1 tony 1.1 // ===================================================================
2 // Title: User-Security Access Control 2.8
3 // Filename: User28_AccessControl.mof
4 // Version: 2.8
5 // Status: Final
6 // Date: Jan 26, 2004
7 // ===================================================================
8 // Copyright 2000-2004 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 tony 1.1 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 tony 1.1 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the concepts and classes for
47 // access control.
48 //
49 // The object classes below are listed in an order that
50 // avoids forward references. Required objects, defined
51 // by other working groups, are omitted.
52 // ===================================================================
53 // Change Log for v2.8 Final
54 // CR1219 - Changes to AccessControlInfo.Description accepted for
55 // Final,
56 // as well as deprecations of AccessControlInformation,
57 // HostedACI,
58 // AuthorizedUse, AuthorizationSubject, and
59 // AuthorizationTarget
60 // CR1229 - Addition of the ArrayType qualifier to AccessControl
61 // Information's AccessType, AccessQualifier and Permission
62 // properties
63 // CR1235 - Updated the deprecation and Description of
64 tony 1.1 // AccessControlInformation.Permission / Updated the other
65 // deprecations in AccessControlInformation such that they all
66 // referenced AuthorizedPrivilege / Accepted the subclassing
67 // change for HostedACI
68 //
69 // Change Log for v2.8 Preliminary (Company Review)
70 // CR1128 - Changed subclassing of HostedACI from Dependency to
71 // HostedDependency.
72 //
73 // Change Log for v2.8 Preliminary
74 // CR1011 - Deprecated AccessControlInformation, HostedACI,
75 // AuthorizedUse, AuthorizationTarget, AuthorizationSubject
76 //
77 // Change Log for v2.7 - None
78 // ===================================================================
79
80 #pragma Locale ("en_US")
81
82
83 // ==================================================================
84 // AccessControlInformation
85 tony 1.1 // ==================================================================
86 [Deprecated { "CIM_AuthorizedPrivilege", "CIM_SecuritySensitivity" },
87 Version ( "2.8.0" ), Description (
88 "CIM_AccessControlInformation provides, through its properties "
89 "and its associations, the specification of the access rights "
90 "granted to a set of subject users to a set of target "
91 "resources. The AccessControlInformation class is weak to the "
92 "system (e.g., Computer System or Administrative Domain) for "
93 "which the access controls apply. \n"
94 "\n"
95 "This class is deprecated in lieu of two others: "
96 "AuthorizedPrivilege (defining specific access details) and "
97 "SecuritySensitivity (defining individual security levels). The "
98 "reasons for this are: 1. More specific access details are "
99 "defined in Privilege (the superclass of AuthorizedPrivilege); "
100 "and, 2. SecuritySensitivity allows security levels to be "
101 "applied to other elements than access control information.")]
102 class CIM_AccessControlInformation : CIM_LogicalElement {
103
104 [Deprecated { "No value" }, Key,
105 Propagated ( "CIM_System.CreationClassName" ), Description (
106 tony 1.1 "Hosting system creation class name."),
107 MaxLen ( 256 )]
108 string SystemCreationClassName;
109
110 [Deprecated { "No value" }, Key, Propagated ( "CIM_System.Name" ),
111 Description (
112 "Hosting system name."),
113 MaxLen ( 256 )]
114 string SystemName;
115
116 [Deprecated { "No value" }, Key, Description (
117 "CreationClassName indicates the name of the class or the "
118 "subclass used in the creation of an instance. When used "
119 "with the other key properties of this class, this property "
120 "allows all instances of this class and its subclasses to be "
121 "uniquely identified."),
122 MaxLen ( 256 )]
123 string CreationClassName;
124
125 [Deprecated { "CIM_AuthorizedPrivilege.InstanceID" }, Key,
126 Override ( "Name" ), Description (
127 tony 1.1 "The Name property defines the unique label, in the context "
128 "of the hosting system, by which the "
129 "AccessControlInformation is known."),
130 MaxLen ( 256 )]
131 string Name;
132
133 [Deprecated { "CIM_SecuritySensitivity.SecurityLevel" },
134 Description (
135 "The SecurityClassification property specifies a named level "
136 "of security associated with the AccessControlInformation, "
137 "e.g., 'Confidential', 'Top Secret', etc.")]
138 string SecurityClassification;
139
140 [Deprecated { "CIM_AuthorizedPrivilege.Activities" },
141 Description (
142 "The AccessType property is an array of string values that "
143 "specifies the type of access for which the corresponding "
144 "permission applies. For example, it can be used to specify "
145 "a generic access such as 'Read-only', 'Read/Write', etc. "
146 "for file or record access control or it can be used to "
147 "specifiy an entry point name for service access control."),
148 tony 1.1 ArrayType ( "Indexed" ),
149 ModelCorrespondence {
150 "CIM_AccessControlInformation.AccessQualifier",
151 "CIM_AccessControlInformation.Permission" }]
152 string AccessType[];
153
154 [Deprecated { "CIM_AuthorizedPrivilege.ActivityQualifiers" },
155 Description (
156 "The AccessQualifier property is an array of string values "
157 "may be used to further qualify the type of access for which "
158 "the corresponding permission applies. For example, it may "
159 "be used to specify a set of parameters that are permitted "
160 "or denied in conjunction with the corresponding AccessType "
161 "entry point name."),
162 ArrayType ( "Indexed" ),
163 ModelCorrespondence { "CIM_AccessControlInformation.AccessType",
164 "CIM_AccessControlInformation.Permission" }]
165 string AccessQualifier[];
166
167 [Deprecated { "CIM_AuthorizedPrivilege" }, Description (
168 "The Permission property is an array of string values "
169 tony 1.1 "indicating the permission that applies to the corresponding "
170 "AccessType and AccessQualifier array values. The values may "
171 "be extended in subclasses to provide more specific access "
172 "controls. \n"
173 "\n"
174 "This property is deprecated in lieu of the general "
175 "AuthorizedPrivilege class. This is because the Permissions, "
176 "'Access' and 'Deny', are addressed by the PrivilegeGranted "
177 "property, while 'Manage' maps to specific activities with "
178 "their corresponding qualifiers and formats."),
179 ValueMap { "Unknown", "Allow", "Deny", "Manage" },
180 ArrayType ( "Indexed" ),
181 ModelCorrespondence { "CIM_AccessControlInformation.AccessType",
182 "CIM_AccessControlInformation.AccessQualifier" }]
183 string Permission[];
184 };
185
186
187 // ==================================================================
188 // HostedACI
189 // ==================================================================
190 tony 1.1 [Association, Deprecated { "No value" }, Version ( "2.8.0" ),
191 Description (
192 "CIM_HostedACI is an association used to provide the namespace "
193 "scoping of AccessControlInformation. Since the referenced "
194 "class, AccessControlInformation, is deprecated, this Weak "
195 "association is similarly deprecated. Also, although "
196 "Privileges/access control can be defined in the context of a "
197 "System, this is not a mandatory association nor does it "
198 "provide any additional semantics for the Privilege. Therefore, "
199 "HostedACI is deprecated with no replacement association.")]
200 class CIM_HostedACI : CIM_HostedDependency {
201
202 [Deprecated { "No value" }, Override ( "Antecedent" ), Min ( 1 ),
203 Max ( 1 ), Description (
204 "The hosting system.")]
205 CIM_System REF Antecedent;
206
207 [Deprecated { "No value" }, Override ( "Dependent" ), Weak,
208 Description (
209 "The hosted AccessControlInformation.")]
210 CIM_AccessControlInformation REF Dependent;
211 tony 1.1 };
212
213
214 // ==================================================================
215 // AuthorizedUse
216 // ==================================================================
217 [Association, Deprecated { "No value" }, Version ( "2.8.0" ),
218 Description (
219 "CIM_AuthorizedUse is an association used to provide an "
220 "AuthorizationService with the AccessControlInformation it "
221 "needs to do its job. This association is deprecated with no "
222 "proposed replacement, since authorization processing will be "
223 "handled via policy or static checking of Privileges.")]
224 class CIM_AuthorizedUse : CIM_Dependency {
225
226 [Deprecated { "No value" }, Override ( "Antecedent" ),
227 Description (
228 "Access Control Information.")]
229 CIM_AccessControlInformation REF Antecedent;
230
231 [Deprecated { "No value" }, Override ( "Dependent" ),
232 tony 1.1 Description (
233 "AuthorizationService that uses an ACI.")]
234 CIM_AuthorizationService REF Dependent;
235 };
236
237
238 // ==================================================================
239 // AuthorizationSubject
240 // ==================================================================
241 [Association, Deprecated { "CIM_AuthorizedSubject" },
242 Version ( "2.8.0" ), Description (
243 "CIM_AuthorizationSubject is an association used to apply "
244 "authorization decisions to specific subjects (i.e., users). "
245 "This association is deprecated in lieu of a semantically "
246 "equivalent one, AuthorizedSubject, since one of the referenced "
247 "classes (AccessControlInformation) has been deprecated.")]
248 class CIM_AuthorizationSubject : CIM_Dependency {
249
250 [Deprecated { "CIM_AuthorizedSubject.Privilege" },
251 Override ( "Antecedent" ), Description (
252 "AccessControlInformation that applies to a subject set.")]
253 tony 1.1 CIM_AccessControlInformation REF Antecedent;
254
255 [Deprecated { "CIM_AuthorizedSubject.PrivilegedElement" },
256 Override ( "Dependent" ), Description (
257 "The subject set may be specified as a collection or as a "
258 "set of associations to ManagedElements that represent "
259 "users.")]
260 CIM_ManagedElement REF Dependent;
261 };
262
263
264 // ==================================================================
265 // AuthorizationTarget
266 // ==================================================================
267 [Association, Deprecated { "CIM_AuthorizedTarget" },
268 Version ( "2.8.0" ), Description (
269 "CIM_AuthorizationTarget is an association used to apply "
270 "authorization decisions to specific target resources. The "
271 "target resources may be aggregated into a collection or may be "
272 "represented as a set of associations to ManagedElements. This "
273 "association is deprecated in lieu of a semantically equivalent "
274 tony 1.1 "one, AuthorizedTarget, since one of the referenced classes "
275 "(AccessControlInformation) has been deprecated.")]
276 class CIM_AuthorizationTarget : CIM_Dependency {
277
278 [Deprecated { "CIM_AuthorizedTarget.Privilege" },
279 Override ( "Antecedent" ), Description (
280 "AccessControlInformation that applies to the target set.")]
281 CIM_AccessControlInformation REF Antecedent;
282
283 [Deprecated { "CIM_AuthorizedTarget.TargetElement" },
284 Override ( "Dependent" ), Description (
285 "The target set of resources may be specified as a "
286 "collection or as a set of associations to ManagedElements "
287 "that represent target resources.")]
288 CIM_ManagedElement REF Dependent;
289 };
290
291
292 // ===================================================================
293 // end of file
294 // ===================================================================
|