1 a.dunfey 1.1 // ===================================================================
2 // Title: User_PublicKey
3 // $State: Exp $
4 // $Date: 2004/11/29 18:31:43 $
5 // $RCSfile: User_PublicKey.mof,v $
6 // $Revision: 1.2.2.3 $
7 // ===================================================================
8 //#pragma inLine ("Includes/copyright.inc")
9 // Copyright 1998-2005 Distributed Management Task Force, Inc. (DMTF).
10 // All rights reserved.
11 // DMTF is a not-for-profit association of industry members dedicated
12 // to promoting enterprise and systems management and interoperability.
13 // DMTF specifications and documents may be reproduced for uses
14 // consistent with this purpose by members and non-members,
15 // provided that correct attribution is given.
16 // As DMTF specifications may be revised from time to time,
17 // the particular version and release date should always be noted.
18 //
19 // Implementation of certain elements of this standard or proposed
20 // standard may be subject to third party patent rights, including
21 // provisional patent rights (herein "patent rights"). DMTF makes
22 a.dunfey 1.1 // no representations to users of the standard as to the existence
23 // of such rights, and is not responsible to recognize, disclose, or
24 // identify any or all such third party patent right, owners or
25 // claimants, nor for any incomplete or inaccurate identification or
26 // disclosure of such rights, owners or claimants. DMTF shall have no
27 // liability to any party, in any manner or circumstance, under any
28 // legal theory whatsoever, for failure to recognize, disclose, or
29 // identify any such third party patent rights, or for such party's
30 // reliance on the standard or incorporation thereof in its product,
31 // protocols or testing procedures. DMTF shall have no liability to
32 // any party implementing such standard, whether such implementation
33 // is foreseeable or not, nor to any patent owner or claimant, and shall
34 // have no liability or responsibility for costs or losses incurred if
35 // a standard is withdrawn or modified after publication, and shall be
36 // indemnified and held harmless by any party implementing the
37 // standard from any and all claims of infringement by a patent owner
38 // for such implementations.
39 //
40 // For information about patents held by third-parties which have
41 // notified the DMTF that, in their opinion, such patent may relate to
42 // or impact implementations of DMTF standards, visit
43 a.dunfey 1.1 // http://www.dmtf.org/about/policies/disclosures.php.
44 //#pragma inLine
45 // ===================================================================
46 // Description: The User Model extends the management concepts that
47 // are related to users and security.
48 // This file defines the classes modeling public key
49 // security services, credentials and the certificate\
50 // authority.
51 //
52 // The object classes below are listed in an order that
53 // avoids forward references. Required objects, defined
54 // by other working groups, are omitted.
55 // ===================================================================
56 // Change Log for v2.8 Final
57 // CR1235 - Accepted changes in CR1011 and corrected
58 // ModelCorrespondence
59 // in UnsignedPublicKey.PeerIdentity and PeerIdentityType
60 //
61 // Change Log for v2.8 Preliminary
62 // CR1011 - Modified Descriptions for CertificateAuthority,
63 // PublicKeyCertificate, CAHasPublicKey and UnsignedPublicKey
64 a.dunfey 1.1 //
65 // Change Log for v2.7
66 // CR784 - Deprecated Expires property from CASignsPublicKeyCertificate
67 // CR980 - All deprecations taken to Final status
68 // ===================================================================
69
70 #pragma Locale ("en_US")
71
72
73 // ==================================================================
74 // CertificateAuthority
75 // ==================================================================
76 [Version ( "2.8.0" ), Description (
77 "A Certificate Authority (CA) is a credential management "
78 "service that issues and cryptographically signs certificates. "
79 "It acts as an trusted third-party intermediary in establishing "
80 "trust relationships. The CA authenticates the identity of the "
81 "holder of the 'private' key, related to the certificate's "
82 "'public' key.")]
83 class CIM_CertificateAuthority : CIM_CredentialManagementService {
84
85 a.dunfey 1.1 [Description (
86 "The CAPolicyStatement describes what care is taken by the "
87 "CertificateAuthority when signing a new certificate. The "
88 "CAPolicyStatment may be a dot-delimited ASN.1 OID string "
89 "which identifies to the formal policy statement.")]
90 string CAPolicyStatement;
91
92 [Description (
93 "A CRL, or CertificateRevocationList, is a list of "
94 "certificates which the CertificateAuthority has revoked and "
95 "which are not yet expired. Revocation is necessary when the "
96 "private key associated with the public key of a certificate "
97 "is lost or compromised, or when the person for whom the "
98 "certificate is signed no longer is entitled to use the "
99 "certificate."),
100 OctetString]
101 string CRL[];
102
103 [Description (
104 "Certificate revocation lists may be available from a number "
105 "of distribution points. CRLDistributionPoint array values "
106 a.dunfey 1.1 "provide URIs for those distribution points.")]
107 string CRLDistributionPoint[];
108
109 [Description (
110 "Certificates refer to their issuing CA by its Distinguished "
111 "Name (as defined in X.501)."),
112 Dn]
113 string CADistinguishedName;
114
115 [Description (
116 "The frequency, expressed in hours, at which the CA will "
117 "update its Certificate Revocation List. Zero implies that "
118 "the refresh frequency is unknown."),
119 Units ( "Hours" )]
120 uint8 CRLRefreshFrequency;
121
122 [Description (
123 "The maximum number of certificates in a certificate chain "
124 "permitted for credentials issued by this certificate "
125 "authority or it's subordinate CAs. \n"
126 "The MaxChainLength of a superior CA in the trust hierarchy "
127 a.dunfey 1.1 "should be greater than this value and the MaxChainLength of "
128 "a subordinate CA in the trust hierarchy should be less than "
129 "this value.")]
130 uint8 MaxChainLength;
131 };
132
133
134 // ==================================================================
135 // PublicKeyManagementService
136 // ==================================================================
137 [Version ( "2.6.0" ), Description (
138 "CIM_PublicKeyManagementService is a credential management "
139 "service that provides local system management of public keys "
140 "used by the local system.")]
141 class CIM_PublicKeyManagementService : CIM_LocalCredentialManagementService {
142 };
143
144
145 // ==================================================================
146 // PublicKeyCertificate
147 // ==================================================================
148 a.dunfey 1.1 [Version ( "2.8.0" ), Description (
149 "A PublicKeyCertificate is a credential that is "
150 "cryptographically signed by a trusted Certificate Authority "
151 "(CA) and issued to an authenticated entity (e.g., human user, "
152 "service, etc.) called the Subject in the certificate. The "
153 "public key in the certificate is cryptographically related to "
154 "a private key that is held and kept private by the "
155 "authenticated Subject. The certificate and its related private "
156 "key can then be used for establishing trust relationships and "
157 "securing communications with the Subject. Refer to the "
158 "ITU/CCITT X.509 standard as an example of such certificates.")]
159 class CIM_PublicKeyCertificate : CIM_Credential {
160
161 [Key,
162 Propagated ( "CIM_CertificateAuthority.SystemCreationClassName"
163 ), Description (
164 "The scoping System's CCN."),
165 MaxLen ( 256 )]
166 string SystemCreationClassName;
167
168 [Key, Propagated ( "CIM_CertificateAuthority.SystemName" ),
169 a.dunfey 1.1 Description (
170 "The scoping System's Name."),
171 MaxLen ( 256 )]
172 string SystemName;
173
174 [Key, Propagated ( "CIM_CertificateAuthority.CreationClassName" ),
175 Description (
176 "The scoping Service's CCN."),
177 MaxLen ( 256 )]
178 string ServiceCreationClassName;
179
180 [Key, Propagated ( "CIM_CertificateAuthority.Name" ),
181 Description (
182 "The scoping Service's Name."),
183 MaxLen ( 256 )]
184 string ServiceName;
185
186 [Key, Description (
187 "Certificate subject identifier."),
188 MaxLen ( 256 )]
189 string Subject;
190 a.dunfey 1.1
191 [Description (
192 "Alternate subject identifier for the Certificate."),
193 MaxLen ( 256 )]
194 string AltSubject;
195
196 [Description (
197 "The DER-encoded raw public key."),
198 OctetString]
199 uint8 PublicKey[];
200 };
201
202
203 // ===================================================================
204 // CAHasPublicCertificate
205 // ===================================================================
206 [Association, Version ( "2.8.0" ), Description (
207 "A CertificateAuthority may have certificates issued by other "
208 "CAs or self-signed. This association is essentially an "
209 "optimization of the CA having an external identity established "
210 "by itself or another Authority. This maps closely to "
211 a.dunfey 1.1 "LDAP-based certificate authority implementations.")]
212 class CIM_CAHasPublicCertificate : CIM_Dependency {
213
214 [Override ( "Antecedent" ), Description (
215 "The Certificate used by the CA.")]
216 CIM_PublicKeyCertificate REF Antecedent;
217
218 [Override ( "Dependent" ), Description (
219 "The CA that uses a Certificate.")]
220 CIM_CertificateAuthority REF Dependent;
221 };
222
223
224 // ===================================================================
225 // CASignsPublicKeyCertificate
226 // ===================================================================
227 [Association, Version ( "2.7.0" ), Description (
228 "This relationship associates a CertificateAuthority with the "
229 "certificates it signs.")]
230 class CIM_CASignsPublicKeyCertificate : CIM_ManagedCredential {
231
232 a.dunfey 1.1 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
233 "The CA which signed the certificate.")]
234 CIM_CertificateAuthority REF Antecedent;
235
236 [Override ( "Dependent" ), Weak, Description (
237 "The certificate issued by the CA.")]
238 CIM_PublicKeyCertificate REF Dependent;
239
240 [Description (
241 "The Serial Number.")]
242 string SerialNumber;
243
244 [Description (
245 "The Signature."),
246 OctetString]
247 uint8 Signature[];
248
249 [Deprecated { "CIM_Credential.Expires" }, Description (
250 "The time it expires.")]
251 datetime Expires;
252
253 a.dunfey 1.1 [Description (
254 "The Authority's revocation list distribution points.")]
255 string CRLDistributionPoint[];
256 };
257
258
259 // ==================================================================
260 // UnsignedPublicKey
261 // ==================================================================
262 [Version ( "2.8.0" ), Description (
263 "A CIM_UnsignedPublicKey represents an unsigned public key "
264 "credential. Services accept the public key as authentic "
265 "because of a direct trust relationship, rather than via a "
266 "third-party Certificate Authority.")]
267 class CIM_UnsignedPublicKey : CIM_Credential {
268
269 [Key,
270 Propagated ( "CIM_PublicKeyManagementService.SystemCreationClassName"
271 ), Description (
272 "The scoping System's CCN."),
273 MaxLen ( 256 )]
274 a.dunfey 1.1 string SystemCreationClassName;
275
276 [Key, Propagated ( "CIM_PublicKeyManagementService.SystemName" ),
277 Description (
278 "The scoping System's Name."),
279 MaxLen ( 256 )]
280 string SystemName;
281
282 [Key,
283 Propagated ( "CIM_PublicKeyManagementService.CreationClassName"
284 ), Description (
285 "The scoping Service's CCN."),
286 MaxLen ( 256 )]
287 string ServiceCreationClassName;
288
289 [Key, Propagated ( "CIM_PublicKeyManagementService.Name" ),
290 Description (
291 "The scoping Service's Name."),
292 MaxLen ( 256 )]
293 string ServiceName;
294
295 a.dunfey 1.1 [Key, Description (
296 "The Identity of the Peer with whom a direct trust "
297 "relationship exists. The public key may be used for "
298 "security functions with the Peer."),
299 MaxLen ( 256 ),
300 ModelCorrespondence { "CIM_UnsignedPublicKey.PeerIdentityType" }]
301 string PeerIdentity;
302
303 [Description (
304 "PeerIdentityType is used to describe the type of the "
305 "PeerIdentity. The currently defined values are used for IKE "
306 "identities."),
307 ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9",
308 "10", "11" },
309 Values { "Other", "IPV4_ADDR", "FQDN", "USER_FQDN",
310 "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
311 "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
312 "DER_ASN1_GN", "KEY_ID" },
313 ModelCorrespondence { "CIM_UnsignedPublicKey.PeerIdentity" }]
314 uint16 PeerIdentityType;
315
316 a.dunfey 1.1 [Description (
317 "The DER-encoded raw public key."),
318 OctetString]
319 uint8 PublicKey[];
320 };
321
322
323 // ==================================================================
324 // LocallyManagedPublicKey
325 // ==================================================================
326 [Association, Version ( "2.6.0" ), Description (
327 "CIM_LocallyManagedPublicKey association provides the "
328 "relationship between a PublicKeyManagementService and an "
329 "UnsignedPublicKey.")]
330 class CIM_LocallyManagedPublicKey : CIM_ManagedCredential {
331
332 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
333 "The PublicKeyManagementService that manages an unsigned "
334 "public key.")]
335 CIM_PublicKeyManagementService REF Antecedent;
336
337 a.dunfey 1.1 [Override ( "Dependent" ), Weak, Description (
338 "An unsigned public key.")]
339 CIM_UnsignedPublicKey REF Dependent;
340 };
341
342
343 // ===================================================================
344 // end of file
345 // ===================================================================
|