticated Boolean properties of the associated "
483 "instances of CIM_Identity are set to TRUE.")]
484 tony 1.1 class CIM_AuthenticationRule : CIM_PolicyRule {
485 };
486
487
488 // ==================================================================
489 // ReusablePolicyContainer
490 // ==================================================================
491 [Version ( "2.6.0" ), Description (
492 "A class representing an administratively defined container for "
493 "reusable policy-related information. This class does not "
494 "introduce any additional properties beyond those in its "
495 "superclass AdminDomain. It does, however, participate in a "
496 "unique association for containing policy elements. \n"
497 "\n"
498 "An instance of this class uses the NameFormat value "
499 "\"ReusablePolicyContainer\".")]
500 class CIM_ReusablePolicyContainer : CIM_AdminDomain {
501 };
502
503
504 // ==================================================================
505 tony 1.1 // PolicyRepository *** deprecated
506 // ==================================================================
507 [Deprecated { "CIM_ReusablePolicyContainer" }, Version ( "2.7.0" ),
508 Description (
509 "The term 'PolicyRepository' has been confusing to both "
510 "developers and users of the model. The replacement class name "
511 "describes model element properly and is less likely to be "
512 "confused with a data repository. \n"
513 "\n"
514 "A class representing an administratively defined container for "
515 "reusable policy-related information. This class does not "
516 "introduce any additional properties beyond those in its "
517 "superclass AdminDomain. It does, however, participate in a "
518 "number of unique associations. \n"
519 "\n"
520 "An instance of this class uses the NameFormat value "
521 "\"PolicyRepository\".")]
522 class CIM_PolicyRepository : CIM_AdminDomain {
523 };
524
525
526 tony 1.1 // ==================================================================
527 // PolicyCondition
528 // ==================================================================
529 [Abstract, Version ( "2.6.0" ), Description (
530 "A class representing a rule-specific or reusable policy "
531 "condition to be evaluated in conjunction with a Policy Rule. "
532 "Since all operational details of a PolicyCondition are "
533 "provided in subclasses of this object, this class is abstract.")]
534 class CIM_PolicyCondition : CIM_Policy {
535
536 [Key, Description (
537 "The name of the class or the subclass used in the creation "
538 "of the System object in whose scope this PolicyCondition is "
539 "defined. \n"
540 "\n"
541 "This property helps to identify the System object in whose "
542 "scope this instance of PolicyCondition exists. For a "
543 "rule-specific PolicyCondition, this is the System in whose "
544 "context the PolicyRule is defined. For a reusable "
545 "PolicyCondition, this is the instance of PolicyRepository "
546 "(which is a subclass of System) that holds the Condition. \n"
547 tony 1.1 "\n"
548 "Note that this property, and the analogous property "
549 "SystemName, do not represent propagated keys from an "
550 "instance of the class System. Instead, they are properties "
551 "defined in the context of this class, which repeat the "
552 "values from the instance of System to which this "
553 "PolicyCondition is related, either directly via the "
554 "PolicyConditionInPolicyRepository association or indirectly "
555 "via the PolicyConditionInPolicyRule aggregation."),
556 MaxLen ( 256 )]
557 string SystemCreationClassName;
558
559 [Key, Description (
560 "The name of the System object in whose scope this "
561 "PolicyCondition is defined. \n"
562 "\n"
563 "This property completes the identification of the System "
564 "object in whose scope this instance of PolicyCondition "
565 "exists. For a rule-specific PolicyCondition, this is the "
566 "System in whose context the PolicyRule is defined. For a "
567 "reusable PolicyCondition, this is the instance of "
568 tony 1.1 "PolicyRepository (which is a subclass of System) that holds "
569 "the Condition."),
570 MaxLen ( 256 )]
571 string SystemName;
572
573 [Key, Description (
574 "For a rule-specific PolicyCondition, the CreationClassName "
575 "of the PolicyRule object with which this Condition is "
576 "associated. For a reusable Policy Condition, a special "
577 "value, 'NO RULE', should be used to indicate that this "
578 "Condition is reusable and not associated with a single "
579 "PolicyRule."),
580 MaxLen ( 256 )]
581 string PolicyRuleCreationClassName;
582
583 [Key, Description (
584 "For a rule-specific PolicyCondition, the name of the "
585 "PolicyRule object with which this Condition is associated. "
586 "For a reusable PolicyCondition, a special value, 'NO RULE', "
587 "should be used to indicate that this Condition is reusable "
588 "and not associated with a single PolicyRule."),
589 tony 1.1 MaxLen ( 256 )]
590 string PolicyRuleName;
591
592 [Key, Description (
593 "CreationClassName indicates the name of the class or the "
594 "subclass used in the creation of an instance. When used "
595 "with the other key properties of this class, this property "
596 "allows all instances of this class and its subclasses to be "
597 "uniquely identified."),
598 MaxLen ( 256 )]
599 string CreationClassName;
600
601 [Key, Description (
602 "A user-friendly name of this PolicyCondition."),
603 MaxLen ( 256 )]
604 string PolicyConditionName;
605 };
606
607
608 // ==================================================================
609 // PolicyTimePeriodCondition
610 tony 1.1 // ==================================================================
611 [Version ( "2.7.0" ), Description (
612 "This class provides a means of representing the time periods "
613 "during which a PolicySet is valid, i.e., active. At all times "
614 "that fall outside these time periods, the PolicySet has no "
615 "effect. A PolicySet is treated as valid at ALL times, if it "
616 "does not specify a PolicyTimePeriodCondition. \n"
617 "\n"
618 "In some cases a Policy Consumer may need to perform certain "
619 "setup / cleanup actions when a PolicySet becomes active / "
620 "inactive. For example, sessions that were established while a "
621 "PolicySet was active might need to be taken down when the "
622 "PolicySet becomes inactive. In other cases, however, such "
623 "sessions might be left up. In this case, the effect of "
624 "deactivating the PolicySet would just be to prevent the "
625 "establishment of new sessions. \n"
626 "\n"
627 "Setup / cleanup behaviors on validity period transitions are "
628 "not currently addressed by the Policy Model, and must be "
629 "specified in 'guideline' documents or via subclasses of "
630 "CIM_PolicySet, CIM_PolicyTimePeriod Condition or other "
631 tony 1.1 "concrete subclasses of CIM_Policy. If such behaviors need to "
632 "be under the control of the policy administrator, then a "
633 "mechanism to allow this control must also be specified in the "
634 "subclasses. \n"
635 "\n"
636 "PolicyTimePeriodCondition is defined as a subclass of "
637 "PolicyCondition. This is to allow the inclusion of time-based "
638 "criteria in the AND/OR condition definitions for a PolicyRule. "
639 "\n\n"
640 "Instances of this class may have up to five properties "
641 "identifying time periods at different levels. The values of "
642 "all the properties present in an instance are ANDed together "
643 "to determine the validity period(s) for the instance. For "
644 "example, an instance with an overall validity range of January "
645 "1, 2000 through December 31, 2000; a month mask that selects "
646 "March and April; a day-of-the-week mask that selects Fridays; "
647 "and a time of day range of 0800 through 1600 would be "
648 "represented using the following time periods: \n"
649 "Friday, March 5, 2000, from 0800 through 1600; \n"
650 "Friday, March 12, 2000, from 0800 through 1600; \n"
651 "Friday, March 19, 2000, from 0800 through 1600; \n"
652 tony 1.1 "Friday, March 26, 2000, from 0800 through 1600; \n"
653 "Friday, April 2, 2000, from 0800 through 1600; \n"
654 "Friday, April 9, 2000, from 0800 through 1600; \n"
655 "Friday, April 16, 2000, from 0800 through 1600; \n"
656 "Friday, April 23, 2000, from 0800 through 1600; \n"
657 "Friday, April 30, 2000, from 0800 through 1600. \n"
658 "\n"
659 "Properties not present in an instance of "
660 "PolicyTimePeriodCondition are implicitly treated as having "
661 "their value 'always enabled'. Thus, in the example above, the "
662 "day-of-the-month mask is not present, and so the validity "
663 "period for the instance implicitly includes a day-of-the-month "
664 "mask that selects all days of the month. If this 'missing "
665 "property' rule is applied to its fullest, we see that there is "
666 "a second way to indicate that a PolicySet is always enabled: "
667 "associate with it an instance of PolicyTimePeriodCondition "
668 "whose only properties with specific values are its key "
669 "properties.")]
670 class CIM_PolicyTimePeriodCondition : CIM_PolicyCondition {
671
672 [Description (
673 tony 1.1 "This property identifies an overall range of calendar dates "
674 "and times over which a PolicySet is valid. It is formatted "
675 "as a string representing a start date and time, in which "
676 "the character 'T' indicates the beginning of the time "
677 "portion, followed by the solidus character '/', followed by "
678 "a similar string representing an end date and time. The "
679 "first date indicates the beginning of the range, while the "
680 "second date indicates the end. Thus, the second date and "
681 "time must be later than the first. Date/times are expressed "
682 "as substrings of the form yyyymmddThhmmss. For example: \n"
683 "20000101T080000/20000131T120000 defines \n"
684 "January 1, 2000, 0800 through January 31, 2000, noon \n"
685 "\n"
686 "There are also two special cases in which one of the "
687 "date/time strings is replaced with a special string defined "
688 "in RFC 2445. \n"
689 "o If the first date/time is replaced with the string "
690 "'THISANDPRIOR', then the property indicates that a "
691 "PolicySet is valid [from now] until the date/time that "
692 "appears after the '/'. \n"
693 "o If the second date/time is replaced with the string "
694 tony 1.1 "'THISANDFUTURE', then the property indicates that a "
695 "PolicySet becomes valid on the date/time that appears "
696 "before the '/', and remains valid from that point on."),
697 ModelCorrespondence {
698 "CIM_PolicyTimePeriodCondition.MonthOfYearMask",
699 "CIM_PolicyTimePeriodCondition.DayOfMonthMask",
700 "CIM_PolicyTimePeriodCondition.DayOfWeekMask",
701 "CIM_PolicyTimePeriodCondition.TimeOfDayMask",
702 "CIM_PolicyTimePeriodCondition.LocalOrUtcTime" }]
703 string TimePeriod;
704
705 [Description (
706 "The purpose of this property is to refine the valid time "
707 "period that is defined by the TimePeriod property, by "
708 "explicitly specifying in which months the PolicySet is "
709 "valid. These properties work together, with the TimePeriod "
710 "used to specify the overall time period in which the "
711 "PolicySet is valid, and the MonthOfYearMask used to pick "
712 "out the months during which the PolicySet is valid. \n"
713 "\n"
714 "This property is formatted as an octet string, structured "
715 tony 1.1 "as follows: \n"
716 "o a 4-octet length field, indicating the length of the "
717 "entire octet string; this field is always set to 0x00000006 "
718 "for this property; \n"
719 "o a 2-octet field consisting of 12 bits identifying the 12 "
720 "months of the year, beginning with January and ending with "
721 "December, followed by 4 bits that are always set to '0'. "
722 "For each month, the value '1' indicates that the policy is "
723 "valid for that month, and the value '0' indicates that it "
724 "is not valid. \n"
725 "\n"
726 "The value 0x000000060830, for example, indicates that a "
727 "PolicySet is valid only in the months May, November, and "
728 "December. \n"
729 "\n"
730 "If a value for this property is not provided, then the "
731 "PolicySet is treated as valid for all twelve months, and "
732 "only restricted by its TimePeriod property value and the "
733 "other Mask properties."),
734 OctetString,
735 ModelCorrespondence {
736 tony 1.1 "CIM_PolicyTimePeriodCondition.TimePeriod",
737 "CIM_PolicyTimePeriodCondition.LocalOrUtcTime" }]
738 uint8 MonthOfYearMask[];
739
740 [Description (
741 "The purpose of this property is to refine the valid time "
742 "period that is defined by the TimePeriod property, by "
743 "explicitly specifying in which days of the month the "
744 "PolicySet is valid. These properties work together, with "
745 "the TimePeriod used to specify the overall time period in "
746 "which the PolicySet is valid, and the DayOfMonthMask used "
747 "to pick out the days of the month during which the "
748 "PolicySet is valid. \n"
749 "\n"
750 "This property is formatted as an octet string, structured "
751 "as follows: \n"
752 "o a 4-octet length field, indicating the length of the "
753 "entire octet string; this field is always set to 0x0000000C "
754 "for this property; \n"
755 "o an 8-octet field consisting of 31 bits identifying the "
756 "days of the month counting from the beginning, followed by "
757 tony 1.1 "31 more bits identifying the days of the month counting "
758 "from the end, followed by 2 bits that are always set to "
759 "'0'. For each day, the value '1' indicates that the "
760 "PolicySet is valid for that day, and the value '0' "
761 "indicates that it is not valid. \n"
762 "\n"
763 "The value 0x0000000C8000000100000000, for example, "
764 "indicates that a PolicySet is valid on the first and last "
765 "days of the month. \n"
766 "\n"
767 "For months with fewer than 31 days, the digits "
768 "corresponding to days that the months do not have (counting "
769 "in both directions) are ignored. \n"
770 "\n"
771 "If a value for this property is not provided, then the "
772 "PolicySet is treated as valid for all days of the month, "
773 "and only restricted by its TimePeriod property value and "
774 "the other Mask properties."),
775 OctetString,
776 ModelCorrespondence {
777 "CIM_PolicyTimePeriodCondition.TimePeriod",
778 tony 1.1 "CIM_PolicyTimePeriodCondition.LocalOrUtcTime" }]
779 uint8 DayOfMonthMask[];
780
781 [Description (
782 "The purpose of this property is to refine the valid time "
783 "period that is defined by the TimePeriod property, by "
784 "explicitly specifying in which days of the week the "
785 "PolicySet is valid. These properties work together, with "
786 "the TimePeriod used to specify the overall time period in "
787 "which the PolicySet is valid, and the DayOfWeekMask used to "
788 "pick out the days of the week during which the PolicySet is "
789 "valid. \n"
790 "\n"
791 "This property is formatted as an octet string, structured "
792 "as follows: \n"
793 "o a 4-octet length field, indicating the length of the "
794 "entire octet string; this field is always set to 0x00000005 "
795 "for this property; \n"
796 "o a 1-octet field consisting of 7 bits identifying the 7 "
797 "days of the week, beginning with Sunday and ending with "
798 "Saturday, followed by 1 bit that is always set to '0'. For "
799 tony 1.1 "each day of the week, the value '1' indicates that the "
800 "PolicySet is valid for that day, and the value '0' "
801 "indicates that it is not valid. \n"
802 "\n"
803 "The value 0x000000057C, for example, indicates that a "
804 "PolicySet is valid Monday through Friday. \n"
805 "\n"
806 "If a value for this property is not provided, then the "
807 "PolicySet is treated as valid for all days of the week, and "
808 "only restricted by its TimePeriod property value and the "
809 "other Mask properties."),
810 OctetString,
811 ModelCorrespondence {
812 "CIM_PolicyTimePeriodCondition.TimePeriod",
813 "CIM_PolicyTimePeriodCondition.LocalOrUtcTime" }]
814 uint8 DayOfWeekMask[];
815
816 [Description (
817 "The purpose of this property is to refine the valid time "
818 "period that is defined by the TimePeriod property, by "
819 "explicitly specifying a range of times in a day during "
820 tony 1.1 "which the PolicySet is valid. These properties work "
821 "together, with the TimePeriod used to specify the overall "
822 "time period in which the PolicySet is valid, and the "
823 "TimeOfDayMask used to pick out the range of time periods in "
824 "a given day of during which the PolicySet is valid. \n"
825 "\n"
826 "This property is formatted in the style of RFC 2445: a time "
827 "string beginning with the character 'T', followed by the "
828 "solidus character '/', followed by a second time string. "
829 "The first time indicates the beginning of the range, while "
830 "the second time indicates the end. Times are expressed as "
831 "substrings of the form 'Thhmmss'. \n"
832 "\n"
833 "The second substring always identifies a later time than "
834 "the first substring. To allow for ranges that span "
835 "midnight, however, the value of the second string may be "
836 "smaller than the value of the first substring. Thus, "
837 "'T080000/T210000' identifies the range from 0800 until "
838 "2100, while 'T210000/T080000' identifies the range from "
839 "2100 until 0800 of the following day. \n"
840 "\n"
841 tony 1.1 "When a range spans midnight, it by definition includes "
842 "parts of two successive days. When one of these days is "
843 "also selected by either the MonthOfYearMask, "
844 "DayOfMonthMask, and/or DayOfWeekMask, but the other day is "
845 "not, then the PolicySet is active only during the portion "
846 "of the range that falls on the selected day. For example, "
847 "if the range extends from 2100 until 0800, and the day of "
848 "week mask selects Monday and Tuesday, then the PolicySet is "
849 "active during the following three intervals: \n"
850 "From midnight Sunday until 0800 Monday; \n"
851 "From 2100 Monday until 0800 Tuesday; \n"
852 "From 2100 Tuesday until 23:59:59 Tuesday. \n"
853 "\n"
854 "If a value for this property is not provided, then the "
855 "PolicySet is treated as valid for all hours of the day, and "
856 "only restricted by its TimePeriod property value and the "
857 "other Mask properties."),
858 ModelCorrespondence {
859 "CIM_PolicyTimePeriodCondition.TimePeriod",
860 "CIM_PolicyTimePeriodCondition.LocalOrUtcTime" }]
861 string TimeOfDayMask;
862 tony 1.1
863 [Description (
864 "This property indicates whether the times represented in "
865 "the TimePeriod property and in the various Mask properties "
866 "represent local times or UTC times. There is no provision "
867 "for mixing of local times and UTC times: the value of this "
868 "property applies to all of the other time-related "
869 "properties. TimePeriods are synchronized worldwide by using "
870 "the enumeration value 'UTCTime'. If the goal is to "
871 "synchronize worldwide on a particular local time (such as "
872 "0300 - 0500 in New York), then if the TimePeriod property "
873 "spans a Daylight Savings Time transition in New York, it "
874 "will be necessary to create multiple instances of "
875 "PolicyTimePeriodCondition, one based on the offset UTC-0500 "
876 "for the part of each year when standard time is used in New "
877 "York, and one based on the offset UTC-0400 for the part of "
878 "each year when Daylight Savings Time is used there."),
879 ValueMap { "1", "2" },
880 Values { "Local Time", "UTC Time" },
881 ModelCorrespondence {
882 "CIM_PolicyTimePeriodCondition.TimePeriod",
883 tony 1.1 "CIM_PolicyTimePeriodCondition.MonthOfYearMask",
884 "CIM_PolicyTimePeriodCondition.DayOfMonthMask",
885 "CIM_PolicyTimePeriodCondition.DayOfWeekMask",
886 "CIM_PolicyTimePeriodCondition.TimeOfDayMask" }]
887 uint16 LocalOrUtcTime;
888 };
889
890
891 // ==================================================================
892 // CompoundPolicyCondition
893 // ==================================================================
894 [Version ( "2.7.0" ), Description (
895 "CompoundPolicyCondition is used to represent compound "
896 "conditions formed by aggregating simpler policy conditions. "
897 "Compound conditions are constructed by associating subordinate "
898 "condition terms together using the "
899 "PolicyConditionInPolicyCondition aggregation.")]
900 class CIM_CompoundPolicyCondition : CIM_PolicyCondition {
901
902 [Description (
903 "Indicates whether the list of CompoundPolicyConditions "
904 tony 1.1 "associated with this PolicyRule is in disjunctive normal "
905 "form (DNF) or conjunctive normal form (CNF). The default "
906 "value is 1 (\"DNF\")."),
907 ValueMap { "1", "2" },
908 Values { "DNF", "CNF" }]
909 uint16 ConditionListType;
910 };
911
912
913 // ==================================================================
914 // AuthenticationCondition
915 // ==================================================================
916 [Abstract, Version ( "2.8.0" ), Description (
917 "An abstract class whose subclasses describe one of a company's "
918 "and/or administrator's credential requirements, and/or other "
919 "information that should be authenticated in order to "
920 "establish/trust a CIM_Identity. The PolicyConditions collected "
921 "by an instance of AuthenticationRule describe the various "
922 "requirements under which a CIM_Identity's "
923 "CurrentlyAuthenticated Boolean is set to TRUE. Note that the "
924 "CIM_Identities which are authenticated are specified through "
925 tony 1.1 "the AuthenticationRule, using the PolicySet AppliesToElement "
926 "association.")]
927 class CIM_AuthenticationCondition : CIM_PolicyCondition {
928 };
929
930
931 // ==================================================================
932 // SharedSecretAuthentication
933 // ==================================================================
934 [Version ( "2.8.0" ), Description (
935 "A class describing a company's and/or administrator's "
936 "credential requirements that should be authenticated in order "
937 "to establish/trust a CIM_Identity. This class defines a "
938 "specific identity whose shared secret should be authenticated.")]
939 class CIM_SharedSecretAuthentication : CIM_AuthenticationCondition {
940
941 [Description (
942 "String defining the principal's ID whose secret is "
943 "authenticated.")]
944 string IDOfPrincipal;
945
946 tony 1.1 [Description (
947 "String defining a hostname, URI or service/application "
948 "name. It defines the specific system or service which "
949 "provides the context for the shared secret.")]
950 string ContextOfSecret;
951 };
952
953
954 // ==================================================================
955 // AccountAuthentication
956 // ==================================================================
957 [Version ( "2.8.0" ), Description (
958 "A class describing a company's and/or administrator's "
959 "credential requirements that should be authenticated in order "
960 "to establish/trust a CIM_Identity. This class defines a "
961 "specific identity whose account credentials should be "
962 "authenticated.")]
963 class CIM_AccountAuthentication : CIM_AuthenticationCondition {
964
965 [Description (
966 "String defining the account's ID which is authenticated.")]
967 tony 1.1 string AccountID;
968
969 [Description (
970 "String defining a hostname, URI or other information "
971 "identifying the system where the Account resides.")]
972 string AccountContext;
973 };
974
975
976 // ==================================================================
977 // BiometricAuthentication
978 // ==================================================================
979 [Version ( "2.8.0" ), Description (
980 "A class describing a company's and/or administrator's "
981 "credential requirements that should be authenticated in order "
982 "to establish/trust a CIM_Identity. This class defines specific "
983 "biometric data that should be authenticated.")]
984 class CIM_BiometricAuthentication : CIM_AuthenticationCondition {
985
986 [Description (
987 "Integer enumeration identifying the biometric data that "
988 tony 1.1 "should be authenticated."),
989 ValueMap { "1", "2", "3", "4", "5", "6","7", "8" },
990 Values { "Other", "Facial", "Retina", "Mark", "Finger", "Voice",
991 "DNA-RNA", "EEG" },
992 ModelCorrespondence {
993 "CIM_BiometricAuthentication.OtherBiometric" }]
994 uint16 TypeOfBiometric;
995
996 [Description (
997 "String specifying the biometric when the TypeOfBiometric "
998 "property is set to 1, \"Other\"."),
999 ModelCorrespondence {
1000 "CIM_BiometricAuthentication.TypeOfBiometric" }]
1001 string OtherBiometric;
1002
1003 [Description (
1004 "String defining a specific biometric code, which may be "
1005 "validated by the security infrastructure. If this property "
1006 "is left blank, it is the responsibility of the "
1007 "infrastructure to verify the biometric (which MUST be of a "
1008 "type specified by the TypeOfBiometric property).")]
1009 tony 1.1 string PersonalIdentifier;
1010 };
1011
1012
1013 // ==================================================================
1014 // NetworkingIDAuthentication
1015 // ==================================================================
1016 [Version ( "2.8.0" ), Description (
1017 "A class describing a company's and/or administrator's "
1018 "credential requirements that should be authenticated in order "
1019 "to establish/trust a CIM_Identity. This class specifies that a "
1020 "networking ID or address should be verified.")]
1021 class CIM_NetworkingIDAuthentication : CIM_AuthenticationCondition {
1022
1023 [Description (
1024 "A string defining the specific type/subclass of "
1025 "CIM_Identity which specifies the networking information. "
1026 "For example, CIM_StorageHardwareID would be entered in this "
1027 "property to identify that a 'known' port should be "
1028 "observed.")]
1029 string NetworkingIdentityClassName;
1030 tony 1.1 };
1031
1032
1033 // ==================================================================
1034 // PublicPrivateKeyAuthentication
1035 // ==================================================================
1036 [Version ( "2.8.0" ), Description (
1037 "A class describing a company's and/or administrator's "
1038 "credential requirements that should be authenticated in order "
1039 "to establish/trust a CIM_Identity. This class defines the "
1040 "specific public/private key pair that should be authenticated.")]
1041 class CIM_PublicPrivateKeyAuthentication : CIM_AuthenticationCondition {
1042
1043 [Description (
1044 "Boolean indicating whether the key pair is self-issued "
1045 "(TRUE) or issued by a Certificate Authority (FALSE).")]
1046 boolean SelfIssuedKey;
1047
1048 [Description (
1049 "String holding the user's (distinguished) name.")]
1050 string DistinguishedName;
1051 tony 1.1
1052 [Description (
1053 "String holding the public key data.")]
1054 string PublicKey;
1055 };
1056
1057
1058 // ==================================================================
1059 // KerberosAuthentication
1060 // ==================================================================
1061 [Version ( "2.8.0" ), Description (
1062 "A class describing a company's and/or administrator's "
1063 "credential requirements that should be authenticated in order "
1064 "to establish/trust a CIM_Identity. This class defines a user "
1065 "whose Kerberos ticket should be authenticated.")]
1066 class CIM_KerberosAuthentication : CIM_AuthenticationCondition {
1067
1068 [Description (
1069 "String holding the user name for which the ticket is "
1070 "issued.")]
1071 string UserName;
1072 tony 1.1 };
1073
1074
1075 // ==================================================================
1076 // DocumentAuthentication
1077 // ==================================================================
1078 [Version ( "2.8.0" ), Description (
1079 "A class describing a company's and/or administrator's "
1080 "credential requirements that should be authenticated in order "
1081 "to establish/trust a CIM_Identity. This class defines the "
1082 "specific document that should be authenticated.")]
1083 class CIM_DocumentAuthentication : CIM_AuthenticationCondition {
1084
1085 [Description (
1086 "Integer enumeration identifying the document that should be "
1087 "authenticated."),
1088 ValueMap { "1", "2", "3", "4", "5", "6","7" },
1089 Values { "Other", "Passport", "Birth Certificate",
1090 "Credit Card", "Drivers License", "Membership Card",
1091 "Social Security Card" },
1092 ModelCorrespondence { "CIM_DocumentAuthentication.OtherDocument"
1093 tony 1.1 }]
1094 uint16 TypeOfDocument;
1095
1096 [Description (
1097 "String specifying the document when the TypeOfDocument "
1098 "property is set to 1, \"Other\"."),
1099 ModelCorrespondence {
1100 "CIM_DocumentAuthentication.TypeOfDocument" }]
1101 string OtherDocument;
1102
1103 [Description (
1104 "String defining a particular document which may be used in "
1105 "the authentication process for example, a specific driver's "
1106 "license or passport number. If left blank, then any valid "
1107 "document matching the category specified by the "
1108 "TypeOfDocument property, can be accepted.")]
1109 string DocumentIdentifier;
1110 };
1111
1112
1113 // ==================================================================
1114 tony 1.1 // PhysicalCredentialAuthentication
1115 // ==================================================================
1116 [Version ( "2.8.0" ), Description (
1117 "A class describing a company's and/or administrator's "
1118 "credential requirements that should be authenticated in order "
1119 "to establish/trust a CIM_Identity. This class defines the "
1120 "specific type of physical credential that should be "
1121 "authenticated.")]
1122 class CIM_PhysicalCredentialAuthentication : CIM_AuthenticationCondition {
1123
1124 [Description (
1125 "Integer enumeration identifying the credential that should "
1126 "be authenticated."),
1127 ValueMap { "1", "2", "3", "4" },
1128 Values { "Other", "Magnetic Stripe Card", "Smart Card",
1129 "Password Generator Card" },
1130 ModelCorrespondence {
1131 "CIM_PhysicalCredentialAuthentication.OtherCredential" }]
1132 uint16 TypeOfCredential;
1133
1134 [Description (
1135 tony 1.1 "String specifying the credential when the TypeOfCredential "
1136 "property is set to 1, \"Other\"."),
1137 ModelCorrespondence {
1138 "CIM_PhysicalCredentialAuthentication.TypeOfCredential" }]
1139 string OtherCredential;
1140
1141 [Description (
1142 "String defining a character or binary sequence, which is "
1143 "built into the physical credential to identify it. If left "
1144 "blank, it is the responsibility of the security "
1145 "infrastructure to verify that a valid credential (of the "
1146 "specified type) has been used.")]
1147 string PhysicalIdentifier;
1148 };
1149
1150
1151 // ==================================================================
1152 // VendorPolicyCondition
1153 // ==================================================================
1154 [Version ( "2.6.0" ), Description (
1155 "A class that provides a general extension mechanism for "
1156 tony 1.1 "representing PolicyConditions that have not been modeled with "
1157 "specific properties. Instead, the two properties Constraint "
1158 "and ConstraintEncoding are used to define the content and "
1159 "format of the Condition, as explained below. \n"
1160 "\n"
1161 "As its name suggests, VendorPolicyCondition is intended for "
1162 "vendor-specific extensions to the Policy Core Information "
1163 "Model. Standardized extensions are not expected to use this "
1164 "class.")]
1165 class CIM_VendorPolicyCondition : CIM_PolicyCondition {
1166
1167 [Description (
1168 "This property provides a general extension mechanism for "
1169 "representing PolicyConditions that have not been modeled "
1170 "with specific properties. The format of the octet strings "
1171 "in the array is left unspecified in this definition. It is "
1172 "determined by the OID value stored in the property "
1173 "ConstraintEncoding. Since ConstraintEncoding is "
1174 "single-valued, all the values of Constraint share the same "
1175 "format and semantics."),
1176 OctetString,
1177 tony 1.1 ModelCorrespondence {
1178 "CIM_VendorPolicyCondition.ConstraintEncoding" }]
1179 string Constraint[];
1180
1181 [Description (
1182 "An OID encoded as a string, identifying the format and "
1183 "semantics for this instance's Constraint property."),
1184 ModelCorrespondence { "CIM_VendorPolicyCondition.Constraint" }]
1185 string ConstraintEncoding;
1186 };
1187
1188
1189 // ==================================================================
1190 // PacketFilterCondition
1191 // ==================================================================
1192 [Version ( "2.8.0" ), Description (
1193 "PacketFilterCondition specifies packet selection criteria (via "
1194 "association to FilterLists) for firewall policies, IPsec "
1195 "policies and similar uses. It is used as an anchor point to "
1196 "associate various types of filters with policy rules via the "
1197 "FilterOfPacketCondition association. By definition, policy "
1198 tony 1.1 "rules that aggregate PacketFilterCondition are assumed to "
1199 "operate against every packet received and/or transmitted from "
1200 "an ingress and/or egress point. (Whether policy condition "
1201 "evaluation occurs at ingress or egress is specified by the "
1202 "Direction property in the associated FilterList.) "
1203 "PacketFilterCondition MAY also be used to define the specific "
1204 "CredentialManagementService that validates the credentials "
1205 "carried in a packet. This is accomplished using the "
1206 "association, AcceptCredentialFrom. \n"
1207 "\n"
1208 "Associated objects (such as FilterListsor Credential "
1209 "ManagementServices) represent components of the condition that "
1210 "MAY or MAY NOT apply at a given rule evaluation. For example, "
1211 "an AcceptCredentialFrom evaluation is only performed when a "
1212 "credential is available to be evaluated and compared against "
1213 "the list of trusted credential management services. Similarly, "
1214 "a PeerIDPayloadFilterEntry MAY only be evaluated when an ID "
1215 "payload is available for checking. Condition components that "
1216 "do not have applicability at rule evaluation time, MUST be "
1217 "evaluated to TRUE."),
1218 MappingStrings { "IPSP Policy Model.IETF|SACondition" }]
1219 tony 1.1 class CIM_PacketFilterCondition : CIM_PolicyCondition {
1220
1221 };
1222
1223
1224 // ==================================================================
1225 // PolicyAction
1226 // ==================================================================
1227 [Abstract, Version ( "2.8.0" ), Description (
1228 "A class representing a rule-specific or reusable policy action "
1229 "to be performed if the PolicyConditions for a Policy Rule "
1230 "evaluate to TRUE. Since all operational details of a "
1231 "PolicyAction are provided in subclasses of this object, this "
1232 "class is abstract.")]
1233 class CIM_PolicyAction : CIM_Policy {
1234
1235 [Key, Description (
1236 "The name of the class or the subclass used in the creation "
1237 "of the System object in whose scope this PolicyAction is "
1238 "defined. \n"
1239 "\n"
1240 tony 1.1 "This property helps to identify the System object in whose "
1241 "scope this instance of PolicyAction exists. For a "
1242 "rule-specific PolicyAction, this is the System in whose "
1243 "context the PolicyRule is defined. For a reusable "
1244 "PolicyAction, this is the instance of PolicyRepository "
1245 "(which is a subclass of System) that holds the Action. \n"
1246 "\n"
1247 "Note that this property, and the analogous property "
1248 "SystemName, do not represent propagated keys from an "
1249 "instance of the class System. Instead, they are properties "
1250 "defined in the context of this class, which repeat the "
1251 "values from the instance of System to which this "
1252 "PolicyAction is related, either directly via the "
1253 "PolicyActionInPolicyRepository association or indirectly "
1254 "via the PolicyActionInPolicyRule aggregation."),
1255 MaxLen ( 256 )]
1256 string SystemCreationClassName;
1257
1258 [Key, Description (
1259 "The name of the System object in whose scope this "
1260 "PolicyAction is defined. \n"
1261 tony 1.1 "\n"
1262 "This property completes the identification of the System "
1263 "object in whose scope this instance of PolicyAction exists. "
1264 "For a rule-specific PolicyAction, this is the System in "
1265 "whose context the PolicyRule is defined. For a reusable "
1266 "PolicyAction, this is the instance of PolicyRepository "
1267 "(which is a subclass of System) that holds the Action."),
1268 MaxLen ( 256 )]
1269 string SystemName;
1270
1271 [Key, Description (
1272 "For a rule-specific PolicyAction, the CreationClassName of "
1273 "the PolicyRule object with which this Action is associated. "
1274 "For a reusable PolicyAction, a special value, 'NO RULE', "
1275 "should be used to indicate that this Action is reusable and "
1276 "not associated with a single PolicyRule."),
1277 MaxLen ( 256 )]
1278 string PolicyRuleCreationClassName;
1279
1280 [Key, Description (
1281 "For a rule-specific PolicyAction, the name of the "
1282 tony 1.1 "PolicyRule object with which this Action is associated. For "
1283 "a reusable PolicyAction, a special value, 'NO RULE', should "
1284 "be used to indicate that this Action is reusable and not "
1285 "associated with a single PolicyRule."),
1286 MaxLen ( 256 )]
1287 string PolicyRuleName;
1288
1289 [Key, Description (
1290 "CreationClassName indicates the name of the class or the "
1291 "subclass used in the creation of an instance. When used "
1292 "with the other key properties of this class, this property "
1293 "allows all instances of this class and its subclasses to be "
1294 "uniquely identified."),
1295 MaxLen ( 256 )]
1296 string CreationClassName;
1297
1298 [Key, Description (
1299 "A user-friendly name of this PolicyAction."),
1300 MaxLen ( 256 )]
1301 string PolicyActionName;
1302
1303 tony 1.1 [Description (
1304 "DoActionLogging causes a log message to be generated when "
1305 "the action is performed.")]
1306 boolean DoActionLogging;
1307 };
1308
1309
1310 // ==================================================================
1311 // VendorPolicyAction
1312 // ==================================================================
1313 [Version ( "2.6.0" ), Description (
1314 "A class that provides a general extension mechanism for "
1315 "representing PolicyActions that have not been modeled with "
1316 "specific properties. Instead, the two properties ActionData "
1317 "and ActionEncoding are used to define the content and format "
1318 "of the Action, as explained below. \n"
1319 "\n"
1320 "As its name suggests, VendorPolicyAction is intended for "
1321 "vendor-specific extensions to the Policy Core Information "
1322 "Model. Standardized extensions are not expected to use this "
1323 "class.")]
1324 tony 1.1 class CIM_VendorPolicyAction : CIM_PolicyAction {
1325
1326 [Description (
1327 "This property provides a general extension mechanism for "
1328 "representing PolicyActions that have not been modeled with "
1329 "specific properties. The format of the octet strings in the "
1330 "array is left unspecified in this definition. It is "
1331 "determined by the OID value stored in the property "
1332 "ActionEncoding. Since ActionEncoding is single-valued, all "
1333 "the values of ActionData share the same format and "
1334 "semantics."),
1335 OctetString,
1336 ModelCorrespondence { "CIM_VendorPolicyAction.ActionEncoding" }]
1337 string ActionData[];
1338
1339 [Description (
1340 "An OID encoded as a string, identifying the format and "
1341 "semantics for this instance's ActionData property."),
1342 ModelCorrespondence { "CIM_VendorPolicyAction.ActionData" }]
1343 string ActionEncoding;
1344 };
1345 tony 1.1
1346
1347 // ==================================================================
1348 // CompoundPolicyAction
1349 // ==================================================================
1350 [Version ( "2.6.0" ), Description (
1351 "CompoundPolicyAction is used to represent an expression "
1352 "consisting of an ordered sequence of action terms. Each action "
1353 "term is represented as a subclass of the PolicyAction class. "
1354 "Compound actions are constructed by associating dependent "
1355 "action terms together using the PolicyActionInPolicyAction "
1356 "aggregation.")]
1357 class CIM_CompoundPolicyAction : CIM_PolicyAction {
1358
1359 [Description (
1360 "This property gives a policy administrator a way of "
1361 "specifying how the ordering of the PolicyActions associated "
1362 "with this PolicyRule is to be interpreted. Three values are "
1363 "supported: \n"
1364 "o mandatory(1): Do the actions in the indicated order, or "
1365 "don't do them at all. \n"
1366 tony 1.1 "o recommended(2): Do the actions in the indicated order if "
1367 "you can, but if you can't do them in this order, do them in "
1368 "another order if you can. \n"
1369 "o dontCare(3): Do them -- I don't care about the order. \n"
1370 "The default value is 3 (\"DontCare\")."),
1371 ValueMap { "1", "2", "3" },
1372 Values { "Mandatory", "Recommended", "Dont Care" }]
1373 uint16 SequencedActions=3;
1374
1375 [Description (
1376 "ExecutionStrategy defines the strategy to be used in "
1377 "executing the sequenced actions aggregated by this "
1378 "CompoundPolicyAction. There are three execution strategies: "
1379 "\n\n"
1380 "Do Until Success - execute actions according to predefined "
1381 "order, until successful execution of a single action. \n"
1382 "Do All - execute ALL actions which are part of the modeled "
1383 "set, according to their predefined order. Continue doing "
1384 "this, even if one or more of the actions fails. \n"
1385 "Do Until Failure - execute actions according to predefined "
1386 "order, until the first failure in execution of an action "
1387 tony 1.1 "instance. \n"
1388 "The default value is 2 (\"Do All\")."),
1389 ValueMap { "1", "2", "3" },
1390 Values { "Do Until Success", "Do All", "Do Until Failure" }]
1391 uint16 ExecutionStrategy=2;
1392 };
1393
1394
1395 // ==================================================================
1396 // NetworkPacketAction
1397 // ==================================================================
1398 [Version ( "2.8.0" ), Description (
1399 "NetworkPacketAction standardizes different processing options "
1400 "that can be taken at the network packet level. The specific "
1401 "action is defined in the PacketAction enumerated property. "
1402 "Note that this property can be used in conjunction with other "
1403 "actions aggregated into a Rule, to fully define its effects. "
1404 "For example, when aggregated with the SAStaticAction class, "
1405 "NetworkPacketAction indicates whether a specific packet will "
1406 "be encrypted, bypassed or discarded for the lifetime of the "
1407 "Security Association.")]
1408 tony 1.1 class CIM_NetworkPacketAction : CIM_PolicyAction {
1409
1410 [Description (
1411 "A network packet can be processed, bypassed for processing "
1412 "(i.e., allowed to continue without further processing, such "
1413 "as being forwarded in the clear versus being encrypted), or "
1414 "discarded. This enumeration indicates how a packet should "
1415 "be handled if a PolicyRule's PolicyConditions evaluate to "
1416 "TRUE."),
1417 ValueMap { "1", "2", "3", "4" },
1418 Values { "Other", "Processed", "Bypassed", "Discarded" },
1419 MappingStrings { "IPSP Policy Model.IETF|IPsecBypassAction",
1420 "IPSP Policy Model.IETF|IPsecDiscardAction" },
1421 ModelCorrespondence { "CIM_NetworkPacketAction.OtherAction" }]
1422 uint16 PacketAction;
1423
1424 [Description (
1425 "Description of the action when the value 1 (\"Other\") is "
1426 "specified for the property, PacketAction."),
1427 ModelCorrespondence { "CIM_NetworkPacketAction.PacketAction" }]
1428 string OtherAction;
1429 tony 1.1 };
1430
1431
1432 // ==================================================================
1433 // RejectConnectionAction
1434 // ==================================================================
1435 [Version ( "2.8.0" ), Description (
1436 "RejectConnectionAction is used to cause a connection or its "
1437 "negotiation to be terminated. For example, it can be used in "
1438 "conjunction with an address filter on UDP port 500 to reduce "
1439 "Denial of Service vulnerability. As another example, it can be "
1440 "specified as a low priority rule to explicitly define the "
1441 "default action for IKE key exchange negotiations - i.e., if "
1442 "the higher priority rules are not satisfied, then reject the "
1443 "connection negotiation."),
1444 MappingStrings { "IPSP Policy Model.IETF|IKERejectAction" }]
1445 class CIM_RejectConnectionAction : CIM_PolicyAction {
1446 };
1447
1448
1449 // ==================================================================
1450 tony 1.1 // PolicyRoleCollection
1451 // ==================================================================
1452 [Version ( "2.8.0" ), Description (
1453 "PolicyRoleCollection is used to represent a collection of "
1454 "ManagedElements that share a common policy role, and the "
1455 "PolicySets that CAN BE applied to those elements. (Note that "
1456 "the PolicySets that are CURRENTLY applied are indicated via "
1457 "instances of the association, PolicySetAppliesToElement.) The "
1458 "PolicyRoleCollection always exists in the context of a System, "
1459 "specified using the PolicyRoleCollectionInSystem aggregation. "
1460 "The value of the PolicyRole property in this class specifies "
1461 "the role. It is defined as a free-form string. ManagedElements "
1462 "that share the role defined in this collection are aggregated "
1463 "into the Collection via the ElementInPolicyRoleCollection "
1464 "association.")]
1465 class CIM_PolicyRoleCollection : CIM_SystemSpecificCollection {
1466
1467 [Required, Description (
1468 "The PolicyRole name for the PolicySets and other "
1469 "ManagedElements that are identified and aggregated by the "
1470 "Collection. Note that the aggregated PolicySets define the "
1471 tony 1.1 "rules and groups of rules that may be applied to the "
1472 "associated ManagedElements. \n"
1473 "\n"
1474 "Although not officially designated as 'role combinations', "
1475 "multiple roles may be specified using the form: \n"
1476 "<RoleName>[&&<RoleName>]* \n"
1477 "where the individual role names appear in alphabetical "
1478 "order (according to the collating sequence for UCS-2). "
1479 "Implementations may treat PolicyRole values that are "
1480 "specified as 'role combinations' as simple strings.")]
1481 string PolicyRole;
1482
1483 [Description (
1484 "Activates/applies the PolicySets aggregated into this "
1485 "Collection to the specified ManagedElement. The "
1486 "ManagedElement MUST be a member of the Collection, "
1487 "associated via ElementInPolicyRoleCollection. The result of "
1488 "this method, if it is successfully executed, is that the "
1489 "aggregated PolicySets are deployed and enforced for the "
1490 "Element. This is reflected by the instantiation of the "
1491 "PolicySetAppliesToElement association between the named "
1492 tony 1.1 "Element and each PolicySet."),
1493 ValueMap { "0", "1", "2", "3", "4", "..", "0x8000.." },
1494 Values { "Success", "Not Supported", "Unknown", "Timeout",
1495 "Failed", "DMTF Reserved", "Vendor Specific" }]
1496 uint32 ActivatePolicySet(
1497
1498 [IN, Description (
1499 "The ManagedElement to which the aggregated PolicySets of "
1500 "this Collection are applied.")]
1501 CIM_ManagedElement REF Element);
1502
1503 [Description (
1504 "Deactivates the aggregated PolicySets for the specified "
1505 "ManagedElement. The result of this method, if it is "
1506 "successfully executed, is that the aggregated PolicySets "
1507 "are NOT enforced for the Element. This is reflected by the "
1508 "removal of the PolicySetAppliesToElement association "
1509 "between the named Element and each PolicySet. If a "
1510 "PolicySet is not currently enforced for the ManagedElement, "
1511 "then this method has no effect for that Set."),
1512 ValueMap { "0", "1", "2", "3", "4", "..", "0x8000..0xFFFF" },
1513 tony 1.1 Values { "Success", "Not Supported", "Unknown", "Timeout",
1514 "Failed", "DMTF Reserved", "Vendor Specific" }]
1515 uint32 DeactivatePolicySet(
1516 [IN, Description (
1517 "The ManagedElement to which the aggregated PolicySets of "
1518 "this Collection MUST NOT apply.")]
1519 CIM_ManagedElement REF Element);
1520 };
1521
1522
1523 // ==================================================================
1524 // === Association classes ===
1525 // ==================================================================
1526
1527
1528 // ==================================================================
1529 // PolicyComponent
1530 // ==================================================================
1531 [Association, Abstract, Aggregation, Version ( "2.6.0" ),
1532 Description (
1533 "CIM_PolicyComponent is a generic association used to establish "
1534 tony 1.1 "'part of' relationships between the subclasses of CIM_Policy. "
1535 "For example, the PolicyConditionInPolicyRule association "
1536 "defines that PolicyConditions are part of a PolicyRule.")]
1537 class CIM_PolicyComponent : CIM_Component {
1538
1539 [Aggregate, Override ( "GroupComponent" ), Description (
1540 "The parent Policy in the association.")]
1541 CIM_Policy REF GroupComponent;
1542
1543 [Override ( "PartComponent" ), Description (
1544 "The child/part Policy in the association.")]
1545 CIM_Policy REF PartComponent;
1546 };
1547
1548
1549 // ==================================================================
1550 // PolicyInSystem
1551 // ==================================================================
1552 [Association, Abstract, Version ( "2.8.0" ), Description (
1553 "CIM_PolicyInSystem is a generic association used to establish "
1554 "dependency relationships between Policies and the Systems that "
1555 tony 1.1 "host them. These Systems may be ComputerSystems where Policies "
1556 "are 'running' or they may be Policy Repositories where "
1557 "Policies are stored. This relationship is similar to the "
1558 "concept of CIM_Services being dependent on CIM_Systems as "
1559 "defined by the HostedService association. \n"
1560 "\n"
1561 "Cardinality is Max (1) for the Antecedent/System reference "
1562 "since Policies can only be hosted in at most one System "
1563 "context. Some subclasses of the association will further "
1564 "refine this definition to make the Policies Weak to Systems. "
1565 "Other subclasses of PolicyInSystem will define an optional "
1566 "hosting relationship. Examples of each of these are the "
1567 "PolicyRuleInSystem and PolicyConditionIn PolicyRepository "
1568 "associations, respectively.")]
1569 class CIM_PolicyInSystem : CIM_HostedDependency {
1570
1571 [Override ( "Antecedent" ), Max ( 1 ), Description (
1572 "The hosting System.")]
1573 CIM_System REF Antecedent;
1574
1575 [Override ( "Dependent" ), Description (
1576 tony 1.1 "The hosted Policy.")]
1577 CIM_Policy REF Dependent;
1578 };
1579
1580
1581 // ==================================================================
1582 // PolicySetInSystem
1583 // ==================================================================
1584 [Association, Abstract, Version ( "2.6.0" ), Description (
1585 "PolicySetInSystem is an abstract association class that "
1586 "represents a relationship between a System and a PolicySet "
1587 "used in the administrative scope of that system (e.g., "
1588 "AdminDomain, ComputerSystem). The Priority property is used to "
1589 "assign a relative priority to a PolicySet within the "
1590 "administrative scope in contexts where it is not a component "
1591 "of another PolicySet.")]
1592 class CIM_PolicySetInSystem : CIM_PolicyInSystem {
1593
1594 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
1595 "The System in whose scope a PolicySet is defined.")]
1596 CIM_System REF Antecedent;
1597 tony 1.1
1598 [Override ( "Dependent" ), Description (
1599 "A PolicySet named within the scope of a System.")]
1600 CIM_PolicySet REF Dependent;
1601
1602 [Description (
1603 "The Priority property is used to specify the relative "
1604 "priority of the referenced PolicySet when there are more "
1605 "than one PolicySet instances applied to a managed resource "
1606 "that are not PolicySetComponents and, therefore, have no "
1607 "other relative priority defined. The priority is a "
1608 "non-negative integer; a larger value indicates a higher "
1609 "priority.")]
1610 uint16 Priority;
1611 };
1612
1613
1614 // ==================================================================
1615 // PolicyGroupInSystem
1616 // ==================================================================
1617 [Association, Version ( "2.6.0" ), Description (
1618 tony 1.1 "An association that links a PolicyGroup to the System in whose "
1619 "scope the Group is defined.")]
1620 class CIM_PolicyGroupInSystem : CIM_PolicySetInSystem {
1621
1622 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
1623 "The System in whose scope a PolicyGroup is defined.")]
1624 CIM_System REF Antecedent;
1625
1626 [Override ( "Dependent" ), Weak, Description (
1627 "A PolicyGroup named within the scope of a System.")]
1628 CIM_PolicyGroup REF Dependent;
1629 };
1630
1631
1632 // ==================================================================
1633 // PolicyRuleInSystem
1634 // ==================================================================
1635 [Association, Version ( "2.6.0" ), Description (
1636 "An association that links a PolicyRule to the System in whose "
1637 "scope the Rule is defined.")]
1638 class CIM_PolicyRuleInSystem : CIM_PolicySetInSystem {
1639 tony 1.1
1640 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
1641 "The System in whose scope a PolicyRule is defined.")]
1642 CIM_System REF Antecedent;
1643
1644 [Override ( "Dependent" ), Weak, Description (
1645 "A PolicyRule named within the scope of a System.")]
1646 CIM_PolicyRule REF Dependent;
1647 };
1648
1649
1650 // ==================================================================
1651 // PolicySetComponent
1652 // ==================================================================
1653 [Association, Aggregation, Version ( "2.6.0" ), Description (
1654 "PolicySetComponent is a concrete aggregation that collects "
1655 "instances of the subclasses of PolicySet (i.e., PolicyGroups "
1656 "and PolicyRules). Instances are collected in sets that use the "
1657 "same decision strategy. They are prioritized relative to each "
1658 "other, within the set, using the Priority property of this "
1659 "aggregation. \n"
1660 tony 1.1 "\n"
1661 "Together, the PolicySet.PolicyDecisionStrategy and PolicySet "
1662 "Component.Priority properties determine the processing for the "
1663 "groups and rules contained in a PolicySet. A larger priority "
1664 "value represents a higher priority. Note that the Priority "
1665 "property MUST have a unique value when compared with others "
1666 "defined for the same aggregating PolicySet. Thus, the "
1667 "evaluation of rules within a set is deterministically "
1668 "specified.")]
1669 class CIM_PolicySetComponent : CIM_PolicyComponent {
1670
1671 [Aggregate, Override ( "GroupComponent" ), Description (
1672 "A PolicySet that aggregates other PolicySet instances.")]
1673 CIM_PolicySet REF GroupComponent;
1674
1675 [Override ( "PartComponent" ), Description (
1676 "A PolicySet aggregated into a PolicySet.")]
1677 CIM_PolicySet REF PartComponent;
1678
1679 [Description (
1680 "A non-negative integer for prioritizing this PolicySet "
1681 tony 1.1 "component relative to other elements of the same PolicySet. "
1682 "A larger value indicates a higher priority. The Priority "
1683 "property MUST have a unique value when compared with others "
1684 "defined for the same aggregating PolicySet.")]
1685 uint16 Priority;
1686 };
1687
1688
1689 // ==================================================================
1690 // PolicyGroupInPolicyGroup *** deprecated
1691 // ==================================================================
1692 [Association, Deprecated { "CIM_PolicySetComponent" }, Aggregation,
1693 Version ( "2.7.0" ), Description (
1694 "PolicySetComponent provides a more general mechanism for "
1695 "aggregating both PolicyGroups and PolicyRules and doing so "
1696 "with the priority value applying only to the aggregated set "
1697 "rather than policy wide. \n"
1698 "\n"
1699 "A relationship that aggregates one or more lower-level "
1700 "PolicyGroups into a higher-level Group. A Policy Group may "
1701 "aggregate PolicyRules and/or other Policy Groups.")]
1702 tony 1.1 class CIM_PolicyGroupInPolicyGroup : CIM_PolicyComponent {
1703
1704 [Deprecated { "CIM_PolicySetComponent.GroupComponent" },
1705 Aggregate, Override ( "GroupComponent" ), Description (
1706 "A PolicyGroup that aggregates other Groups.")]
1707 CIM_PolicyGroup REF GroupComponent;
1708
1709 [Deprecated { "CIM_PolicySetComponent.PartComponent" },
1710 Override ( "PartComponent" ), Description (
1711 "A PolicyGroup aggregated by another Group.")]
1712 CIM_PolicyGroup REF PartComponent;
1713 };
1714
1715
1716 // ==================================================================
1717 // PolicyRuleInPolicyGroup *** deprecated
1718 // ==================================================================
1719 [Association, Deprecated { "CIM_PolicySetComponent" }, Aggregation,
1720 Version ( "2.7.0" ), Description (
1721 "PolicySetComponent provides a more general mechanism for "
1722 "aggregating both PolicyGroups and PolicyRules and doing so "
1723 tony 1.1 "with the priority value applying only to the aggregated set "
1724 "rather than policy wide. \n"
1725 "\n"
1726 "A relationship that aggregates one or more PolicyRules into a "
1727 "PolicyGroup. A PolicyGroup may aggregate PolicyRules and/or "
1728 "other PolicyGroups.")]
1729 class CIM_PolicyRuleInPolicyGroup : CIM_PolicyComponent {
1730
1731 [Deprecated { "CIM_PolicySetComponent.GroupComponent" },
1732 Aggregate, Override ( "GroupComponent" ), Description (
1733 "A PolicyGroup that aggregates one or more PolicyRules.")]
1734 CIM_PolicyGroup REF GroupComponent;
1735
1736 [Deprecated { "CIM_PolicySetComponent.PartComponent" },
1737 Override ( "PartComponent" ), Description (
1738 "A PolicyRule aggregated by a PolicyGroup.")]
1739 CIM_PolicyRule REF PartComponent;
1740 };
1741
1742
1743 // ==================================================================
1744 tony 1.1 // PolicySetValidityPeriod
1745 // ==================================================================
1746 [Association, Aggregation, Version ( "2.7.0" ), Description (
1747 "The PolicySetValidityPeriod aggregation represents scheduled "
1748 "activation and deactivation of a PolicySet. A PolicySet is "
1749 "considered \"active\" if it is both \"Enabled\" and in a valid "
1750 "time period. \n"
1751 "\n"
1752 "If a PolicySet is associated with multiple policy time periods "
1753 "via this association, then the Set is in a valid time period "
1754 "if at least one of the time periods evaluates to TRUE. If a "
1755 "PolicySet is contained in another PolicySet via the "
1756 "PolicySetComponent aggregation (e.g., a PolicyRule in a "
1757 "PolicyGroup), then the contained PolicySet (e.g., PolicyRule) "
1758 "is in a valid period if at least one of the aggregate's "
1759 "PolicyTimePeriodCondition instances evaluates to TRUE and at "
1760 "least one of its own PolicyTimePeriodCondition instances also "
1761 "evalutes to TRUE. (In other words, the "
1762 "PolicyTimePeriodConditions are ORed to determine whether the "
1763 "PolicySet is in a valid time period and then ANDed with the "
1764 "ORed PolicyTimePeriodConditions of each of PolicySet instances "
1765 tony 1.1 "in the PolicySetComponent hierarchy to determine if the "
1766 "PolicySet is in a valid time period and, if also \"Enabled\", "
1767 "therefore, active, i.e., the hierachy ANDs the ORed "
1768 "PolicyTimePeriodConditions of the elements of the hierarchy. \n"
1769 "\n"
1770 "A Time Period may be aggregated by multiple PolicySets. A Set "
1771 "that does not point to a PolicyTimePeriodCondition via this "
1772 "association, from the point of view of scheduling, is always "
1773 "in a valid time period.")]
1774 class CIM_PolicySetValidityPeriod : CIM_PolicyComponent {
1775
1776 [Aggregate, Override ( "GroupComponent" ), Description (
1777 "This property contains the name of a PolicySet that "
1778 "contains one or more PolicyTimePeriodConditions.")]
1779 CIM_PolicySet REF GroupComponent;
1780
1781 [Override ( "PartComponent" ), Description (
1782 "This property contains the name of a "
1783 "PolicyTimePeriodCondition defining the valid time periods "
1784 "for one or more PolicySets.")]
1785 CIM_PolicyTimePeriodCondition REF PartComponent;
1786 tony 1.1 };
1787
1788
1789 // ==================================================================
1790 // PolicyRuleValidityPeriod ** deprecated
1791 // ==================================================================
1792 [Association, Deprecated { "CIM_PolicySetValidityPeriod" },
1793 Aggregation, Version ( "2.7.0" ), Description (
1794 "The PolicyRuleValidityPeriod aggregation represents scheduled "
1795 "activation and deactivation of a PolicyRule. If a PolicyRule "
1796 "is associated with multiple policy time periods via this "
1797 "association, then the Rule is active if at least one of the "
1798 "time periods indicates that it is active. (In other words, the "
1799 "PolicyTimePeriodConditions are ORed to determine whether the "
1800 "Rule is active.) A Time Period may be aggregated by multiple "
1801 "PolicyRules. A Rule that does not point to a "
1802 "PolicyTimePeriodCondition via this association is, from the "
1803 "point of view of scheduling, always active. It may, however, "
1804 "be inactive for other reasons. For example, the Rule's Enabled "
1805 "property may be set to \"disabled\" (value=2).")]
1806 class CIM_PolicyRuleValidityPeriod : CIM_PolicyComponent {
1807 tony 1.1
1808 [Deprecated { "CIM_PolicySetValidityPeriod.GroupComponent" },
1809 Aggregate, Override ( "GroupComponent" ), Description (
1810 "This property contains the name of a PolicyRule that "
1811 "contains one or more PolicyTimePeriodConditions.")]
1812 CIM_PolicyRule REF GroupComponent;
1813
1814 [Deprecated { "CIM_PolicySetValidityPeriod.PartComponent" },
1815 Override ( "PartComponent" ), Description (
1816 "This property contains the name of a "
1817 "PolicyTimePeriodCondition defining the valid time periods "
1818 "for one or more PolicyRules.")]
1819 CIM_PolicyTimePeriodCondition REF PartComponent;
1820 };
1821
1822
1823 // ==================================================================
1824 // PolicyConditionStructure
1825 // ==================================================================
1826 [Association, Abstract, Aggregation, Version ( "2.7.0" ),
1827 Description (
1828 tony 1.1 "PolicyConditions may be aggregated into rules and into "
1829 "compound conditions. PolicyConditionStructure is the abstract "
1830 "aggregation class for the structuring of policy conditions. \n"
1831 "\n"
1832 "The Conditions aggregated by a PolicyRule or "
1833 "CompoundPolicyCondition are grouped into two levels of lists: "
1834 "either an ORed set of ANDed sets of conditions (DNF, the "
1835 "default) or an ANDed set of ORed sets of conditions (CNF). "
1836 "Individual PolicyConditions in these lists may be negated. The "
1837 "property ConditionListType specifies which of these two "
1838 "grouping schemes applies to a particular PolicyRule or "
1839 "CompoundPolicyCondition instance. \n"
1840 "\n"
1841 "One or more PolicyTimePeriodConditions may be among the "
1842 "conditions associated with a PolicyRule or "
1843 "CompoundPolicyCondition via the PolicyConditionStructure "
1844 "subclass association. In this case, the time periods are "
1845 "simply additional Conditions to be evaluated along with any "
1846 "others that are specified.")]
1847 class CIM_PolicyConditionStructure : CIM_PolicyComponent {
1848
1849 tony 1.1 [Aggregate, Override ( "GroupComponent" ), Description (
1850 "This property represents the Policy that contains one or "
1851 "more PolicyConditions.")]
1852 CIM_Policy REF GroupComponent;
1853
1854 [Override ( "PartComponent" ), Description (
1855 "This property holds the name of a PolicyCondition contained "
1856 "by one or more PolicyRule or CompoundPolicyCondition "
1857 "instances.")]
1858 CIM_PolicyCondition REF PartComponent;
1859
1860 [Description (
1861 "Unsigned integer indicating the group to which the "
1862 "contained PolicyCondition belongs. This integer segments "
1863 "the Conditions into the ANDed sets (when the "
1864 "ConditionListType is \"DNF\") or, similarly, into the ORed "
1865 "sets (when the ConditionListType is \"CNF\").")]
1866 uint16 GroupNumber;
1867
1868 [Description (
1869 "Indication of whether the contained PolicyCondition is "
1870 tony 1.1 "negated. TRUE indicates that the PolicyCondition IS "
1871 "negated, FALSE indicates that it IS NOT negated.")]
1872 boolean ConditionNegated;
1873 };
1874
1875
1876 // ==================================================================
1877 // PolicyConditionInPolicyRule
1878 // ==================================================================
1879 [Association, Aggregation, Version ( "2.7.0" ), Description (
1880 "A PolicyRule aggregates zero or more instances of the "
1881 "PolicyCondition class, via the PolicyConditionInPolicyRule "
1882 "association. A Rule that aggregates zero Conditions is not "
1883 "valid; it may, however, be in the process of being defined. "
1884 "Note that a PolicyRule should have no effect until it is "
1885 "valid.")]
1886 class CIM_PolicyConditionInPolicyRule : CIM_PolicyConditionStructure {
1887
1888 [Aggregate, Override ( "GroupComponent" ), Description (
1889 "This property represents the PolicyRule that contains one "
1890 "or more PolicyConditions.")]
1891 tony 1.1 CIM_PolicyRule REF GroupComponent;
1892
1893 [Override ( "PartComponent" ), Description (
1894 "This property holds the name of a PolicyCondition contained "
1895 "by one or more PolicyRules.")]
1896 CIM_PolicyCondition REF PartComponent;
1897 };
1898
1899
1900 // ==================================================================
1901 // PolicyConditionInPolicyCondition
1902 // ==================================================================
1903 [Association, Aggregation, Version ( "2.7.0" ), Description (
1904 "A CompoundPolicyCondition aggregates zero or more instances of "
1905 "the PolicyCondition class, via the "
1906 "PolicyConditionInPolicyCondition association. A "
1907 "CompoundPolicyCondition that aggregates zero Conditions is not "
1908 "valid; it may, however, be in the process of being defined. "
1909 "Note that a CompoundPolicyCondition should have no effect "
1910 "until it is valid.")]
1911 class CIM_PolicyConditionInPolicyCondition : CIM_PolicyConditionStructure {
1912 tony 1.1
1913 [Aggregate, Override ( "GroupComponent" ), Description (
1914 "This property represents the CompoundPolicyCondition that "
1915 "contains one or more PolicyConditions.")]
1916 CIM_CompoundPolicyCondition REF GroupComponent;
1917
1918 [Override ( "PartComponent" ), Description (
1919 "This property holds the name of a PolicyCondition contained "
1920 "by one or more PolicyRules.")]
1921 CIM_PolicyCondition REF PartComponent;
1922 };
1923
1924
1925 // ==================================================================
1926 // PolicyActionStructure
1927 // ==================================================================
1928 [Association, Abstract, Aggregation, Version ( "2.6.0" ),
1929 Description (
1930 "PolicyActions may be aggregated into rules and into compound "
1931 "actions. PolicyActionStructure is the abstract aggregation "
1932 "class for the structuring of policy actions.")]
1933 tony 1.1 class CIM_PolicyActionStructure : CIM_PolicyComponent {
1934
1935 [Aggregate, Override ( "GroupComponent" ), Description (
1936 "PolicyAction instances may be aggregated into either "
1937 "PolicyRule instances or CompoundPolicyAction instances.")]
1938 CIM_Policy REF GroupComponent;
1939
1940 [Override ( "PartComponent" ), Description (
1941 "A PolicyAction aggregated by a PolicyRule or "
1942 "CompoundPolicyAction.")]
1943 CIM_PolicyAction REF PartComponent;
1944
1945 [Description (
1946 "ActionOrder is an unsigned integer 'n' that indicates the "
1947 "relative position of a PolicyAction in the sequence of "
1948 "actions associated with a PolicyRule or "
1949 "CompoundPolicyAction. When 'n' is a positive integer, it "
1950 "indicates a place in the sequence of actions to be "
1951 "performed, with smaller integers indicating earlier "
1952 "positions in the sequence. The special value '0' indicates "
1953 "'don't care'. If two or more PolicyActions have the same "
1954 tony 1.1 "non-zero sequence number, they may be performed in any "
1955 "order, but they must all be performed at the appropriate "
1956 "place in the overall action sequence. \n"
1957 "\n"
1958 "A series of examples will make ordering of PolicyActions "
1959 "clearer: \n"
1960 "o If all actions have the same sequence number, regardless "
1961 "of whether it is '0' or non-zero, any order is acceptable. "
1962 "\no The values: \n"
1963 "1:ACTION A \n"
1964 "2:ACTION B \n"
1965 "1:ACTION C \n"
1966 "3:ACTION D \n"
1967 "indicate two acceptable orders: A,C,B,D or C,A,B,D, \n"
1968 "since A and C can be performed in either order, but only at "
1969 "the '1' position. \n"
1970 "o The values: \n"
1971 "0:ACTION A \n"
1972 "2:ACTION B \n"
1973 "3:ACTION C \n"
1974 "3:ACTION D \n"
1975 tony 1.1 "require that B,C, and D occur either as B,C,D or as B,D,C. "
1976 "Action A may appear at any point relative to B, C, and D. "
1977 "Thus the complete set of acceptable orders is: A,B,C,D; "
1978 "B,A,C,D; B,C,A,D; B,C,D,A; A,B,D,C; B,A,D,C; B,D,A,C; "
1979 "B,D,C,A. \n"
1980 "\n"
1981 "Note that the non-zero sequence numbers need not start with "
1982 "'1', and they need not be consecutive. All that matters is "
1983 "their relative magnitude.")]
1984 uint16 ActionOrder;
1985 };
1986
1987
1988 // ==================================================================
1989 // PolicyActionInPolicyRule
1990 // ==================================================================
1991 [Association, Aggregation, Version ( "2.6.0" ), Description (
1992 "A PolicyRule aggregates zero or more instances of the "
1993 "PolicyAction class, via the PolicyActionInPolicyRule "
1994 "association. A Rule that aggregates zero Actions is not "
1995 "valid--it may, however, be in the process of being entered "
1996 tony 1.1 "into a PolicyRepository or being defined for a System. "
1997 "Alternately, the actions of the policy may be explicit in the "
1998 "definition of the PolicyRule. Note that a PolicyRule should "
1999 "have no effect until it is valid. \n"
2000 "\n"
2001 "The Actions associated with a PolicyRule may be given a "
2002 "required order, a recommended order, or no order at all. For "
2003 "Actions represented as separate objects, the "
2004 "PolicyActionInPolicyRule aggregation can be used to express an "
2005 "order. \n"
2006 "\n"
2007 "This aggregation does not indicate whether a specified action "
2008 "order is required, recommended, or of no significance; the "
2009 "property SequencedActions in the aggregating instance of "
2010 "PolicyRule provides this indication.")]
2011 class CIM_PolicyActionInPolicyRule : CIM_PolicyActionStructure {
2012
2013 [Aggregate, Override ( "GroupComponent" ), Description (
2014 "This property represents the PolicyRule that contains one "
2015 "or more PolicyActions.")]
2016 CIM_PolicyRule REF GroupComponent;
2017 tony 1.1
2018 [Override ( "PartComponent" ), Description (
2019 "This property holds the name of a PolicyAction contained by "
2020 "one or more PolicyRules.")]
2021 CIM_PolicyAction REF PartComponent;
2022 };
2023
2024
2025 // ==================================================================
2026 // PolicyActionInPolicyAction
2027 // ==================================================================
2028 [Association, Aggregation, Version ( "2.6.0" ), Description (
2029 "PolicyActionInPolicyAction is used to represent the "
2030 "compounding of policy actions into a higher-level policy "
2031 "action.")]
2032 class CIM_PolicyActionInPolicyAction : CIM_PolicyActionStructure {
2033
2034 [Aggregate, Override ( "GroupComponent" ), Description (
2035 "This property represents the CompoundPolicyAction that "
2036 "contains one or more PolicyActions.")]
2037 CIM_CompoundPolicyAction REF GroupComponent;
2038 tony 1.1
2039 [Override ( "PartComponent" ), Description (
2040 "This property holds the name of a PolicyAction contained by "
2041 "one or more CompoundPolicyActions.")]
2042 CIM_PolicyAction REF PartComponent;
2043 };
2044
2045
2046 // ==================================================================
2047 // PolicyContainerInPolicyContainer
2048 // ==================================================================
2049 [Association, Aggregation, Version ( "2.6.0" ), Description (
2050 "A relationship that aggregates one or more lower-level "
2051 "ReusablePolicyContainer instances into a higher-level "
2052 "ReusablePolicyContainer.")]
2053 class CIM_PolicyContainerInPolicyContainer : CIM_SystemComponent {
2054
2055 [Aggregate, Override ( "GroupComponent" ), Description (
2056 "A ReusablePolicyContainer that aggregates other "
2057 "ReusablePolicyContainers.")]
2058 CIM_ReusablePolicyContainer REF GroupComponent;
2059 tony 1.1
2060 [Override ( "PartComponent" ), Description (
2061 "A ReusablePolicyContainer aggregated by another "
2062 "ReusablePolicyContainer.")]
2063 CIM_ReusablePolicyContainer REF PartComponent;
2064 };
2065
2066
2067 // ==================================================================
2068 // PolicyRepositoryInPolicyRepository *** deprecated
2069 // ==================================================================
2070 [Association, Deprecated { "CIM_PolicyContainerInPolicyContainer" },
2071 Aggregation, Version ( "2.7.0" ), Description (
2072 "The term 'PolicyRepository' has been confusing to both "
2073 "developers and users of the model. The replacement class name "
2074 "describes model element properly and is less likely to be "
2075 "confused with a data repository. ContainedDomain is a general "
2076 "purpose mechanism for expressing domain hierarchy. \n"
2077 "\n"
2078 "A relationship that aggregates one or more lower-level "
2079 "PolicyRepositories into a higher-level Repository.")]
2080 tony 1.1 class CIM_PolicyRepositoryInPolicyRepository : CIM_SystemComponent {
2081
2082 [Deprecated {
2083 "CIM_PolicyContainerInPolicyContainer.GroupComponent" },
2084 Aggregate, Override ( "GroupComponent" ), Description (
2085 "A PolicyRepository that aggregates other Repositories.")]
2086 CIM_PolicyRepository REF GroupComponent;
2087
2088 [Deprecated {
2089 "CIM_PolicyContainerInPolicyContainer.PartComponent" },
2090 Override ( "PartComponent" ), Description (
2091 "A PolicyRepository aggregated by another Repository.")]
2092 CIM_PolicyRepository REF PartComponent;
2093 };
2094
2095
2096 // ==================================================================
2097 // ReusablePolicy
2098 // ==================================================================
2099 [Association, Version ( "2.6.0" ), Description (
2100 "The ReusablePolicy association provides for the reuse of any "
2101 tony 1.1 "subclass of Policy in a ReusablePolicyContainer.")]
2102 class CIM_ReusablePolicy : CIM_PolicyInSystem {
2103
2104 [Override ( "Antecedent" ), Max ( 1 ), Description (
2105 "This property identifies a ReusablePolicyContainer that "
2106 "provides the administrative scope for the reuse of the "
2107 "referenced policy element.")]
2108 CIM_ReusablePolicyContainer REF Antecedent;
2109
2110 [Override ( "Dependent" ), Description (
2111 "A reusable policy element.")]
2112 CIM_Policy REF Dependent;
2113 };
2114
2115
2116 // ==================================================================
2117 // ElementInPolicyRoleCollection
2118 // ==================================================================
2119 [Association, Aggregation, Version ( "2.8.0" ), Description (
2120 "An ElementInPolicyRoleCollection aggregates zero or more "
2121 "ManagedElement subclass instances into a PolicyRoleCollection "
2122 tony 1.1 "object, representing a role played by these ManagedElements. "
2123 "This Collection indicates that the aggregated PolicySets "
2124 "(aggregated by CIM_PolicySetInRoleCollection) MAY BE applied "
2125 "to the referenced elements. To indicate that the PolicySets "
2126 "ARE being enforced for the element, use the "
2127 "PolicySetAppliesToElement association.")]
2128 class CIM_ElementInPolicyRoleCollection : CIM_MemberOfCollection {
2129
2130 [Aggregate, Override ( "Collection" ), Description (
2131 "The PolicyRoleCollection.")]
2132 CIM_PolicyRoleCollection REF Collection;
2133
2134 [Override ( "Member" ), Description (
2135 "The ManagedElement that plays the role represented by the "
2136 "PolicyRoleCollection.")]
2137 CIM_ManagedElement REF Member;
2138 };
2139
2140
2141 // ==================================================================
2142 // PolicyRoleCollectionInSystem
2143 tony 1.1 // ==================================================================
2144 [Association, Version ( "2.7.0" ), Description (
2145 "PolicyRoleCollectionInSystem is an association used to "
2146 "establish a relationship between a collection and an 'owning' "
2147 "System such as an AdminDomain or ComputerSystem.")]
2148 class CIM_PolicyRoleCollectionInSystem : CIM_HostedCollection {
2149
2150 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
2151 "The parent system responsible for the collection.")]
2152 CIM_System REF Antecedent;
2153
2154 [Override ( "Dependent" ), Description (
2155 "The Collection.")]
2156 CIM_PolicyRoleCollection REF Dependent;
2157 };
2158
2159
2160 // ==================================================================
2161 // PolicyConditionInPolicyRepository *** deprecated
2162 // ==================================================================
2163 [Association, Deprecated { "CIM_ReusablePolicy" },
2164 tony 1.1 Version ( "2.7.0" ), Description (
2165 "The ReusablePolicy association is a more general relationship "
2166 "that incorporates both Conditions and Actions as well as any "
2167 "other policy subclass. \n"
2168 "\n"
2169 "This class represents the hosting of reusable PolicyConditions "
2170 "by a PolicyRepository. A reusable Policy Condition is always "
2171 "related to a single PolicyRepository, via this association. \n"
2172 "\n"
2173 "Note, that an instance of PolicyCondition can be either "
2174 "reusable or rule-specific. When the Condition is rule- "
2175 "specific, it shall not be related to any PolicyRepository via "
2176 "the PolicyConditionInPolicyRepository association.")]
2177 class CIM_PolicyConditionInPolicyRepository : CIM_PolicyInSystem {
2178
2179 [Deprecated { "CIM_ReusablePolicy.Antecedent" },
2180 Override ( "Antecedent" ), Max ( 1 ), Description (
2181 "This property identifies a PolicyRepository hosting one or "
2182 "more PolicyConditions. A reusable PolicyCondition is always "
2183 "related to exactly one PolicyRepository via the "
2184 "PolicyConditionInPolicyRepository association. The [0..1] "
2185 tony 1.1 "cardinality for this property covers the two types of "
2186 "PolicyConditions: 0 for a rule-specific PolicyCondition, 1 "
2187 "for a reusable one.")]
2188 CIM_PolicyRepository REF Antecedent;
2189
2190 [Deprecated { "CIM_ReusablePolicy.Dependent" },
2191 Override ( "Dependent" ), Description (
2192 "This property holds the name of a PolicyCondition hosted in "
2193 "the PolicyRepository.")]
2194 CIM_PolicyCondition REF Dependent;
2195 };
2196
2197
2198 // ==================================================================
2199 // PolicyActionInPolicyRepository *** deprecated
2200 // ==================================================================
2201 [Association, Deprecated { "CIM_ReusablePolicy" },
2202 Version ( "2.7.0" ), Description (
2203 "The ReusablePolicy association is a more general relationship "
2204 "that incorporates both Conditions and Actions as well as any "
2205 "other policy subclass. \n"
2206 tony 1.1 "\n"
2207 "This class represents the hosting of reusable PolicyActions by "
2208 "a PolicyRepository. A reusable Policy Action is always related "
2209 "to a single PolicyRepository, via this association. \n"
2210 "\n"
2211 "Note, that an instance of PolicyAction can be either reusable "
2212 "or rule-specific. When the Action is rule- specific, it shall "
2213 "not be related to any PolicyRepository via the "
2214 "PolicyActionInPolicyRepository association.")]
2215 class CIM_PolicyActionInPolicyRepository : CIM_PolicyInSystem {
2216
2217 [Deprecated { "CIM_ReusablePolicy.Antecedent" },
2218 Override ( "Antecedent" ), Max ( 1 ), Description (
2219 "This property represents a PolicyRepository hosting one or "
2220 "more PolicyActions. A reusable PolicyAction is always "
2221 "related to exactly one PolicyRepository via the "
2222 "PolicyActionInPolicyRepository association. The [0..1] "
2223 "cardinality for this property covers the two types of "
2224 "PolicyActions: 0 for a rule-specific PolicyAction, 1 for a "
2225 "reusable one.")]
2226 CIM_PolicyRepository REF Antecedent;
2227 tony 1.1
2228 [Deprecated { "CIM_ReusablePolicy.Dependent" },
2229 Override ( "Dependent" ), Description (
2230 "This property holds the name of a PolicyAction hosted in "
2231 "the PolicyRepository.")]
2232 CIM_PolicyAction REF Dependent;
2233 };
2234
2235
2236 // ==================================================================
2237 // PolicySetInRoleCollection
2238 // ==================================================================
2239 [Association, Aggregation, Version ( "2.8.0" ), Description (
2240 "PolicySetInRoleCollection aggregates zero or more PolicyRules "
2241 "and PolicyGroups (i.e., the subclasses of PolicySet) into a "
2242 "PolicyRoleCollection object, representing a role "
2243 "supported/enforced by the PolicySet.")]
2244 class CIM_PolicySetInRoleCollection : CIM_MemberOfCollection {
2245
2246 [Aggregate, Override ( "Collection" ), Description (
2247 "The PolicyRoleCollection.")]
2248 tony 1.1 CIM_PolicyRoleCollection REF Collection;
2249
2250 [Override ( "Member" ), Description (
2251 "The PolicySet that supports/enforces the PolicyRole for the "
2252 "elements in the PolicyRoleCollection.")]
2253 CIM_PolicySet REF Member;
2254 };
2255
2256
2257 // ==================================================================
2258 // PolicySetAppliesToElement
2259 // ==================================================================
2260 [Association, Version ( "2.8.0" ), Description (
2261 "PolicySetAppliesToElement makes explicit which PolicySets "
2262 "(i.e., policy rules and groups of rules) ARE CURRENTLY applied "
2263 "to a particular Element. This association indicates that the "
2264 "PolicySets that are appropriate for a ManagedElement "
2265 "(specified using the PolicyRoleCollection aggregation) have "
2266 "actually been deployed in the policy management "
2267 "infrastructure. Note that if the named Element refers to a "
2268 "Collection, then the PolicySet is assumed to be applied to all "
2269 tony 1.1 "the members of the Collection.")]
2270 class CIM_PolicySetAppliesToElement {
2271
2272 [Key, Description (
2273 "The PolicyRules and/or groups of rules that are currently "
2274 "applied to an Element.")]
2275 CIM_PolicySet REF PolicySet;
2276
2277 [Key, Description (
2278 "The ManagedElement to which the PolicySet applies.")]
2279 CIM_ManagedElement REF ManagedElement;
2280 };
2281
2282
2283 // ==================================================================
2284 // FilterOfPacketCondition
2285 // ==================================================================
2286 [Association, Version ( "2.8.0" ), Description (
2287 "FilterOfPacketCondition associates a network traffic "
2288 "specification (i.e., a FilterList) with a PolicyRule's "
2289 "PacketFilterCondition."),
2290 tony 1.1 MappingStrings { "IPSP Policy Model.IETF|FilterOfSACondition" }]
2291 class CIM_FilterOfPacketCondition : CIM_Dependency {
2292
2293 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
2294 "A FilterList describes the traffic selected by the "
2295 "PacketFilterCondition. A PacketFilterCondition is "
2296 "associated with one and only one FilterList, but that "
2297 "filter list may aggregate many filter entries."),
2298 MappingStrings { "IPSP Policy Model.IETF|"
2299 "FilterOfSACondition.Antecedent" }]
2300 CIM_FilterList REF Antecedent;
2301
2302 [Override ( "Dependent" ), Description (
2303 "The PacketFilterCondition that uses the FilterList as part "
2304 "of a PolicyRule."),
2305 MappingStrings { "IPSP Policy Model.IETF|"
2306 "FilterOfSACondition.Dependent" }]
2307 CIM_PacketFilterCondition REF Dependent;
2308 };
2309
2310
2311 tony 1.1 // ==================================================================
2312 // AcceptCredentialFrom
2313 // ==================================================================
2314 [Association, Version ( "2.8" ), Description (
2315 "This association specifies that a credential management "
2316 "service (e.g., CertificateAuthority or Kerberos key "
2317 "distribution service) is to be trusted to certify credentials, "
2318 "presented at the packet level. The association defines an "
2319 "'approved' CredentialManagementService that is used for "
2320 "validation. \n"
2321 "\n"
2322 "The use of this class is best explained via an example: \n"
2323 "If a CertificateAuthority is specified using this association, "
2324 "and a corresponding X509CredentialFilterEntry is also "
2325 "associated with a PacketFilterCondition (via the relationship, "
2326 "FilterOfPacketCondition), then the credential MUST match the "
2327 "FilterEntry data AND be certified by that CA (or one of the "
2328 "CredentialManagementServices in its trust hierarchy). "
2329 "Otherwise, the X509CredentialFilterEntry is deemed not to "
2330 "match. If a credential is certified by a "
2331 "CredentialManagementService associated with the "
2332 tony 1.1 "PacketFilterCondition through the AcceptCredentialFrom "
2333 "relationship, but there is no corresponding "
2334 "CredentialFilterEntry, then all credentials from the related "
2335 "service are considered to match."),
2336 MappingStrings { "IPSP Policy Model.IETF|AcceptCredentialFrom" }]
2337 class CIM_AcceptCredentialFrom : CIM_Dependency {
2338
2339 [Override ( "Antecedent" ), Description (
2340 "The CredentialManagementService that is issuing the "
2341 "credential to be matched in the PacketFilterCondition."),
2342 MappingStrings { "IPSP Policy "
2343 "Model.IETF|AcceptCredentialFrom.Antecedent" }]
2344 CIM_CredentialManagementService REF Antecedent;
2345
2346 [Override ( "Dependent" ), Description (
2347 "The PacketFilterCondition that associates the "
2348 "CredentialManagementService and any "
2349 "FilterLists/FilterEntries."),
2350 MappingStrings { "IPSP Policy "
2351 "Model.IETF|AcceptCredentialFrom.Dependent" }]
2352 CIM_PacketFilterCondition REF Dependent;
2353 tony 1.1 };
2354
2355
2356 // ===================================================================
2357 // end of file
2358 // ===================================================================
2359
|