1 tony 1.1 // ===================================================================
2 // Title: User-Security Public Key Services and Credentials 2.8
3 // Filename: User28_PublicKey.mof
4 // Version: 2.8
5 // Status: Final
6 // Date: Jan 26, 2004
7 // ===================================================================
8 // Copyright 2000-2004 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 tony 1.1 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 tony 1.1 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the classes modeling public key
47 // security services, credentials and the certificate\
48 // authority.
49 //
50 // The object classes below are listed in an order that
51 // avoids forward references. Required objects, defined
52 // by other working groups, are omitted.
53 // ===================================================================
54 // Change Log for v2.8 Final
55 // CR1235 - Accepted changes in CR1011 and corrected
56 // ModelCorrespondence
57 // in UnsignedPublicKey.PeerIdentity and PeerIdentityType
58 //
59 // Change Log for v2.8 Preliminary
60 // CR1011 - Modified Descriptions for CertificateAuthority,
61 // PublicKeyCertificate, CAHasPublicKey and UnsignedPublicKey
62 //
63 // Change Log for v2.7
64 tony 1.1 // CR784 - Deprecated Expires property from CASignsPublicKeyCertificate
65 // CR980 - All deprecations taken to Final status
66 // ===================================================================
67
68 #pragma Locale ("en_US")
69
70
71 // ==================================================================
72 // CertificateAuthority
73 // ==================================================================
74 [Version ( "2.8.0" ), Description (
75 "A Certificate Authority (CA) is a credential management "
76 "service that issues and cryptographically signs certificates. "
77 "It acts as an trusted third-party intermediary in establishing "
78 "trust relationships. The CA authenticates the identity of the "
79 "holder of the 'private' key, related to the certificate's "
80 "'public' key.")]
81 class CIM_CertificateAuthority : CIM_CredentialManagementService {
82
83 [Description (
84 "The CAPolicyStatement describes what care is taken by the "
85 tony 1.1 "CertificateAuthority when signing a new certificate. The "
86 "CAPolicyStatment may be a dot-delimited ASN.1 OID string "
87 "which identifies to the formal policy statement.")]
88 string CAPolicyStatement;
89
90 [Description (
91 "A CRL, or CertificateRevocationList, is a list of "
92 "certificates which the CertificateAuthority has revoked and "
93 "which are not yet expired. Revocation is necessary when the "
94 "private key associated with the public key of a certificate "
95 "is lost or compromised, or when the person for whom the "
96 "certificate is signed no longer is entitled to use the "
97 "certificate."),
98 OctetString]
99 string CRL[];
100
101 [Description (
102 "Certificate revocation lists may be available from a number "
103 "of distribution points. CRLDistributionPoint array values "
104 "provide URIs for those distribution points.")]
105 string CRLDistributionPoint[];
106 tony 1.1
107 [Description (
108 "Certificates refer to their issuing CA by its Distinguished "
109 "Name (as defined in X.501)."),
110 Dn]
111 string CADistinguishedName;
112
113 [Description (
114 "The frequency, expressed in hours, at which the CA will "
115 "update its Certificate Revocation List. Zero implies that "
116 "the refresh frequency is unknown."),
117 Units ( "Hours" )]
118 uint8 CRLRefreshFrequency;
119
120 [Description (
121 "The maximum number of certificates in a certificate chain "
122 "permitted for credentials issued by this certificate "
123 "authority or it's subordinate CAs. \n"
124 "The MaxChainLength of a superior CA in the trust hierarchy "
125 "should be greater than this value and the MaxChainLength of "
126 "a subordinate CA in the trust hierarchy should be less than "
127 tony 1.1 "this value.")]
128 uint8 MaxChainLength;
129 };
130
131
132 // ==================================================================
133 // PublicKeyManagementService
134 // ==================================================================
135 [Version ( "2.6.0" ), Description (
136 "CIM_PublicKeyManagementService is a credential management "
137 "service that provides local system management of public keys "
138 "used by the local system.")]
139 class CIM_PublicKeyManagementService : CIM_LocalCredentialManagementService {
140 };
141
142
143 // ==================================================================
144 // PublicKeyCertificate
145 // ==================================================================
146 [Version ( "2.8.0" ), Description (
147 "A PublicKeyCertificate is a credential that is "
148 tony 1.1 "cryptographically signed by a trusted Certificate Authority "
149 "(CA) and issued to an authenticated entity (e.g., human user, "
150 "service, etc.) called the Subject in the certificate. The "
151 "public key in the certificate is cryptographically related to "
152 "a private key that is held and kept private by the "
153 "authenticated Subject. The certificate and its related private "
154 "key can then be used for establishing trust relationships and "
155 "securing communications with the Subject. Refer to the "
156 "ITU/CCITT X.509 standard as an example of such certificates.")]
157 class CIM_PublicKeyCertificate : CIM_Credential {
158
159 [Key,
160 Propagated ( "CIM_CertificateAuthority.SystemCreationClassName"
161 ), Description (
162 "The scoping System's CCN."),
163 MaxLen ( 256 )]
164 string SystemCreationClassName;
165
166 [Key, Propagated ( "CIM_CertificateAuthority.SystemName" ),
167 Description (
168 "The scoping System's Name."),
169 tony 1.1 MaxLen ( 256 )]
170 string SystemName;
171
172 [Key, Propagated ( "CIM_CertificateAuthority.CreationClassName" ),
173 Description (
174 "The scoping Service's CCN."),
175 MaxLen ( 256 )]
176 string ServiceCreationClassName;
177
178 [Key, Propagated ( "CIM_CertificateAuthority.Name" ),
179 Description (
180 "The scoping Service's Name."),
181 MaxLen ( 256 )]
182 string ServiceName;
183
184 [Key, Description (
185 "Certificate subject identifier."),
186 MaxLen ( 256 )]
187 string Subject;
188
189 [Description (
190 tony 1.1 "Alternate subject identifier for the Certificate."),
191 MaxLen ( 256 )]
192 string AltSubject;
193
194 [Description (
195 "The DER-encoded raw public key."),
196 OctetString]
197 uint8 PublicKey[];
198 };
199
200
201 // ===================================================================
202 // CAHasPublicCertificate
203 // ===================================================================
204 [Association, Version ( "2.8.0" ), Description (
205 "A CertificateAuthority may have certificates issued by other "
206 "CAs or self-signed. This association is essentially an "
207 "optimization of the CA having an external identity established "
208 "by itself or another Authority. This maps closely to "
209 "LDAP-based certificate authority implementations.")]
210 class CIM_CAHasPublicCertificate : CIM_Dependency {
211 tony 1.1
212 [Override ( "Antecedent" ), Description (
213 "The Certificate used by the CA.")]
214 CIM_PublicKeyCertificate REF Antecedent;
215
216 [Override ( "Dependent" ), Description (
217 "The CA that uses a Certificate.")]
218 CIM_CertificateAuthority REF Dependent;
219 };
220
221
222 // ===================================================================
223 // CASignsPublicKeyCertificate
224 // ===================================================================
225 [Association, Version ( "2.7.0" ), Description (
226 "This relationship associates a CertificateAuthority with the "
227 "certificates it signs.")]
228 class CIM_CASignsPublicKeyCertificate : CIM_ManagedCredential {
229
230 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
231 "The CA which signed the certificate.")]
232 tony 1.1 CIM_CertificateAuthority REF Antecedent;
233
234 [Override ( "Dependent" ), Weak, Description (
235 "The certificate issued by the CA.")]
236 CIM_PublicKeyCertificate REF Dependent;
237
238 [Description (
239 "The Serial Number.")]
240 string SerialNumber;
241
242 [Description (
243 "The Signature."),
244 OctetString]
245 uint8 Signature[];
246
247 [Deprecated { "CIM_Credential.Expires" }, Description (
248 "The time it expires.")]
249 datetime Expires;
250
251 [Description (
252 "The Authority's revocation list distribution points.")]
253 tony 1.1 string CRLDistributionPoint[];
254 };
255
256
257 // ==================================================================
258 // UnsignedPublicKey
259 // ==================================================================
260 [Version ( "2.8.0" ), Description (
261 "A CIM_UnsignedPublicKey represents an unsigned public key "
262 "credential. Services accept the public key as authentic "
263 "because of a direct trust relationship, rather than via a "
264 "third-party Certificate Authority.")]
265 class CIM_UnsignedPublicKey : CIM_Credential {
266
267 [Key,
268 Propagated ( "CIM_PublicKeyManagementService.SystemCreationClassName"
269 ), Description (
270 "The scoping System's CCN."),
271 MaxLen ( 256 )]
272 string SystemCreationClassName;
273
274 tony 1.1 [Key, Propagated ( "CIM_PublicKeyManagementService.SystemName" ),
275 Description (
276 "The scoping System's Name."),
277 MaxLen ( 256 )]
278 string SystemName;
279
280 [Key,
281 Propagated ( "CIM_PublicKeyManagementService.CreationClassName"
282 ), Description (
283 "The scoping Service's CCN."),
284 MaxLen ( 256 )]
285 string ServiceCreationClassName;
286
287 [Key, Propagated ( "CIM_PublicKeyManagementService.Name" ),
288 Description (
289 "The scoping Service's Name."),
290 MaxLen ( 256 )]
291 string ServiceName;
292
293 [Key, Description (
294 "The Identity of the Peer with whom a direct trust "
295 tony 1.1 "relationship exists. The public key may be used for "
296 "security functions with the Peer."),
297 MaxLen ( 256 ),
298 ModelCorrespondence { "CIM_UnsignedPublicKey.PeerIdentityType" }]
299 string PeerIdentity;
300
301 [Description (
302 "PeerIdentityType is used to describe the type of the "
303 "PeerIdentity. The currently defined values are used for IKE "
304 "identities."),
305 ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9",
306 "10", "11" },
307 Values { "Other", "IPV4_ADDR", "FQDN", "USER_FQDN",
308 "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
309 "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
310 "DER_ASN1_GN", "KEY_ID" },
311 ModelCorrespondence { "CIM_UnsignedPublicKey.PeerIdentity" }]
312 uint16 PeerIdentityType;
313
314 [Description (
315 "The DER-encoded raw public key."),
316 tony 1.1 OctetString]
317 uint8 PublicKey[];
318 };
319
320
321 // ==================================================================
322 // LocallyManagedPublicKey
323 // ==================================================================
324 [Association, Version ( "2.6.0" ), Description (
325 "CIM_LocallyManagedPublicKey association provides the "
326 "relationship between a PublicKeyManagementService and an "
327 "UnsignedPublicKey.")]
328 class CIM_LocallyManagedPublicKey : CIM_ManagedCredential {
329
330 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
331 "The PublicKeyManagementService that manages an unsigned "
332 "public key.")]
333 CIM_PublicKeyManagementService REF Antecedent;
334
335 [Override ( "Dependent" ), Weak, Description (
336 "An unsigned public key.")]
337 tony 1.1 CIM_UnsignedPublicKey REF Dependent;
338 };
339
340
341 // ===================================================================
342 // end of file
343 // ===================================================================
|