Return to
CIM_Policy.mof
CVS log
Up to [Pegasus] / pegasus / Schemas / CIM29
|
Return to
CIM_Policy.mof
CVS log
|
Up to [Pegasus] / pegasus / Schemas / CIM29
|
|
File: [Pegasus] / pegasus / Schemas / CIM29 / CIM_Policy.mof
(download)
Revision: 1.1, Thu Feb 17 00:09:56 2005 UTC (19 years, 3 months ago) by a.dunfey Branch: MAIN CVS Tags: preBug9676, postBug9676, TASK_PEP328_SOLARIS_NEVADA_PORT, TASK_PEP317_1JUNE_2013, TASK_PEP233_EmbeddedInstSupport-merge_out_trunk, TASK_BUG_5314_IPC_REFACTORING_ROOT, TASK_BUG_5314_IPC_REFACTORING_BRANCH, TASK_BUG_5314_IPC_REFACTORING-V1, TASK_BUG_5191_QUEUE_CONSOLIDATION_ROOT, TASK_BUG_5191_QUEUE_CONSOLIDATION_BRANCH, TASK-TASK_PEP362_RestfulService_branch-root, TASK-TASK_PEP362_RestfulService_branch-merged_out_from_trunk, TASK-TASK_PEP362_RestfulService_branch-merged_in_to_trunk, TASK-TASK_PEP362_RestfulService_branch-merged_in_from_branch, TASK-TASK_PEP362_RestfulService_branch-branch, TASK-TASK-BUG4011_WinLocalConnect-branch-New-root, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_out_to_branch, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_out_from_trunk, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_in_to_trunk, TASK-TASK-BUG4011_WinLocalConnect-branch-New-merged_in_from_branch, TASK-TASK-BUG4011_WinLocalConnect-branch-New-branch, TASK-PEP362_RestfulService-root, TASK-PEP362_RestfulService-merged_out_to_branch, TASK-PEP362_RestfulService-merged_out_from_trunk, TASK-PEP362_RestfulService-merged_in_to_trunk, TASK-PEP362_RestfulService-merged_in_from_branch, TASK-PEP362_RestfulService-branch, TASK-PEP348_SCMO-root, TASK-PEP348_SCMO-merged_out_to_branch, TASK-PEP348_SCMO-merged_out_from_trunk, TASK-PEP348_SCMO-merged_in_to_trunk, TASK-PEP348_SCMO-merged_in_from_branch, TASK-PEP348_SCMO-branch, TASK-PEP328_SOLARIS_NEVADA_PORT_v2-root, TASK-PEP328_SOLARIS_NEVADA_PORT_v2-branch, TASK-PEP328_SOLARIS_NEVADA_PORT-root, TASK-PEP328_SOLARIS_NEVADA_PORT-branch, TASK-PEP328_SOLARIS_IX86_CC_PORT-root, TASK-PEP328_SOLARIS_IX86_CC_PORT-branch-v2, TASK-PEP328_SOLARIS_IX86_CC_PORT-branch, TASK-PEP317_pullop-root, TASK-PEP317_pullop-merged_out_to_branch, TASK-PEP317_pullop-merged_out_from_trunk, TASK-PEP317_pullop-merged_in_to_trunk, TASK-PEP317_pullop-merged_in_from_branch, TASK-PEP317_pullop-branch, TASK-PEP311_WSMan-root, TASK-PEP311_WSMan-branch, TASK-PEP305_VXWORKS-root, TASK-PEP305_VXWORKS-branch-pre-solaris-port, TASK-PEP305_VXWORKS-branch-post-solaris-port, TASK-PEP305_VXWORKS-branch-beta2, TASK-PEP305_VXWORKS-branch, TASK-PEP305_VXWORKS-2008-10-23, TASK-PEP291_IPV6-root, TASK-PEP291_IPV6-branch, TASK-PEP286_PRIVILEGE_SEPARATION-root, TASK-PEP286_PRIVILEGE_SEPARATION-branch, TASK-PEP274_dacim-root, TASK-PEP274_dacim-merged_out_to_branch, TASK-PEP274_dacim-merged_out_from_trunk, TASK-PEP274_dacim-merged_in_to_trunk, TASK-PEP274_dacim-merged_in_from_branch, TASK-PEP274_dacim-branch, TASK-PEP268_SSLClientCertificatePropagation-root, TASK-PEP268_SSLClientCertificatePropagation-merged_out_to_branch, TASK-PEP268_SSLClientCertificatePropagation-merged_out_from_trunk, TASK-PEP268_SSLClientCertificatePropagation-merged_in_to_trunk, TASK-PEP268_SSLClientCertificatePropagation-merged_in_from_branch, TASK-PEP268_SSLClientCertificatePropagation-branch, TASK-PEP267_SLPReregistrationSupport-root, TASK-PEP267_SLPReregistrationSupport-merging_out_to_branch, TASK-PEP267_SLPReregistrationSupport-merging_out_from_trunk, TASK-PEP267_SLPReregistrationSupport-merged_out_to_branch, TASK-PEP267_SLPReregistrationSupport-merged_out_from_trunk, TASK-PEP267_SLPReregistrationSupport-merged_in_to_trunk, TASK-PEP267_SLPReregistrationSupport-merged_in_from_branch, TASK-PEP267_SLPReregistrationSupport-branch, TASK-PEP250_RPMProvider-root, TASK-PEP250_RPMProvider-merged_out_to_branch, TASK-PEP250_RPMProvider-merged_out_from_trunk, TASK-PEP250_RPMProvider-merged_in_to_trunk, TASK-PEP250_RPMProvider-merged_in_from_branch, TASK-PEP250_RPMProvider-branch, TASK-PEP245_CimErrorInfrastructure-root, TASK-PEP245_CimErrorInfrastructure-merged_out_to_branch, TASK-PEP245_CimErrorInfrastructure-merged_out_from_trunk, TASK-PEP245_CimErrorInfrastructure-merged_in_to_trunk, TASK-PEP245_CimErrorInfrastructure-merged_in_from_branch, TASK-PEP245_CimErrorInfrastructure-branch, TASK-PEP241_OpenPegasusStressTests-root, TASK-PEP241_OpenPegasusStressTests-merged_out_to_branch, TASK-PEP241_OpenPegasusStressTests-merged_out_from_trunk, TASK-PEP241_OpenPegasusStressTests-merged_in_to_trunk, TASK-PEP241_OpenPegasusStressTests-merged_in_from_branch, TASK-PEP241_OpenPegasusStressTests-branch, TASK-Bugs5690_3913_RemoteCMPI-root, TASK-Bugs5690_3913_RemoteCMPI-merged_out_to_branch, TASK-Bugs5690_3913_RemoteCMPI-merged_out_from_trunk, TASK-Bugs5690_3913_RemoteCMPI-merged_in_to_trunk, TASK-Bugs5690_3913_RemoteCMPI-merged_in_from_branch, TASK-Bugs5690_3913_RemoteCMPI-branch, TASK-Bug2102_RCMPIWindows-root, TASK-Bug2102_RCMPIWindows-merged_out_to_branch, TASK-Bug2102_RCMPIWindows-merged_out_from_trunk, TASK-Bug2102_RCMPIWindows-merged_in_to_trunk, TASK-Bug2102_RCMPIWindows-merged_in_from_branch, TASK-Bug2102_RCMPIWindows-branch, TASK-Bug2102Final-root, TASK-Bug2102Final-merged_out_to_branch, TASK-Bug2102Final-merged_out_from_trunk, TASK-Bug2102Final-merged_in_to_trunk, TASK-Bug2102Final-merged_in_from_branch, TASK-Bug2102Final-branch, TASK-Bug2021_RemoteCMPIonWindows-root, TASK-Bug2021_RemoteCMPIonWindows-merged_out_to_branch, TASK-Bug2021_RemoteCMPIonWindows-merged_out_from_trunk, TASK-Bug2021_RemoteCMPIonWindows-merged_in_to_trunk, TASK-Bug2021_RemoteCMPIonWindows-merged_in_from_branch, TASK-Bug2021_RemoteCMPIonWindows-branch, TASK-Bug2021_RCMPIonWindows-root, TASK-Bug2021_RCMPIonWindows-merged_out_to_branch, TASK-Bug2021_RCMPIonWindows-merged_out_from_trunk, TASK-Bug2021_RCMPIonWindows-merged_in_to_trunk, TASK-Bug2021_RCMPIonWindows-merged_in_from_branch, TASK-Bug2021_RCMPIonWindows-branch, TASK-BUG7240-root, TASK-BUG7240-branch, TASK-BUG7146_SqlRepositoryPrototype-root, TASK-BUG7146_SqlRepositoryPrototype-merged_out_to_branch, TASK-BUG7146_SqlRepositoryPrototype-merged_out_from_trunk, TASK-BUG7146_SqlRepositoryPrototype-merged_in_to_trunk, TASK-BUG7146_SqlRepositoryPrototype-merged_in_from_branch, TASK-BUG7146_SqlRepositoryPrototype-branch, TASK-BUG4011_WinLocalConnect-root, TASK-BUG4011_WinLocalConnect-merged_out_to_branch, TASK-BUG4011_WinLocalConnect-merged_out_from_trunk, TASK-BUG4011_WinLocalConnect-merged_in_to_trunk, TASK-BUG4011_WinLocalConnect-merged_in_from_branch, TASK-BUG4011_WinLocalConnect-branch-New, TASK-BUG4011_WinLocalConnect-branch, STABLE, RELEASE_2_9_2-RC2, RELEASE_2_9_2-RC1, RELEASE_2_9_2, RELEASE_2_9_1-RC1, RELEASE_2_9_1, RELEASE_2_9_0-RC1, RELEASE_2_9_0-FC, RELEASE_2_9_0, RELEASE_2_9-root, RELEASE_2_9-branch, RELEASE_2_8_2-RC1, RELEASE_2_8_2, RELEASE_2_8_1-RC1, RELEASE_2_8_1, RELEASE_2_8_0_BETA, RELEASE_2_8_0-RC2, RELEASE_2_8_0-RC1, RELEASE_2_8_0-FC, RELEASE_2_8_0, RELEASE_2_8-root, RELEASE_2_8-branch, RELEASE_2_7_3-RC1, RELEASE_2_7_3, RELEASE_2_7_2-RC1, RELEASE_2_7_2, RELEASE_2_7_1-RC1, RELEASE_2_7_1, RELEASE_2_7_0-RC1, RELEASE_2_7_0-BETA, RELEASE_2_7_0, RELEASE_2_7-root, RELEASE_2_7-branch, RELEASE_2_6_3-RC2, RELEASE_2_6_3-RC1, RELEASE_2_6_3, RELEASE_2_6_2-RC1, RELEASE_2_6_2, RELEASE_2_6_1-RC1, RELEASE_2_6_1, RELEASE_2_6_0-RC1, RELEASE_2_6_0-FC, RELEASE_2_6_0, RELEASE_2_6-root, RELEASE_2_6-branch-clean, RELEASE_2_6-branch, RELEASE_2_5_5-RC2, RELEASE_2_5_5-RC1, RELEASE_2_5_5, RELEASE_2_5_4-RC2, RELEASE_2_5_4-RC1, RELEASE_2_5_4, RELEASE_2_5_3-RC1, RELEASE_2_5_3, RELEASE_2_5_2-RC1, RELEASE_2_5_2, RELEASE_2_5_1-RC1, RELEASE_2_5_1, RELEASE_2_5_0-RC1, RELEASE_2_5_0, RELEASE_2_5-root, RELEASE_2_5-branch, RELEASE_2_14_1, RELEASE_2_14_0-RC2, RELEASE_2_14_0-RC1, RELEASE_2_14_0, RELEASE_2_14-root, RELEASE_2_14-branch, RELEASE_2_13_0-RC2, RELEASE_2_13_0-RC1, RELEASE_2_13_0-FC, RELEASE_2_13_0, RELEASE_2_13-root, RELEASE_2_13-branch, RELEASE_2_12_1-RC1, RELEASE_2_12_1, RELEASE_2_12_0-RC1, RELEASE_2_12_0-FC, RELEASE_2_12_0, RELEASE_2_12-root, RELEASE_2_12-branch, RELEASE_2_11_2-RC1, RELEASE_2_11_2, RELEASE_2_11_1-RC1, RELEASE_2_11_1, RELEASE_2_11_0-RC1, RELEASE_2_11_0-FC, RELEASE_2_11_0, RELEASE_2_11-root, RELEASE_2_11-branch, RELEASE_2_10_1-RC1, RELEASE_2_10_1, RELEASE_2_10_0-RC2, RELEASE_2_10_0-RC1, RELEASE_2_10_0, RELEASE_2_10-root, RELEASE_2_10-branch, PREAUG25UPDATE, POSTAUG25UPDATE, PEP286_PRIVILEGE_SEPARATION_ROOT, PEP286_PRIVILEGE_SEPARATION_CODE_FREEZE, PEP286_PRIVILEGE_SEPARATION_BRANCH, PEP286_PRIVILEGE_SEPARATION_1, PEP244_ServerProfile-root, PEP244_ServerProfile-branch, PEP233_EmbeddedInstSupport-root, PEP233_EmbeddedInstSupport-branch, PEP214ROOT, PEP214BRANCH, PEP214-root, PEP214-branch, PEP-214B-root, PEGASUS_2_5_0_PerformanceDev-string-end, PEGASUS_2_5_0_PerformanceDev-rootlt, PEGASUS_2_5_0_PerformanceDev-root, PEGASUS_2_5_0_PerformanceDev-r2, PEGASUS_2_5_0_PerformanceDev-r1, PEGASUS_2_5_0_PerformanceDev-lit-end, PEGASUS_2_5_0_PerformanceDev-buffer-end, PEGASUS_2_5_0_PerformanceDev-branch, PEGASUS_2_5_0_PerformanceDev-AtomicInt-branch, PEG25_IBM_5_16_05, NPEGASUS_2_5_0_PerformanceDev-String-root, NNPEGASUS_2_5_0_PerformanceDev-String-branch, Makefile, HPUX_TEST, HEAD, CIMRS_WORK_20130824, BeforeUpdateToHeadOct82011, BUG_4225_PERFORMANCE_VERSION_1_DONE PEP#: 215 TITLE: Adding CIM29 to Repository DESCRIPTION: I added CIM 2.9 Final to the Pegasus Repository. I did NOT make any build changes. This just makes the CIM29 schema available for testing until a time is designated for switching the default schema from 2.8 to 2.9. |
// ===================================================================
// Title: CIM_Policy
// $State: Exp $
// $Date: 2005/02/17 00:09:56 $
// $RCSfile: CIM_Policy.mof,v $
// $Revision: 1.1 $
// ===================================================================
//#pragma inLine ("Includes/copyright.inc")
// Copyright 1998-2005 Distributed Management Task Force, Inc. (DMTF).
// All rights reserved.
// DMTF is a not-for-profit association of industry members dedicated
// to promoting enterprise and systems management and interoperability.
// DMTF specifications and documents may be reproduced for uses
// consistent with this purpose by members and non-members,
// provided that correct attribution is given.
// As DMTF specifications may be revised from time to time,
// the particular version and release date should always be noted.
//
// Implementation of certain elements of this standard or proposed
// standard may be subject to third party patent rights, including
// provisional patent rights (herein "patent rights"). DMTF makes
// no representations to users of the standard as to the existence
// of such rights, and is not responsible to recognize, disclose, or
// identify any or all such third party patent right, owners or
// claimants, nor for any incomplete or inaccurate identification or
// disclosure of such rights, owners or claimants. DMTF shall have no
// liability to any party, in any manner or circumstance, under any
// legal theory whatsoever, for failure to recognize, disclose, or
// identify any such third party patent rights, or for such party's
// reliance on the standard or incorporation thereof in its product,
// protocols or testing procedures. DMTF shall have no liability to
// any party implementing such standard, whether such implementation
// is foreseeable or not, nor to any patent owner or claimant, and shall
// have no liability or responsibility for costs or losses incurred if
// a standard is withdrawn or modified after publication, and shall be
// indemnified and held harmless by any party implementing the
// standard from any and all claims of infringement by a patent owner
// for such implementations.
//
// For information about patents held by third-parties which have
// notified the DMTF that, in their opinion, such patent may relate to
// or impact implementations of DMTF standards, visit
// http://www.dmtf.org/about/policies/disclosures.php.
//#pragma inLine
// ===================================================================
// Description: The Policy Model provides a framework for specifying
// configuration and operational information in a scalable
// way using rules composed of conditions and actions.
//
// The object classes below are listed in an order that
// avoids forward references. Required objects, defined
// by other working groups, are omitted.
// ===================================================================
// CIM V2.8 Changes (Company Review)
// DMTFCR1104 -Replace the class definition of
// AuthenticationCondition
// Add the following class defintions:
// SharedSecretAuthentication, AccountAuthentication,
// BiometricAuthentication, NetworkingIDAuthentication,
// PublicPrivateKeyAuthentication, KerberosAuthentication,
// DocumentAuthentication, ChallengeQuestionAuthentication
// (Deleted in Final),
// and PhysicalCredentialAuthentication
// DMTFCR1105 - Generalize the SACondition class (from the Networks)
// to be PacketFilterCondition and defined here in Policy.
// Add FilterOfPacketCondition and AcceptCredentialFrom
// class definitions.
// Move FilterOfPacketCondition to Network_IPsecPolicy to
// avoid a forward reference.
// DMTFCR1106 - Add DoActionLogging property to PolicyAction
// Add NetworkPacketAction class definition
// Add RejectConnectionAction class definition
// DMTFCR1128 - Change subclassing of PolicyInSystem from
// Dependency to HostedDependency.
//
// CIM V2.8 Changes
// DMTFCR1057 - Explicit declaration of PolicySets that apply to
// ManagedElements, via PolicyRoleCollections
// DMTFCR1058 - Activate/deactivate PolicySets which match a
// particular PolicyRole on a particular ManagedElement
// DMTFCR1060 - Add AuthenticationCondition and AuthenticationRule
// subclasses of PolicyCondition/PolicyRule
//
// CIM V2.7 Changes
// DMTFCR985 - Promote Deprecations to V2.7 Final
// DMTFCR960 - Remove Weak Qualifier from PolicyRoleCollection and
// derive from SystemSpecificCollection instead of Collection
// DMTFCR930 - Implementation Experience with the Policy 2.7 Model
// - Move PolicyRule.Enabled to PolicySet.Enabled
// - Move PolicyTimePeriodCondition up to PolicySet and
// make clear how to specify global time period with respect
// a given time zone
// - Deprecate policy role combinations
// - Add Unconditional to PolicyRule.ConditionListType
// - Deprecate PolicyRule.Mandatory
// CIMCR914 - Added propagated keys in PolicyRoleCollection
// CIMCR906 - Add text to PolicySetComponent's Description and the
// class' Priority property to indicate that the values
// of Priority must be unique
// With promotion of Component to ManagedElement,
// added CIM_Component as superclass of CIM_PolicyComponent
// (there is no other change to the semantics or syntax)
// CIMCR625 - Add CompoundPolicyCondition as PolicyCondition
// subclass
// - Add PolicyConditionStructure abstract aggregation as a
// subclass of PolicyComponent
// - Change derivation of PolicyConditionInPolicyRule from
// PolicyComponent to PolicyConditionStructure and move
// GroupNumber and ConditionNegated properties up to parent
// class
// - Add PolicyConditionInPolicyCondition aggregation as a
// subclass of PolicyConditionStructure
// - Add PolicyRoleCollection as Collection subclass
// - Add ElementInPolicyRoleCollection as MemberOfCollection
// subclass
// - Add PolicyRoleCollectionInSystem as Dependency subclass
//
// CIM V2.6 Changes
// CIMCR614 - Add CompoundPolicyAction
// - Add CompoundPolicyAction as a subclass of PolicyAction
// - Add PolicyActionStructure abstract aggregation as a
// subclass of PolicyComponent
// - Change derivation of PolicyActionInPolicyRule from
// PolicyComponent to PolicyActionStructure and, thus,
// move ActionOrder property up to parent class
// - Add PolicyActionInPolicyAction aggregation as a
// subclass of PolicyActionStructure
// CIMCR597a - PCIMe updates
// - Edit Policy description
// - Add PolicySet & derive PolicyGroup & PolicyRule
// - Deprecate PolicyRule.Priority for
// PolicySetComponent.Priority
// - Remove PolicyRule.PolicyRoles (it's in PolicySet)
// - Add PolicyRule.ExecutionStrategy
// - Deprecate PolicyRepository & replace with
// ReusablePolicyContainer
// - Add PolicySetInSystem
// - Add PolicySetComponent & deprecate ...InPolicyGroup
// & derive PolicyGroupInSystem & PolicyRuleInSystem
// - Add ContainedDomain (to Core)
// & deprecate PolicyRepositoryInPolicyRepository
// - Add ReusablePolicy & deprecate ...InPolicyRepository
// ==================================================================
#pragma Locale ("en-US")
// ==================================================================
// Compile prerequisite: Core, Network and User MOFs
// Network MOF is needed for FilterList, and the User MOF for
// CredentialManagementService
// ==================================================================
// ==================================================================
// Policy
// ==================================================================
[Abstract, Version ( "2.6.0" ), Description (
"An abstract class defining the common properties of the policy "
"managed elements derived from CIM_Policy. The subclasses are "
"used to create rules and groups of rules that work together to "
"form a coherent set of policies within an administrative "
"domain or set of domains.")]
class CIM_Policy : CIM_ManagedElement {
[Description (
"A user-friendly name of this policy-related object.")]
string CommonName;
[Description (
"An array of keywords for characterizing / categorizing "
"policy objects. Keywords are of one of two types: \n"
"- Keywords defined in this and other MOFs, or in DMTF white "
"papers. These keywords provide a vendor- independent, "
"installation-independent way of characterizing policy "
"objects. \n"
"- Installation-dependent keywords for characterizing policy "
"objects. Examples include 'Engineering', 'Billing', and "
"'Review in December 2000'. \n"
"This MOF defines the following keywords: 'UNKNOWN', "
"'CONFIGURATION', 'USAGE', 'SECURITY', 'SERVICE', "
"'MOTIVATIONAL', 'INSTALLATION', and 'EVENT'. These concepts "
"are self-explanatory and are further discussed in the "
"SLA/Policy White Paper. One additional keyword is defined: "
"'POLICY'. The role of this keyword is to identify "
"policy-related instances that may not be otherwise "
"identifiable, in some implementations. The keyword 'POLICY' "
"is NOT mutually exclusive of the other keywords specified "
"above.")]
string PolicyKeywords[];
};
// ==================================================================
// PolicySet
// ==================================================================
[Abstract, Version ( "2.8.0" ), Description (
"PolicySet is an abstract class that represents a set of "
"policies that form a coherent set. The set of contained "
"policies has a common decision strategy and a common set of "
"policy roles (defined via the PolicySetInRole Collection "
"association). Subclasses include PolicyGroup and PolicyRule.")]
class CIM_PolicySet : CIM_Policy {
[Description (
"PolicyDecisionStrategy defines the evaluation method used "
"for policies contained in the PolicySet. FirstMatching "
"enforces the actions of the first rule that evaluates to "
"TRUE. It is the only value currently defined."),
ValueMap { "1" },
Values { "First Matching" }]
uint16 PolicyDecisionStrategy;
[Deprecated { "CIM_PolicySetInRoleCollection" }, Description (
"The PolicyRoles property represents the roles associated "
"with a PolicySet. All contained PolicySet instances inherit "
"the values of the PolicyRoles of the aggregating PolicySet "
"but the values are not copied. A contained PolicySet "
"instance may, however, add additional PolicyRoles to those "
"it inherits from its aggregating PolicySet(s). Each value "
"in PolicyRoles multi-valued property represents a role for "
"which the PolicySet applies, i.e., the PolicySet should be "
"used by any enforcement point that assumes any of the "
"listed PolicyRoles values. \n"
"\n"
"Although not officially designated as 'role combinations', "
"multiple roles may be specified using the form: \n"
"<RoleName>[&&<RoleName>]* \n"
"where the individual role names appear in alphabetical "
"order (according to the collating sequence for UCS-2). "
"Implementations may treat PolicyRoles values that are "
"specified as 'role combinations' as simple strings. \n"
"\n"
"This property is deprecated in lieu of the use of an "
"association, CIM_PolicySetInRoleCollection. The latter is a "
"more explicit and less error-prone approach to modeling "
"that a PolicySet has one or more PolicyRoles.")]
string PolicyRoles[];
[Description (
"Indicates whether this PolicySet is administratively "
"enabled, administratively disabled, or enabled for debug. "
"The \"EnabledForDebug\" property value is deprecated and, "
"when it or any value not understood by the receiver is "
"specified, the receiving enforcement point treats the "
"PolicySet as \"Disabled\". To determine if a PolicySet is "
"\"Enabled\", the containment hierarchy specified by the "
"PolicySetComponent aggregation is examined and the Enabled "
"property values of the hierarchy are ANDed together. Thus, "
"for example, everything aggregated by a PolicyGroup may be "
"disabled by setting the Enabled property in the PolicyGroup "
"instance to \"Disabled\" without changing the Enabled "
"property values of any of the aggregated instances. The "
"default value is 1 (\"Enabled\")."),
ValueMap { "1", "2", "3" },
Values { "Enabled", "Disabled", "Enabled For Debug" }]
uint16 Enabled = 1;
};
// ==================================================================
// PolicyGroup
// ==================================================================
[Version ( "2.6.0" ), Description (
"An aggregation of PolicySet instances (PolicyGroups and/or "
"PolicyRules) that have the same decision strategy and inherit "
"policy roles. PolicyGroup instances are defined and named "
"relative to the CIM_System that provides their context.")]
class CIM_PolicyGroup : CIM_PolicySet {
[Key, Propagated ( "CIM_System.CreationClassName" ),
Description (
"The scoping System's CreationClassName."),
MaxLen ( 256 )]
string SystemCreationClassName;
[Key, Propagated ( "CIM_System.Name" ), Description (
"The scoping System's Name."),
MaxLen ( 256 )]
string SystemName;
[Key, Description (
"CreationClassName indicates the name of the class or the "
"subclass used in the creation of an instance. When used "
"with the other key properties of this class, this property "
"allows all instances of this class and its subclasses to be "
"uniquely identified."),
MaxLen ( 256 )]
string CreationClassName;
[Key, Description (
"A user-friendly name of this PolicyGroup."),
MaxLen ( 256 )]
string PolicyGroupName;
};
// ==================================================================
// PolicyRule
// ==================================================================
[Version ( "2.7.0" ), Description (
"The central class used for representing the 'If Condition then "
"Action' semantics of a policy rule. A PolicyRule condition, in "
"the most general sense, is represented as either an ORed set "
"of ANDed conditions (Disjunctive Normal Form, or DNF) or an "
"ANDed set of ORed conditions (Conjunctive Normal Form, or "
"CNF). Individual conditions may either be negated (NOT C) or "
"unnegated (C). The actions specified by a PolicyRule are to be "
"performed if and only if the PolicyRule condition (whether it "
"is represented in DNF or CNF) evaluates to TRUE. \n"
"\n"
"The conditions and actions associated with a PolicyRule are "
"modeled, respectively, with subclasses of PolicyCondition and "
"PolicyAction. These condition and action objects are tied to "
"instances of PolicyRule by the PolicyConditionInPolicyRule and "
"PolicyActionInPolicyRule aggregations. \n"
"\n"
"A PolicyRule may also be associated with one or more policy "
"time periods, indicating the schedule according to which the "
"policy rule is active and inactive. In this case it is the "
"PolicySetValidityPeriod aggregation that provides this "
"linkage. \n"
"\n"
"The PolicyRule class uses the property ConditionListType, to "
"indicate whether the conditions for the rule are in DNF "
"(disjunctive normal form), CNF (conjunctive normal form) or, "
"in the case of a rule with no conditions, as an "
"UnconditionalRule. The PolicyConditionInPolicyRule aggregation "
"contains two additional properties to complete the "
"representation of the Rule's conditional expression. The first "
"of these properties is an integer to partition the referenced "
"PolicyConditions into one or more groups, and the second is a "
"Boolean to indicate whether a referenced Condition is negated. "
"An example shows how ConditionListType and these two "
"additional properties provide a unique representation of a set "
"of PolicyConditions in either DNF or CNF. \n"
"\n"
"Suppose we have a PolicyRule that aggregates five "
"PolicyConditions C1 through C5, with the following values in "
"the properties of the five PolicyConditionInPolicyRule "
"associations: \n"
"C1: GroupNumber = 1, ConditionNegated = FALSE \n"
"C2: GroupNumber = 1, ConditionNegated = TRUE \n"
"C3: GroupNumber = 1, ConditionNegated = FALSE \n"
"C4: GroupNumber = 2, ConditionNegated = FALSE \n"
"C5: GroupNumber = 2, ConditionNegated = FALSE \n"
"\n"
"If ConditionListType = DNF, then the overall condition for the "
"PolicyRule is: \n"
"(C1 AND (NOT C2) AND C3) OR (C4 AND C5) \n"
"\n"
"On the other hand, if ConditionListType = CNF, then the "
"overall condition for the PolicyRule is: \n"
"(C1 OR (NOT C2) OR C3) AND (C4 OR C5) \n"
"\n"
"In both cases, there is an unambiguous specification of the "
"overall condition that is tested to determine whether to "
"perform the PolicyActions associated with the PolicyRule. \n"
"\n"
"PolicyRule instances may also be used to aggregate other "
"PolicyRules and/or PolicyGroups. When used in this way to "
"implement nested rules, the conditions of the aggregating rule "
"apply to the subordinate rules as well. However, any side "
"effects of condition evaluation or the execution of actions "
"MUST NOT affect the result of the evaluation of other "
"conditions evaluated by the rule engine in the same evaluation "
"pass. That is, an implementation of a rule engine MAY evaluate "
"all conditions in any order before applying the priority and "
"determining which actions are to be executed.")]
class CIM_PolicyRule : CIM_PolicySet {
[Key, Propagated ( "CIM_System.CreationClassName" ),
Description (
"The scoping System's CreationClassName."),
MaxLen ( 256 )]
string SystemCreationClassName;
[Key, Propagated ( "CIM_System.Name" ), Description (
"The scoping System's Name."),
MaxLen ( 256 )]
string SystemName;
[Key, Description (
"CreationClassName indicates the name of the class or the "
"subclass used in the creation of an instance. When used "
"with the other key properties of this class, this property "
"allows all instances of this class and its subclasses to be "
"uniquely identified."),
MaxLen ( 256 )]
string CreationClassName;
[Key, Description (
"A user-friendly name of this PolicyRule."),
MaxLen ( 256 )]
string PolicyRuleName;
[Description (
"Indicates whether the list of PolicyConditions associated "
"with this PolicyRule is in disjunctive normal form (DNF), "
"conjunctive normal form (CNF), or has no conditions (i.e., "
"is an UnconditionalRule) and is automatically evaluated to "
"\"True.\" The default value is 1 (\"DNF\")."),
ValueMap { "0", "1", "2" },
Values { "Unconditional Rule", "DNF", "CNF" }]
uint16 ConditionListType = 1;
[Description (
"A free-form string that can be used to provide guidelines "
"on how this PolicyRule should be used.")]
string RuleUsage;
[Deprecated { "CIM_PolicySetComponent.Priority" }, Description (
"PolicyRule.Priority is deprecated and replaced by providing "
"the priority for a rule (and a group) in the context of the "
"aggregating PolicySet instead of the priority being used "
"for all aggregating PolicySet instances. Thus, the "
"assignment of priority values is much simpler. \n"
"\n"
"A non-negative integer for prioritizing this Policy Rule "
"relative to other Rules. A larger value indicates a higher "
"priority. The default value is 0.")]
uint16 Priority=0;
[Deprecated { "No Value" }, Description (
"A flag indicating that the evaluation of the Policy "
"Conditions and execution of PolicyActions (if the "
"Conditions evaluate to TRUE) is required. The evaluation of "
"a PolicyRule MUST be attempted if the Mandatory property "
"value is TRUE. If the Mandatory property is FALSE, then the "
"evaluation of the Rule is 'best effort' and MAY be ignored.")]
boolean Mandatory;
[Description (
"This property gives a policy administrator a way of "
"specifying how the ordering of the PolicyActions associated "
"with this PolicyRule is to be interpreted. Three values are "
"supported: \n"
"o mandatory(1): Do the actions in the indicated order, or "
"don't do them at all. \n"
"o recommended(2): Do the actions in the indicated order if "
"you can, but if you can't do them in this order, do them in "
"another order if you can. \n"
"o dontCare(3): Do them -- I don't care about the order. \n"
"The default value is 3 (\"DontCare\")."),
ValueMap { "1", "2", "3" },
Values { "Mandatory", "Recommended", "Dont Care" }]
uint16 SequencedActions = 3;
[Description (
"ExecutionStrategy defines the strategy to be used in "
"executing the sequenced actions aggregated by this "
"PolicyRule. There are three execution strategies: \n"
"\n"
"Do Until Success - execute actions according to predefined "
"order, until successful execution of a single action. \n"
"Do All - execute ALL actions which are part of the modeled "
"set, according to their predefined order. Continue doing "
"this, even if one or more of the actions fails. \n"
"Do Until Failure - execute actions according to predefined "
"order, until the first failure in execution of an action "
"instance."),
ValueMap { "1", "2", "3" },
Values { "Do Until Success", "Do All", "Do Until Failure" }]
uint16 ExecutionStrategy;
};
// ==================================================================
// AuthenticationRule
// ==================================================================
[Version ( "2.8.0" ), Description (
"A class representing a company's and/or administrator's "
"authentication requirements for a CIM_Identity. The "
"PolicyConditions collected by an instance of "
"AuthenticationRule describe the various requirements under "
"which a CIM_Identity's CurrentlyAuthenticated Boolean is set "
"to TRUE. Note that the CIM_Identities which are authenticated "
"are tied to the Rule by the association, PolicySet "
"AppliesToElement. \n"
"\n"
"At this time, there are no actions associated with this "
"PolicyRule. This is because the actions are implicit. When the "
"conditions of the rule are met, then the "
"CurrentlyAuthenticated Boolean properties of the associated "
"instances of CIM_Identity are set to TRUE.")]
class CIM_AuthenticationRule : CIM_PolicyRule {
};
// ==================================================================
// ReusablePolicyContainer
// ==================================================================
[Version ( "2.6.0" ), Description (
"A class representing an administratively defined container for "
"reusable policy-related information. This class does not "
"introduce any additional properties beyond those in its "
"superclass AdminDomain. It does, however, participate in a "
"unique association for containing policy elements. \n"
"\n"
"An instance of this class uses the NameFormat value "
"\"ReusablePolicyContainer\".")]
class CIM_ReusablePolicyContainer : CIM_AdminDomain {
};
// ==================================================================
// PolicyRepository *** deprecated
// ==================================================================
[Deprecated { "CIM_ReusablePolicyContainer" }, Version ( "2.7.0" ),
Description (
"The term 'PolicyRepository' has been confusing to both "
"developers and users of the model. The replacement class name "
"describes model element properly and is less likely to be "
"confused with a data repository. \n"
"\n"
"A class representing an administratively defined container for "
"reusable policy-related information. This class does not "
"introduce any additional properties beyond those in its "
"superclass AdminDomain. It does, however, participate in a "
"number of unique associations. \n"
"\n"
"An instance of this class uses the NameFormat value "
"\"PolicyRepository\".")]
class CIM_PolicyRepository : CIM_AdminDomain {
};
// ==================================================================
// PolicyCondition
// ==================================================================
[Abstract, Version ( "2.6.0" ), Description (
"A class representing a rule-specific or reusable policy "
"condition to be evaluated in conjunction with a Policy Rule. "
"Since all operational details of a PolicyCondition are "
"provided in subclasses of this object, this class is abstract.")]
class CIM_PolicyCondition : CIM_Policy {
[Key, Description (
"The name of the class or the subclass used in the creation "
"of the System object in whose scope this PolicyCondition is "
"defined. \n"
"\n"
"This property helps to identify the System object in whose "
"scope this instance of PolicyCondition exists. For a "
"rule-specific PolicyCondition, this is the System in whose "
"context the PolicyRule is defined. For a reusable "
"PolicyCondition, this is the instance of PolicyRepository "
"(which is a subclass of System) that holds the Condition. \n"
"\n"
"Note that this property, and the analogous property "
"SystemName, do not represent propagated keys from an "
"instance of the class System. Instead, they are properties "
"defined in the context of this class, which repeat the "
"values from the instance of System to which this "
"PolicyCondition is related, either directly via the "
"PolicyConditionInPolicyRepository association or indirectly "
"via the PolicyConditionInPolicyRule aggregation."),
MaxLen ( 256 )]
string SystemCreationClassName;
[Key, Description (
"The name of the System object in whose scope this "
"PolicyCondition is defined. \n"
"\n"
"This property completes the identification of the System "
"object in whose scope this instance of PolicyCondition "
"exists. For a rule-specific PolicyCondition, this is the "
"System in whose context the PolicyRule is defined. For a "
"reusable PolicyCondition, this is the instance of "
"PolicyRepository (which is a subclass of System) that holds "
"the Condition."),
MaxLen ( 256 )]
string SystemName;
[Key, Description (
"For a rule-specific PolicyCondition, the CreationClassName "
"of the PolicyRule object with which this Condition is "
"associated. For a reusable Policy Condition, a special "
"value, 'NO RULE', should be used to indicate that this "
"Condition is reusable and not associated with a single "
"PolicyRule."),
MaxLen ( 256 )]
string PolicyRuleCreationClassName;
[Key, Description (
"For a rule-specific PolicyCondition, the name of the "
"PolicyRule object with which this Condition is associated. "
"For a reusable PolicyCondition, a special value, 'NO RULE', "
"should be used to indicate that this Condition is reusable "
"and not associated with a single PolicyRule."),
MaxLen ( 256 )]
string PolicyRuleName;
[Key, Description (
"CreationClassName indicates the name of the class or the "
"subclass used in the creation of an instance. When used "
"with the other key properties of this class, this property "
"allows all instances of this class and its subclasses to be "
"uniquely identified."),
MaxLen ( 256 )]
string CreationClassName;
[Key, Description (
"A user-friendly name of this PolicyCondition."),
MaxLen ( 256 )]
string PolicyConditionName;
};
// ==================================================================
// PolicyTimePeriodCondition
// ==================================================================
[Version ( "2.7.0" ), Description (
"This class provides a means of representing the time periods "
"during which a PolicySet is valid, i.e., active. At all times "
"that fall outside these time periods, the PolicySet has no "
"effect. A PolicySet is treated as valid at ALL times, if it "
"does not specify a PolicyTimePeriodCondition. \n"
"\n"
"In some cases a Policy Consumer may need to perform certain "
"setup / cleanup actions when a PolicySet becomes active / "
"inactive. For example, sessions that were established while a "
"PolicySet was active might need to be taken down when the "
"PolicySet becomes inactive. In other cases, however, such "
"sessions might be left up. In this case, the effect of "
"deactivating the PolicySet would just be to prevent the "
"establishment of new sessions. \n"
"\n"
"Setup / cleanup behaviors on validity period transitions are "
"not currently addressed by the Policy Model, and must be "
"specified in 'guideline' documents or via subclasses of "
"CIM_PolicySet, CIM_PolicyTimePeriod Condition or other "
"concrete subclasses of CIM_Policy. If such behaviors need to "
"be under the control of the policy administrator, then a "
"mechanism to allow this control must also be specified in the "
"subclasses. \n"
"\n"
"PolicyTimePeriodCondition is defined as a subclass of "
"PolicyCondition. This is to allow the inclusion of time-based "
"criteria in the AND/OR condition definitions for a PolicyRule. "
"\n\n"
"Instances of this class may have up to five properties "
"identifying time periods at different levels. The values of "
"all the properties present in an instance are ANDed together "
"to determine the validity period(s) for the instance. For "
"example, an instance with an overall validity range of January "
"1, 2000 through December 31, 2000; a month mask that selects "
"March and April; a day-of-the-week mask that selects Fridays; "
"and a time of day range of 0800 through 1600 would be "
"represented using the following time periods: \n"
"Friday, March 5, 2000, from 0800 through 1600; \n"
"Friday, March 12, 2000, from 0800 through 1600; \n"
"Friday, March 19, 2000, from 0800 through 1600; \n"
"Friday, March 26, 2000, from 0800 through 1600; \n"
"Friday, April 2, 2000, from 0800 through 1600; \n"
"Friday, April 9, 2000, from 0800 through 1600; \n"
"Friday, April 16, 2000, from 0800 through 1600; \n"
"Friday, April 23, 2000, from 0800 through 1600; \n"
"Friday, April 30, 2000, from 0800 through 1600. \n"
"\n"
"Properties not present in an instance of "
"PolicyTimePeriodCondition are implicitly treated as having "
"their value 'always enabled'. Thus, in the example above, the "
"day-of-the-month mask is not present, and so the validity "
"period for the instance implicitly includes a day-of-the-month "
"mask that selects all days of the month. If this 'missing "
"property' rule is applied to its fullest, we see that there is "
"a second way to indicate that a PolicySet is always enabled: "
"associate with it an instance of PolicyTimePeriodCondition "
"whose only properties with specific values are its key "
"properties.")]
class CIM_PolicyTimePeriodCondition : CIM_PolicyCondition {
[Description (
"This property identifies an overall range of calendar dates "
"and times over which a PolicySet is valid. It is formatted "
"as a string representing a start date and time, in which "
"the character 'T' indicates the beginning of the time "
"portion, followed by the solidus character '/', followed by "
"a similar string representing an end date and time. The "
"first date indicates the beginning of the range, while the "
"second date indicates the end. Thus, the second date and "
"time must be later than the first. Date/times are expressed "
"as substrings of the form yyyymmddThhmmss. For example: \n"
"20000101T080000/20000131T120000 defines \n"
"January 1, 2000, 0800 through January 31, 2000, noon \n"
"\n"
"There are also two special cases in which one of the "
"date/time strings is replaced with a special string defined "
"in RFC 2445. \n"
"o If the first date/time is replaced with the string "
"'THISANDPRIOR', then the property indicates that a "
"PolicySet is valid [from now] until the date/time that "
"appears after the '/'. \n"
"o If the second date/time is replaced with the string "
"'THISANDFUTURE', then the property indicates that a "
"PolicySet becomes valid on the date/time that appears "
"before the '/', and remains valid from that point on."),
ModelCorrespondence {
"CIM_PolicyTimePeriodCondition.MonthOfYearMask",
"CIM_PolicyTimePeriodCondition.DayOfMonthMask",
"CIM_PolicyTimePeriodCondition.DayOfWeekMask",
"CIM_PolicyTimePeriodCondition.TimeOfDayMask",
"CIM_PolicyTimePeriodCondition.LocalOrUtcTime" }]
string TimePeriod;
[Description (
"The purpose of this property is to refine the valid time "
"period that is defined by the TimePeriod property, by "
"explicitly specifying in which months the PolicySet is "
"valid. These properties work together, with the TimePeriod "
"used to specify the overall time period in which the "
"PolicySet is valid, and the MonthOfYearMask used to pick "
"out the months during which the PolicySet is valid. \n"
"\n"
"This property is formatted as an octet string, structured "
"as follows: \n"
"o a 4-octet length field, indicating the length of the "
"entire octet string; this field is always set to 0x00000006 "
"for this property; \n"
"o a 2-octet field consisting of 12 bits identifying the 12 "
"months of the year, beginning with January and ending with "
"December, followed by 4 bits that are always set to '0'. "
"For each month, the value '1' indicates that the policy is "
"valid for that month, and the value '0' indicates that it "
"is not valid. \n"
"\n"
"The value 0x000000060830, for example, indicates that a "
"PolicySet is valid only in the months May, November, and "
"December. \n"
"\n"
"If a value for this property is not provided, then the "
"PolicySet is treated as valid for all twelve months, and "
"only restricted by its TimePeriod property value and the "
"other Mask properties."),
OctetString,
ModelCorrespondence {
"CIM_PolicyTimePeriodCondition.TimePeriod",
"CIM_PolicyTimePeriodCondition.LocalOrUtcTime" }]
uint8 MonthOfYearMask[];
[Description (
"The purpose of this property is to refine the valid time "
"period that is defined by the TimePeriod property, by "
"explicitly specifying in which days of the month the "
"PolicySet is valid. These properties work together, with "
"the TimePeriod used to specify the overall time period in "
"which the PolicySet is valid, and the DayOfMonthMask used "
"to pick out the days of the month during which the "
"PolicySet is valid. \n"
"\n"
"This property is formatted as an octet string, structured "
"as follows: \n"
"o a 4-octet length field, indicating the length of the "
"entire octet string; this field is always set to 0x0000000C "
"for this property; \n"
"o an 8-octet field consisting of 31 bits identifying the "
"days of the month counting from the beginning, followed by "
"31 more bits identifying the days of the month counting "
"from the end, followed by 2 bits that are always set to "
"'0'. For each day, the value '1' indicates that the "
"PolicySet is valid for that day, and the value '0' "
"indicates that it is not valid. \n"
"\n"
"The value 0x0000000C8000000100000000, for example, "
"indicates that a PolicySet is valid on the first and last "
"days of the month. \n"
"\n"
"For months with fewer than 31 days, the digits "
"corresponding to days that the months do not have (counting "
"in both directions) are ignored. \n"
"\n"
"If a value for this property is not provided, then the "
"PolicySet is treated as valid for all days of the month, "
"and only restricted by its TimePeriod property value and "
"the other Mask properties."),
OctetString,
ModelCorrespondence {
"CIM_PolicyTimePeriodCondition.TimePeriod",
"CIM_PolicyTimePeriodCondition.LocalOrUtcTime" }]
uint8 DayOfMonthMask[];
[Description (
"The purpose of this property is to refine the valid time "
"period that is defined by the TimePeriod property, by "
"explicitly specifying in which days of the week the "
"PolicySet is valid. These properties work together, with "
"the TimePeriod used to specify the overall time period in "
"which the PolicySet is valid, and the DayOfWeekMask used to "
"pick out the days of the week during which the PolicySet is "
"valid. \n"
"\n"
"This property is formatted as an octet string, structured "
"as follows: \n"
"o a 4-octet length field, indicating the length of the "
"entire octet string; this field is always set to 0x00000005 "
"for this property; \n"
"o a 1-octet field consisting of 7 bits identifying the 7 "
"days of the week, beginning with Sunday and ending with "
"Saturday, followed by 1 bit that is always set to '0'. For "
"each day of the week, the value '1' indicates that the "
"PolicySet is valid for that day, and the value '0' "
"indicates that it is not valid. \n"
"\n"
"The value 0x000000057C, for example, indicates that a "
"PolicySet is valid Monday through Friday. \n"
"\n"
"If a value for this property is not provided, then the "
"PolicySet is treated as valid for all days of the week, and "
"only restricted by its TimePeriod property value and the "
"other Mask properties."),
OctetString,
ModelCorrespondence {
"CIM_PolicyTimePeriodCondition.TimePeriod",
"CIM_PolicyTimePeriodCondition.LocalOrUtcTime" }]
uint8 DayOfWeekMask[];
[Description (
"The purpose of this property is to refine the valid time "
"period that is defined by the TimePeriod property, by "
"explicitly specifying a range of times in a day during "
"which the PolicySet is valid. These properties work "
"together, with the TimePeriod used to specify the overall "
"time period in which the PolicySet is valid, and the "
"TimeOfDayMask used to pick out the range of time periods in "
"a given day of during which the PolicySet is valid. \n"
"\n"
"This property is formatted in the style of RFC 2445: a time "
"string beginning with the character 'T', followed by the "
"solidus character '/', followed by a second time string. "
"The first time indicates the beginning of the range, while "
"the second time indicates the end. Times are expressed as "
"substrings of the form 'Thhmmss'. \n"
"\n"
"The second substring always identifies a later time than "
"the first substring. To allow for ranges that span "
"midnight, however, the value of the second string may be "
"smaller than the value of the first substring. Thus, "
"'T080000/T210000' identifies the range from 0800 until "
"2100, while 'T210000/T080000' identifies the range from "
"2100 until 0800 of the following day. \n"
"\n"
"When a range spans midnight, it by definition includes "
"parts of two successive days. When one of these days is "
"also selected by either the MonthOfYearMask, "
"DayOfMonthMask, and/or DayOfWeekMask, but the other day is "
"not, then the PolicySet is active only during the portion "
"of the range that falls on the selected day. For example, "
"if the range extends from 2100 until 0800, and the day of "
"week mask selects Monday and Tuesday, then the PolicySet is "
"active during the following three intervals: \n"
"From midnight Sunday until 0800 Monday; \n"
"From 2100 Monday until 0800 Tuesday; \n"
"From 2100 Tuesday until 23:59:59 Tuesday. \n"
"\n"
"If a value for this property is not provided, then the "
"PolicySet is treated as valid for all hours of the day, and "
"only restricted by its TimePeriod property value and the "
"other Mask properties."),
ModelCorrespondence {
"CIM_PolicyTimePeriodCondition.TimePeriod",
"CIM_PolicyTimePeriodCondition.LocalOrUtcTime" }]
string TimeOfDayMask;
[Description (
"This property indicates whether the times represented in "
"the TimePeriod property and in the various Mask properties "
"represent local times or UTC times. There is no provision "
"for mixing of local times and UTC times: the value of this "
"property applies to all of the other time-related "
"properties. TimePeriods are synchronized worldwide by using "
"the enumeration value 'UTCTime'. If the goal is to "
"synchronize worldwide on a particular local time (such as "
"0300 - 0500 in New York), then if the TimePeriod property "
"spans a Daylight Savings Time transition in New York, it "
"will be necessary to create multiple instances of "
"PolicyTimePeriodCondition, one based on the offset UTC-0500 "
"for the part of each year when standard time is used in New "
"York, and one based on the offset UTC-0400 for the part of "
"each year when Daylight Savings Time is used there."),
ValueMap { "1", "2" },
Values { "Local Time", "UTC Time" },
ModelCorrespondence {
"CIM_PolicyTimePeriodCondition.TimePeriod",
"CIM_PolicyTimePeriodCondition.MonthOfYearMask",
"CIM_PolicyTimePeriodCondition.DayOfMonthMask",
"CIM_PolicyTimePeriodCondition.DayOfWeekMask",
"CIM_PolicyTimePeriodCondition.TimeOfDayMask" }]
uint16 LocalOrUtcTime;
};
// ==================================================================
// CompoundPolicyCondition
// ==================================================================
[Version ( "2.7.0" ), Description (
"CompoundPolicyCondition is used to represent compound "
"conditions formed by aggregating simpler policy conditions. "
"Compound conditions are constructed by associating subordinate "
"condition terms together using the "
"PolicyConditionInPolicyCondition aggregation.")]
class CIM_CompoundPolicyCondition : CIM_PolicyCondition {
[Description (
"Indicates whether the list of CompoundPolicyConditions "
"associated with this PolicyRule is in disjunctive normal "
"form (DNF) or conjunctive normal form (CNF). The default "
"value is 1 (\"DNF\")."),
ValueMap { "1", "2" },
Values { "DNF", "CNF" }]
uint16 ConditionListType;
};
// ==================================================================
// AuthenticationCondition
// ==================================================================
[Abstract, Version ( "2.8.0" ), Description (
"An abstract class whose subclasses describe one of a company's "
"and/or administrator's credential requirements, and/or other "
"information that should be authenticated in order to "
"establish/trust a CIM_Identity. The PolicyConditions collected "
"by an instance of AuthenticationRule describe the various "
"requirements under which a CIM_Identity's "
"CurrentlyAuthenticated Boolean is set to TRUE. Note that the "
"CIM_Identities which are authenticated are specified through "
"the AuthenticationRule, using the PolicySet AppliesToElement "
"association.")]
class CIM_AuthenticationCondition : CIM_PolicyCondition {
};
// ==================================================================
// SharedSecretAuthentication
// ==================================================================
[Version ( "2.8.0" ), Description (
"A class describing a company's and/or administrator's "
"credential requirements that should be authenticated in order "
"to establish/trust a CIM_Identity. This class defines a "
"specific identity whose shared secret should be authenticated.")]
class CIM_SharedSecretAuthentication : CIM_AuthenticationCondition {
[Description (
"String defining the principal's ID whose secret is "
"authenticated.")]
string IDOfPrincipal;
[Description (
"String defining a hostname, URI or service/application "
"name. It defines the specific system or service which "
"provides the context for the shared secret.")]
string ContextOfSecret;
};
// ==================================================================
// AccountAuthentication
// ==================================================================
[Version ( "2.8.0" ), Description (
"A class describing a company's and/or administrator's "
"credential requirements that should be authenticated in order "
"to establish/trust a CIM_Identity. This class defines a "
"specific identity whose account credentials should be "
"authenticated.")]
class CIM_AccountAuthentication : CIM_AuthenticationCondition {
[Description (
"String defining the account's ID which is authenticated.")]
string AccountID;
[Description (
"String defining a hostname, URI or other information "
"identifying the system where the Account resides.")]
string AccountContext;
};
// ==================================================================
// BiometricAuthentication
// ==================================================================
[Version ( "2.8.0" ), Description (
"A class describing a company's and/or administrator's "
"credential requirements that should be authenticated in order "
"to establish/trust a CIM_Identity. This class defines specific "
"biometric data that should be authenticated.")]
class CIM_BiometricAuthentication : CIM_AuthenticationCondition {
[Description (
"Integer enumeration identifying the biometric data that "
"should be authenticated."),
ValueMap { "1", "2", "3", "4", "5", "6","7", "8" },
Values { "Other", "Facial", "Retina", "Mark", "Finger", "Voice",
"DNA-RNA", "EEG" },
ModelCorrespondence {
"CIM_BiometricAuthentication.OtherBiometric" }]
uint16 TypeOfBiometric;
[Description (
"String specifying the biometric when the TypeOfBiometric "
"property is set to 1, \"Other\"."),
ModelCorrespondence {
"CIM_BiometricAuthentication.TypeOfBiometric" }]
string OtherBiometric;
[Description (
"String defining a specific biometric code, which may be "
"validated by the security infrastructure. If this property "
"is left blank, it is the responsibility of the "
"infrastructure to verify the biometric (which MUST be of a "
"type specified by the TypeOfBiometric property).")]
string PersonalIdentifier;
};
// ==================================================================
// NetworkingIDAuthentication
// ==================================================================
[Version ( "2.8.0" ), Description (
"A class describing a company's and/or administrator's "
"credential requirements that should be authenticated in order "
"to establish/trust a CIM_Identity. This class specifies that a "
"networking ID or address should be verified.")]
class CIM_NetworkingIDAuthentication : CIM_AuthenticationCondition {
[Description (
"A string defining the specific type/subclass of "
"CIM_Identity which specifies the networking information. "
"For example, CIM_StorageHardwareID would be entered in this "
"property to identify that a 'known' port should be "
"observed.")]
string NetworkingIdentityClassName;
};
// ==================================================================
// PublicPrivateKeyAuthentication
// ==================================================================
[Version ( "2.8.0" ), Description (
"A class describing a company's and/or administrator's "
"credential requirements that should be authenticated in order "
"to establish/trust a CIM_Identity. This class defines the "
"specific public/private key pair that should be authenticated.")]
class CIM_PublicPrivateKeyAuthentication : CIM_AuthenticationCondition {
[Description (
"Boolean indicating whether the key pair is self-issued "
"(TRUE) or issued by a Certificate Authority (FALSE).")]
boolean SelfIssuedKey;
[Description (
"String holding the user's (distinguished) name.")]
string DistinguishedName;
[Description (
"String holding the public key data.")]
string PublicKey;
};
// ==================================================================
// KerberosAuthentication
// ==================================================================
[Version ( "2.8.0" ), Description (
"A class describing a company's and/or administrator's "
"credential requirements that should be authenticated in order "
"to establish/trust a CIM_Identity. This class defines a user "
"whose Kerberos ticket should be authenticated.")]
class CIM_KerberosAuthentication : CIM_AuthenticationCondition {
[Description (
"String holding the user name for which the ticket is "
"issued.")]
string UserName;
};
// ==================================================================
// DocumentAuthentication
// ==================================================================
[Version ( "2.8.0" ), Description (
"A class describing a company's and/or administrator's "
"credential requirements that should be authenticated in order "
"to establish/trust a CIM_Identity. This class defines the "
"specific document that should be authenticated.")]
class CIM_DocumentAuthentication : CIM_AuthenticationCondition {
[Description (
"Integer enumeration identifying the document that should be "
"authenticated."),
ValueMap { "1", "2", "3", "4", "5", "6","7" },
Values { "Other", "Passport", "Birth Certificate",
"Credit Card", "Drivers License", "Membership Card",
"Social Security Card" },
ModelCorrespondence { "CIM_DocumentAuthentication.OtherDocument"
}]
uint16 TypeOfDocument;
[Description (
"String specifying the document when the TypeOfDocument "
"property is set to 1, \"Other\"."),
ModelCorrespondence {
"CIM_DocumentAuthentication.TypeOfDocument" }]
string OtherDocument;
[Description (
"String defining a particular document which may be used in "
"the authentication process for example, a specific driver's "
"license or passport number. If left blank, then any valid "
"document matching the category specified by the "
"TypeOfDocument property, can be accepted.")]
string DocumentIdentifier;
};
// ==================================================================
// PhysicalCredentialAuthentication
// ==================================================================
[Version ( "2.8.0" ), Description (
"A class describing a company's and/or administrator's "
"credential requirements that should be authenticated in order "
"to establish/trust a CIM_Identity. This class defines the "
"specific type of physical credential that should be "
"authenticated.")]
class CIM_PhysicalCredentialAuthentication : CIM_AuthenticationCondition {
[Description (
"Integer enumeration identifying the credential that should "
"be authenticated."),
ValueMap { "1", "2", "3", "4" },
Values { "Other", "Magnetic Stripe Card", "Smart Card",
"Password Generator Card" },
ModelCorrespondence {
"CIM_PhysicalCredentialAuthentication.OtherCredential" }]
uint16 TypeOfCredential;
[Description (
"String specifying the credential when the TypeOfCredential "
"property is set to 1, \"Other\"."),
ModelCorrespondence {
"CIM_PhysicalCredentialAuthentication.TypeOfCredential" }]
string OtherCredential;
[Description (
"String defining a character or binary sequence, which is "
"built into the physical credential to identify it. If left "
"blank, it is the responsibility of the security "
"infrastructure to verify that a valid credential (of the "
"specified type) has been used.")]
string PhysicalIdentifier;
};
// ==================================================================
// VendorPolicyCondition
// ==================================================================
[Version ( "2.6.0" ), Description (
"A class that provides a general extension mechanism for "
"representing PolicyConditions that have not been modeled with "
"specific properties. Instead, the two properties Constraint "
"and ConstraintEncoding are used to define the content and "
"format of the Condition, as explained below. \n"
"\n"
"As its name suggests, VendorPolicyCondition is intended for "
"vendor-specific extensions to the Policy Core Information "
"Model. Standardized extensions are not expected to use this "
"class.")]
class CIM_VendorPolicyCondition : CIM_PolicyCondition {
[Description (
"This property provides a general extension mechanism for "
"representing PolicyConditions that have not been modeled "
"with specific properties. The format of the octet strings "
"in the array is left unspecified in this definition. It is "
"determined by the OID value stored in the property "
"ConstraintEncoding. Since ConstraintEncoding is "
"single-valued, all the values of Constraint share the same "
"format and semantics."),
OctetString,
ModelCorrespondence {
"CIM_VendorPolicyCondition.ConstraintEncoding" }]
string Constraint[];
[Description (
"An OID encoded as a string, identifying the format and "
"semantics for this instance's Constraint property."),
ModelCorrespondence { "CIM_VendorPolicyCondition.Constraint" }]
string ConstraintEncoding;
};
// ==================================================================
// PacketFilterCondition
// ==================================================================
[Version ( "2.8.0" ), Description (
"PacketFilterCondition specifies packet selection criteria (via "
"association to FilterLists) for firewall policies, IPsec "
"policies and similar uses. It is used as an anchor point to "
"associate various types of filters with policy rules via the "
"FilterOfPacketCondition association. By definition, policy "
"rules that aggregate PacketFilterCondition are assumed to "
"operate against every packet received and/or transmitted from "
"an ingress and/or egress point. (Whether policy condition "
"evaluation occurs at ingress or egress is specified by the "
"Direction property in the associated FilterList.) "
"PacketFilterCondition MAY also be used to define the specific "
"CredentialManagementService that validates the credentials "
"carried in a packet. This is accomplished using the "
"association, AcceptCredentialFrom. \n"
"\n"
"Associated objects (such as FilterListsor Credential "
"ManagementServices) represent components of the condition that "
"MAY or MAY NOT apply at a given rule evaluation. For example, "
"an AcceptCredentialFrom evaluation is only performed when a "
"credential is available to be evaluated and compared against "
"the list of trusted credential management services. Similarly, "
"a PeerIDPayloadFilterEntry MAY only be evaluated when an ID "
"payload is available for checking. Condition components that "
"do not have applicability at rule evaluation time, MUST be "
"evaluated to TRUE."),
MappingStrings { "IPSP Policy Model.IETF|SACondition" }]
class CIM_PacketFilterCondition : CIM_PolicyCondition {
};
// ==================================================================
// PolicyAction
// ==================================================================
[Abstract, Version ( "2.8.0" ), Description (
"A class representing a rule-specific or reusable policy action "
"to be performed if the PolicyConditions for a Policy Rule "
"evaluate to TRUE. Since all operational details of a "
"PolicyAction are provided in subclasses of this object, this "
"class is abstract.")]
class CIM_PolicyAction : CIM_Policy {
[Key, Description (
"The name of the class or the subclass used in the creation "
"of the System object in whose scope this PolicyAction is "
"defined. \n"
"\n"
"This property helps to identify the System object in whose "
"scope this instance of PolicyAction exists. For a "
"rule-specific PolicyAction, this is the System in whose "
"context the PolicyRule is defined. For a reusable "
"PolicyAction, this is the instance of PolicyRepository "
"(which is a subclass of System) that holds the Action. \n"
"\n"
"Note that this property, and the analogous property "
"SystemName, do not represent propagated keys from an "
"instance of the class System. Instead, they are properties "
"defined in the context of this class, which repeat the "
"values from the instance of System to which this "
"PolicyAction is related, either directly via the "
"PolicyActionInPolicyRepository association or indirectly "
"via the PolicyActionInPolicyRule aggregation."),
MaxLen ( 256 )]
string SystemCreationClassName;
[Key, Description (
"The name of the System object in whose scope this "
"PolicyAction is defined. \n"
"\n"
"This property completes the identification of the System "
"object in whose scope this instance of PolicyAction exists. "
"For a rule-specific PolicyAction, this is the System in "
"whose context the PolicyRule is defined. For a reusable "
"PolicyAction, this is the instance of PolicyRepository "
"(which is a subclass of System) that holds the Action."),
MaxLen ( 256 )]
string SystemName;
[Key, Description (
"For a rule-specific PolicyAction, the CreationClassName of "
"the PolicyRule object with which this Action is associated. "
"For a reusable PolicyAction, a special value, 'NO RULE', "
"should be used to indicate that this Action is reusable and "
"not associated with a single PolicyRule."),
MaxLen ( 256 )]
string PolicyRuleCreationClassName;
[Key, Description (
"For a rule-specific PolicyAction, the name of the "
"PolicyRule object with which this Action is associated. For "
"a reusable PolicyAction, a special value, 'NO RULE', should "
"be used to indicate that this Action is reusable and not "
"associated with a single PolicyRule."),
MaxLen ( 256 )]
string PolicyRuleName;
[Key, Description (
"CreationClassName indicates the name of the class or the "
"subclass used in the creation of an instance. When used "
"with the other key properties of this class, this property "
"allows all instances of this class and its subclasses to be "
"uniquely identified."),
MaxLen ( 256 )]
string CreationClassName;
[Key, Description (
"A user-friendly name of this PolicyAction."),
MaxLen ( 256 )]
string PolicyActionName;
[Description (
"DoActionLogging causes a log message to be generated when "
"the action is performed.")]
boolean DoActionLogging;
};
// ==================================================================
// VendorPolicyAction
// ==================================================================
[Version ( "2.6.0" ), Description (
"A class that provides a general extension mechanism for "
"representing PolicyActions that have not been modeled with "
"specific properties. Instead, the two properties ActionData "
"and ActionEncoding are used to define the content and format "
"of the Action, as explained below. \n"
"\n"
"As its name suggests, VendorPolicyAction is intended for "
"vendor-specific extensions to the Policy Core Information "
"Model. Standardized extensions are not expected to use this "
"class.")]
class CIM_VendorPolicyAction : CIM_PolicyAction {
[Description (
"This property provides a general extension mechanism for "
"representing PolicyActions that have not been modeled with "
"specific properties. The format of the octet strings in the "
"array is left unspecified in this definition. It is "
"determined by the OID value stored in the property "
"ActionEncoding. Since ActionEncoding is single-valued, all "
"the values of ActionData share the same format and "
"semantics."),
OctetString,
ModelCorrespondence { "CIM_VendorPolicyAction.ActionEncoding" }]
string ActionData[];
[Description (
"An OID encoded as a string, identifying the format and "
"semantics for this instance's ActionData property."),
ModelCorrespondence { "CIM_VendorPolicyAction.ActionData" }]
string ActionEncoding;
};
// ==================================================================
// CompoundPolicyAction
// ==================================================================
[Version ( "2.6.0" ), Description (
"CompoundPolicyAction is used to represent an expression "
"consisting of an ordered sequence of action terms. Each action "
"term is represented as a subclass of the PolicyAction class. "
"Compound actions are constructed by associating dependent "
"action terms together using the PolicyActionInPolicyAction "
"aggregation.")]
class CIM_CompoundPolicyAction : CIM_PolicyAction {
[Description (
"This property gives a policy administrator a way of "
"specifying how the ordering of the PolicyActions associated "
"with this PolicyRule is to be interpreted. Three values are "
"supported: \n"
"o mandatory(1): Do the actions in the indicated order, or "
"don't do them at all. \n"
"o recommended(2): Do the actions in the indicated order if "
"you can, but if you can't do them in this order, do them in "
"another order if you can. \n"
"o dontCare(3): Do them -- I don't care about the order. \n"
"The default value is 3 (\"DontCare\")."),
ValueMap { "1", "2", "3" },
Values { "Mandatory", "Recommended", "Dont Care" }]
uint16 SequencedActions=3;
[Description (
"ExecutionStrategy defines the strategy to be used in "
"executing the sequenced actions aggregated by this "
"CompoundPolicyAction. There are three execution strategies: "
"\n\n"
"Do Until Success - execute actions according to predefined "
"order, until successful execution of a single action. \n"
"Do All - execute ALL actions which are part of the modeled "
"set, according to their predefined order. Continue doing "
"this, even if one or more of the actions fails. \n"
"Do Until Failure - execute actions according to predefined "
"order, until the first failure in execution of an action "
"instance. \n"
"The default value is 2 (\"Do All\")."),
ValueMap { "1", "2", "3" },
Values { "Do Until Success", "Do All", "Do Until Failure" }]
uint16 ExecutionStrategy=2;
};
// ==================================================================
// NetworkPacketAction
// ==================================================================
[Version ( "2.8.0" ), Description (
"NetworkPacketAction standardizes different processing options "
"that can be taken at the network packet level. The specific "
"action is defined in the PacketAction enumerated property. "
"Note that this property can be used in conjunction with other "
"actions aggregated into a Rule, to fully define its effects. "
"For example, when aggregated with the SAStaticAction class, "
"NetworkPacketAction indicates whether a specific packet will "
"be encrypted, bypassed or discarded for the lifetime of the "
"Security Association.")]
class CIM_NetworkPacketAction : CIM_PolicyAction {
[Description (
"A network packet can be processed, bypassed for processing "
"(i.e., allowed to continue without further processing, such "
"as being forwarded in the clear versus being encrypted), or "
"discarded. This enumeration indicates how a packet should "
"be handled if a PolicyRule's PolicyConditions evaluate to "
"TRUE."),
ValueMap { "1", "2", "3", "4" },
Values { "Other", "Processed", "Bypassed", "Discarded" },
MappingStrings { "IPSP Policy Model.IETF|IPsecBypassAction",
"IPSP Policy Model.IETF|IPsecDiscardAction" },
ModelCorrespondence { "CIM_NetworkPacketAction.OtherAction" }]
uint16 PacketAction;
[Description (
"Description of the action when the value 1 (\"Other\") is "
"specified for the property, PacketAction."),
ModelCorrespondence { "CIM_NetworkPacketAction.PacketAction" }]
string OtherAction;
};
// ==================================================================
// RejectConnectionAction
// ==================================================================
[Version ( "2.8.0" ), Description (
"RejectConnectionAction is used to cause a connection or its "
"negotiation to be terminated. For example, it can be used in "
"conjunction with an address filter on UDP port 500 to reduce "
"Denial of Service vulnerability. As another example, it can be "
"specified as a low priority rule to explicitly define the "
"default action for IKE key exchange negotiations - i.e., if "
"the higher priority rules are not satisfied, then reject the "
"connection negotiation."),
MappingStrings { "IPSP Policy Model.IETF|IKERejectAction" }]
class CIM_RejectConnectionAction : CIM_PolicyAction {
};
// ==================================================================
// PolicyRoleCollection
// ==================================================================
[Version ( "2.8.0" ), Description (
"PolicyRoleCollection is used to represent a collection of "
"ManagedElements that share a common policy role, and the "
"PolicySets that CAN BE applied to those elements. (Note that "
"the PolicySets that are CURRENTLY applied are indicated via "
"instances of the association, PolicySetAppliesToElement.) The "
"PolicyRoleCollection always exists in the context of a System, "
"specified using the PolicyRoleCollectionInSystem aggregation. "
"The value of the PolicyRole property in this class specifies "
"the role. It is defined as a free-form string. ManagedElements "
"that share the role defined in this collection are aggregated "
"into the Collection via the ElementInPolicyRoleCollection "
"association.")]
class CIM_PolicyRoleCollection : CIM_SystemSpecificCollection {
[Required, Description (
"The PolicyRole name for the PolicySets and other "
"ManagedElements that are identified and aggregated by the "
"Collection. Note that the aggregated PolicySets define the "
"rules and groups of rules that may be applied to the "
"associated ManagedElements. \n"
"\n"
"Although not officially designated as 'role combinations', "
"multiple roles may be specified using the form: \n"
"<RoleName>[&&<RoleName>]* \n"
"where the individual role names appear in alphabetical "
"order (according to the collating sequence for UCS-2). "
"Implementations may treat PolicyRole values that are "
"specified as 'role combinations' as simple strings.")]
string PolicyRole;
[Description (
"Activates/applies the PolicySets aggregated into this "
"Collection to the specified ManagedElement. The "
"ManagedElement MUST be a member of the Collection, "
"associated via ElementInPolicyRoleCollection. The result of "
"this method, if it is successfully executed, is that the "
"aggregated PolicySets are deployed and enforced for the "
"Element. This is reflected by the instantiation of the "
"PolicySetAppliesToElement association between the named "
"Element and each PolicySet."),
ValueMap { "0", "1", "2", "3", "4", "..", "0x8000.." },
Values { "Success", "Not Supported", "Unknown", "Timeout",
"Failed", "DMTF Reserved", "Vendor Specific" }]
uint32 ActivatePolicySet(
[IN, Description (
"The ManagedElement to which the aggregated PolicySets of "
"this Collection are applied.")]
CIM_ManagedElement REF Element);
[Description (
"Deactivates the aggregated PolicySets for the specified "
"ManagedElement. The result of this method, if it is "
"successfully executed, is that the aggregated PolicySets "
"are NOT enforced for the Element. This is reflected by the "
"removal of the PolicySetAppliesToElement association "
"between the named Element and each PolicySet. If a "
"PolicySet is not currently enforced for the ManagedElement, "
"then this method has no effect for that Set."),
ValueMap { "0", "1", "2", "3", "4", "..", "0x8000..0xFFFF" },
Values { "Success", "Not Supported", "Unknown", "Timeout",
"Failed", "DMTF Reserved", "Vendor Specific" }]
uint32 DeactivatePolicySet(
[IN, Description (
"The ManagedElement to which the aggregated PolicySets of "
"this Collection MUST NOT apply.")]
CIM_ManagedElement REF Element);
};
// ==================================================================
// === Association classes ===
// ==================================================================
// ==================================================================
// PolicyComponent
// ==================================================================
[Association, Abstract, Aggregation, Version ( "2.6.0" ),
Description (
"CIM_PolicyComponent is a generic association used to establish "
"'part of' relationships between the subclasses of CIM_Policy. "
"For example, the PolicyConditionInPolicyRule association "
"defines that PolicyConditions are part of a PolicyRule.")]
class CIM_PolicyComponent : CIM_Component {
[Aggregate, Override ( "GroupComponent" ), Description (
"The parent Policy in the association.")]
CIM_Policy REF GroupComponent;
[Override ( "PartComponent" ), Description (
"The child/part Policy in the association.")]
CIM_Policy REF PartComponent;
};
// ==================================================================
// PolicyInSystem
// ==================================================================
[Association, Abstract, Version ( "2.8.0" ), Description (
"CIM_PolicyInSystem is a generic association used to establish "
"dependency relationships between Policies and the Systems that "
"host them. These Systems may be ComputerSystems where Policies "
"are 'running' or they may be Policy Repositories where "
"Policies are stored. This relationship is similar to the "
"concept of CIM_Services being dependent on CIM_Systems as "
"defined by the HostedService association. \n"
"\n"
"Cardinality is Max (1) for the Antecedent/System reference "
"since Policies can only be hosted in at most one System "
"context. Some subclasses of the association will further "
"refine this definition to make the Policies Weak to Systems. "
"Other subclasses of PolicyInSystem will define an optional "
"hosting relationship. Examples of each of these are the "
"PolicyRuleInSystem and PolicyConditionIn PolicyRepository "
"associations, respectively.")]
class CIM_PolicyInSystem : CIM_HostedDependency {
[Override ( "Antecedent" ), Max ( 1 ), Description (
"The hosting System.")]
CIM_System REF Antecedent;
[Override ( "Dependent" ), Description (
"The hosted Policy.")]
CIM_Policy REF Dependent;
};
// ==================================================================
// PolicySetInSystem
// ==================================================================
[Association, Abstract, Version ( "2.6.0" ), Description (
"PolicySetInSystem is an abstract association class that "
"represents a relationship between a System and a PolicySet "
"used in the administrative scope of that system (e.g., "
"AdminDomain, ComputerSystem). The Priority property is used to "
"assign a relative priority to a PolicySet within the "
"administrative scope in contexts where it is not a component "
"of another PolicySet.")]
class CIM_PolicySetInSystem : CIM_PolicyInSystem {
[Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
"The System in whose scope a PolicySet is defined.")]
CIM_System REF Antecedent;
[Override ( "Dependent" ), Description (
"A PolicySet named within the scope of a System.")]
CIM_PolicySet REF Dependent;
[Description (
"The Priority property is used to specify the relative "
"priority of the referenced PolicySet when there are more "
"than one PolicySet instances applied to a managed resource "
"that are not PolicySetComponents and, therefore, have no "
"other relative priority defined. The priority is a "
"non-negative integer; a larger value indicates a higher "
"priority.")]
uint16 Priority;
};
// ==================================================================
// PolicyGroupInSystem
// ==================================================================
[Association, Version ( "2.6.0" ), Description (
"An association that links a PolicyGroup to the System in whose "
"scope the Group is defined.")]
class CIM_PolicyGroupInSystem : CIM_PolicySetInSystem {
[Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
"The System in whose scope a PolicyGroup is defined.")]
CIM_System REF Antecedent;
[Override ( "Dependent" ), Weak, Description (
"A PolicyGroup named within the scope of a System.")]
CIM_PolicyGroup REF Dependent;
};
// ==================================================================
// PolicyRuleInSystem
// ==================================================================
[Association, Version ( "2.6.0" ), Description (
"An association that links a PolicyRule to the System in whose "
"scope the Rule is defined.")]
class CIM_PolicyRuleInSystem : CIM_PolicySetInSystem {
[Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
"The System in whose scope a PolicyRule is defined.")]
CIM_System REF Antecedent;
[Override ( "Dependent" ), Weak, Description (
"A PolicyRule named within the scope of a System.")]
CIM_PolicyRule REF Dependent;
};
// ==================================================================
// PolicySetComponent
// ==================================================================
[Association, Aggregation, Version ( "2.6.0" ), Description (
"PolicySetComponent is a concrete aggregation that collects "
"instances of the subclasses of PolicySet (i.e., PolicyGroups "
"and PolicyRules). Instances are collected in sets that use the "
"same decision strategy. They are prioritized relative to each "
"other, within the set, using the Priority property of this "
"aggregation. \n"
"\n"
"Together, the PolicySet.PolicyDecisionStrategy and PolicySet "
"Component.Priority properties determine the processing for the "
"groups and rules contained in a PolicySet. A larger priority "
"value represents a higher priority. Note that the Priority "
"property MUST have a unique value when compared with others "
"defined for the same aggregating PolicySet. Thus, the "
"evaluation of rules within a set is deterministically "
"specified.")]
class CIM_PolicySetComponent : CIM_PolicyComponent {
[Aggregate, Override ( "GroupComponent" ), Description (
"A PolicySet that aggregates other PolicySet instances.")]
CIM_PolicySet REF GroupComponent;
[Override ( "PartComponent" ), Description (
"A PolicySet aggregated into a PolicySet.")]
CIM_PolicySet REF PartComponent;
[Description (
"A non-negative integer for prioritizing this PolicySet "
"component relative to other elements of the same PolicySet. "
"A larger value indicates a higher priority. The Priority "
"property MUST have a unique value when compared with others "
"defined for the same aggregating PolicySet.")]
uint16 Priority;
};
// ==================================================================
// PolicyGroupInPolicyGroup *** deprecated
// ==================================================================
[Association, Deprecated { "CIM_PolicySetComponent" }, Aggregation,
Version ( "2.7.0" ), Description (
"PolicySetComponent provides a more general mechanism for "
"aggregating both PolicyGroups and PolicyRules and doing so "
"with the priority value applying only to the aggregated set "
"rather than policy wide. \n"
"\n"
"A relationship that aggregates one or more lower-level "
"PolicyGroups into a higher-level Group. A Policy Group may "
"aggregate PolicyRules and/or other Policy Groups.")]
class CIM_PolicyGroupInPolicyGroup : CIM_PolicyComponent {
[Deprecated { "CIM_PolicySetComponent.GroupComponent" },
Aggregate, Override ( "GroupComponent" ), Description (
"A PolicyGroup that aggregates other Groups.")]
CIM_PolicyGroup REF GroupComponent;
[Deprecated { "CIM_PolicySetComponent.PartComponent" },
Override ( "PartComponent" ), Description (
"A PolicyGroup aggregated by another Group.")]
CIM_PolicyGroup REF PartComponent;
};
// ==================================================================
// PolicyRuleInPolicyGroup *** deprecated
// ==================================================================
[Association, Deprecated { "CIM_PolicySetComponent" }, Aggregation,
Version ( "2.7.0" ), Description (
"PolicySetComponent provides a more general mechanism for "
"aggregating both PolicyGroups and PolicyRules and doing so "
"with the priority value applying only to the aggregated set "
"rather than policy wide. \n"
"\n"
"A relationship that aggregates one or more PolicyRules into a "
"PolicyGroup. A PolicyGroup may aggregate PolicyRules and/or "
"other PolicyGroups.")]
class CIM_PolicyRuleInPolicyGroup : CIM_PolicyComponent {
[Deprecated { "CIM_PolicySetComponent.GroupComponent" },
Aggregate, Override ( "GroupComponent" ), Description (
"A PolicyGroup that aggregates one or more PolicyRules.")]
CIM_PolicyGroup REF GroupComponent;
[Deprecated { "CIM_PolicySetComponent.PartComponent" },
Override ( "PartComponent" ), Description (
"A PolicyRule aggregated by a PolicyGroup.")]
CIM_PolicyRule REF PartComponent;
};
// ==================================================================
// PolicySetValidityPeriod
// ==================================================================
[Association, Aggregation, Version ( "2.7.0" ), Description (
"The PolicySetValidityPeriod aggregation represents scheduled "
"activation and deactivation of a PolicySet. A PolicySet is "
"considered \"active\" if it is both \"Enabled\" and in a valid "
"time period. \n"
"\n"
"If a PolicySet is associated with multiple policy time periods "
"via this association, then the Set is in a valid time period "
"if at least one of the time periods evaluates to TRUE. If a "
"PolicySet is contained in another PolicySet via the "
"PolicySetComponent aggregation (e.g., a PolicyRule in a "
"PolicyGroup), then the contained PolicySet (e.g., PolicyRule) "
"is in a valid period if at least one of the aggregate's "
"PolicyTimePeriodCondition instances evaluates to TRUE and at "
"least one of its own PolicyTimePeriodCondition instances also "
"evalutes to TRUE. (In other words, the "
"PolicyTimePeriodConditions are ORed to determine whether the "
"PolicySet is in a valid time period and then ANDed with the "
"ORed PolicyTimePeriodConditions of each of PolicySet instances "
"in the PolicySetComponent hierarchy to determine if the "
"PolicySet is in a valid time period and, if also \"Enabled\", "
"therefore, active, i.e., the hierachy ANDs the ORed "
"PolicyTimePeriodConditions of the elements of the hierarchy. \n"
"\n"
"A Time Period may be aggregated by multiple PolicySets. A Set "
"that does not point to a PolicyTimePeriodCondition via this "
"association, from the point of view of scheduling, is always "
"in a valid time period.")]
class CIM_PolicySetValidityPeriod : CIM_PolicyComponent {
[Aggregate, Override ( "GroupComponent" ), Description (
"This property contains the name of a PolicySet that "
"contains one or more PolicyTimePeriodConditions.")]
CIM_PolicySet REF GroupComponent;
[Override ( "PartComponent" ), Description (
"This property contains the name of a "
"PolicyTimePeriodCondition defining the valid time periods "
"for one or more PolicySets.")]
CIM_PolicyTimePeriodCondition REF PartComponent;
};
// ==================================================================
// PolicyRuleValidityPeriod ** deprecated
// ==================================================================
[Association, Deprecated { "CIM_PolicySetValidityPeriod" },
Aggregation, Version ( "2.7.0" ), Description (
"The PolicyRuleValidityPeriod aggregation represents scheduled "
"activation and deactivation of a PolicyRule. If a PolicyRule "
"is associated with multiple policy time periods via this "
"association, then the Rule is active if at least one of the "
"time periods indicates that it is active. (In other words, the "
"PolicyTimePeriodConditions are ORed to determine whether the "
"Rule is active.) A Time Period may be aggregated by multiple "
"PolicyRules. A Rule that does not point to a "
"PolicyTimePeriodCondition via this association is, from the "
"point of view of scheduling, always active. It may, however, "
"be inactive for other reasons. For example, the Rule's Enabled "
"property may be set to \"disabled\" (value=2).")]
class CIM_PolicyRuleValidityPeriod : CIM_PolicyComponent {
[Deprecated { "CIM_PolicySetValidityPeriod.GroupComponent" },
Aggregate, Override ( "GroupComponent" ), Description (
"This property contains the name of a PolicyRule that "
"contains one or more PolicyTimePeriodConditions.")]
CIM_PolicyRule REF GroupComponent;
[Deprecated { "CIM_PolicySetValidityPeriod.PartComponent" },
Override ( "PartComponent" ), Description (
"This property contains the name of a "
"PolicyTimePeriodCondition defining the valid time periods "
"for one or more PolicyRules.")]
CIM_PolicyTimePeriodCondition REF PartComponent;
};
// ==================================================================
// PolicyConditionStructure
// ==================================================================
[Association, Abstract, Aggregation, Version ( "2.7.0" ),
Description (
"PolicyConditions may be aggregated into rules and into "
"compound conditions. PolicyConditionStructure is the abstract "
"aggregation class for the structuring of policy conditions. \n"
"\n"
"The Conditions aggregated by a PolicyRule or "
"CompoundPolicyCondition are grouped into two levels of lists: "
"either an ORed set of ANDed sets of conditions (DNF, the "
"default) or an ANDed set of ORed sets of conditions (CNF). "
"Individual PolicyConditions in these lists may be negated. The "
"property ConditionListType specifies which of these two "
"grouping schemes applies to a particular PolicyRule or "
"CompoundPolicyCondition instance. \n"
"\n"
"One or more PolicyTimePeriodConditions may be among the "
"conditions associated with a PolicyRule or "
"CompoundPolicyCondition via the PolicyConditionStructure "
"subclass association. In this case, the time periods are "
"simply additional Conditions to be evaluated along with any "
"others that are specified.")]
class CIM_PolicyConditionStructure : CIM_PolicyComponent {
[Aggregate, Override ( "GroupComponent" ), Description (
"This property represents the Policy that contains one or "
"more PolicyConditions.")]
CIM_Policy REF GroupComponent;
[Override ( "PartComponent" ), Description (
"This property holds the name of a PolicyCondition contained "
"by one or more PolicyRule or CompoundPolicyCondition "
"instances.")]
CIM_PolicyCondition REF PartComponent;
[Description (
"Unsigned integer indicating the group to which the "
"contained PolicyCondition belongs. This integer segments "
"the Conditions into the ANDed sets (when the "
"ConditionListType is \"DNF\") or, similarly, into the ORed "
"sets (when the ConditionListType is \"CNF\").")]
uint16 GroupNumber;
[Description (
"Indication of whether the contained PolicyCondition is "
"negated. TRUE indicates that the PolicyCondition IS "
"negated, FALSE indicates that it IS NOT negated.")]
boolean ConditionNegated;
};
// ==================================================================
// PolicyConditionInPolicyRule
// ==================================================================
[Association, Aggregation, Version ( "2.7.0" ), Description (
"A PolicyRule aggregates zero or more instances of the "
"PolicyCondition class, via the PolicyConditionInPolicyRule "
"association. A Rule that aggregates zero Conditions is not "
"valid; it may, however, be in the process of being defined. "
"Note that a PolicyRule should have no effect until it is "
"valid.")]
class CIM_PolicyConditionInPolicyRule : CIM_PolicyConditionStructure {
[Aggregate, Override ( "GroupComponent" ), Description (
"This property represents the PolicyRule that contains one "
"or more PolicyConditions.")]
CIM_PolicyRule REF GroupComponent;
[Override ( "PartComponent" ), Description (
"This property holds the name of a PolicyCondition contained "
"by one or more PolicyRules.")]
CIM_PolicyCondition REF PartComponent;
};
// ==================================================================
// PolicyConditionInPolicyCondition
// ==================================================================
[Association, Aggregation, Version ( "2.7.0" ), Description (
"A CompoundPolicyCondition aggregates zero or more instances of "
"the PolicyCondition class, via the "
"PolicyConditionInPolicyCondition association. A "
"CompoundPolicyCondition that aggregates zero Conditions is not "
"valid; it may, however, be in the process of being defined. "
"Note that a CompoundPolicyCondition should have no effect "
"until it is valid.")]
class CIM_PolicyConditionInPolicyCondition : CIM_PolicyConditionStructure {
[Aggregate, Override ( "GroupComponent" ), Description (
"This property represents the CompoundPolicyCondition that "
"contains one or more PolicyConditions.")]
CIM_CompoundPolicyCondition REF GroupComponent;
[Override ( "PartComponent" ), Description (
"This property holds the name of a PolicyCondition contained "
"by one or more PolicyRules.")]
CIM_PolicyCondition REF PartComponent;
};
// ==================================================================
// PolicyActionStructure
// ==================================================================
[Association, Abstract, Aggregation, Version ( "2.6.0" ),
Description (
"PolicyActions may be aggregated into rules and into compound "
"actions. PolicyActionStructure is the abstract aggregation "
"class for the structuring of policy actions.")]
class CIM_PolicyActionStructure : CIM_PolicyComponent {
[Aggregate, Override ( "GroupComponent" ), Description (
"PolicyAction instances may be aggregated into either "
"PolicyRule instances or CompoundPolicyAction instances.")]
CIM_Policy REF GroupComponent;
[Override ( "PartComponent" ), Description (
"A PolicyAction aggregated by a PolicyRule or "
"CompoundPolicyAction.")]
CIM_PolicyAction REF PartComponent;
[Description (
"ActionOrder is an unsigned integer 'n' that indicates the "
"relative position of a PolicyAction in the sequence of "
"actions associated with a PolicyRule or "
"CompoundPolicyAction. When 'n' is a positive integer, it "
"indicates a place in the sequence of actions to be "
"performed, with smaller integers indicating earlier "
"positions in the sequence. The special value '0' indicates "
"'don't care'. If two or more PolicyActions have the same "
"non-zero sequence number, they may be performed in any "
"order, but they must all be performed at the appropriate "
"place in the overall action sequence. \n"
"\n"
"A series of examples will make ordering of PolicyActions "
"clearer: \n"
"o If all actions have the same sequence number, regardless "
"of whether it is '0' or non-zero, any order is acceptable. "
"\no The values: \n"
"1:ACTION A \n"
"2:ACTION B \n"
"1:ACTION C \n"
"3:ACTION D \n"
"indicate two acceptable orders: A,C,B,D or C,A,B,D, \n"
"since A and C can be performed in either order, but only at "
"the '1' position. \n"
"o The values: \n"
"0:ACTION A \n"
"2:ACTION B \n"
"3:ACTION C \n"
"3:ACTION D \n"
"require that B,C, and D occur either as B,C,D or as B,D,C. "
"Action A may appear at any point relative to B, C, and D. "
"Thus the complete set of acceptable orders is: A,B,C,D; "
"B,A,C,D; B,C,A,D; B,C,D,A; A,B,D,C; B,A,D,C; B,D,A,C; "
"B,D,C,A. \n"
"\n"
"Note that the non-zero sequence numbers need not start with "
"'1', and they need not be consecutive. All that matters is "
"their relative magnitude.")]
uint16 ActionOrder;
};
// ==================================================================
// PolicyActionInPolicyRule
// ==================================================================
[Association, Aggregation, Version ( "2.6.0" ), Description (
"A PolicyRule aggregates zero or more instances of the "
"PolicyAction class, via the PolicyActionInPolicyRule "
"association. A Rule that aggregates zero Actions is not "
"valid--it may, however, be in the process of being entered "
"into a PolicyRepository or being defined for a System. "
"Alternately, the actions of the policy may be explicit in the "
"definition of the PolicyRule. Note that a PolicyRule should "
"have no effect until it is valid. \n"
"\n"
"The Actions associated with a PolicyRule may be given a "
"required order, a recommended order, or no order at all. For "
"Actions represented as separate objects, the "
"PolicyActionInPolicyRule aggregation can be used to express an "
"order. \n"
"\n"
"This aggregation does not indicate whether a specified action "
"order is required, recommended, or of no significance; the "
"property SequencedActions in the aggregating instance of "
"PolicyRule provides this indication.")]
class CIM_PolicyActionInPolicyRule : CIM_PolicyActionStructure {
[Aggregate, Override ( "GroupComponent" ), Description (
"This property represents the PolicyRule that contains one "
"or more PolicyActions.")]
CIM_PolicyRule REF GroupComponent;
[Override ( "PartComponent" ), Description (
"This property holds the name of a PolicyAction contained by "
"one or more PolicyRules.")]
CIM_PolicyAction REF PartComponent;
};
// ==================================================================
// PolicyActionInPolicyAction
// ==================================================================
[Association, Aggregation, Version ( "2.6.0" ), Description (
"PolicyActionInPolicyAction is used to represent the "
"compounding of policy actions into a higher-level policy "
"action.")]
class CIM_PolicyActionInPolicyAction : CIM_PolicyActionStructure {
[Aggregate, Override ( "GroupComponent" ), Description (
"This property represents the CompoundPolicyAction that "
"contains one or more PolicyActions.")]
CIM_CompoundPolicyAction REF GroupComponent;
[Override ( "PartComponent" ), Description (
"This property holds the name of a PolicyAction contained by "
"one or more CompoundPolicyActions.")]
CIM_PolicyAction REF PartComponent;
};
// ==================================================================
// PolicyContainerInPolicyContainer
// ==================================================================
[Association, Aggregation, Version ( "2.6.0" ), Description (
"A relationship that aggregates one or more lower-level "
"ReusablePolicyContainer instances into a higher-level "
"ReusablePolicyContainer.")]
class CIM_PolicyContainerInPolicyContainer : CIM_SystemComponent {
[Aggregate, Override ( "GroupComponent" ), Description (
"A ReusablePolicyContainer that aggregates other "
"ReusablePolicyContainers.")]
CIM_ReusablePolicyContainer REF GroupComponent;
[Override ( "PartComponent" ), Description (
"A ReusablePolicyContainer aggregated by another "
"ReusablePolicyContainer.")]
CIM_ReusablePolicyContainer REF PartComponent;
};
// ==================================================================
// PolicyRepositoryInPolicyRepository *** deprecated
// ==================================================================
[Association, Deprecated { "CIM_PolicyContainerInPolicyContainer" },
Aggregation, Version ( "2.7.0" ), Description (
"The term 'PolicyRepository' has been confusing to both "
"developers and users of the model. The replacement class name "
"describes model element properly and is less likely to be "
"confused with a data repository. ContainedDomain is a general "
"purpose mechanism for expressing domain hierarchy. \n"
"\n"
"A relationship that aggregates one or more lower-level "
"PolicyRepositories into a higher-level Repository.")]
class CIM_PolicyRepositoryInPolicyRepository : CIM_SystemComponent {
[Deprecated {
"CIM_PolicyContainerInPolicyContainer.GroupComponent" },
Aggregate, Override ( "GroupComponent" ), Description (
"A PolicyRepository that aggregates other Repositories.")]
CIM_PolicyRepository REF GroupComponent;
[Deprecated {
"CIM_PolicyContainerInPolicyContainer.PartComponent" },
Override ( "PartComponent" ), Description (
"A PolicyRepository aggregated by another Repository.")]
CIM_PolicyRepository REF PartComponent;
};
// ==================================================================
// ReusablePolicy
// ==================================================================
[Association, Version ( "2.6.0" ), Description (
"The ReusablePolicy association provides for the reuse of any "
"subclass of Policy in a ReusablePolicyContainer.")]
class CIM_ReusablePolicy : CIM_PolicyInSystem {
[Override ( "Antecedent" ), Max ( 1 ), Description (
"This property identifies a ReusablePolicyContainer that "
"provides the administrative scope for the reuse of the "
"referenced policy element.")]
CIM_ReusablePolicyContainer REF Antecedent;
[Override ( "Dependent" ), Description (
"A reusable policy element.")]
CIM_Policy REF Dependent;
};
// ==================================================================
// ElementInPolicyRoleCollection
// ==================================================================
[Association, Aggregation, Version ( "2.8.0" ), Description (
"An ElementInPolicyRoleCollection aggregates zero or more "
"ManagedElement subclass instances into a PolicyRoleCollection "
"object, representing a role played by these ManagedElements. "
"This Collection indicates that the aggregated PolicySets "
"(aggregated by CIM_PolicySetInRoleCollection) MAY BE applied "
"to the referenced elements. To indicate that the PolicySets "
"ARE being enforced for the element, use the "
"PolicySetAppliesToElement association.")]
class CIM_ElementInPolicyRoleCollection : CIM_MemberOfCollection {
[Aggregate, Override ( "Collection" ), Description (
"The PolicyRoleCollection.")]
CIM_PolicyRoleCollection REF Collection;
[Override ( "Member" ), Description (
"The ManagedElement that plays the role represented by the "
"PolicyRoleCollection.")]
CIM_ManagedElement REF Member;
};
// ==================================================================
// PolicyRoleCollectionInSystem
// ==================================================================
[Association, Version ( "2.7.0" ), Description (
"PolicyRoleCollectionInSystem is an association used to "
"establish a relationship between a collection and an 'owning' "
"System such as an AdminDomain or ComputerSystem.")]
class CIM_PolicyRoleCollectionInSystem : CIM_HostedCollection {
[Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
"The parent system responsible for the collection.")]
CIM_System REF Antecedent;
[Override ( "Dependent" ), Description (
"The Collection.")]
CIM_PolicyRoleCollection REF Dependent;
};
// ==================================================================
// PolicyConditionInPolicyRepository *** deprecated
// ==================================================================
[Association, Deprecated { "CIM_ReusablePolicy" },
Version ( "2.7.0" ), Description (
"The ReusablePolicy association is a more general relationship "
"that incorporates both Conditions and Actions as well as any "
"other policy subclass. \n"
"\n"
"This class represents the hosting of reusable PolicyConditions "
"by a PolicyRepository. A reusable Policy Condition is always "
"related to a single PolicyRepository, via this association. \n"
"\n"
"Note, that an instance of PolicyCondition can be either "
"reusable or rule-specific. When the Condition is rule- "
"specific, it shall not be related to any PolicyRepository via "
"the PolicyConditionInPolicyRepository association.")]
class CIM_PolicyConditionInPolicyRepository : CIM_PolicyInSystem {
[Deprecated { "CIM_ReusablePolicy.Antecedent" },
Override ( "Antecedent" ), Max ( 1 ), Description (
"This property identifies a PolicyRepository hosting one or "
"more PolicyConditions. A reusable PolicyCondition is always "
"related to exactly one PolicyRepository via the "
"PolicyConditionInPolicyRepository association. The [0..1] "
"cardinality for this property covers the two types of "
"PolicyConditions: 0 for a rule-specific PolicyCondition, 1 "
"for a reusable one.")]
CIM_PolicyRepository REF Antecedent;
[Deprecated { "CIM_ReusablePolicy.Dependent" },
Override ( "Dependent" ), Description (
"This property holds the name of a PolicyCondition hosted in "
"the PolicyRepository.")]
CIM_PolicyCondition REF Dependent;
};
// ==================================================================
// PolicyActionInPolicyRepository *** deprecated
// ==================================================================
[Association, Deprecated { "CIM_ReusablePolicy" },
Version ( "2.7.0" ), Description (
"The ReusablePolicy association is a more general relationship "
"that incorporates both Conditions and Actions as well as any "
"other policy subclass. \n"
"\n"
"This class represents the hosting of reusable PolicyActions by "
"a PolicyRepository. A reusable Policy Action is always related "
"to a single PolicyRepository, via this association. \n"
"\n"
"Note, that an instance of PolicyAction can be either reusable "
"or rule-specific. When the Action is rule- specific, it shall "
"not be related to any PolicyRepository via the "
"PolicyActionInPolicyRepository association.")]
class CIM_PolicyActionInPolicyRepository : CIM_PolicyInSystem {
[Deprecated { "CIM_ReusablePolicy.Antecedent" },
Override ( "Antecedent" ), Max ( 1 ), Description (
"This property represents a PolicyRepository hosting one or "
"more PolicyActions. A reusable PolicyAction is always "
"related to exactly one PolicyRepository via the "
"PolicyActionInPolicyRepository association. The [0..1] "
"cardinality for this property covers the two types of "
"PolicyActions: 0 for a rule-specific PolicyAction, 1 for a "
"reusable one.")]
CIM_PolicyRepository REF Antecedent;
[Deprecated { "CIM_ReusablePolicy.Dependent" },
Override ( "Dependent" ), Description (
"This property holds the name of a PolicyAction hosted in "
"the PolicyRepository.")]
CIM_PolicyAction REF Dependent;
};
// ==================================================================
// PolicySetInRoleCollection
// ==================================================================
[Association, Aggregation, Version ( "2.8.0" ), Description (
"PolicySetInRoleCollection aggregates zero or more PolicyRules "
"and PolicyGroups (i.e., the subclasses of PolicySet) into a "
"PolicyRoleCollection object, representing a role "
"supported/enforced by the PolicySet.")]
class CIM_PolicySetInRoleCollection : CIM_MemberOfCollection {
[Aggregate, Override ( "Collection" ), Description (
"The PolicyRoleCollection.")]
CIM_PolicyRoleCollection REF Collection;
[Override ( "Member" ), Description (
"The PolicySet that supports/enforces the PolicyRole for the "
"elements in the PolicyRoleCollection.")]
CIM_PolicySet REF Member;
};
// ==================================================================
// PolicySetAppliesToElement
// ==================================================================
[Association, Version ( "2.8.0" ), Description (
"PolicySetAppliesToElement makes explicit which PolicySets "
"(i.e., policy rules and groups of rules) ARE CURRENTLY applied "
"to a particular Element. This association indicates that the "
"PolicySets that are appropriate for a ManagedElement "
"(specified using the PolicyRoleCollection aggregation) have "
"actually been deployed in the policy management "
"infrastructure. Note that if the named Element refers to a "
"Collection, then the PolicySet is assumed to be applied to all "
"the members of the Collection.")]
class CIM_PolicySetAppliesToElement {
[Key, Description (
"The PolicyRules and/or groups of rules that are currently "
"applied to an Element.")]
CIM_PolicySet REF PolicySet;
[Key, Description (
"The ManagedElement to which the PolicySet applies.")]
CIM_ManagedElement REF ManagedElement;
};
// ==================================================================
// FilterOfPacketCondition
// ==================================================================
[Association, Version ( "2.8.0" ), Description (
"FilterOfPacketCondition associates a network traffic "
"specification (i.e., a FilterList) with a PolicyRule's "
"PacketFilterCondition."),
MappingStrings { "IPSP Policy Model.IETF|FilterOfSACondition" }]
class CIM_FilterOfPacketCondition : CIM_Dependency {
[Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
"A FilterList describes the traffic selected by the "
"PacketFilterCondition. A PacketFilterCondition is "
"associated with one and only one FilterList, but that "
"filter list may aggregate many filter entries."),
MappingStrings { "IPSP Policy Model.IETF|"
"FilterOfSACondition.Antecedent" }]
CIM_FilterList REF Antecedent;
[Override ( "Dependent" ), Description (
"The PacketFilterCondition that uses the FilterList as part "
"of a PolicyRule."),
MappingStrings { "IPSP Policy Model.IETF|"
"FilterOfSACondition.Dependent" }]
CIM_PacketFilterCondition REF Dependent;
};
// ==================================================================
// AcceptCredentialFrom
// ==================================================================
[Association, Version ( "2.8" ), Description (
"This association specifies that a credential management "
"service (e.g., CertificateAuthority or Kerberos key "
"distribution service) is to be trusted to certify credentials, "
"presented at the packet level. The association defines an "
"'approved' CredentialManagementService that is used for "
"validation. \n"
"\n"
"The use of this class is best explained via an example: \n"
"If a CertificateAuthority is specified using this association, "
"and a corresponding X509CredentialFilterEntry is also "
"associated with a PacketFilterCondition (via the relationship, "
"FilterOfPacketCondition), then the credential MUST match the "
"FilterEntry data AND be certified by that CA (or one of the "
"CredentialManagementServices in its trust hierarchy). "
"Otherwise, the X509CredentialFilterEntry is deemed not to "
"match. If a credential is certified by a "
"CredentialManagementService associated with the "
"PacketFilterCondition through the AcceptCredentialFrom "
"relationship, but there is no corresponding "
"CredentialFilterEntry, then all credentials from the related "
"service are considered to match."),
MappingStrings { "IPSP Policy Model.IETF|AcceptCredentialFrom" }]
class CIM_AcceptCredentialFrom : CIM_Dependency {
[Override ( "Antecedent" ), Description (
"The CredentialManagementService that is issuing the "
"credential to be matched in the PacketFilterCondition."),
MappingStrings { "IPSP Policy "
"Model.IETF|AcceptCredentialFrom.Antecedent" }]
CIM_CredentialManagementService REF Antecedent;
[Override ( "Dependent" ), Description (
"The PacketFilterCondition that associates the "
"CredentialManagementService and any "
"FilterLists/FilterEntries."),
MappingStrings { "IPSP Policy "
"Model.IETF|AcceptCredentialFrom.Dependent" }]
CIM_PacketFilterCondition REF Dependent;
};
// ===================================================================
// end of file
// ===================================================================
| No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |