1 tony 1.1 // ===================================================================
2 // Title: User-Security Authentication Requirements 2.8
3 // Filename: User28_AuthenticationReqmt.mof
4 // Version: 2.8
5 // Status: Final
6 // Date: Jan 26, 2004
7 // ===================================================================
8 // Copyright 2000-2004 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 tony 1.1 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 tony 1.1 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the concepts and classes related to
47 // requirements for authentication.
48 //
49 // The object classes below are listed in an order that
50 // avoids forward references. Required objects, defined
51 // by other working groups, are omitted.
52 // ===================================================================
53 // Change Log for v2.8 Final
54 // CR1218 - All deprecations promoted to Final
55 // CR1235 - Accepted the subclassing change for HostedAuthentication
56 // Requirement
57 //
58 // Change Log for v2.8 Preliminary (Company Review)
59 // CR1107 - Deprecated:
60 // AuthenticationRequirement
61 // HostedAuthenticationRequirement
62 // AuthenticatedForUse
63 // RequireCredentialFrom
64 tony 1.1 // AuthenticationTarget
65 // CR1128 - Changed subclassing of HostedAuthenticationRequirement
66 // from Dependency to HostedDependency.
67 //
68 // Change Log for v2.8 Preliminary - None
69 //
70 // Change Log for v2.7 - None
71 // ===================================================================
72
73 #pragma Locale ("en_US")
74
75
76 // ==================================================================
77 // AuthenticationRequirement
78 // ==================================================================
79 [Deprecated { "CIM_AuthenticationCondition",
80 "CIM_AuthenticationRule", "CIM_SecuritySensitivity" },
81 Version ( "2.8.0" ), Description (
82 "CIM_AuthenticationRequirement provides, through its "
83 "associations, the authentication requirements for access to "
84 "system resources. For a particular set of target resources, "
85 tony 1.1 "the AuthenticationService may require that credentials be "
86 "issued by a specific CredentialManagementService. The "
87 "AuthenticationRequirement class is weak to the system (e.g., "
88 "ComputerSystem or Administrative Domain) for which the "
89 "requirements apply. \n"
90 "\n"
91 "Note that this class was defined before the Policy Model "
92 "existed, and is deprecated in lieu of authentication policy - "
93 "specifically, the AuthenticationCondition and "
94 "AuthenticationRule classes. In the updated design, "
95 "AuthenticationCondition describes the specific combinations of "
96 "credentials (or alternative credentials) that are required in "
97 "order to authenticate an Identity. This allows a more explicit "
98 "and flexible description of authentication requirements. Also, "
99 "the definition of 'security classification' as a property of "
100 "this class was problematic - since it could not be assigned to "
101 "an element in a straight forward fashion. To correct this "
102 "issue, the SecuritySensitivity class (and its association, "
103 "ElementSecuritySensitivity) are defined.")]
104 class CIM_AuthenticationRequirement : CIM_LogicalElement {
105
106 tony 1.1 [Deprecated { "CIM_AuthenticationRule.SystemCreationClassName" },
107 Key, Propagated ( "CIM_System.CreationClassName" ),
108 Description (
109 "Hosting systemcreation class name."),
110 MaxLen ( 256 )]
111 string SystemCreationClassName;
112
113 [Deprecated { "CIM_AuthenticationRule.SystemName" }, Key,
114 Propagated ( "CIM_System.Name" ), Description (
115 "Hosting system name."),
116 MaxLen ( 256 )]
117 string SystemName;
118
119 [Deprecated { "CIM_AuthenticationRule.CreationClassName" }, Key,
120 Description (
121 "CreationClassName indicates the name of the class or the "
122 "subclass used in the creation of an instance. When used "
123 "with the other key properties of this class, this property "
124 "allows all instances of this class and its subclasses to be "
125 "uniquely identified."),
126 MaxLen ( 256 )]
127 tony 1.1 string CreationClassName;
128
129 [Deprecated { "CIM_AuthenticationRule.PolicyRuleName" }, Key,
130 Override ( "Name" ), Description (
131 "The Name property defines the unique label, in the context "
132 "of the hosting system, by which the "
133 "AuthenticationRequirement is known."),
134 MaxLen ( 256 )]
135 string Name;
136
137 [Deprecated { "CIM_SecuritySensitivity.SecurityLevel" },
138 Description (
139 "The SecurityClassification property specifies a named level "
140 "of security associated with the AuthenticationRequirement, "
141 "e.g., 'Confidential', 'Top Secret', etc.")]
142 string SecurityClassification;
143 };
144
145
146 // ==================================================================
147 // HostedAuthenticationRequirement
148 tony 1.1 // ==================================================================
149 [Association, Deprecated { "CIM_PolicyRuleInSystem" },
150 Version ( "2.8.0" ), Description (
151 "CIM_HostedAuthenticationRequirement is an association used to "
152 "provide the namespace scoping of AuthenticationRequirement. "
153 "The hosted requirements may or may not apply to resources on "
154 "the hosting system. Since the AuthenticationRequirement class "
155 "is deprecated in lieu of explicit policy rules, this class is "
156 "similarly deprecated to its 'policy' equivalent.")]
157 class CIM_HostedAuthenticationRequirement : CIM_HostedDependency {
158
159 [Deprecated { "CIM_PolicyRuleInSystem.Antecedent" },
160 Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ),
161 Description (
162 "The hosting system.")]
163 CIM_System REF Antecedent;
164
165 [Deprecated { "CIM_PolicyRuleInSystem.Dependent" },
166 Override ( "Dependent" ), Weak, Description (
167 "The hosted AuthenticationRequirement.")]
168 CIM_AuthenticationRequirement REF Dependent;
169 tony 1.1 };
170
171
172 // ==================================================================
173 // AuthenticateForUse
174 // ==================================================================
175 [Association, Deprecated { "No value" }, Version ( "2.8.0" ),
176 Description (
177 "CIM_AuthenticateForUse is an association used to provide an "
178 "AuthenticationService with the AuthenticationRequirement it "
179 "needs to do its job. This association is unnecessary and "
180 "therefore deprecated, since it is implied that an Identity "
181 "MUST be authenticated (its CurrentlyAuthenticatedBoolean set "
182 "to TRUE) in order to have any Privileges.")]
183 class CIM_AuthenticateForUse : CIM_Dependency {
184
185 [Deprecated { "No value" }, Override ( "Antecedent" ),
186 Description (
187 "AuthenticationRequirementfor use.")]
188 CIM_AuthenticationRequirement REF Antecedent;
189
190 tony 1.1 [Deprecated { "No value" }, Override ( "Dependent" ),
191 Description (
192 "AuthenticationServicethat uses the requirements.")]
193 CIM_AuthenticationService REF Dependent;
194 };
195
196
197 // ==================================================================
198 // RequireCredentialsFrom
199 // ==================================================================
200 [Association, Deprecated { "CIM_AuthenticationCondition",
201 "CIM_AuthenticationRule" }, Version ( "2.8.0" ), Description (
202 "CIM_RequireCredentialsFrom is an association used to require "
203 "that credentials are issued by particular CredentialManagement "
204 "Services in order to authenticate a user. This association is "
205 "deprecated in lieu of explicit declaration of the "
206 "AuthenticationConditions in an AuthenticationRule. Instances "
207 "of AuthenticationCondition describe the specific combinations "
208 "of credentials (or alternative credentials) that are required "
209 "to authenticate an Identity. This allows a more explicit and "
210 "flexible description of authentication requirements.")]
211 tony 1.1 class CIM_RequireCredentialsFrom : CIM_Dependency {
212
213 [Deprecated { "CIM_AuthenticationCondition" },
214 Override ( "Antecedent" ), Description (
215 "CredentialManagementService from which credentials are "
216 "accepted for the associated AuthenticationRequirement.")]
217 CIM_CredentialManagementService REF Antecedent;
218
219 [Deprecated { "CIM_AuthenticationRule" },
220 Override ( "Dependent" ), Description (
221 "AuthenticationRequirement that limits acceptable "
222 "credentials.")]
223 CIM_AuthenticationRequirement REF Dependent;
224 };
225
226
227 // ==================================================================
228 // AuthenticationTarget
229 // ==================================================================
230 [Association, Deprecated { "CIM_PolicySetAppliesToElement" },
231 Version ( "2.8.0" ), Description (
232 tony 1.1 "CIM_AuthenticationTarget is an association used to apply "
233 "authentication requirements for access to specific resources. "
234 "For example, a shared secret may be sufficient for access to "
235 "unclassified resources, but for confidential resources, a "
236 "stronger authentication may be required. Since the "
237 "AuthenticationRequirement class is deprecated in lieu of "
238 "explicit policy rules, this association is similarly "
239 "deprecated to its 'policy' equivalent.")]
240 class CIM_AuthenticationTarget : CIM_Dependency {
241
242 [Deprecated { "CIM_PolicySetAppliesToElement.PolicySet" },
243 Override ( "Antecedent" ), Description (
244 "AuthenticationRequirement that applies to specific "
245 "resources.")]
246 CIM_AuthenticationRequirement REF Antecedent;
247
248 [Deprecated { "CIM_PolicySetAppliesToElement.ManagedElement" },
249 Override ( "Dependent" ), Description (
250 "Target resources that may be in a Collection or an "
251 "individual ManagedElement. These resources are protected by "
252 "the AuthenticationRequirement.")]
253 tony 1.1 CIM_ManagedElement REF Dependent;
254 };
255
256
257 // ===================================================================
258 // end of file
259 // ===================================================================
|