1 a.dunfey 1.1 // ===================================================================
2 // Title: CIM_Policy
3 // $State: Exp $
4 // $Date: 2004/11/29 18:31:41 $
5 // $RCSfile: CIM_Policy.mof,v $
6 // $Revision: 1.6.2.3 $
7 // ===================================================================
8 //#pragma inLine ("Includes/copyright.inc")
9 // Copyright 1998-2005 Distributed Management Task Force, Inc. (DMTF).
10 // All rights reserved.
11 // DMTF is a not-for-profit association of industry members dedicated
12 // to promoting enterprise and systems management and interoperability.
13 // DMTF specifications and documents may be reproduced for uses
14 // consistent with this purpose by members and non-members,
15 // provided that correct attribution is given.
16 // As DMTF specifications may be revised from time to time,
17 // the particular version and release date should always be noted.
18 //
19 // Implementation of certain elements of this standard or proposed
20 // standard may be subject to third party patent rights, including
21 // provisional patent rights (herein "patent rights"). DMTF makes
22 a.dunfey 1.1 // no representations to users of the standard as to the existence
23 // of such rights, and is not responsible to recognize, disclose, or
24 // identify any or all such third party patent right, owners or
25 // claimants, nor for any incomplete or inaccurate identification or
26 // disclosure of such rights, owners or claimants. DMTF shall have no
27 // liability to any party, in any manner or circumstance, under any
28 // legal theory whatsoever, for failure to recognize, disclose, or
29 // identify any such third party patent rights, or for such party's
30 // reliance on the standard or incorporation thereof in its product,
31 // protocols or testing procedures. DMTF shall have no liability to
32 // any party implementing such standard, whether such implementation
33 // is foreseeable or not, nor to any patent owner or claimant, and shall
34 // have no liability or responsibility for costs or losses incurred if
35 // a standard is withdrawn or modified after publication, and shall be
36 // indemnified and held harmless by any party implementing the
37 // standard from any and all claims of infringement by a patent owner
38 // for such implementations.
39 //
40 // For information about patents held by third-parties which have
41 // notified the DMTF that, in their opinion, such patent may relate to
42 // or impact implementations of DMTF standards, visit
43 a.dunfey 1.1 // http://www.dmtf.org/about/policies/disclosures.php.
44 //#pragma inLine
45 // ===================================================================
46 // Description: The Policy Model provides a framework for specifying
47 // configuration and operational information in a scalable
48 // way using rules composed of conditions and actions.
49 //
50 // The object classes below are listed in an order that
51 // avoids forward references. Required objects, defined
52 // by other working groups, are omitted.
53 // ===================================================================
54 // CIM V2.8 Changes (Company Review)
55 // DMTFCR1104 -Replace the class definition of
56 // AuthenticationCondition
57 // Add the following class defintions:
58 // SharedSecretAuthentication, AccountAuthentication,
59 // BiometricAuthentication, NetworkingIDAuthentication,
60 // PublicPrivateKeyAuthentication, KerberosAuthentication,
61 // DocumentAuthentication, ChallengeQuestionAuthentication
62 // (Deleted in Final),
63 // and PhysicalCredentialAuthentication
64 a.dunfey 1.1 // DMTFCR1105 - Generalize the SACondition class (from the Networks)
65 // to be PacketFilterCondition and defined here in Policy.
66 // Add FilterOfPacketCondition and AcceptCredentialFrom
67 // class definitions.
68 // Move FilterOfPacketCondition to Network_IPsecPolicy to
69 // avoid a forward reference.
70 // DMTFCR1106 - Add DoActionLogging property to PolicyAction
71 // Add NetworkPacketAction class definition
72 // Add RejectConnectionAction class definition
73 // DMTFCR1128 - Change subclassing of PolicyInSystem from
74 // Dependency to HostedDependency.
75 //
76 // CIM V2.8 Changes
77 // DMTFCR1057 - Explicit declaration of PolicySets that apply to
78 // ManagedElements, via PolicyRoleCollections
79 // DMTFCR1058 - Activate/deactivate PolicySets which match a
80 // particular PolicyRole on a particular ManagedElement
81 // DMTFCR1060 - Add AuthenticationCondition and AuthenticationRule
82 // subclasses of PolicyCondition/PolicyRule
83 //
84 // CIM V2.7 Changes
85 a.dunfey 1.1 // DMTFCR985 - Promote Deprecations to V2.7 Final
86 // DMTFCR960 - Remove Weak Qualifier from PolicyRoleCollection and
87 // derive from SystemSpecificCollection instead of Collection
88 // DMTFCR930 - Implementation Experience with the Policy 2.7 Model
89 // - Move PolicyRule.Enabled to PolicySet.Enabled
90 // - Move PolicyTimePeriodCondition up to PolicySet and
91 // make clear how to specify global time period with respect
92 // a given time zone
93 // - Deprecate policy role combinations
94 // - Add Unconditional to PolicyRule.ConditionListType
95 // - Deprecate PolicyRule.Mandatory
96 // CIMCR914 - Added propagated keys in PolicyRoleCollection
97 // CIMCR906 - Add text to PolicySetComponent's Description and the
98 // class' Priority property to indicate that the values
99 // of Priority must be unique
100 // With promotion of Component to ManagedElement,
101 // added CIM_Component as superclass of CIM_PolicyComponent
102 // (there is no other change to the semantics or syntax)
103 // CIMCR625 - Add CompoundPolicyCondition as PolicyCondition
104 // subclass
105 // - Add PolicyConditionStructure abstract aggregation as a
106 a.dunfey 1.1 // subclass of PolicyComponent
107 // - Change derivation of PolicyConditionInPolicyRule from
108 // PolicyComponent to PolicyConditionStructure and move
109 // GroupNumber and ConditionNegated properties up to parent
110 // class
111 // - Add PolicyConditionInPolicyCondition aggregation as a
112 // subclass of PolicyConditionStructure
113 // - Add PolicyRoleCollection as Collection subclass
114 // - Add ElementInPolicyRoleCollection as MemberOfCollection
115 // subclass
116 // - Add PolicyRoleCollectionInSystem as Dependency subclass
117 //
118 // CIM V2.6 Changes
119 // CIMCR614 - Add CompoundPolicyAction
120 // - Add CompoundPolicyAction as a subclass of PolicyAction
121 // - Add PolicyActionStructure abstract aggregation as a
122 // subclass of PolicyComponent
123 // - Change derivation of PolicyActionInPolicyRule from
124 // PolicyComponent to PolicyActionStructure and, thus,
125 // move ActionOrder property up to parent class
126 // - Add PolicyActionInPolicyAction aggregation as a
127 a.dunfey 1.1 // subclass of PolicyActionStructure
128 // CIMCR597a - PCIMe updates
129 // - Edit Policy description
130 // - Add PolicySet & derive PolicyGroup & PolicyRule
131 // - Deprecate PolicyRule.Priority for
132 // PolicySetComponent.Priority
133 // - Remove PolicyRule.PolicyRoles (it's in PolicySet)
134 // - Add PolicyRule.ExecutionStrategy
135 // - Deprecate PolicyRepository & replace with
136 // ReusablePolicyContainer
137 // - Add PolicySetInSystem
138 // - Add PolicySetComponent & deprecate ...InPolicyGroup
139 // & derive PolicyGroupInSystem & PolicyRuleInSystem
140 // - Add ContainedDomain (to Core)
141 // & deprecate PolicyRepositoryInPolicyRepository
142 // - Add ReusablePolicy & deprecate ...InPolicyRepository
143 // ==================================================================
144
145 #pragma Locale ("en-US")
146
147
148 a.dunfey 1.1 // ==================================================================
149 // Compile prerequisite: Core, Network and User MOFs
150 // Network MOF is needed for FilterList, and the User MOF for
151 // CredentialManagementService
152 // ==================================================================
153
154
155 // ==================================================================
156 // Policy
157 // ==================================================================
158 [Abstract, Version ( "2.6.0" ), Description (
159 "An abstract class defining the common properties of the policy "
160 "managed elements derived from CIM_Policy. The subclasses are "
161 "used to create rules and groups of rules that work together to "
162 "form a coherent set of policies within an administrative "
163 "domain or set of domains.")]
164 class CIM_Policy : CIM_ManagedElement {
165
166 [Description (
167 "A user-friendly name of this policy-related object.")]
168 string CommonName;
169 a.dunfey 1.1
170 [Description (
171 "An array of keywords for characterizing / categorizing "
172 "policy objects. Keywords are of one of two types: \n"
173 "- Keywords defined in this and other MOFs, or in DMTF white "
174 "papers. These keywords provide a vendor- independent, "
175 "installation-independent way of characterizing policy "
176 "objects. \n"
177 "- Installation-dependent keywords for characterizing policy "
178 "objects. Examples include 'Engineering', 'Billing', and "
179 "'Review in December 2000'. \n"
180 "This MOF defines the following keywords: 'UNKNOWN', "
181 "'CONFIGURATION', 'USAGE', 'SECURITY', 'SERVICE', "
182 "'MOTIVATIONAL', 'INSTALLATION', and 'EVENT'. These concepts "
183 "are self-explanatory and are further discussed in the "
184 "SLA/Policy White Paper. One additional keyword is defined: "
185 "'POLICY'. The role of this keyword is to identify "
186 "policy-related instances that may not be otherwise "
187 "identifiable, in some implementations. The keyword 'POLICY' "
188 "is NOT mutually exclusive of the other keywords specified "
189 "above.")]
190 a.dunfey 1.1 string PolicyKeywords[];
191 };
192
193
194 // ==================================================================
195 // PolicySet
196 // ==================================================================
197 [Abstract, Version ( "2.8.0" ), Description (
198 "PolicySet is an abstract class that represents a set of "
199 "policies that form a coherent set. The set of contained "
200 "policies has a common decision strategy and a common set of "
201 "policy roles (defined via the PolicySetInRole Collection "
202 "association). Subclasses include PolicyGroup and PolicyRule.")]
203 class CIM_PolicySet : CIM_Policy {
204
205 [Description (
206 "PolicyDecisionStrategy defines the evaluation method used "
207 "for policies contained in the PolicySet. FirstMatching "
208 "enforces the actions of the first rule that evaluates to "
209 "TRUE. It is the only value currently defined."),
210 ValueMap { "1" },
211 a.dunfey 1.1 Values { "First Matching" }]
212 uint16 PolicyDecisionStrategy;
213
214 [Deprecated { "CIM_PolicySetInRoleCollection" }, Description (
215 "The PolicyRoles property represents the roles associated "
216 "with a PolicySet. All contained PolicySet instances inherit "
217 "the values of the PolicyRoles of the aggregating PolicySet "
218 "but the values are not copied. A contained PolicySet "
219 "instance may, however, add additional PolicyRoles to those "
220 "it inherits from its aggregating PolicySet(s). Each value "
221 "in PolicyRoles multi-valued property represents a role for "
222 "which the PolicySet applies, i.e., the PolicySet should be "
223 "used by any enforcement point that assumes any of the "
224 "listed PolicyRoles values. \n"
225 "\n"
226 "Although not officially designated as 'role combinations', "
227 "multiple roles may be specified using the form: \n"
228 "<RoleName>[&&<RoleName>]* \n"
229 "where the individual role names appear in alphabetical "
230 "order (according to the collating sequence for UCS-2). "
231 "Implementations may treat PolicyRoles values that are "
232 a.dunfey 1.1 "specified as 'role combinations' as simple strings. \n"
233 "\n"
234 "This property is deprecated in lieu of the use of an "
235 "association, CIM_PolicySetInRoleCollection. The latter is a "
236 "more explicit and less error-prone approach to modeling "
237 "that a PolicySet has one or more PolicyRoles.")]
238 string PolicyRoles[];
239
240 [Description (
241 "Indicates whether this PolicySet is administratively "
242 "enabled, administratively disabled, or enabled for debug. "
243 "The \"EnabledForDebug\" property value is deprecated and, "
244 "when it or any value not understood by the receiver is "
245 "specified, the receiving enforcement point treats the "
246 "PolicySet as \"Disabled\". To determine if a PolicySet is "
247 "\"Enabled\", the containment hierarchy specified by the "
248 "PolicySetComponent aggregation is examined and the Enabled "
249 "property values of the hierarchy are ANDed together. Thus, "
250 "for example, everything aggregated by a PolicyGroup may be "
251 "disabled by setting the Enabled property in the PolicyGroup "
252 "instance to \"Disabled\" without changing the Enabled "
253 a.dunfey 1.1 "property values of any of the aggregated instances. The "
254 "default value is 1 (\"Enabled\")."),
255 ValueMap { "1", "2", "3" },
256 Values { "Enabled", "Disabled", "Enabled For Debug" }]
257 uint16 Enabled = 1;
258 };
259
260
261 // ==================================================================
262 // PolicyGroup
263 // ==================================================================
264 [Version ( "2.6.0" ), Description (
265 "An aggregation of PolicySet instances (PolicyGroups and/or "
266 "PolicyRules) that have the same decision strategy and inherit "
267 "policy roles. PolicyGroup instances are defined and named "
268 "relative to the CIM_System that provides their context.")]
269 class CIM_PolicyGroup : CIM_PolicySet {
270
271 [Key, Propagated ( "CIM_System.CreationClassName" ),
272 Description (
273 "The scoping System's CreationClassName."),
274 a.dunfey 1.1 MaxLen ( 256 )]
275 string SystemCreationClassName;
276
277 [Key, Propagated ( "CIM_System.Name" ), Description (
278 "The scoping System's Name."),
279 MaxLen ( 256 )]
280 string SystemName;
281
282 [Key, Description (
283 "CreationClassName indicates the name of the class or the "
284 "subclass used in the creation of an instance. When used "
285 "with the other key properties of this class, this property "
286 "allows all instances of this class and its subclasses to be "
287 "uniquely identified."),
288 MaxLen ( 256 )]
289 string CreationClassName;
290
291 [Key, Description (
292 "A user-friendly name of this PolicyGroup."),
293 MaxLen ( 256 )]
294 string PolicyGroupName;
295 a.dunfey 1.1 };
296
297
298 // ==================================================================
299 // PolicyRule
300 // ==================================================================
301 [Version ( "2.7.0" ), Description (
302 "The central class used for representing the 'If Condition then "
303 "Action' semantics of a policy rule. A PolicyRule condition, in "
304 "the most general sense, is represented as either an ORed set "
305 "of ANDed conditions (Disjunctive Normal Form, or DNF) or an "
306 "ANDed set of ORed conditions (Conjunctive Normal Form, or "
307 "CNF). Individual conditions may either be negated (NOT C) or "
308 "unnegated (C). The actions specified by a PolicyRule are to be "
309 "performed if and only if the PolicyRule condition (whether it "
310 "is represented in DNF or CNF) evaluates to TRUE. \n"
311 "\n"
312 "The conditions and actions associated with a PolicyRule are "
313 "modeled, respectively, with subclasses of PolicyCondition and "
314 "PolicyAction. These condition and action objects are tied to "
315 "instances of PolicyRule by the PolicyConditionInPolicyRule and "
316 a.dunfey 1.1 "PolicyActionInPolicyRule aggregations. \n"
317 "\n"
318 "A PolicyRule may also be associated with one or more policy "
319 "time periods, indicating the schedule according to which the "
320 "policy rule is active and inactive. In this case it is the "
321 "PolicySetValidityPeriod aggregation that provides this "
322 "linkage. \n"
323 "\n"
324 "The PolicyRule class uses the property ConditionListType, to "
325 "indicate whether the conditions for the rule are in DNF "
326 "(disjunctive normal form), CNF (conjunctive normal form) or, "
327 "in the case of a rule with no conditions, as an "
328 "UnconditionalRule. The PolicyConditionInPolicyRule aggregation "
329 "contains two additional properties to complete the "
330 "representation of the Rule's conditional expression. The first "
331 "of these properties is an integer to partition the referenced "
332 "PolicyConditions into one or more groups, and the second is a "
333 "Boolean to indicate whether a referenced Condition is negated. "
334 "An example shows how ConditionListType and these two "
335 "additional properties provide a unique representation of a set "
336 "of PolicyConditions in either DNF or CNF. \n"
337 a.dunfey 1.1 "\n"
338 "Suppose we have a PolicyRule that aggregates five "
339 "PolicyConditions C1 through C5, with the following values in "
340 "the properties of the five PolicyConditionInPolicyRule "
341 "associations: \n"
342 "C1: GroupNumber = 1, ConditionNegated = FALSE \n"
343 "C2: GroupNumber = 1, ConditionNegated = TRUE \n"
344 "C3: GroupNumber = 1, ConditionNegated = FALSE \n"
345 "C4: GroupNumber = 2, ConditionNegated = FALSE \n"
346 "C5: GroupNumber = 2, ConditionNegated = FALSE \n"
347 "\n"
348 "If ConditionListType = DNF, then the overall condition for the "
349 "PolicyRule is: \n"
350 "(C1 AND (NOT C2) AND C3) OR (C4 AND C5) \n"
351 "\n"
352 "On the other hand, if ConditionListType = CNF, then the "
353 "overall condition for the PolicyRule is: \n"
354 "(C1 OR (NOT C2) OR C3) AND (C4 OR C5) \n"
355 "\n"
356 "In both cases, there is an unambiguous specification of the "
357 "overall condition that is tested to determine whether to "
358 a.dunfey 1.1 "perform the PolicyActions associated with the PolicyRule. \n"
359 "\n"
360 "PolicyRule instances may also be used to aggregate other "
361 "PolicyRules and/or PolicyGroups. When used in this way to "
362 "implement nested rules, the conditions of the aggregating rule "
363 "apply to the subordinate rules as well. However, any side "
364 "effects of condition evaluation or the execution of actions "
365 "MUST NOT affect the result of the evaluation of other "
366 "conditions evaluated by the rule engine in the same evaluation "
367 "pass. That is, an implementation of a rule engine MAY evaluate "
368 "all conditions in any order before applying the priority and "
369 "determining which actions are to be executed.")]
370 class CIM_PolicyRule : CIM_PolicySet {
371
372 [Key, Propagated ( "CIM_System.CreationClassName" ),
373 Description (
374 "The scoping System's CreationClassName."),
375 MaxLen ( 256 )]
376 string SystemCreationClassName;
377
378 [Key, Propagated ( "CIM_System.Name" ), Description (
379 a.dunfey 1.1 "The scoping System's Name."),
380 MaxLen ( 256 )]
381 string SystemName;
382
383 [Key, Description (
384 "CreationClassName indicates the name of the class or the "
385 "subclass used in the creation of an instance. When used "
386 "with the other key properties of this class, this property "
387 "allows all instances of this class and its subclasses to be "
388 "uniquely identified."),
389 MaxLen ( 256 )]
390 string CreationClassName;
391
392 [Key, Description (
393 "A user-friendly name of this PolicyRule."),
394 MaxLen ( 256 )]
395 string PolicyRuleName;
396
397 [Description (
398 "Indicates whether the list of PolicyConditions associated "
399 "with this PolicyRule is in disjunctive normal form (DNF), "
400 a.dunfey 1.1 "conjunctive normal form (CNF), or has no conditions (i.e., "
401 "is an UnconditionalRule) and is automatically evaluated to "
402 "\"True.\" The default value is 1 (\"DNF\")."),
403 ValueMap { "0", "1", "2" },
404 Values { "Unconditional Rule", "DNF", "CNF" }]
405 uint16 ConditionListType = 1;
406
407 [Description (
408 "A free-form string that can be used to provide guidelines "
409 "on how this PolicyRule should be used.")]
410 string RuleUsage;
411
412 [Deprecated { "CIM_PolicySetComponent.Priority" }, Description (
413 "PolicyRule.Priority is deprecated and replaced by providing "
414 "the priority for a rule (and a group) in the context of the "
415 "aggregating PolicySet instead of the priority being used "
416 "for all aggregating PolicySet instances. Thus, the "
417 "assignment of priority values is much simpler. \n"
418 "\n"
419 "A non-negative integer for prioritizing this Policy Rule "
420 "relative to other Rules. A larger value indicates a higher "
421 a.dunfey 1.1 "priority. The default value is 0.")]
422 uint16 Priority=0;
423
424 [Deprecated { "No Value" }, Description (
425 "A flag indicating that the evaluation of the Policy "
426 "Conditions and execution of PolicyActions (if the "
427 "Conditions evaluate to TRUE) is required. The evaluation of "
428 "a PolicyRule MUST be attempted if the Mandatory property "
429 "value is TRUE. If the Mandatory property is FALSE, then the "
430 "evaluation of the Rule is 'best effort' and MAY be ignored.")]
431 boolean Mandatory;
432
433 [Description (
434 "This property gives a policy administrator a way of "
435 "specifying how the ordering of the PolicyActions associated "
436 "with this PolicyRule is to be interpreted. Three values are "
437 "supported: \n"
438 "o mandatory(1): Do the actions in the indicated order, or "
439 "don't do them at all. \n"
440 "o recommended(2): Do the actions in the indicated order if "
441 "you can, but if you can't do them in this order, do them in "
442 a.dunfey 1.1 "another order if you can. \n"
443 "o dontCare(3): Do them -- I don't care about the order. \n"
444 "The default value is 3 (\"DontCare\")."),
445 ValueMap { "1", "2", "3" },
446 Values { "Mandatory", "Recommended", "Dont Care" }]
447 uint16 SequencedActions = 3;
448
449 [Description (
450 "ExecutionStrategy defines the strategy to be used in "
451 "executing the sequenced actions aggregated by this "
452 "PolicyRule. There are three execution strategies: \n"
453 "\n"
454 "Do Until Success - execute actions according to predefined "
455 "order, until successful execution of a single action. \n"
456 "Do All - execute ALL actions which are part of the modeled "
457 "set, according to their predefined order. Continue doing "
458 "this, even if one or more of the actions fails. \n"
459 "Do Until Failure - execute actions according to predefined "
460 "order, until the first failure in execution of an action "
461 "instance."),
462 ValueMap { "1", "2", "3" },
463 a.dunfey 1.1 Values { "Do Until Success", "Do All", "Do Until Failure" }]
464 uint16 ExecutionStrategy;
465 };
466
467
468 // ==================================================================
469 // AuthenticationRule
470 // ==================================================================
471 [Version ( "2.8.0" ), Description (
472 "A class representing a company's and/or administrator's "
473 "authentication requirements for a CIM_Identity. The "
474 "PolicyConditions collected by an instance of "
475 "AuthenticationRule describe the various requirements under "
476 "which a CIM_Identity's CurrentlyAuthenticated Boolean is set "
477 "to TRUE. Note that the CIM_Identities which are authenticated "
478 "are tied to the Rule by the association, PolicySet "
479 "AppliesToElement. \n"
480 "\n"
481 "At this time, there are no actions associated with this "
482 "PolicyRule. This is because the actions are implicit. When the "
483 "conditions of the rule are met, then the "
484 a.dunfey 1.1 "CurrentlyAuthenticated Boolean properties of the associated "
485 "instances of CIM_Identity are set to TRUE.")]
486 class CIM_AuthenticationRule : CIM_PolicyRule {
487 };
488
489
490 // ==================================================================
491 // ReusablePolicyContainer
492 // ==================================================================
493 [Version ( "2.6.0" ), Description (
494 "A class representing an administratively defined container for "
495 "reusable policy-related information. This class does not "
496 "introduce any additional properties beyond those in its "
497 "superclass AdminDomain. It does, however, participate in a "
498 "unique association for containing policy elements. \n"
499 "\n"
500 "An instance of this class uses the NameFormat value "
501 "\"ReusablePolicyContainer\".")]
502 class CIM_ReusablePolicyContainer : CIM_AdminDomain {
503 };
504
505 a.dunfey 1.1
506 // ==================================================================
507 // PolicyRepository *** deprecated
508 // ==================================================================
509 [Deprecated { "CIM_ReusablePolicyContainer" }, Version ( "2.7.0" ),
510 Description (
511 "The term 'PolicyRepository' has been confusing to both "
512 "developers and users of the model. The replacement class name "
513 "describes model element properly and is less likely to be "
514 "confused with a data repository. \n"
515 "\n"
516 "A class representing an administratively defined container for "
517 "reusable policy-related information. This class does not "
518 "introduce any additional properties beyond those in its "
519 "superclass AdminDomain. It does, however, participate in a "
520 "number of unique associations. \n"
521 "\n"
522 "An instance of this class uses the NameFormat value "
523 "\"PolicyRepository\".")]
524 class CIM_PolicyRepository : CIM_AdminDomain {
525 };
526 a.dunfey 1.1
527
528 // ==================================================================
529 // PolicyCondition
530 // ==================================================================
531 [Abstract, Version ( "2.6.0" ), Description (
532 "A class representing a rule-specific or reusable policy "
533 "condition to be evaluated in conjunction with a Policy Rule. "
534 "Since all operational details of a PolicyCondition are "
535 "provided in subclasses of this object, this class is abstract.")]
536 class CIM_PolicyCondition : CIM_Policy {
537
538 [Key, Description (
539 "The name of the class or the subclass used in the creation "
540 "of the System object in whose scope this PolicyCondition is "
541 "defined. \n"
542 "\n"
543 "This property helps to identify the System object in whose "
544 "scope this instance of PolicyCondition exists. For a "
545 "rule-specific PolicyCondition, this is the System in whose "
546 "context the PolicyRule is defined. For a reusable "
547 a.dunfey 1.1 "PolicyCondition, this is the instance of PolicyRepository "
548 "(which is a subclass of System) that holds the Condition. \n"
549 "\n"
550 "Note that this property, and the analogous property "
551 "SystemName, do not represent propagated keys from an "
552 "instance of the class System. Instead, they are properties "
553 "defined in the context of this class, which repeat the "
554 "values from the instance of System to which this "
555 "PolicyCondition is related, either directly via the "
556 "PolicyConditionInPolicyRepository association or indirectly "
557 "via the PolicyConditionInPolicyRule aggregation."),
558 MaxLen ( 256 )]
559 string SystemCreationClassName;
560
561 [Key, Description (
562 "The name of the System object in whose scope this "
563 "PolicyCondition is defined. \n"
564 "\n"
565 "This property completes the identification of the System "
566 "object in whose scope this instance of PolicyCondition "
567 "exists. For a rule-specific PolicyCondition, this is the "
568 a.dunfey 1.1 "System in whose context the PolicyRule is defined. For a "
569 "reusable PolicyCondition, this is the instance of "
570 "PolicyRepository (which is a subclass of System) that holds "
571 "the Condition."),
572 MaxLen ( 256 )]
573 string SystemName;
574
575 [Key, Description (
576 "For a rule-specific PolicyCondition, the CreationClassName "
577 "of the PolicyRule object with which this Condition is "
578 "associated. For a reusable Policy Condition, a special "
579 "value, 'NO RULE', should be used to indicate that this "
580 "Condition is reusable and not associated with a single "
581 "PolicyRule."),
582 MaxLen ( 256 )]
583 string PolicyRuleCreationClassName;
584
585 [Key, Description (
586 "For a rule-specific PolicyCondition, the name of the "
587 "PolicyRule object with which this Condition is associated. "
588 "For a reusable PolicyCondition, a special value, 'NO RULE', "
589 a.dunfey 1.1 "should be used to indicate that this Condition is reusable "
590 "and not associated with a single PolicyRule."),
591 MaxLen ( 256 )]
592 string PolicyRuleName;
593
594 [Key, Description (
595 "CreationClassName indicates the name of the class or the "
596 "subclass used in the creation of an instance. When used "
597 "with the other key properties of this class, this property "
598 "allows all instances of this class and its subclasses to be "
599 "uniquely identified."),
600 MaxLen ( 256 )]
601 string CreationClassName;
602
603 [Key, Description (
604 "A user-friendly name of this PolicyCondition."),
605 MaxLen ( 256 )]
606 string PolicyConditionName;
607 };
608
609
610 a.dunfey 1.1 // ==================================================================
611 // PolicyTimePeriodCondition
612 // ==================================================================
613 [Version ( "2.7.0" ), Description (
614 "This class provides a means of representing the time periods "
615 "during which a PolicySet is valid, i.e., active. At all times "
616 "that fall outside these time periods, the PolicySet has no "
617 "effect. A PolicySet is treated as valid at ALL times, if it "
618 "does not specify a PolicyTimePeriodCondition. \n"
619 "\n"
620 "In some cases a Policy Consumer may need to perform certain "
621 "setup / cleanup actions when a PolicySet becomes active / "
622 "inactive. For example, sessions that were established while a "
623 "PolicySet was active might need to be taken down when the "
624 "PolicySet becomes inactive. In other cases, however, such "
625 "sessions might be left up. In this case, the effect of "
626 "deactivating the PolicySet would just be to prevent the "
627 "establishment of new sessions. \n"
628 "\n"
629 "Setup / cleanup behaviors on validity period transitions are "
630 "not currently addressed by the Policy Model, and must be "
631 a.dunfey 1.1 "specified in 'guideline' documents or via subclasses of "
632 "CIM_PolicySet, CIM_PolicyTimePeriod Condition or other "
633 "concrete subclasses of CIM_Policy. If such behaviors need to "
634 "be under the control of the policy administrator, then a "
635 "mechanism to allow this control must also be specified in the "
636 "subclasses. \n"
637 "\n"
638 "PolicyTimePeriodCondition is defined as a subclass of "
639 "PolicyCondition. This is to allow the inclusion of time-based "
640 "criteria in the AND/OR condition definitions for a PolicyRule. "
641 "\n\n"
642 "Instances of this class may have up to five properties "
643 "identifying time periods at different levels. The values of "
644 "all the properties present in an instance are ANDed together "
645 "to determine the validity period(s) for the instance. For "
646 "example, an instance with an overall validity range of January "
647 "1, 2000 through December 31, 2000; a month mask that selects "
648 "March and April; a day-of-the-week mask that selects Fridays; "
649 "and a time of day range of 0800 through 1600 would be "
650 "represented using the following time periods: \n"
651 "Friday, March 5, 2000, from 0800 through 1600; \n"
652 a.dunfey 1.1 "Friday, March 12, 2000, from 0800 through 1600; \n"
653 "Friday, March 19, 2000, from 0800 through 1600; \n"
654 "Friday, March 26, 2000, from 0800 through 1600; \n"
655 "Friday, April 2, 2000, from 0800 through 1600; \n"
656 "Friday, April 9, 2000, from 0800 through 1600; \n"
657 "Friday, April 16, 2000, from 0800 through 1600; \n"
658 "Friday, April 23, 2000, from 0800 through 1600; \n"
659 "Friday, April 30, 2000, from 0800 through 1600. \n"
660 "\n"
661 "Properties not present in an instance of "
662 "PolicyTimePeriodCondition are implicitly treated as having "
663 "their value 'always enabled'. Thus, in the example above, the "
664 "day-of-the-month mask is not present, and so the validity "
665 "period for the instance implicitly includes a day-of-the-month "
666 "mask that selects all days of the month. If this 'missing "
667 "property' rule is applied to its fullest, we see that there is "
668 "a second way to indicate that a PolicySet is always enabled: "
669 "associate with it an instance of PolicyTimePeriodCondition "
670 "whose only properties with specific values are its key "
671 "properties.")]
672 class CIM_PolicyTimePeriodCondition : CIM_PolicyCondition {
673 a.dunfey 1.1
674 [Description (
675 "This property identifies an overall range of calendar dates "
676 "and times over which a PolicySet is valid. It is formatted "
677 "as a string representing a start date and time, in which "
678 "the character 'T' indicates the beginning of the time "
679 "portion, followed by the solidus character '/', followed by "
680 "a similar string representing an end date and time. The "
681 "first date indicates the beginning of the range, while the "
682 "second date indicates the end. Thus, the second date and "
683 "time must be later than the first. Date/times are expressed "
684 "as substrings of the form yyyymmddThhmmss. For example: \n"
685 "20000101T080000/20000131T120000 defines \n"
686 "January 1, 2000, 0800 through January 31, 2000, noon \n"
687 "\n"
688 "There are also two special cases in which one of the "
689 "date/time strings is replaced with a special string defined "
690 "in RFC 2445. \n"
691 "o If the first date/time is replaced with the string "
692 "'THISANDPRIOR', then the property indicates that a "
693 "PolicySet is valid [from now] until the date/time that "
694 a.dunfey 1.1 "appears after the '/'. \n"
695 "o If the second date/time is replaced with the string "
696 "'THISANDFUTURE', then the property indicates that a "
697 "PolicySet becomes valid on the date/time that appears "
698 "before the '/', and remains valid from that point on."),
699 ModelCorrespondence {
700 "CIM_PolicyTimePeriodCondition.MonthOfYearMask",
701 "CIM_PolicyTimePeriodCondition.DayOfMonthMask",
702 "CIM_PolicyTimePeriodCondition.DayOfWeekMask",
703 "CIM_PolicyTimePeriodCondition.TimeOfDayMask",
704 "CIM_PolicyTimePeriodCondition.LocalOrUtcTime" }]
705 string TimePeriod;
706
707 [Description (
708 "The purpose of this property is to refine the valid time "
709 "period that is defined by the TimePeriod property, by "
710 "explicitly specifying in which months the PolicySet is "
711 "valid. These properties work together, with the TimePeriod "
712 "used to specify the overall time period in which the "
713 "PolicySet is valid, and the MonthOfYearMask used to pick "
714 "out the months during which the PolicySet is valid. \n"
715 a.dunfey 1.1 "\n"
716 "This property is formatted as an octet string, structured "
717 "as follows: \n"
718 "o a 4-octet length field, indicating the length of the "
719 "entire octet string; this field is always set to 0x00000006 "
720 "for this property; \n"
721 "o a 2-octet field consisting of 12 bits identifying the 12 "
722 "months of the year, beginning with January and ending with "
723 "December, followed by 4 bits that are always set to '0'. "
724 "For each month, the value '1' indicates that the policy is "
725 "valid for that month, and the value '0' indicates that it "
726 "is not valid. \n"
727 "\n"
728 "The value 0x000000060830, for example, indicates that a "
729 "PolicySet is valid only in the months May, November, and "
730 "December. \n"
731 "\n"
732 "If a value for this property is not provided, then the "
733 "PolicySet is treated as valid for all twelve months, and "
734 "only restricted by its TimePeriod property value and the "
735 "other Mask properties."),
736 a.dunfey 1.1 OctetString,
737 ModelCorrespondence {
738 "CIM_PolicyTimePeriodCondition.TimePeriod",
739 "CIM_PolicyTimePeriodCondition.LocalOrUtcTime" }]
740 uint8 MonthOfYearMask[];
741
742 [Description (
743 "The purpose of this property is to refine the valid time "
744 "period that is defined by the TimePeriod property, by "
745 "explicitly specifying in which days of the month the "
746 "PolicySet is valid. These properties work together, with "
747 "the TimePeriod used to specify the overall time period in "
748 "which the PolicySet is valid, and the DayOfMonthMask used "
749 "to pick out the days of the month during which the "
750 "PolicySet is valid. \n"
751 "\n"
752 "This property is formatted as an octet string, structured "
753 "as follows: \n"
754 "o a 4-octet length field, indicating the length of the "
755 "entire octet string; this field is always set to 0x0000000C "
756 "for this property; \n"
757 a.dunfey 1.1 "o an 8-octet field consisting of 31 bits identifying the "
758 "days of the month counting from the beginning, followed by "
759 "31 more bits identifying the days of the month counting "
760 "from the end, followed by 2 bits that are always set to "
761 "'0'. For each day, the value '1' indicates that the "
762 "PolicySet is valid for that day, and the value '0' "
763 "indicates that it is not valid. \n"
764 "\n"
765 "The value 0x0000000C8000000100000000, for example, "
766 "indicates that a PolicySet is valid on the first and last "
767 "days of the month. \n"
768 "\n"
769 "For months with fewer than 31 days, the digits "
770 "corresponding to days that the months do not have (counting "
771 "in both directions) are ignored. \n"
772 "\n"
773 "If a value for this property is not provided, then the "
774 "PolicySet is treated as valid for all days of the month, "
775 "and only restricted by its TimePeriod property value and "
776 "the other Mask properties."),
777 OctetString,
778 a.dunfey 1.1 ModelCorrespondence {
779 "CIM_PolicyTimePeriodCondition.TimePeriod",
780 "CIM_PolicyTimePeriodCondition.LocalOrUtcTime" }]
781 uint8 DayOfMonthMask[];
782
783 [Description (
784 "The purpose of this property is to refine the valid time "
785 "period that is defined by the TimePeriod property, by "
786 "explicitly specifying in which days of the week the "
787 "PolicySet is valid. These properties work together, with "
788 "the TimePeriod used to specify the overall time period in "
789 "which the PolicySet is valid, and the DayOfWeekMask used to "
790 "pick out the days of the week during which the PolicySet is "
791 "valid. \n"
792 "\n"
793 "This property is formatted as an octet string, structured "
794 "as follows: \n"
795 "o a 4-octet length field, indicating the length of the "
796 "entire octet string; this field is always set to 0x00000005 "
797 "for this property; \n"
798 "o a 1-octet field consisting of 7 bits identifying the 7 "
799 a.dunfey 1.1 "days of the week, beginning with Sunday and ending with "
800 "Saturday, followed by 1 bit that is always set to '0'. For "
801 "each day of the week, the value '1' indicates that the "
802 "PolicySet is valid for that day, and the value '0' "
803 "indicates that it is not valid. \n"
804 "\n"
805 "The value 0x000000057C, for example, indicates that a "
806 "PolicySet is valid Monday through Friday. \n"
807 "\n"
808 "If a value for this property is not provided, then the "
809 "PolicySet is treated as valid for all days of the week, and "
810 "only restricted by its TimePeriod property value and the "
811 "other Mask properties."),
812 OctetString,
813 ModelCorrespondence {
814 "CIM_PolicyTimePeriodCondition.TimePeriod",
815 "CIM_PolicyTimePeriodCondition.LocalOrUtcTime" }]
816 uint8 DayOfWeekMask[];
817
818 [Description (
819 "The purpose of this property is to refine the valid time "
820 a.dunfey 1.1 "period that is defined by the TimePeriod property, by "
821 "explicitly specifying a range of times in a day during "
822 "which the PolicySet is valid. These properties work "
823 "together, with the TimePeriod used to specify the overall "
824 "time period in which the PolicySet is valid, and the "
825 "TimeOfDayMask used to pick out the range of time periods in "
826 "a given day of during which the PolicySet is valid. \n"
827 "\n"
828 "This property is formatted in the style of RFC 2445: a time "
829 "string beginning with the character 'T', followed by the "
830 "solidus character '/', followed by a second time string. "
831 "The first time indicates the beginning of the range, while "
832 "the second time indicates the end. Times are expressed as "
833 "substrings of the form 'Thhmmss'. \n"
834 "\n"
835 "The second substring always identifies a later time than "
836 "the first substring. To allow for ranges that span "
837 "midnight, however, the value of the second string may be "
838 "smaller than the value of the first substring. Thus, "
839 "'T080000/T210000' identifies the range from 0800 until "
840 "2100, while 'T210000/T080000' identifies the range from "
841 a.dunfey 1.1 "2100 until 0800 of the following day. \n"
842 "\n"
843 "When a range spans midnight, it by definition includes "
844 "parts of two successive days. When one of these days is "
845 "also selected by either the MonthOfYearMask, "
846 "DayOfMonthMask, and/or DayOfWeekMask, but the other day is "
847 "not, then the PolicySet is active only during the portion "
848 "of the range that falls on the selected day. For example, "
849 "if the range extends from 2100 until 0800, and the day of "
850 "week mask selects Monday and Tuesday, then the PolicySet is "
851 "active during the following three intervals: \n"
852 "From midnight Sunday until 0800 Monday; \n"
853 "From 2100 Monday until 0800 Tuesday; \n"
854 "From 2100 Tuesday until 23:59:59 Tuesday. \n"
855 "\n"
856 "If a value for this property is not provided, then the "
857 "PolicySet is treated as valid for all hours of the day, and "
858 "only restricted by its TimePeriod property value and the "
859 "other Mask properties."),
860 ModelCorrespondence {
861 "CIM_PolicyTimePeriodCondition.TimePeriod",
862 a.dunfey 1.1 "CIM_PolicyTimePeriodCondition.LocalOrUtcTime" }]
863 string TimeOfDayMask;
864
865 [Description (
866 "This property indicates whether the times represented in "
867 "the TimePeriod property and in the various Mask properties "
868 "represent local times or UTC times. There is no provision "
869 "for mixing of local times and UTC times: the value of this "
870 "property applies to all of the other time-related "
871 "properties. TimePeriods are synchronized worldwide by using "
872 "the enumeration value 'UTCTime'. If the goal is to "
873 "synchronize worldwide on a particular local time (such as "
874 "0300 - 0500 in New York), then if the TimePeriod property "
875 "spans a Daylight Savings Time transition in New York, it "
876 "will be necessary to create multiple instances of "
877 "PolicyTimePeriodCondition, one based on the offset UTC-0500 "
878 "for the part of each year when standard time is used in New "
879 "York, and one based on the offset UTC-0400 for the part of "
880 "each year when Daylight Savings Time is used there."),
881 ValueMap { "1", "2" },
882 Values { "Local Time", "UTC Time" },
883 a.dunfey 1.1 ModelCorrespondence {
884 "CIM_PolicyTimePeriodCondition.TimePeriod",
885 "CIM_PolicyTimePeriodCondition.MonthOfYearMask",
886 "CIM_PolicyTimePeriodCondition.DayOfMonthMask",
887 "CIM_PolicyTimePeriodCondition.DayOfWeekMask",
888 "CIM_PolicyTimePeriodCondition.TimeOfDayMask" }]
889 uint16 LocalOrUtcTime;
890 };
891
892
893 // ==================================================================
894 // CompoundPolicyCondition
895 // ==================================================================
896 [Version ( "2.7.0" ), Description (
897 "CompoundPolicyCondition is used to represent compound "
898 "conditions formed by aggregating simpler policy conditions. "
899 "Compound conditions are constructed by associating subordinate "
900 "condition terms together using the "
901 "PolicyConditionInPolicyCondition aggregation.")]
902 class CIM_CompoundPolicyCondition : CIM_PolicyCondition {
903
904 a.dunfey 1.1 [Description (
905 "Indicates whether the list of CompoundPolicyConditions "
906 "associated with this PolicyRule is in disjunctive normal "
907 "form (DNF) or conjunctive normal form (CNF). The default "
908 "value is 1 (\"DNF\")."),
909 ValueMap { "1", "2" },
910 Values { "DNF", "CNF" }]
911 uint16 ConditionListType;
912 };
913
914
915 // ==================================================================
916 // AuthenticationCondition
917 // ==================================================================
918 [Abstract, Version ( "2.8.0" ), Description (
919 "An abstract class whose subclasses describe one of a company's "
920 "and/or administrator's credential requirements, and/or other "
921 "information that should be authenticated in order to "
922 "establish/trust a CIM_Identity. The PolicyConditions collected "
923 "by an instance of AuthenticationRule describe the various "
924 "requirements under which a CIM_Identity's "
925 a.dunfey 1.1 "CurrentlyAuthenticated Boolean is set to TRUE. Note that the "
926 "CIM_Identities which are authenticated are specified through "
927 "the AuthenticationRule, using the PolicySet AppliesToElement "
928 "association.")]
929 class CIM_AuthenticationCondition : CIM_PolicyCondition {
930 };
931
932
933 // ==================================================================
934 // SharedSecretAuthentication
935 // ==================================================================
936 [Version ( "2.8.0" ), Description (
937 "A class describing a company's and/or administrator's "
938 "credential requirements that should be authenticated in order "
939 "to establish/trust a CIM_Identity. This class defines a "
940 "specific identity whose shared secret should be authenticated.")]
941 class CIM_SharedSecretAuthentication : CIM_AuthenticationCondition {
942
943 [Description (
944 "String defining the principal's ID whose secret is "
945 "authenticated.")]
946 a.dunfey 1.1 string IDOfPrincipal;
947
948 [Description (
949 "String defining a hostname, URI or service/application "
950 "name. It defines the specific system or service which "
951 "provides the context for the shared secret.")]
952 string ContextOfSecret;
953 };
954
955
956 // ==================================================================
957 // AccountAuthentication
958 // ==================================================================
959 [Version ( "2.8.0" ), Description (
960 "A class describing a company's and/or administrator's "
961 "credential requirements that should be authenticated in order "
962 "to establish/trust a CIM_Identity. This class defines a "
963 "specific identity whose account credentials should be "
964 "authenticated.")]
965 class CIM_AccountAuthentication : CIM_AuthenticationCondition {
966
967 a.dunfey 1.1 [Description (
968 "String defining the account's ID which is authenticated.")]
969 string AccountID;
970
971 [Description (
972 "String defining a hostname, URI or other information "
973 "identifying the system where the Account resides.")]
974 string AccountContext;
975 };
976
977
978 // ==================================================================
979 // BiometricAuthentication
980 // ==================================================================
981 [Version ( "2.8.0" ), Description (
982 "A class describing a company's and/or administrator's "
983 "credential requirements that should be authenticated in order "
984 "to establish/trust a CIM_Identity. This class defines specific "
985 "biometric data that should be authenticated.")]
986 class CIM_BiometricAuthentication : CIM_AuthenticationCondition {
987
988 a.dunfey 1.1 [Description (
989 "Integer enumeration identifying the biometric data that "
990 "should be authenticated."),
991 ValueMap { "1", "2", "3", "4", "5", "6","7", "8" },
992 Values { "Other", "Facial", "Retina", "Mark", "Finger", "Voice",
993 "DNA-RNA", "EEG" },
994 ModelCorrespondence {
995 "CIM_BiometricAuthentication.OtherBiometric" }]
996 uint16 TypeOfBiometric;
997
998 [Description (
999 "String specifying the biometric when the TypeOfBiometric "
1000 "property is set to 1, \"Other\"."),
1001 ModelCorrespondence {
1002 "CIM_BiometricAuthentication.TypeOfBiometric" }]
1003 string OtherBiometric;
1004
1005 [Description (
1006 "String defining a specific biometric code, which may be "
1007 "validated by the security infrastructure. If this property "
1008 "is left blank, it is the responsibility of the "
1009 a.dunfey 1.1 "infrastructure to verify the biometric (which MUST be of a "
1010 "type specified by the TypeOfBiometric property).")]
1011 string PersonalIdentifier;
1012 };
1013
1014
1015 // ==================================================================
1016 // NetworkingIDAuthentication
1017 // ==================================================================
1018 [Version ( "2.8.0" ), Description (
1019 "A class describing a company's and/or administrator's "
1020 "credential requirements that should be authenticated in order "
1021 "to establish/trust a CIM_Identity. This class specifies that a "
1022 "networking ID or address should be verified.")]
1023 class CIM_NetworkingIDAuthentication : CIM_AuthenticationCondition {
1024
1025 [Description (
1026 "A string defining the specific type/subclass of "
1027 "CIM_Identity which specifies the networking information. "
1028 "For example, CIM_StorageHardwareID would be entered in this "
1029 "property to identify that a 'known' port should be "
1030 a.dunfey 1.1 "observed.")]
1031 string NetworkingIdentityClassName;
1032 };
1033
1034
1035 // ==================================================================
1036 // PublicPrivateKeyAuthentication
1037 // ==================================================================
1038 [Version ( "2.8.0" ), Description (
1039 "A class describing a company's and/or administrator's "
1040 "credential requirements that should be authenticated in order "
1041 "to establish/trust a CIM_Identity. This class defines the "
1042 "specific public/private key pair that should be authenticated.")]
1043 class CIM_PublicPrivateKeyAuthentication : CIM_AuthenticationCondition {
1044
1045 [Description (
1046 "Boolean indicating whether the key pair is self-issued "
1047 "(TRUE) or issued by a Certificate Authority (FALSE).")]
1048 boolean SelfIssuedKey;
1049
1050 [Description (
1051 a.dunfey 1.1 "String holding the user's (distinguished) name.")]
1052 string DistinguishedName;
1053
1054 [Description (
1055 "String holding the public key data.")]
1056 string PublicKey;
1057 };
1058
1059
1060 // ==================================================================
1061 // KerberosAuthentication
1062 // ==================================================================
1063 [Version ( "2.8.0" ), Description (
1064 "A class describing a company's and/or administrator's "
1065 "credential requirements that should be authenticated in order "
1066 "to establish/trust a CIM_Identity. This class defines a user "
1067 "whose Kerberos ticket should be authenticated.")]
1068 class CIM_KerberosAuthentication : CIM_AuthenticationCondition {
1069
1070 [Description (
1071 "String holding the user name for which the ticket is "
1072 a.dunfey 1.1 "issued.")]
1073 string UserName;
1074 };
1075
1076
1077 // ==================================================================
1078 // DocumentAuthentication
1079 // ==================================================================
1080 [Version ( "2.8.0" ), Description (
1081 "A class describing a company's and/or administrator's "
1082 "credential requirements that should be authenticated in order "
1083 "to establish/trust a CIM_Identity. This class defines the "
1084 "specific document that should be authenticated.")]
1085 class CIM_DocumentAuthentication : CIM_AuthenticationCondition {
1086
1087 [Description (
1088 "Integer enumeration identifying the document that should be "
1089 "authenticated."),
1090 ValueMap { "1", "2", "3", "4", "5", "6","7" },
1091 Values { "Other", "Passport", "Birth Certificate",
1092 "Credit Card", "Drivers License", "Membership Card",
1093 a.dunfey 1.1 "Social Security Card" },
1094 ModelCorrespondence { "CIM_DocumentAuthentication.OtherDocument"
1095 }]
1096 uint16 TypeOfDocument;
1097
1098 [Description (
1099 "String specifying the document when the TypeOfDocument "
1100 "property is set to 1, \"Other\"."),
1101 ModelCorrespondence {
1102 "CIM_DocumentAuthentication.TypeOfDocument" }]
1103 string OtherDocument;
1104
1105 [Description (
1106 "String defining a particular document which may be used in "
1107 "the authentication process for example, a specific driver's "
1108 "license or passport number. If left blank, then any valid "
1109 "document matching the category specified by the "
1110 "TypeOfDocument property, can be accepted.")]
1111 string DocumentIdentifier;
1112 };
1113
1114 a.dunfey 1.1
1115 // ==================================================================
1116 // PhysicalCredentialAuthentication
1117 // ==================================================================
1118 [Version ( "2.8.0" ), Description (
1119 "A class describing a company's and/or administrator's "
1120 "credential requirements that should be authenticated in order "
1121 "to establish/trust a CIM_Identity. This class defines the "
1122 "specific type of physical credential that should be "
1123 "authenticated.")]
1124 class CIM_PhysicalCredentialAuthentication : CIM_AuthenticationCondition {
1125
1126 [Description (
1127 "Integer enumeration identifying the credential that should "
1128 "be authenticated."),
1129 ValueMap { "1", "2", "3", "4" },
1130 Values { "Other", "Magnetic Stripe Card", "Smart Card",
1131 "Password Generator Card" },
1132 ModelCorrespondence {
1133 "CIM_PhysicalCredentialAuthentication.OtherCredential" }]
1134 uint16 TypeOfCredential;
1135 a.dunfey 1.1
1136 [Description (
1137 "String specifying the credential when the TypeOfCredential "
1138 "property is set to 1, \"Other\"."),
1139 ModelCorrespondence {
1140 "CIM_PhysicalCredentialAuthentication.TypeOfCredential" }]
1141 string OtherCredential;
1142
1143 [Description (
1144 "String defining a character or binary sequence, which is "
1145 "built into the physical credential to identify it. If left "
1146 "blank, it is the responsibility of the security "
1147 "infrastructure to verify that a valid credential (of the "
1148 "specified type) has been used.")]
1149 string PhysicalIdentifier;
1150 };
1151
1152
1153 // ==================================================================
1154 // VendorPolicyCondition
1155 // ==================================================================
1156 a.dunfey 1.1 [Version ( "2.6.0" ), Description (
1157 "A class that provides a general extension mechanism for "
1158 "representing PolicyConditions that have not been modeled with "
1159 "specific properties. Instead, the two properties Constraint "
1160 "and ConstraintEncoding are used to define the content and "
1161 "format of the Condition, as explained below. \n"
1162 "\n"
1163 "As its name suggests, VendorPolicyCondition is intended for "
1164 "vendor-specific extensions to the Policy Core Information "
1165 "Model. Standardized extensions are not expected to use this "
1166 "class.")]
1167 class CIM_VendorPolicyCondition : CIM_PolicyCondition {
1168
1169 [Description (
1170 "This property provides a general extension mechanism for "
1171 "representing PolicyConditions that have not been modeled "
1172 "with specific properties. The format of the octet strings "
1173 "in the array is left unspecified in this definition. It is "
1174 "determined by the OID value stored in the property "
1175 "ConstraintEncoding. Since ConstraintEncoding is "
1176 "single-valued, all the values of Constraint share the same "
1177 a.dunfey 1.1 "format and semantics."),
1178 OctetString,
1179 ModelCorrespondence {
1180 "CIM_VendorPolicyCondition.ConstraintEncoding" }]
1181 string Constraint[];
1182
1183 [Description (
1184 "An OID encoded as a string, identifying the format and "
1185 "semantics for this instance's Constraint property."),
1186 ModelCorrespondence { "CIM_VendorPolicyCondition.Constraint" }]
1187 string ConstraintEncoding;
1188 };
1189
1190
1191 // ==================================================================
1192 // PacketFilterCondition
1193 // ==================================================================
1194 [Version ( "2.8.0" ), Description (
1195 "PacketFilterCondition specifies packet selection criteria (via "
1196 "association to FilterLists) for firewall policies, IPsec "
1197 "policies and similar uses. It is used as an anchor point to "
1198 a.dunfey 1.1 "associate various types of filters with policy rules via the "
1199 "FilterOfPacketCondition association. By definition, policy "
1200 "rules that aggregate PacketFilterCondition are assumed to "
1201 "operate against every packet received and/or transmitted from "
1202 "an ingress and/or egress point. (Whether policy condition "
1203 "evaluation occurs at ingress or egress is specified by the "
1204 "Direction property in the associated FilterList.) "
1205 "PacketFilterCondition MAY also be used to define the specific "
1206 "CredentialManagementService that validates the credentials "
1207 "carried in a packet. This is accomplished using the "
1208 "association, AcceptCredentialFrom. \n"
1209 "\n"
1210 "Associated objects (such as FilterListsor Credential "
1211 "ManagementServices) represent components of the condition that "
1212 "MAY or MAY NOT apply at a given rule evaluation. For example, "
1213 "an AcceptCredentialFrom evaluation is only performed when a "
1214 "credential is available to be evaluated and compared against "
1215 "the list of trusted credential management services. Similarly, "
1216 "a PeerIDPayloadFilterEntry MAY only be evaluated when an ID "
1217 "payload is available for checking. Condition components that "
1218 "do not have applicability at rule evaluation time, MUST be "
1219 a.dunfey 1.1 "evaluated to TRUE."),
1220 MappingStrings { "IPSP Policy Model.IETF|SACondition" }]
1221 class CIM_PacketFilterCondition : CIM_PolicyCondition {
1222
1223 };
1224
1225
1226 // ==================================================================
1227 // PolicyAction
1228 // ==================================================================
1229 [Abstract, Version ( "2.8.0" ), Description (
1230 "A class representing a rule-specific or reusable policy action "
1231 "to be performed if the PolicyConditions for a Policy Rule "
1232 "evaluate to TRUE. Since all operational details of a "
1233 "PolicyAction are provided in subclasses of this object, this "
1234 "class is abstract.")]
1235 class CIM_PolicyAction : CIM_Policy {
1236
1237 [Key, Description (
1238 "The name of the class or the subclass used in the creation "
1239 "of the System object in whose scope this PolicyAction is "
1240 a.dunfey 1.1 "defined. \n"
1241 "\n"
1242 "This property helps to identify the System object in whose "
1243 "scope this instance of PolicyAction exists. For a "
1244 "rule-specific PolicyAction, this is the System in whose "
1245 "context the PolicyRule is defined. For a reusable "
1246 "PolicyAction, this is the instance of PolicyRepository "
1247 "(which is a subclass of System) that holds the Action. \n"
1248 "\n"
1249 "Note that this property, and the analogous property "
1250 "SystemName, do not represent propagated keys from an "
1251 "instance of the class System. Instead, they are properties "
1252 "defined in the context of this class, which repeat the "
1253 "values from the instance of System to which this "
1254 "PolicyAction is related, either directly via the "
1255 "PolicyActionInPolicyRepository association or indirectly "
1256 "via the PolicyActionInPolicyRule aggregation."),
1257 MaxLen ( 256 )]
1258 string SystemCreationClassName;
1259
1260 [Key, Description (
1261 a.dunfey 1.1 "The name of the System object in whose scope this "
1262 "PolicyAction is defined. \n"
1263 "\n"
1264 "This property completes the identification of the System "
1265 "object in whose scope this instance of PolicyAction exists. "
1266 "For a rule-specific PolicyAction, this is the System in "
1267 "whose context the PolicyRule is defined. For a reusable "
1268 "PolicyAction, this is the instance of PolicyRepository "
1269 "(which is a subclass of System) that holds the Action."),
1270 MaxLen ( 256 )]
1271 string SystemName;
1272
1273 [Key, Description (
1274 "For a rule-specific PolicyAction, the CreationClassName of "
1275 "the PolicyRule object with which this Action is associated. "
1276 "For a reusable PolicyAction, a special value, 'NO RULE', "
1277 "should be used to indicate that this Action is reusable and "
1278 "not associated with a single PolicyRule."),
1279 MaxLen ( 256 )]
1280 string PolicyRuleCreationClassName;
1281
1282 a.dunfey 1.1 [Key, Description (
1283 "For a rule-specific PolicyAction, the name of the "
1284 "PolicyRule object with which this Action is associated. For "
1285 "a reusable PolicyAction, a special value, 'NO RULE', should "
1286 "be used to indicate that this Action is reusable and not "
1287 "associated with a single PolicyRule."),
1288 MaxLen ( 256 )]
1289 string PolicyRuleName;
1290
1291 [Key, Description (
1292 "CreationClassName indicates the name of the class or the "
1293 "subclass used in the creation of an instance. When used "
1294 "with the other key properties of this class, this property "
1295 "allows all instances of this class and its subclasses to be "
1296 "uniquely identified."),
1297 MaxLen ( 256 )]
1298 string CreationClassName;
1299
1300 [Key, Description (
1301 "A user-friendly name of this PolicyAction."),
1302 MaxLen ( 256 )]
1303 a.dunfey 1.1 string PolicyActionName;
1304
1305 [Description (
1306 "DoActionLogging causes a log message to be generated when "
1307 "the action is performed.")]
1308 boolean DoActionLogging;
1309 };
1310
1311
1312 // ==================================================================
1313 // VendorPolicyAction
1314 // ==================================================================
1315 [Version ( "2.6.0" ), Description (
1316 "A class that provides a general extension mechanism for "
1317 "representing PolicyActions that have not been modeled with "
1318 "specific properties. Instead, the two properties ActionData "
1319 "and ActionEncoding are used to define the content and format "
1320 "of the Action, as explained below. \n"
1321 "\n"
1322 "As its name suggests, VendorPolicyAction is intended for "
1323 "vendor-specific extensions to the Policy Core Information "
1324 a.dunfey 1.1 "Model. Standardized extensions are not expected to use this "
1325 "class.")]
1326 class CIM_VendorPolicyAction : CIM_PolicyAction {
1327
1328 [Description (
1329 "This property provides a general extension mechanism for "
1330 "representing PolicyActions that have not been modeled with "
1331 "specific properties. The format of the octet strings in the "
1332 "array is left unspecified in this definition. It is "
1333 "determined by the OID value stored in the property "
1334 "ActionEncoding. Since ActionEncoding is single-valued, all "
1335 "the values of ActionData share the same format and "
1336 "semantics."),
1337 OctetString,
1338 ModelCorrespondence { "CIM_VendorPolicyAction.ActionEncoding" }]
1339 string ActionData[];
1340
1341 [Description (
1342 "An OID encoded as a string, identifying the format and "
1343 "semantics for this instance's ActionData property."),
1344 ModelCorrespondence { "CIM_VendorPolicyAction.ActionData" }]
1345 a.dunfey 1.1 string ActionEncoding;
1346 };
1347
1348
1349 // ==================================================================
1350 // CompoundPolicyAction
1351 // ==================================================================
1352 [Version ( "2.6.0" ), Description (
1353 "CompoundPolicyAction is used to represent an expression "
1354 "consisting of an ordered sequence of action terms. Each action "
1355 "term is represented as a subclass of the PolicyAction class. "
1356 "Compound actions are constructed by associating dependent "
1357 "action terms together using the PolicyActionInPolicyAction "
1358 "aggregation.")]
1359 class CIM_CompoundPolicyAction : CIM_PolicyAction {
1360
1361 [Description (
1362 "This property gives a policy administrator a way of "
1363 "specifying how the ordering of the PolicyActions associated "
1364 "with this PolicyRule is to be interpreted. Three values are "
1365 "supported: \n"
1366 a.dunfey 1.1 "o mandatory(1): Do the actions in the indicated order, or "
1367 "don't do them at all. \n"
1368 "o recommended(2): Do the actions in the indicated order if "
1369 "you can, but if you can't do them in this order, do them in "
1370 "another order if you can. \n"
1371 "o dontCare(3): Do them -- I don't care about the order. \n"
1372 "The default value is 3 (\"DontCare\")."),
1373 ValueMap { "1", "2", "3" },
1374 Values { "Mandatory", "Recommended", "Dont Care" }]
1375 uint16 SequencedActions=3;
1376
1377 [Description (
1378 "ExecutionStrategy defines the strategy to be used in "
1379 "executing the sequenced actions aggregated by this "
1380 "CompoundPolicyAction. There are three execution strategies: "
1381 "\n\n"
1382 "Do Until Success - execute actions according to predefined "
1383 "order, until successful execution of a single action. \n"
1384 "Do All - execute ALL actions which are part of the modeled "
1385 "set, according to their predefined order. Continue doing "
1386 "this, even if one or more of the actions fails. \n"
1387 a.dunfey 1.1 "Do Until Failure - execute actions according to predefined "
1388 "order, until the first failure in execution of an action "
1389 "instance. \n"
1390 "The default value is 2 (\"Do All\")."),
1391 ValueMap { "1", "2", "3" },
1392 Values { "Do Until Success", "Do All", "Do Until Failure" }]
1393 uint16 ExecutionStrategy=2;
1394 };
1395
1396
1397 // ==================================================================
1398 // NetworkPacketAction
1399 // ==================================================================
1400 [Version ( "2.8.0" ), Description (
1401 "NetworkPacketAction standardizes different processing options "
1402 "that can be taken at the network packet level. The specific "
1403 "action is defined in the PacketAction enumerated property. "
1404 "Note that this property can be used in conjunction with other "
1405 "actions aggregated into a Rule, to fully define its effects. "
1406 "For example, when aggregated with the SAStaticAction class, "
1407 "NetworkPacketAction indicates whether a specific packet will "
1408 a.dunfey 1.1 "be encrypted, bypassed or discarded for the lifetime of the "
1409 "Security Association.")]
1410 class CIM_NetworkPacketAction : CIM_PolicyAction {
1411
1412 [Description (
1413 "A network packet can be processed, bypassed for processing "
1414 "(i.e., allowed to continue without further processing, such "
1415 "as being forwarded in the clear versus being encrypted), or "
1416 "discarded. This enumeration indicates how a packet should "
1417 "be handled if a PolicyRule's PolicyConditions evaluate to "
1418 "TRUE."),
1419 ValueMap { "1", "2", "3", "4" },
1420 Values { "Other", "Processed", "Bypassed", "Discarded" },
1421 MappingStrings { "IPSP Policy Model.IETF|IPsecBypassAction",
1422 "IPSP Policy Model.IETF|IPsecDiscardAction" },
1423 ModelCorrespondence { "CIM_NetworkPacketAction.OtherAction" }]
1424 uint16 PacketAction;
1425
1426 [Description (
1427 "Description of the action when the value 1 (\"Other\") is "
1428 "specified for the property, PacketAction."),
1429 a.dunfey 1.1 ModelCorrespondence { "CIM_NetworkPacketAction.PacketAction" }]
1430 string OtherAction;
1431 };
1432
1433
1434 // ==================================================================
1435 // RejectConnectionAction
1436 // ==================================================================
1437 [Version ( "2.8.0" ), Description (
1438 "RejectConnectionAction is used to cause a connection or its "
1439 "negotiation to be terminated. For example, it can be used in "
1440 "conjunction with an address filter on UDP port 500 to reduce "
1441 "Denial of Service vulnerability. As another example, it can be "
1442 "specified as a low priority rule to explicitly define the "
1443 "default action for IKE key exchange negotiations - i.e., if "
1444 "the higher priority rules are not satisfied, then reject the "
1445 "connection negotiation."),
1446 MappingStrings { "IPSP Policy Model.IETF|IKERejectAction" }]
1447 class CIM_RejectConnectionAction : CIM_PolicyAction {
1448 };
1449
1450 a.dunfey 1.1
1451 // ==================================================================
1452 // PolicyRoleCollection
1453 // ==================================================================
1454 [Version ( "2.8.0" ), Description (
1455 "PolicyRoleCollection is used to represent a collection of "
1456 "ManagedElements that share a common policy role, and the "
1457 "PolicySets that CAN BE applied to those elements. (Note that "
1458 "the PolicySets that are CURRENTLY applied are indicated via "
1459 "instances of the association, PolicySetAppliesToElement.) The "
1460 "PolicyRoleCollection always exists in the context of a System, "
1461 "specified using the PolicyRoleCollectionInSystem aggregation. "
1462 "The value of the PolicyRole property in this class specifies "
1463 "the role. It is defined as a free-form string. ManagedElements "
1464 "that share the role defined in this collection are aggregated "
1465 "into the Collection via the ElementInPolicyRoleCollection "
1466 "association.")]
1467 class CIM_PolicyRoleCollection : CIM_SystemSpecificCollection {
1468
1469 [Required, Description (
1470 "The PolicyRole name for the PolicySets and other "
1471 a.dunfey 1.1 "ManagedElements that are identified and aggregated by the "
1472 "Collection. Note that the aggregated PolicySets define the "
1473 "rules and groups of rules that may be applied to the "
1474 "associated ManagedElements. \n"
1475 "\n"
1476 "Although not officially designated as 'role combinations', "
1477 "multiple roles may be specified using the form: \n"
1478 "<RoleName>[&&<RoleName>]* \n"
1479 "where the individual role names appear in alphabetical "
1480 "order (according to the collating sequence for UCS-2). "
1481 "Implementations may treat PolicyRole values that are "
1482 "specified as 'role combinations' as simple strings.")]
1483 string PolicyRole;
1484
1485 [Description (
1486 "Activates/applies the PolicySets aggregated into this "
1487 "Collection to the specified ManagedElement. The "
1488 "ManagedElement MUST be a member of the Collection, "
1489 "associated via ElementInPolicyRoleCollection. The result of "
1490 "this method, if it is successfully executed, is that the "
1491 "aggregated PolicySets are deployed and enforced for the "
1492 a.dunfey 1.1 "Element. This is reflected by the instantiation of the "
1493 "PolicySetAppliesToElement association between the named "
1494 "Element and each PolicySet."),
1495 ValueMap { "0", "1", "2", "3", "4", "..", "0x8000.." },
1496 Values { "Success", "Not Supported", "Unknown", "Timeout",
1497 "Failed", "DMTF Reserved", "Vendor Specific" }]
1498 uint32 ActivatePolicySet(
1499
1500 [IN, Description (
1501 "The ManagedElement to which the aggregated PolicySets of "
1502 "this Collection are applied.")]
1503 CIM_ManagedElement REF Element);
1504
1505 [Description (
1506 "Deactivates the aggregated PolicySets for the specified "
1507 "ManagedElement. The result of this method, if it is "
1508 "successfully executed, is that the aggregated PolicySets "
1509 "are NOT enforced for the Element. This is reflected by the "
1510 "removal of the PolicySetAppliesToElement association "
1511 "between the named Element and each PolicySet. If a "
1512 "PolicySet is not currently enforced for the ManagedElement, "
1513 a.dunfey 1.1 "then this method has no effect for that Set."),
1514 ValueMap { "0", "1", "2", "3", "4", "..", "0x8000..0xFFFF" },
1515 Values { "Success", "Not Supported", "Unknown", "Timeout",
1516 "Failed", "DMTF Reserved", "Vendor Specific" }]
1517 uint32 DeactivatePolicySet(
1518 [IN, Description (
1519 "The ManagedElement to which the aggregated PolicySets of "
1520 "this Collection MUST NOT apply.")]
1521 CIM_ManagedElement REF Element);
1522 };
1523
1524
1525 // ==================================================================
1526 // === Association classes ===
1527 // ==================================================================
1528
1529
1530 // ==================================================================
1531 // PolicyComponent
1532 // ==================================================================
1533 [Association, Abstract, Aggregation, Version ( "2.6.0" ),
1534 a.dunfey 1.1 Description (
1535 "CIM_PolicyComponent is a generic association used to establish "
1536 "'part of' relationships between the subclasses of CIM_Policy. "
1537 "For example, the PolicyConditionInPolicyRule association "
1538 "defines that PolicyConditions are part of a PolicyRule.")]
1539 class CIM_PolicyComponent : CIM_Component {
1540
1541 [Aggregate, Override ( "GroupComponent" ), Description (
1542 "The parent Policy in the association.")]
1543 CIM_Policy REF GroupComponent;
1544
1545 [Override ( "PartComponent" ), Description (
1546 "The child/part Policy in the association.")]
1547 CIM_Policy REF PartComponent;
1548 };
1549
1550
1551 // ==================================================================
1552 // PolicyInSystem
1553 // ==================================================================
1554 [Association, Abstract, Version ( "2.8.0" ), Description (
1555 a.dunfey 1.1 "CIM_PolicyInSystem is a generic association used to establish "
1556 "dependency relationships between Policies and the Systems that "
1557 "host them. These Systems may be ComputerSystems where Policies "
1558 "are 'running' or they may be Policy Repositories where "
1559 "Policies are stored. This relationship is similar to the "
1560 "concept of CIM_Services being dependent on CIM_Systems as "
1561 "defined by the HostedService association. \n"
1562 "\n"
1563 "Cardinality is Max (1) for the Antecedent/System reference "
1564 "since Policies can only be hosted in at most one System "
1565 "context. Some subclasses of the association will further "
1566 "refine this definition to make the Policies Weak to Systems. "
1567 "Other subclasses of PolicyInSystem will define an optional "
1568 "hosting relationship. Examples of each of these are the "
1569 "PolicyRuleInSystem and PolicyConditionIn PolicyRepository "
1570 "associations, respectively.")]
1571 class CIM_PolicyInSystem : CIM_HostedDependency {
1572
1573 [Override ( "Antecedent" ), Max ( 1 ), Description (
1574 "The hosting System.")]
1575 CIM_System REF Antecedent;
1576 a.dunfey 1.1
1577 [Override ( "Dependent" ), Description (
1578 "The hosted Policy.")]
1579 CIM_Policy REF Dependent;
1580 };
1581
1582
1583 // ==================================================================
1584 // PolicySetInSystem
1585 // ==================================================================
1586 [Association, Abstract, Version ( "2.6.0" ), Description (
1587 "PolicySetInSystem is an abstract association class that "
1588 "represents a relationship between a System and a PolicySet "
1589 "used in the administrative scope of that system (e.g., "
1590 "AdminDomain, ComputerSystem). The Priority property is used to "
1591 "assign a relative priority to a PolicySet within the "
1592 "administrative scope in contexts where it is not a component "
1593 "of another PolicySet.")]
1594 class CIM_PolicySetInSystem : CIM_PolicyInSystem {
1595
1596 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
1597 a.dunfey 1.1 "The System in whose scope a PolicySet is defined.")]
1598 CIM_System REF Antecedent;
1599
1600 [Override ( "Dependent" ), Description (
1601 "A PolicySet named within the scope of a System.")]
1602 CIM_PolicySet REF Dependent;
1603
1604 [Description (
1605 "The Priority property is used to specify the relative "
1606 "priority of the referenced PolicySet when there are more "
1607 "than one PolicySet instances applied to a managed resource "
1608 "that are not PolicySetComponents and, therefore, have no "
1609 "other relative priority defined. The priority is a "
1610 "non-negative integer; a larger value indicates a higher "
1611 "priority.")]
1612 uint16 Priority;
1613 };
1614
1615
1616 // ==================================================================
1617 // PolicyGroupInSystem
1618 a.dunfey 1.1 // ==================================================================
1619 [Association, Version ( "2.6.0" ), Description (
1620 "An association that links a PolicyGroup to the System in whose "
1621 "scope the Group is defined.")]
1622 class CIM_PolicyGroupInSystem : CIM_PolicySetInSystem {
1623
1624 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
1625 "The System in whose scope a PolicyGroup is defined.")]
1626 CIM_System REF Antecedent;
1627
1628 [Override ( "Dependent" ), Weak, Description (
1629 "A PolicyGroup named within the scope of a System.")]
1630 CIM_PolicyGroup REF Dependent;
1631 };
1632
1633
1634 // ==================================================================
1635 // PolicyRuleInSystem
1636 // ==================================================================
1637 [Association, Version ( "2.6.0" ), Description (
1638 "An association that links a PolicyRule to the System in whose "
1639 a.dunfey 1.1 "scope the Rule is defined.")]
1640 class CIM_PolicyRuleInSystem : CIM_PolicySetInSystem {
1641
1642 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
1643 "The System in whose scope a PolicyRule is defined.")]
1644 CIM_System REF Antecedent;
1645
1646 [Override ( "Dependent" ), Weak, Description (
1647 "A PolicyRule named within the scope of a System.")]
1648 CIM_PolicyRule REF Dependent;
1649 };
1650
1651
1652 // ==================================================================
1653 // PolicySetComponent
1654 // ==================================================================
1655 [Association, Aggregation, Version ( "2.6.0" ), Description (
1656 "PolicySetComponent is a concrete aggregation that collects "
1657 "instances of the subclasses of PolicySet (i.e., PolicyGroups "
1658 "and PolicyRules). Instances are collected in sets that use the "
1659 "same decision strategy. They are prioritized relative to each "
1660 a.dunfey 1.1 "other, within the set, using the Priority property of this "
1661 "aggregation. \n"
1662 "\n"
1663 "Together, the PolicySet.PolicyDecisionStrategy and PolicySet "
1664 "Component.Priority properties determine the processing for the "
1665 "groups and rules contained in a PolicySet. A larger priority "
1666 "value represents a higher priority. Note that the Priority "
1667 "property MUST have a unique value when compared with others "
1668 "defined for the same aggregating PolicySet. Thus, the "
1669 "evaluation of rules within a set is deterministically "
1670 "specified.")]
1671 class CIM_PolicySetComponent : CIM_PolicyComponent {
1672
1673 [Aggregate, Override ( "GroupComponent" ), Description (
1674 "A PolicySet that aggregates other PolicySet instances.")]
1675 CIM_PolicySet REF GroupComponent;
1676
1677 [Override ( "PartComponent" ), Description (
1678 "A PolicySet aggregated into a PolicySet.")]
1679 CIM_PolicySet REF PartComponent;
1680
1681 a.dunfey 1.1 [Description (
1682 "A non-negative integer for prioritizing this PolicySet "
1683 "component relative to other elements of the same PolicySet. "
1684 "A larger value indicates a higher priority. The Priority "
1685 "property MUST have a unique value when compared with others "
1686 "defined for the same aggregating PolicySet.")]
1687 uint16 Priority;
1688 };
1689
1690
1691 // ==================================================================
1692 // PolicyGroupInPolicyGroup *** deprecated
1693 // ==================================================================
1694 [Association, Deprecated { "CIM_PolicySetComponent" }, Aggregation,
1695 Version ( "2.7.0" ), Description (
1696 "PolicySetComponent provides a more general mechanism for "
1697 "aggregating both PolicyGroups and PolicyRules and doing so "
1698 "with the priority value applying only to the aggregated set "
1699 "rather than policy wide. \n"
1700 "\n"
1701 "A relationship that aggregates one or more lower-level "
1702 a.dunfey 1.1 "PolicyGroups into a higher-level Group. A Policy Group may "
1703 "aggregate PolicyRules and/or other Policy Groups.")]
1704 class CIM_PolicyGroupInPolicyGroup : CIM_PolicyComponent {
1705
1706 [Deprecated { "CIM_PolicySetComponent.GroupComponent" },
1707 Aggregate, Override ( "GroupComponent" ), Description (
1708 "A PolicyGroup that aggregates other Groups.")]
1709 CIM_PolicyGroup REF GroupComponent;
1710
1711 [Deprecated { "CIM_PolicySetComponent.PartComponent" },
1712 Override ( "PartComponent" ), Description (
1713 "A PolicyGroup aggregated by another Group.")]
1714 CIM_PolicyGroup REF PartComponent;
1715 };
1716
1717
1718 // ==================================================================
1719 // PolicyRuleInPolicyGroup *** deprecated
1720 // ==================================================================
1721 [Association, Deprecated { "CIM_PolicySetComponent" }, Aggregation,
1722 Version ( "2.7.0" ), Description (
1723 a.dunfey 1.1 "PolicySetComponent provides a more general mechanism for "
1724 "aggregating both PolicyGroups and PolicyRules and doing so "
1725 "with the priority value applying only to the aggregated set "
1726 "rather than policy wide. \n"
1727 "\n"
1728 "A relationship that aggregates one or more PolicyRules into a "
1729 "PolicyGroup. A PolicyGroup may aggregate PolicyRules and/or "
1730 "other PolicyGroups.")]
1731 class CIM_PolicyRuleInPolicyGroup : CIM_PolicyComponent {
1732
1733 [Deprecated { "CIM_PolicySetComponent.GroupComponent" },
1734 Aggregate, Override ( "GroupComponent" ), Description (
1735 "A PolicyGroup that aggregates one or more PolicyRules.")]
1736 CIM_PolicyGroup REF GroupComponent;
1737
1738 [Deprecated { "CIM_PolicySetComponent.PartComponent" },
1739 Override ( "PartComponent" ), Description (
1740 "A PolicyRule aggregated by a PolicyGroup.")]
1741 CIM_PolicyRule REF PartComponent;
1742 };
1743
1744 a.dunfey 1.1
1745 // ==================================================================
1746 // PolicySetValidityPeriod
1747 // ==================================================================
1748 [Association, Aggregation, Version ( "2.7.0" ), Description (
1749 "The PolicySetValidityPeriod aggregation represents scheduled "
1750 "activation and deactivation of a PolicySet. A PolicySet is "
1751 "considered \"active\" if it is both \"Enabled\" and in a valid "
1752 "time period. \n"
1753 "\n"
1754 "If a PolicySet is associated with multiple policy time periods "
1755 "via this association, then the Set is in a valid time period "
1756 "if at least one of the time periods evaluates to TRUE. If a "
1757 "PolicySet is contained in another PolicySet via the "
1758 "PolicySetComponent aggregation (e.g., a PolicyRule in a "
1759 "PolicyGroup), then the contained PolicySet (e.g., PolicyRule) "
1760 "is in a valid period if at least one of the aggregate's "
1761 "PolicyTimePeriodCondition instances evaluates to TRUE and at "
1762 "least one of its own PolicyTimePeriodCondition instances also "
1763 "evalutes to TRUE. (In other words, the "
1764 "PolicyTimePeriodConditions are ORed to determine whether the "
1765 a.dunfey 1.1 "PolicySet is in a valid time period and then ANDed with the "
1766 "ORed PolicyTimePeriodConditions of each of PolicySet instances "
1767 "in the PolicySetComponent hierarchy to determine if the "
1768 "PolicySet is in a valid time period and, if also \"Enabled\", "
1769 "therefore, active, i.e., the hierachy ANDs the ORed "
1770 "PolicyTimePeriodConditions of the elements of the hierarchy. \n"
1771 "\n"
1772 "A Time Period may be aggregated by multiple PolicySets. A Set "
1773 "that does not point to a PolicyTimePeriodCondition via this "
1774 "association, from the point of view of scheduling, is always "
1775 "in a valid time period.")]
1776 class CIM_PolicySetValidityPeriod : CIM_PolicyComponent {
1777
1778 [Aggregate, Override ( "GroupComponent" ), Description (
1779 "This property contains the name of a PolicySet that "
1780 "contains one or more PolicyTimePeriodConditions.")]
1781 CIM_PolicySet REF GroupComponent;
1782
1783 [Override ( "PartComponent" ), Description (
1784 "This property contains the name of a "
1785 "PolicyTimePeriodCondition defining the valid time periods "
1786 a.dunfey 1.1 "for one or more PolicySets.")]
1787 CIM_PolicyTimePeriodCondition REF PartComponent;
1788 };
1789
1790
1791 // ==================================================================
1792 // PolicyRuleValidityPeriod ** deprecated
1793 // ==================================================================
1794 [Association, Deprecated { "CIM_PolicySetValidityPeriod" },
1795 Aggregation, Version ( "2.7.0" ), Description (
1796 "The PolicyRuleValidityPeriod aggregation represents scheduled "
1797 "activation and deactivation of a PolicyRule. If a PolicyRule "
1798 "is associated with multiple policy time periods via this "
1799 "association, then the Rule is active if at least one of the "
1800 "time periods indicates that it is active. (In other words, the "
1801 "PolicyTimePeriodConditions are ORed to determine whether the "
1802 "Rule is active.) A Time Period may be aggregated by multiple "
1803 "PolicyRules. A Rule that does not point to a "
1804 "PolicyTimePeriodCondition via this association is, from the "
1805 "point of view of scheduling, always active. It may, however, "
1806 "be inactive for other reasons. For example, the Rule's Enabled "
1807 a.dunfey 1.1 "property may be set to \"disabled\" (value=2).")]
1808 class CIM_PolicyRuleValidityPeriod : CIM_PolicyComponent {
1809
1810 [Deprecated { "CIM_PolicySetValidityPeriod.GroupComponent" },
1811 Aggregate, Override ( "GroupComponent" ), Description (
1812 "This property contains the name of a PolicyRule that "
1813 "contains one or more PolicyTimePeriodConditions.")]
1814 CIM_PolicyRule REF GroupComponent;
1815
1816 [Deprecated { "CIM_PolicySetValidityPeriod.PartComponent" },
1817 Override ( "PartComponent" ), Description (
1818 "This property contains the name of a "
1819 "PolicyTimePeriodCondition defining the valid time periods "
1820 "for one or more PolicyRules.")]
1821 CIM_PolicyTimePeriodCondition REF PartComponent;
1822 };
1823
1824
1825 // ==================================================================
1826 // PolicyConditionStructure
1827 // ==================================================================
1828 a.dunfey 1.1 [Association, Abstract, Aggregation, Version ( "2.7.0" ),
1829 Description (
1830 "PolicyConditions may be aggregated into rules and into "
1831 "compound conditions. PolicyConditionStructure is the abstract "
1832 "aggregation class for the structuring of policy conditions. \n"
1833 "\n"
1834 "The Conditions aggregated by a PolicyRule or "
1835 "CompoundPolicyCondition are grouped into two levels of lists: "
1836 "either an ORed set of ANDed sets of conditions (DNF, the "
1837 "default) or an ANDed set of ORed sets of conditions (CNF). "
1838 "Individual PolicyConditions in these lists may be negated. The "
1839 "property ConditionListType specifies which of these two "
1840 "grouping schemes applies to a particular PolicyRule or "
1841 "CompoundPolicyCondition instance. \n"
1842 "\n"
1843 "One or more PolicyTimePeriodConditions may be among the "
1844 "conditions associated with a PolicyRule or "
1845 "CompoundPolicyCondition via the PolicyConditionStructure "
1846 "subclass association. In this case, the time periods are "
1847 "simply additional Conditions to be evaluated along with any "
1848 "others that are specified.")]
1849 a.dunfey 1.1 class CIM_PolicyConditionStructure : CIM_PolicyComponent {
1850
1851 [Aggregate, Override ( "GroupComponent" ), Description (
1852 "This property represents the Policy that contains one or "
1853 "more PolicyConditions.")]
1854 CIM_Policy REF GroupComponent;
1855
1856 [Override ( "PartComponent" ), Description (
1857 "This property holds the name of a PolicyCondition contained "
1858 "by one or more PolicyRule or CompoundPolicyCondition "
1859 "instances.")]
1860 CIM_PolicyCondition REF PartComponent;
1861
1862 [Description (
1863 "Unsigned integer indicating the group to which the "
1864 "contained PolicyCondition belongs. This integer segments "
1865 "the Conditions into the ANDed sets (when the "
1866 "ConditionListType is \"DNF\") or, similarly, into the ORed "
1867 "sets (when the ConditionListType is \"CNF\").")]
1868 uint16 GroupNumber;
1869
1870 a.dunfey 1.1 [Description (
1871 "Indication of whether the contained PolicyCondition is "
1872 "negated. TRUE indicates that the PolicyCondition IS "
1873 "negated, FALSE indicates that it IS NOT negated.")]
1874 boolean ConditionNegated;
1875 };
1876
1877
1878 // ==================================================================
1879 // PolicyConditionInPolicyRule
1880 // ==================================================================
1881 [Association, Aggregation, Version ( "2.7.0" ), Description (
1882 "A PolicyRule aggregates zero or more instances of the "
1883 "PolicyCondition class, via the PolicyConditionInPolicyRule "
1884 "association. A Rule that aggregates zero Conditions is not "
1885 "valid; it may, however, be in the process of being defined. "
1886 "Note that a PolicyRule should have no effect until it is "
1887 "valid.")]
1888 class CIM_PolicyConditionInPolicyRule : CIM_PolicyConditionStructure {
1889
1890 [Aggregate, Override ( "GroupComponent" ), Description (
1891 a.dunfey 1.1 "This property represents the PolicyRule that contains one "
1892 "or more PolicyConditions.")]
1893 CIM_PolicyRule REF GroupComponent;
1894
1895 [Override ( "PartComponent" ), Description (
1896 "This property holds the name of a PolicyCondition contained "
1897 "by one or more PolicyRules.")]
1898 CIM_PolicyCondition REF PartComponent;
1899 };
1900
1901
1902 // ==================================================================
1903 // PolicyConditionInPolicyCondition
1904 // ==================================================================
1905 [Association, Aggregation, Version ( "2.7.0" ), Description (
1906 "A CompoundPolicyCondition aggregates zero or more instances of "
1907 "the PolicyCondition class, via the "
1908 "PolicyConditionInPolicyCondition association. A "
1909 "CompoundPolicyCondition that aggregates zero Conditions is not "
1910 "valid; it may, however, be in the process of being defined. "
1911 "Note that a CompoundPolicyCondition should have no effect "
1912 a.dunfey 1.1 "until it is valid.")]
1913 class CIM_PolicyConditionInPolicyCondition : CIM_PolicyConditionStructure {
1914
1915 [Aggregate, Override ( "GroupComponent" ), Description (
1916 "This property represents the CompoundPolicyCondition that "
1917 "contains one or more PolicyConditions.")]
1918 CIM_CompoundPolicyCondition REF GroupComponent;
1919
1920 [Override ( "PartComponent" ), Description (
1921 "This property holds the name of a PolicyCondition contained "
1922 "by one or more PolicyRules.")]
1923 CIM_PolicyCondition REF PartComponent;
1924 };
1925
1926
1927 // ==================================================================
1928 // PolicyActionStructure
1929 // ==================================================================
1930 [Association, Abstract, Aggregation, Version ( "2.6.0" ),
1931 Description (
1932 "PolicyActions may be aggregated into rules and into compound "
1933 a.dunfey 1.1 "actions. PolicyActionStructure is the abstract aggregation "
1934 "class for the structuring of policy actions.")]
1935 class CIM_PolicyActionStructure : CIM_PolicyComponent {
1936
1937 [Aggregate, Override ( "GroupComponent" ), Description (
1938 "PolicyAction instances may be aggregated into either "
1939 "PolicyRule instances or CompoundPolicyAction instances.")]
1940 CIM_Policy REF GroupComponent;
1941
1942 [Override ( "PartComponent" ), Description (
1943 "A PolicyAction aggregated by a PolicyRule or "
1944 "CompoundPolicyAction.")]
1945 CIM_PolicyAction REF PartComponent;
1946
1947 [Description (
1948 "ActionOrder is an unsigned integer 'n' that indicates the "
1949 "relative position of a PolicyAction in the sequence of "
1950 "actions associated with a PolicyRule or "
1951 "CompoundPolicyAction. When 'n' is a positive integer, it "
1952 "indicates a place in the sequence of actions to be "
1953 "performed, with smaller integers indicating earlier "
1954 a.dunfey 1.1 "positions in the sequence. The special value '0' indicates "
1955 "'don't care'. If two or more PolicyActions have the same "
1956 "non-zero sequence number, they may be performed in any "
1957 "order, but they must all be performed at the appropriate "
1958 "place in the overall action sequence. \n"
1959 "\n"
1960 "A series of examples will make ordering of PolicyActions "
1961 "clearer: \n"
1962 "o If all actions have the same sequence number, regardless "
1963 "of whether it is '0' or non-zero, any order is acceptable. "
1964 "\no The values: \n"
1965 "1:ACTION A \n"
1966 "2:ACTION B \n"
1967 "1:ACTION C \n"
1968 "3:ACTION D \n"
1969 "indicate two acceptable orders: A,C,B,D or C,A,B,D, \n"
1970 "since A and C can be performed in either order, but only at "
1971 "the '1' position. \n"
1972 "o The values: \n"
1973 "0:ACTION A \n"
1974 "2:ACTION B \n"
1975 a.dunfey 1.1 "3:ACTION C \n"
1976 "3:ACTION D \n"
1977 "require that B,C, and D occur either as B,C,D or as B,D,C. "
1978 "Action A may appear at any point relative to B, C, and D. "
1979 "Thus the complete set of acceptable orders is: A,B,C,D; "
1980 "B,A,C,D; B,C,A,D; B,C,D,A; A,B,D,C; B,A,D,C; B,D,A,C; "
1981 "B,D,C,A. \n"
1982 "\n"
1983 "Note that the non-zero sequence numbers need not start with "
1984 "'1', and they need not be consecutive. All that matters is "
1985 "their relative magnitude.")]
1986 uint16 ActionOrder;
1987 };
1988
1989
1990 // ==================================================================
1991 // PolicyActionInPolicyRule
1992 // ==================================================================
1993 [Association, Aggregation, Version ( "2.6.0" ), Description (
1994 "A PolicyRule aggregates zero or more instances of the "
1995 "PolicyAction class, via the PolicyActionInPolicyRule "
1996 a.dunfey 1.1 "association. A Rule that aggregates zero Actions is not "
1997 "valid--it may, however, be in the process of being entered "
1998 "into a PolicyRepository or being defined for a System. "
1999 "Alternately, the actions of the policy may be explicit in the "
2000 "definition of the PolicyRule. Note that a PolicyRule should "
2001 "have no effect until it is valid. \n"
2002 "\n"
2003 "The Actions associated with a PolicyRule may be given a "
2004 "required order, a recommended order, or no order at all. For "
2005 "Actions represented as separate objects, the "
2006 "PolicyActionInPolicyRule aggregation can be used to express an "
2007 "order. \n"
2008 "\n"
2009 "This aggregation does not indicate whether a specified action "
2010 "order is required, recommended, or of no significance; the "
2011 "property SequencedActions in the aggregating instance of "
2012 "PolicyRule provides this indication.")]
2013 class CIM_PolicyActionInPolicyRule : CIM_PolicyActionStructure {
2014
2015 [Aggregate, Override ( "GroupComponent" ), Description (
2016 "This property represents the PolicyRule that contains one "
2017 a.dunfey 1.1 "or more PolicyActions.")]
2018 CIM_PolicyRule REF GroupComponent;
2019
2020 [Override ( "PartComponent" ), Description (
2021 "This property holds the name of a PolicyAction contained by "
2022 "one or more PolicyRules.")]
2023 CIM_PolicyAction REF PartComponent;
2024 };
2025
2026
2027 // ==================================================================
2028 // PolicyActionInPolicyAction
2029 // ==================================================================
2030 [Association, Aggregation, Version ( "2.6.0" ), Description (
2031 "PolicyActionInPolicyAction is used to represent the "
2032 "compounding of policy actions into a higher-level policy "
2033 "action.")]
2034 class CIM_PolicyActionInPolicyAction : CIM_PolicyActionStructure {
2035
2036 [Aggregate, Override ( "GroupComponent" ), Description (
2037 "This property represents the CompoundPolicyAction that "
2038 a.dunfey 1.1 "contains one or more PolicyActions.")]
2039 CIM_CompoundPolicyAction REF GroupComponent;
2040
2041 [Override ( "PartComponent" ), Description (
2042 "This property holds the name of a PolicyAction contained by "
2043 "one or more CompoundPolicyActions.")]
2044 CIM_PolicyAction REF PartComponent;
2045 };
2046
2047
2048 // ==================================================================
2049 // PolicyContainerInPolicyContainer
2050 // ==================================================================
2051 [Association, Aggregation, Version ( "2.6.0" ), Description (
2052 "A relationship that aggregates one or more lower-level "
2053 "ReusablePolicyContainer instances into a higher-level "
2054 "ReusablePolicyContainer.")]
2055 class CIM_PolicyContainerInPolicyContainer : CIM_SystemComponent {
2056
2057 [Aggregate, Override ( "GroupComponent" ), Description (
2058 "A ReusablePolicyContainer that aggregates other "
2059 a.dunfey 1.1 "ReusablePolicyContainers.")]
2060 CIM_ReusablePolicyContainer REF GroupComponent;
2061
2062 [Override ( "PartComponent" ), Description (
2063 "A ReusablePolicyContainer aggregated by another "
2064 "ReusablePolicyContainer.")]
2065 CIM_ReusablePolicyContainer REF PartComponent;
2066 };
2067
2068
2069 // ==================================================================
2070 // PolicyRepositoryInPolicyRepository *** deprecated
2071 // ==================================================================
2072 [Association, Deprecated { "CIM_PolicyContainerInPolicyContainer" },
2073 Aggregation, Version ( "2.7.0" ), Description (
2074 "The term 'PolicyRepository' has been confusing to both "
2075 "developers and users of the model. The replacement class name "
2076 "describes model element properly and is less likely to be "
2077 "confused with a data repository. ContainedDomain is a general "
2078 "purpose mechanism for expressing domain hierarchy. \n"
2079 "\n"
2080 a.dunfey 1.1 "A relationship that aggregates one or more lower-level "
2081 "PolicyRepositories into a higher-level Repository.")]
2082 class CIM_PolicyRepositoryInPolicyRepository : CIM_SystemComponent {
2083
2084 [Deprecated {
2085 "CIM_PolicyContainerInPolicyContainer.GroupComponent" },
2086 Aggregate, Override ( "GroupComponent" ), Description (
2087 "A PolicyRepository that aggregates other Repositories.")]
2088 CIM_PolicyRepository REF GroupComponent;
2089
2090 [Deprecated {
2091 "CIM_PolicyContainerInPolicyContainer.PartComponent" },
2092 Override ( "PartComponent" ), Description (
2093 "A PolicyRepository aggregated by another Repository.")]
2094 CIM_PolicyRepository REF PartComponent;
2095 };
2096
2097
2098 // ==================================================================
2099 // ReusablePolicy
2100 // ==================================================================
2101 a.dunfey 1.1 [Association, Version ( "2.6.0" ), Description (
2102 "The ReusablePolicy association provides for the reuse of any "
2103 "subclass of Policy in a ReusablePolicyContainer.")]
2104 class CIM_ReusablePolicy : CIM_PolicyInSystem {
2105
2106 [Override ( "Antecedent" ), Max ( 1 ), Description (
2107 "This property identifies a ReusablePolicyContainer that "
2108 "provides the administrative scope for the reuse of the "
2109 "referenced policy element.")]
2110 CIM_ReusablePolicyContainer REF Antecedent;
2111
2112 [Override ( "Dependent" ), Description (
2113 "A reusable policy element.")]
2114 CIM_Policy REF Dependent;
2115 };
2116
2117
2118 // ==================================================================
2119 // ElementInPolicyRoleCollection
2120 // ==================================================================
2121 [Association, Aggregation, Version ( "2.8.0" ), Description (
2122 a.dunfey 1.1 "An ElementInPolicyRoleCollection aggregates zero or more "
2123 "ManagedElement subclass instances into a PolicyRoleCollection "
2124 "object, representing a role played by these ManagedElements. "
2125 "This Collection indicates that the aggregated PolicySets "
2126 "(aggregated by CIM_PolicySetInRoleCollection) MAY BE applied "
2127 "to the referenced elements. To indicate that the PolicySets "
2128 "ARE being enforced for the element, use the "
2129 "PolicySetAppliesToElement association.")]
2130 class CIM_ElementInPolicyRoleCollection : CIM_MemberOfCollection {
2131
2132 [Aggregate, Override ( "Collection" ), Description (
2133 "The PolicyRoleCollection.")]
2134 CIM_PolicyRoleCollection REF Collection;
2135
2136 [Override ( "Member" ), Description (
2137 "The ManagedElement that plays the role represented by the "
2138 "PolicyRoleCollection.")]
2139 CIM_ManagedElement REF Member;
2140 };
2141
2142
2143 a.dunfey 1.1 // ==================================================================
2144 // PolicyRoleCollectionInSystem
2145 // ==================================================================
2146 [Association, Version ( "2.7.0" ), Description (
2147 "PolicyRoleCollectionInSystem is an association used to "
2148 "establish a relationship between a collection and an 'owning' "
2149 "System such as an AdminDomain or ComputerSystem.")]
2150 class CIM_PolicyRoleCollectionInSystem : CIM_HostedCollection {
2151
2152 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
2153 "The parent system responsible for the collection.")]
2154 CIM_System REF Antecedent;
2155
2156 [Override ( "Dependent" ), Description (
2157 "The Collection.")]
2158 CIM_PolicyRoleCollection REF Dependent;
2159 };
2160
2161
2162 // ==================================================================
2163 // PolicyConditionInPolicyRepository *** deprecated
2164 a.dunfey 1.1 // ==================================================================
2165 [Association, Deprecated { "CIM_ReusablePolicy" },
2166 Version ( "2.7.0" ), Description (
2167 "The ReusablePolicy association is a more general relationship "
2168 "that incorporates both Conditions and Actions as well as any "
2169 "other policy subclass. \n"
2170 "\n"
2171 "This class represents the hosting of reusable PolicyConditions "
2172 "by a PolicyRepository. A reusable Policy Condition is always "
2173 "related to a single PolicyRepository, via this association. \n"
2174 "\n"
2175 "Note, that an instance of PolicyCondition can be either "
2176 "reusable or rule-specific. When the Condition is rule- "
2177 "specific, it shall not be related to any PolicyRepository via "
2178 "the PolicyConditionInPolicyRepository association.")]
2179 class CIM_PolicyConditionInPolicyRepository : CIM_PolicyInSystem {
2180
2181 [Deprecated { "CIM_ReusablePolicy.Antecedent" },
2182 Override ( "Antecedent" ), Max ( 1 ), Description (
2183 "This property identifies a PolicyRepository hosting one or "
2184 "more PolicyConditions. A reusable PolicyCondition is always "
2185 a.dunfey 1.1 "related to exactly one PolicyRepository via the "
2186 "PolicyConditionInPolicyRepository association. The [0..1] "
2187 "cardinality for this property covers the two types of "
2188 "PolicyConditions: 0 for a rule-specific PolicyCondition, 1 "
2189 "for a reusable one.")]
2190 CIM_PolicyRepository REF Antecedent;
2191
2192 [Deprecated { "CIM_ReusablePolicy.Dependent" },
2193 Override ( "Dependent" ), Description (
2194 "This property holds the name of a PolicyCondition hosted in "
2195 "the PolicyRepository.")]
2196 CIM_PolicyCondition REF Dependent;
2197 };
2198
2199
2200 // ==================================================================
2201 // PolicyActionInPolicyRepository *** deprecated
2202 // ==================================================================
2203 [Association, Deprecated { "CIM_ReusablePolicy" },
2204 Version ( "2.7.0" ), Description (
2205 "The ReusablePolicy association is a more general relationship "
2206 a.dunfey 1.1 "that incorporates both Conditions and Actions as well as any "
2207 "other policy subclass. \n"
2208 "\n"
2209 "This class represents the hosting of reusable PolicyActions by "
2210 "a PolicyRepository. A reusable Policy Action is always related "
2211 "to a single PolicyRepository, via this association. \n"
2212 "\n"
2213 "Note, that an instance of PolicyAction can be either reusable "
2214 "or rule-specific. When the Action is rule- specific, it shall "
2215 "not be related to any PolicyRepository via the "
2216 "PolicyActionInPolicyRepository association.")]
2217 class CIM_PolicyActionInPolicyRepository : CIM_PolicyInSystem {
2218
2219 [Deprecated { "CIM_ReusablePolicy.Antecedent" },
2220 Override ( "Antecedent" ), Max ( 1 ), Description (
2221 "This property represents a PolicyRepository hosting one or "
2222 "more PolicyActions. A reusable PolicyAction is always "
2223 "related to exactly one PolicyRepository via the "
2224 "PolicyActionInPolicyRepository association. The [0..1] "
2225 "cardinality for this property covers the two types of "
2226 "PolicyActions: 0 for a rule-specific PolicyAction, 1 for a "
2227 a.dunfey 1.1 "reusable one.")]
2228 CIM_PolicyRepository REF Antecedent;
2229
2230 [Deprecated { "CIM_ReusablePolicy.Dependent" },
2231 Override ( "Dependent" ), Description (
2232 "This property holds the name of a PolicyAction hosted in "
2233 "the PolicyRepository.")]
2234 CIM_PolicyAction REF Dependent;
2235 };
2236
2237
2238 // ==================================================================
2239 // PolicySetInRoleCollection
2240 // ==================================================================
2241 [Association, Aggregation, Version ( "2.8.0" ), Description (
2242 "PolicySetInRoleCollection aggregates zero or more PolicyRules "
2243 "and PolicyGroups (i.e., the subclasses of PolicySet) into a "
2244 "PolicyRoleCollection object, representing a role "
2245 "supported/enforced by the PolicySet.")]
2246 class CIM_PolicySetInRoleCollection : CIM_MemberOfCollection {
2247
2248 a.dunfey 1.1 [Aggregate, Override ( "Collection" ), Description (
2249 "The PolicyRoleCollection.")]
2250 CIM_PolicyRoleCollection REF Collection;
2251
2252 [Override ( "Member" ), Description (
2253 "The PolicySet that supports/enforces the PolicyRole for the "
2254 "elements in the PolicyRoleCollection.")]
2255 CIM_PolicySet REF Member;
2256 };
2257
2258
2259 // ==================================================================
2260 // PolicySetAppliesToElement
2261 // ==================================================================
2262 [Association, Version ( "2.8.0" ), Description (
2263 "PolicySetAppliesToElement makes explicit which PolicySets "
2264 "(i.e., policy rules and groups of rules) ARE CURRENTLY applied "
2265 "to a particular Element. This association indicates that the "
2266 "PolicySets that are appropriate for a ManagedElement "
2267 "(specified using the PolicyRoleCollection aggregation) have "
2268 "actually been deployed in the policy management "
2269 a.dunfey 1.1 "infrastructure. Note that if the named Element refers to a "
2270 "Collection, then the PolicySet is assumed to be applied to all "
2271 "the members of the Collection.")]
2272 class CIM_PolicySetAppliesToElement {
2273
2274 [Key, Description (
2275 "The PolicyRules and/or groups of rules that are currently "
2276 "applied to an Element.")]
2277 CIM_PolicySet REF PolicySet;
2278
2279 [Key, Description (
2280 "The ManagedElement to which the PolicySet applies.")]
2281 CIM_ManagedElement REF ManagedElement;
2282 };
2283
2284
2285 // ==================================================================
2286 // FilterOfPacketCondition
2287 // ==================================================================
2288 [Association, Version ( "2.8.0" ), Description (
2289 "FilterOfPacketCondition associates a network traffic "
2290 a.dunfey 1.1 "specification (i.e., a FilterList) with a PolicyRule's "
2291 "PacketFilterCondition."),
2292 MappingStrings { "IPSP Policy Model.IETF|FilterOfSACondition" }]
2293 class CIM_FilterOfPacketCondition : CIM_Dependency {
2294
2295 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
2296 "A FilterList describes the traffic selected by the "
2297 "PacketFilterCondition. A PacketFilterCondition is "
2298 "associated with one and only one FilterList, but that "
2299 "filter list may aggregate many filter entries."),
2300 MappingStrings { "IPSP Policy Model.IETF|"
2301 "FilterOfSACondition.Antecedent" }]
2302 CIM_FilterList REF Antecedent;
2303
2304 [Override ( "Dependent" ), Description (
2305 "The PacketFilterCondition that uses the FilterList as part "
2306 "of a PolicyRule."),
2307 MappingStrings { "IPSP Policy Model.IETF|"
2308 "FilterOfSACondition.Dependent" }]
2309 CIM_PacketFilterCondition REF Dependent;
2310 };
2311 a.dunfey 1.1
2312
2313 // ==================================================================
2314 // AcceptCredentialFrom
2315 // ==================================================================
2316 [Association, Version ( "2.8" ), Description (
2317 "This association specifies that a credential management "
2318 "service (e.g., CertificateAuthority or Kerberos key "
2319 "distribution service) is to be trusted to certify credentials, "
2320 "presented at the packet level. The association defines an "
2321 "'approved' CredentialManagementService that is used for "
2322 "validation. \n"
2323 "\n"
2324 "The use of this class is best explained via an example: \n"
2325 "If a CertificateAuthority is specified using this association, "
2326 "and a corresponding X509CredentialFilterEntry is also "
2327 "associated with a PacketFilterCondition (via the relationship, "
2328 "FilterOfPacketCondition), then the credential MUST match the "
2329 "FilterEntry data AND be certified by that CA (or one of the "
2330 "CredentialManagementServices in its trust hierarchy). "
2331 "Otherwise, the X509CredentialFilterEntry is deemed not to "
2332 a.dunfey 1.1 "match. If a credential is certified by a "
2333 "CredentialManagementService associated with the "
2334 "PacketFilterCondition through the AcceptCredentialFrom "
2335 "relationship, but there is no corresponding "
2336 "CredentialFilterEntry, then all credentials from the related "
2337 "service are considered to match."),
2338 MappingStrings { "IPSP Policy Model.IETF|AcceptCredentialFrom" }]
2339 class CIM_AcceptCredentialFrom : CIM_Dependency {
2340
2341 [Override ( "Antecedent" ), Description (
2342 "The CredentialManagementService that is issuing the "
2343 "credential to be matched in the PacketFilterCondition."),
2344 MappingStrings { "IPSP Policy "
2345 "Model.IETF|AcceptCredentialFrom.Antecedent" }]
2346 CIM_CredentialManagementService REF Antecedent;
2347
2348 [Override ( "Dependent" ), Description (
2349 "The PacketFilterCondition that associates the "
2350 "CredentialManagementService and any "
2351 "FilterLists/FilterEntries."),
2352 MappingStrings { "IPSP Policy "
2353 a.dunfey 1.1 "Model.IETF|AcceptCredentialFrom.Dependent" }]
2354 CIM_PacketFilterCondition REF Dependent;
2355 };
2356
2357
2358 // ===================================================================
2359 // end of file
2360 // ===================================================================
2361
|