1 tony 1.1 // ===================================================================
2 // Title: User-Security Users Access 2.8
3 // Filename: User28_UsersAccess.mof
4 // Version: 2.8
5 // Status: Final
6 // Date: Jan 26, 2004
7 // ===================================================================
8 // Copyright 2000-2004 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 tony 1.1 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 tony 1.1 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the concepts and classes related to
47 // users' access to a target, and a notary service that
48 // may verify biometrics defined in the UsersAccess class.
49 //
50 // The object classes below are listed in an order that
51 // avoids forward references. Required objects, defined
52 // by other working groups, are omitted.
53 // ===================================================================
54 // Change Log for v2.8 Final:
55 // CR1218: Modified the Deprecations of biometric information and
56 // promoted all deprecations to Final
57 // CR1235: Accepted the Description changes in CR1011 and added
58 // Descriptions for the references in PublicPrivateKeyPair
59 //
60 // Change Log for v2.8 Preliminary:
61 // CR1011: Modified Notary's Description, deprecated UsersAccess,
62 // ElementAsUser, UsersCredential, PublicPrivateKeyPair,
63 // and NotaryVerifiesBiometric
64 tony 1.1 //
65 // Change Log for v2.7: None
66 // ===================================================================
67
68 #pragma Locale ("en_US")
69
70
71 // ==================================================================
72 // UsersAccess
73 // ==================================================================
74 [Deprecated { "CIM_Identity" }, Version ( "2.8.0" ), Description (
75 "The UsersAccess object class is used to specify a 'user' that "
76 "is permitted access to resources. The ManagedElement that has "
77 "access to the resources (represented in the model using the "
78 "ElementAsUser association) may be a person, a service, a "
79 "service access point or any collection thereof. \n"
80 "\n"
81 "This class is deprecated in lieu of the simpler CIM_Identity "
82 "abstraction. The UsersAccess class combines credential "
83 "requirements (in the form of biometric requirements) with the "
84 "concepts of organizational information (via its position in "
85 tony 1.1 "the inheritance hierarchy), and identity management. These "
86 "concepts need to be separated to be better understood and "
87 "managed - hence, the deprecation.")]
88 class CIM_UsersAccess : CIM_UserEntity {
89
90 [Deprecated { "No value" }, Key, Description (
91 "CreationClassName indicates the name of the class or the "
92 "subclass used in the creation of an instance. When used "
93 "with the other key properties of this class, this property "
94 "allows all instances of this class and its subclasses to be "
95 "uniquely identified."),
96 MaxLen ( 256 )]
97 string CreationClassName;
98
99 [Deprecated { "CIM_Identity.ElementName" }, Key, Description (
100 "The Name property defines the label by which the object is "
101 "known."),
102 MaxLen ( 256 )]
103 string Name;
104
105 [Deprecated { "CIM_Identity.InstanceID" }, Key, Description (
106 tony 1.1 "The ElementID property uniquely specifies the "
107 "ManagedElement object instance that is the user represented "
108 "by the UsersAccess object instance. The ElementID is "
109 "formatted similarly to a model path except that the "
110 "property-value pairs are ordered in alphabetical order (US "
111 "ASCII lexical order).")]
112 string ElementID;
113
114 [Deprecated { "No value" }, Description (
115 "Biometric information used to identify a person. The "
116 "property value is left null or set to 'N/A' for non-human "
117 "user or a user not using biometric information for "
118 "authentication. This property is deprecated as it "
119 "represents required Credential information and is more "
120 "correctly modeled as a specific biometric credential."),
121 ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8" },
122 Values { "N/A", "Other", "Facial", "Retina", "Mark", "Finger",
123 "Voice", "DNA-RNA", "EEG" }]
124 uint16 Biometric[];
125 };
126
127 tony 1.1
128 // ==================================================================
129 // ElementAsUser
130 // ==================================================================
131 [Association, Deprecated { "CIM_AssignedIdentity" },
132 Version ( "2.8.0" ), Description (
133 "CIM_ElementAsUser is an association used to establish the "
134 "'ownership' of UsersAccess object instances. That is, the "
135 "ManagedElement may have UsersAccess to systems and, therefore, "
136 "be 'users' on those systems. UsersAccess instances must have "
137 "an 'owning' ManagedElement. Typically, the ManagedElements "
138 "will be limited to Collection, Person, Service and "
139 "ServiceAccessPoint. Other non-human ManagedElements that might "
140 "be thought of as having UsersAccess (e.g., a device or system) "
141 "have services that have the UsersAccess. \n"
142 "\n"
143 "Since the UsersAccess class is deprecated in lieu of "
144 "CIM_Identity, this association is also deprecated and replaced "
145 "by one of similar semantics, AssignedIdentity. It should be "
146 "noted that the new class is NOT defined as a Dependency "
147 "relationship, since it was felt that the association was not "
148 tony 1.1 "truly a dependency of the element on its access.")]
149 class CIM_ElementAsUser : CIM_Dependency {
150
151 [Deprecated { "CIM_AssignedIdentity.ManagedElement" },
152 Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ),
153 Description (
154 "The ManagedElement that has UsersAccess.")]
155 CIM_ManagedElement REF Antecedent;
156
157 [Deprecated { "CIM_AssignedIdentity.IdentityInfo" },
158 Override ( "Dependent" ), Description (
159 "The 'owned' UsersAccess.")]
160 CIM_UsersAccess REF Dependent;
161 };
162
163
164 // ==================================================================
165 // UsersCredential
166 // ==================================================================
167 [Association, Deprecated { "CIM_AuthenticationCondition" },
168 Version ( "2.8.0" ), Description (
169 tony 1.1 "CIM_UsersCredential is an association used to establish the "
170 "credentials that may be used for a UsersAccess to a system or "
171 "set of systems. \n"
172 "\n"
173 "Since the UsersAccess class is deprecated in lieu of "
174 "CIM_Identity, this association is also deprecated and replaced "
175 "by policy - where the AuthenticationCondition class describes "
176 "the credentials that SHOULD be authenticated in order to "
177 "establish the Identity.")]
178 class CIM_UsersCredential : CIM_Dependency {
179
180 [Deprecated { "CIM_AuthenticationCondition" },
181 Override ( "Antecedent" ), Description (
182 "The issued credential that may be used.")]
183 CIM_Credential REF Antecedent;
184
185 [Deprecated { "CIM_Identity" }, Override ( "Dependent" ),
186 Description (
187 "The UsersAccess that has use of a credential.")]
188 CIM_UsersAccess REF Dependent;
189 };
190 tony 1.1
191
192 // ==================================================================
193 // Notary
194 // ==================================================================
195 [Version ( "2.8.0" ), Description (
196 "CIM_Notary is an AuthenticationService which compares the "
197 "biometric characteristics of a person with known "
198 "characteristics, to establish identity. An example is a bank "
199 "teller who compares a picture ID with the person trying to "
200 "cash a check, or a biometric login service that uses voice "
201 "recognition to identify a 'user'.")]
202 class CIM_Notary : CIM_CredentialManagementService {
203
204 [Description (
205 "The types of biometric information which this Notary can "
206 "compare."),
207 ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8" },
208 Values { "N/A", "Other", "Facial", "Retina", "Mark", "Finger",
209 "Voice", "DNA-RNA", "EEG" }]
210 uint16 Comparitors;
211 tony 1.1
212 [Description (
213 "The SealProtocol is how the decision of the Notary is "
214 "recorded for future use by parties who will rely on its "
215 "decision. For instance, a drivers licence frequently "
216 "includes tamper-resistent coatings and markings to protect "
217 "the recorded decision that a driver, having various "
218 "biometric characteristics of height, weight, hair and eye "
219 "color, using a particular name, has features represented in "
220 "a photograph of their face.")]
221 string SealProtocol;
222
223 [Description (
224 "CharterIssued documents when the Notary is first "
225 "authorized, by whoever gave it responsibility, to perform "
226 "its service.")]
227 datetime CharterIssued;
228
229 [Description (
230 "CharterExpired documents when the Notary is no longer "
231 "authorized, by whoever gave it responsibility, to perform "
232 tony 1.1 "its service.")]
233 datetime CharterExpired;
234 };
235
236
237 // ===================================================================
238 // NotaryVerifiesBiometric
239 // ===================================================================
240 [Association, Deprecated { "CIM_ManagedCredential" },
241 Version ( "2.8.0" ), Description (
242 "This relationship associates a Notary service with the Users "
243 "Access whose biometric information is verified. It is "
244 "deprecated since one of its references (UsersAccess) is "
245 "deprecated, and because specific biometric credentials are "
246 "defined in a new subclass of CIM_Credential (specifically, "
247 "BiometricCredential). Given the latter, the relationship of a "
248 "Credential to its management service (ManagedCredential) can "
249 "be used directly.")]
250 class CIM_NotaryVerifiesBiometric : CIM_Dependency {
251
252 [Deprecated { "CIM_ManagedCredential.Antecedent" },
253 tony 1.1 Override ( "Antecedent" ), Description (
254 "The Notary service that verifies biometric information.")]
255 CIM_Notary REF Antecedent;
256
257 [Deprecated { "CIM_ManagedCredential.Dependent" },
258 Override ( "Dependent" ), Description (
259 "The UsersAccess that represents a person using biometric "
260 "information for authentication.")]
261 CIM_UsersAccess REF Dependent;
262 };
263
264
265 // ===================================================================
266 // PublicPrivateKeyPair
267 // ===================================================================
268 [Association, Deprecated { "CIM_AuthenticationCondition" },
269 Version ( "2.8.0" ), Description (
270 "This relationship associates a PublicKeyCertificate with the "
271 "Principal who has the PrivateKey used with the PublicKey. The "
272 "PrivateKey is not modeled, since it is not a data element that "
273 "ever SHOULD be accessible via management applications, other "
274 tony 1.1 "than key recovery services, which are outside our scope. \n"
275 "\n"
276 "Since the UsersAccess class and this association's superclass "
277 "are deprecated, this association is also deprecated. There is "
278 "no need to have a special subclass for public-private "
279 "credentials. This is especially true since the properties of "
280 "the association describe aspects of the certificate and its "
281 "handling. The latter is currently out of scope for the model.")]
282 class CIM_PublicPrivateKeyPair : CIM_UsersCredential {
283
284 [Deprecated { "CIM_AuthenticationCondition" },
285 Override ( "Antecedent" ), Description (
286 "The public key certificate.")]
287 CIM_PublicKeyCertificate REF Antecedent;
288
289 [Deprecated { "CIM_Identity" }, Override ( "Dependent" ),
290 Description (
291 "The Principal holding the private key (that corresponds to "
292 "the public key.")]
293 CIM_UsersAccess REF Dependent;
294
295 tony 1.1 [Deprecated { "No value" }, Description (
296 "The Certificate may be used for signature only or for "
297 "confidentiality as well as signature."),
298 ValueMap { "0", "1" },
299 Values { "SignOnly", "ConfidentialityOrSignature" }]
300 uint16 Use;
301
302 [Deprecated { "No value" }, Description (
303 "Indicates if the certificate canNOT be repudiated.")]
304 boolean NonRepudiation;
305
306 [Deprecated { "No value" }, Description (
307 "Indicates if the certificate can be backed up.")]
308 boolean BackedUp;
309
310 [Deprecated { "No value" }, Description (
311 "The repository in which the certificate is backed up.")]
312 string Repository;
313 };
314
315
316 tony 1.1 // ===================================================================
317 // end of file
318 // ===================================================================
|