1 tony 1.1 // ===================================================================
2 // Title: User-Security Shared Secret 2.8
3 // Filename: User28_SharedSecret.mof
4 // Version: 2.8
5 // Status: Final
6 // Date: Jan 26, 2004
7 // ===================================================================
8 // Copyright 2000-2004 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 tony 1.1 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 tony 1.1 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the concepts and classes related to
47 // shared secret security services and credentials.
48 //
49 // The object classes below are listed in an order that
50 // avoids forward references. Required objects, defined
51 // by other working groups, are omitted.
52 // ===================================================================
53 // Change Log for v2.8 Final -
54 // CR1235 - Generalized the Descriptions for SharedSecret and several
55 // properties since these referenced a deprecated concept,
56 // UsersAccess
57 //
58 // Change Log for v2.8 Preliminary - None
59 //
60 // Change Log for v2.7 - None
61 // ===================================================================
62
63 #pragma Locale ("en_US")
64 tony 1.1
65
66 // ==================================================================
67 // SharedSecretService
68 // ==================================================================
69 [Version ( "2.6.0" ), Description (
70 "CIM_SharedSecretService is a service which ascertains whether "
71 "messages received are from the Principal with whom a secret is "
72 "shared. Examples include a login service that proves identity "
73 "on the basis of knowledge of the shared secret, or a transport "
74 "integrity service (like Kerberos provides) that includes a "
75 "message authenticity code that proves each message in the "
76 "messsage stream came from someone who knows the shared secret "
77 "session key.")]
78 class CIM_SharedSecretService : CIM_LocalCredentialManagementService {
79
80 [Description (
81 "The Algorithm used to convey the shared secret, such as "
82 "HMAC-MD5,or PLAINTEXT."),
83 MaxLen ( 256 )]
84 string Algorithm;
85 tony 1.1
86 [Description (
87 "The Protocol supported by the SharedSecretService.")]
88 string Protocol;
89 };
90
91
92 // ==================================================================
93 // SharedSecret
94 // ==================================================================
95 [Version ( "2.8.0" ), Description (
96 "CIM_SharedSecret is a secret (such as a password or the "
97 "response to a challenge question) that is shared between a "
98 "principal and a particular SharedSecret security service. "
99 "Secrets may be in the form of a password used for initial "
100 "authentication, or as with a session key, used as part of a "
101 "message to verify the originator of the message. It is "
102 "important to note that SharedSecret is not just a password, "
103 "but rather is the password used with a particular security "
104 "service.")]
105 class CIM_SharedSecret : CIM_Credential {
106 tony 1.1
107 [Key,
108 Propagated ( "CIM_SharedSecretService.SystemCreationClassName"
109 ), Description (
110 "The scoping System's CCN."),
111 MaxLen ( 256 )]
112 string SystemCreationClassName;
113
114 [Key, Propagated ( "CIM_SharedSecretService.SystemName" ),
115 Description (
116 "The scoping System's Name."),
117 MaxLen ( 256 )]
118 string SystemName;
119
120 [Key, Propagated ( "CIM_SharedSecretService.CreationClassName" ),
121 Description (
122 "The scoping Service's CCN."),
123 MaxLen ( 256 )]
124 string ServiceCreationClassName;
125
126 [Key, Propagated ( "CIM_SharedSecretService.Name" ),
127 tony 1.1 Description (
128 "The scoping Service's Name."),
129 MaxLen ( 256 )]
130 string ServiceName;
131
132 [Key, Description (
133 "RemoteID is the name by which the principal is known at the "
134 "remote secret key authentication service."),
135 MaxLen ( 256 )]
136 string RemoteID;
137
138 [Description (
139 "The secret known by the principal.")]
140 string Secret;
141
142 [Description (
143 "The transformation algorithm, if any, used to protect "
144 "passwords before use in the protocol. For instance, "
145 "Kerberos doesn't store passwords as the shared secret, but "
146 "rather, a hash of the password.")]
147 string Algorithm;
148 tony 1.1
149 [Description (
150 "The protocol with which the SharedSecret is used.")]
151 string Protocol;
152 };
153
154
155 // ===================================================================
156 // SharedSecretIsShared
157 // ===================================================================
158 [Association, Version ( "2.6.0" ), Description (
159 "This relationship associates a SharedSecretService with the "
160 "SecretKey it verifies.")]
161 class CIM_SharedSecretIsShared : CIM_ManagedCredential {
162
163 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
164 "The credential management service.")]
165 CIM_SharedSecretService REF Antecedent;
166
167 [Override ( "Dependent" ), Weak, Description (
168 "The managed credential.")]
169 tony 1.1 CIM_SharedSecret REF Dependent;
170 };
171
172
173 // ==================================================================
174 // NamedSharedIKESecret
175 // ==================================================================
176 [Version ( "2.6.0" ), Description (
177 "CIM_NamedSharedIKESecret indirectly represents a shared secret "
178 "credential. The local identity, IKEIdentity, and the remote "
179 "peer identity share the secret that is named by the "
180 "SharedSecretName. The SharedSecretName is used by the "
181 "SharedSecretService to reference the secret.")]
182 class CIM_NamedSharedIKESecret : CIM_Credential {
183
184 [Key,
185 Propagated ( "CIM_SharedSecretService.SystemCreationClassName"
186 ), Description (
187 "The scoping System's CCN."),
188 MaxLen ( 256 )]
189 string SystemCreationClassName;
190 tony 1.1
191 [Key, Propagated ( "CIM_SharedSecretService.SystemName" ),
192 Description (
193 "The scoping System's Name."),
194 MaxLen ( 256 )]
195 string SystemName;
196
197 [Key, Propagated ( "CIM_SharedSecretService.CreationClassName" ),
198 Description (
199 "The scoping Service's CCN."),
200 MaxLen ( 256 )]
201 string ServiceCreationClassName;
202
203 [Key, Propagated ( "CIM_SharedSecretService.Name" ),
204 Description (
205 "The scoping Service's Name."),
206 MaxLen ( 256 )]
207 string ServiceName;
208
209 [Key, Description (
210 "The local Identity with whom the direct trust relationship "
211 tony 1.1 "exists."),
212 MaxLen ( 256 ),
213 ModelCorrespondence {
214 "CIM_NamedSharedIKESecret.LocalIdentityType" }]
215 string LocalIdentity;
216
217 [Key, Description (
218 "LocalIdentityType is used to describe the type of the "
219 "LocalIdentity."),
220 ValueMap { "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
221 "11" },
222 Values { "IPV4_ADDR", "FQDN", "USER_FQDN", "IPV4_ADDR_SUBNET",
223 "IPV6_ADDR", "IPV6_ADDR_SUBNET", "IPV4_ADDR_RANGE",
224 "IPV6_ADDR_RANGE", "DER_ASN1_DN", "DER_ASN1_GN", "KEY_ID" },
225 ModelCorrespondence { "CIM_NamedSharedIKESecret.LocalIdentity" }]
226 uint16 LocalIdentityType;
227
228 [Key, Description (
229 "The peer identity with whom the direct trust relationship "
230 "exists."),
231 MaxLen ( 256 ),
232 tony 1.1 ModelCorrespondence {
233 "CIM_NamedSharedIKESecret.PeerIdentityType" }]
234 string PeerIdentity;
235
236 [Key, Description (
237 "PeerIdentityType is used to describe the type of the "
238 "PeerIdentity."),
239 ValueMap { "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
240 "11" },
241 Values { "IPV4_ADDR", "FQDN", "USER_FQDN", "IPV4_ADDR_SUBNET",
242 "IPV6_ADDR", "IPV6_ADDR_SUBNET", "IPV4_ADDR_RANGE",
243 "IPV6_ADDR_RANGE", "DER_ASN1_DN", "DER_ASN1_GN", "KEY_ID" },
244 ModelCorrespondence { "CIM_NamedSharedIKESecret.PeerIdentity" }]
245 uint16 PeerIdentityType;
246
247 [Description (
248 "SharedSecretName is an indirect reference to a shared "
249 "secret. The SecretService does not expose the actual secret "
250 "but rather provides access to the secret via a name.")]
251 string SharedSecretName;
252 };
253 tony 1.1
254
255 // ==================================================================
256 // IKESecretIsNamed
257 // ==================================================================
258 [Association, Version ( "2.6.0" ), Description (
259 "CIM_IKESecretIsNamed association provides the relationship "
260 "between a SharedSecretService and a NamedSharedIKESecret.")]
261 class CIM_IKESecretIsNamed : CIM_ManagedCredential {
262
263 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
264 "The SharedSecretService that manages a "
265 "NamedSharedIKESecret.")]
266 CIM_SharedSecretService REF Antecedent;
267
268 [Override ( "Dependent" ), Weak, Description (
269 "The managed NamedSharedIKESecret.")]
270 CIM_NamedSharedIKESecret REF Dependent;
271 };
272
273
274 tony 1.1 // ===================================================================
275 // end of file
276 // ===================================================================
|