1 tony 1.1 // ===================================================================
2 // Title: User-Security Kerberos Services and Credentials 2.8
3 // Filename: User28_Kerberos.mof
4 // Version: 2.8
5 // Status: Final
6 // Date: Jan 26, 2004
7 // ===================================================================
8 // Copyright 2000-2004 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 tony 1.1 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 tony 1.1 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the classes modeling a Kerberos
47 // security service and credentials.
48 //
49 // The object classes below are listed in an order that
50 // avoids forward references. Required objects, defined
51 // by other working groups, are omitted.
52 // ===================================================================
53 // Change Log for v2.8 Final
54 // CR1235 - Accepted KerberosTicket's Description change as Final
55 //
56 // Change Log for v2.8 Preliminary
57 // CR1011 - Modified description for KerberosTicket
58 //
59 // Change Log for v2.7
60 // CR784 - Promoted 2 properties, Issued and Expired, from
61 // CIM_KerberosTicket to CIM_Credential.
62 // ===================================================================
63
64 tony 1.1 #pragma Locale ("en_US")
65
66
67 // ==================================================================
68 // KerberosKeyDistributionCenter
69 // ==================================================================
70 [Version ( "2.6.0" ), Description (
71 "The Kerberos KDC.")]
72 class CIM_KerberosKeyDistributionCenter : CIM_CredentialManagementService {
73
74 [Override ( "Name" ), Description (
75 "The Realm served by this KDC.")]
76 string Name;
77
78 [Description (
79 "The version of Kerberos supported by this service."),
80 ValueMap { "0", "1", "2", "3" },
81 Values { "V4", "V5", "DCE", "MS" }]
82 uint16 Protocol[];
83 };
84
85 tony 1.1
86 // ==================================================================
87 // KerberosTicket
88 // ==================================================================
89 [Version ( "2.8.0" ), Description (
90 "A CIM_KerberosTicket represents a credential issued by a "
91 "particular Kerberos Key Distribution Center (KDC) to establish "
92 "an identity, as the result of a successful authentication "
93 "process. There are two types of tickets that a KDC may issue - "
94 "a TicketGranting ticket, which is used to protect and "
95 "authenticate communications between an entity and the KDC, and "
96 "a Session ticket, which the KDC issues to two entities to "
97 "allow them to communicate with each other.")]
98 class CIM_KerberosTicket : CIM_Credential {
99
100 [Key,
101 Propagated ( "CIM_KerberosKeyDistributionCenter.SystemCreationClassName"
102 ), Description (
103 "The scoping System's CCN."),
104 MaxLen ( 256 )]
105 string SystemCreationClassName;
106 tony 1.1
107 [Key,
108 Propagated ( "CIM_KerberosKeyDistributionCenter.SystemName" ),
109 Description (
110 "The scoping System's Name."),
111 MaxLen ( 256 )]
112 string SystemName;
113
114 [Key,
115 Propagated ( "CIM_KerberosKeyDistributionCenter.CreationClassName"
116 ), Description (
117 "The scoping Service's CCN."),
118 MaxLen ( 256 )]
119 string ServiceCreationClassName;
120
121 [Key, Propagated ( "CIM_KerberosKeyDistributionCenter.Name" ),
122 Description (
123 "The scoping Service's Name. The Kerberos KDC Realm of "
124 "CIM_KerberosTicket is used to record the security "
125 "authority, or Realm, name so that tickets issued by "
126 "different Realms can be separately managed and enumerated."),
127 tony 1.1 MaxLen ( 256 )]
128 string ServiceName;
129
130 [Key, Description (
131 "The name of the service for which this ticket is used."),
132 MaxLen ( 256 )]
133 string AccessesService;
134
135 [Key, Description (
136 "RemoteID is the name by which the user is known at the KDC "
137 "security service."),
138 MaxLen ( 256 )]
139 string RemoteID;
140
141 [Description (
142 "The Type of CIM_KerberosTicket is used to indicate whether "
143 "the ticket in question was issued by the Kerberos Key "
144 "Distribution Center (KDC) to support ongoing communication "
145 "between the Users Access and the KDC (\"TicketGranting\"), "
146 "or was issued by the KDC to support ongoing communication "
147 "between two Users Access entities (\"Session\")."),
148 tony 1.1 ValueMap { "0", "1" },
149 Values { "Session", "TicketGranting" }]
150 uint16 TicketType;
151 };
152
153
154 // ===================================================================
155 // KDCIssuesKerberosTicket
156 // ===================================================================
157 [Association, Version ( "2.6.0" ), Description (
158 "The KDC issues and owns Kerberos tickets. This association "
159 "captures the relationship between the KDC and its issued "
160 "tickets.")]
161 class CIM_KDCIssuesKerberosTicket : CIM_ManagedCredential {
162
163 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
164 "The issuing KDC.")]
165 CIM_KerberosKeyDistributionCenter REF Antecedent;
166
167 [Override ( "Dependent" ), Weak, Description (
168 "The managed credential.")]
169 tony 1.1 CIM_KerberosTicket REF Dependent;
170 };
171
172
173 // ===================================================================
174 // end of file
175 // ===================================================================
|