1 a.dunfey 1.1 // ===================================================================
2 // Title: User_SharedSecret
3 // $State: Exp $
4 // $Date: 2004/11/29 18:31:43 $
5 // $RCSfile: User_SharedSecret.mof,v $
6 // $Revision: 1.2.2.3 $
7 // ===================================================================
8 //#pragma inLine ("Includes/copyright.inc")
9 // Copyright 1998-2005 Distributed Management Task Force, Inc. (DMTF).
10 // All rights reserved.
11 // DMTF is a not-for-profit association of industry members dedicated
12 // to promoting enterprise and systems management and interoperability.
13 // DMTF specifications and documents may be reproduced for uses
14 // consistent with this purpose by members and non-members,
15 // provided that correct attribution is given.
16 // As DMTF specifications may be revised from time to time,
17 // the particular version and release date should always be noted.
18 //
19 // Implementation of certain elements of this standard or proposed
20 // standard may be subject to third party patent rights, including
21 // provisional patent rights (herein "patent rights"). DMTF makes
22 a.dunfey 1.1 // no representations to users of the standard as to the existence
23 // of such rights, and is not responsible to recognize, disclose, or
24 // identify any or all such third party patent right, owners or
25 // claimants, nor for any incomplete or inaccurate identification or
26 // disclosure of such rights, owners or claimants. DMTF shall have no
27 // liability to any party, in any manner or circumstance, under any
28 // legal theory whatsoever, for failure to recognize, disclose, or
29 // identify any such third party patent rights, or for such party's
30 // reliance on the standard or incorporation thereof in its product,
31 // protocols or testing procedures. DMTF shall have no liability to
32 // any party implementing such standard, whether such implementation
33 // is foreseeable or not, nor to any patent owner or claimant, and shall
34 // have no liability or responsibility for costs or losses incurred if
35 // a standard is withdrawn or modified after publication, and shall be
36 // indemnified and held harmless by any party implementing the
37 // standard from any and all claims of infringement by a patent owner
38 // for such implementations.
39 //
40 // For information about patents held by third-parties which have
41 // notified the DMTF that, in their opinion, such patent may relate to
42 // or impact implementations of DMTF standards, visit
43 a.dunfey 1.1 // http://www.dmtf.org/about/policies/disclosures.php.
44 //#pragma inLine
45 // ===================================================================
46 // Description: The User Model extends the management concepts that
47 // are related to users and security.
48 // This file defines the concepts and classes related to
49 // shared secret security services and credentials.
50 //
51 // The object classes below are listed in an order that
52 // avoids forward references. Required objects, defined
53 // by other working groups, are omitted.
54 // ===================================================================
55 // Change Log for v2.8 Final -
56 // CR1235 - Generalized the Descriptions for SharedSecret and several
57 // properties since these referenced a deprecated concept,
58 // UsersAccess
59 //
60 // Change Log for v2.8 Preliminary - None
61 //
62 // Change Log for v2.7 - None
63 // ===================================================================
64 a.dunfey 1.1
65 #pragma Locale ("en_US")
66
67
68 // ==================================================================
69 // SharedSecretService
70 // ==================================================================
71 [Version ( "2.6.0" ), Description (
72 "CIM_SharedSecretService is a service which ascertains whether "
73 "messages received are from the Principal with whom a secret is "
74 "shared. Examples include a login service that proves identity "
75 "on the basis of knowledge of the shared secret, or a transport "
76 "integrity service (like Kerberos provides) that includes a "
77 "message authenticity code that proves each message in the "
78 "messsage stream came from someone who knows the shared secret "
79 "session key.")]
80 class CIM_SharedSecretService : CIM_LocalCredentialManagementService {
81
82 [Description (
83 "The Algorithm used to convey the shared secret, such as "
84 "HMAC-MD5,or PLAINTEXT."),
85 a.dunfey 1.1 MaxLen ( 256 )]
86 string Algorithm;
87
88 [Description (
89 "The Protocol supported by the SharedSecretService.")]
90 string Protocol;
91 };
92
93
94 // ==================================================================
95 // SharedSecret
96 // ==================================================================
97 [Version ( "2.8.0" ), Description (
98 "CIM_SharedSecret is a secret (such as a password or the "
99 "response to a challenge question) that is shared between a "
100 "principal and a particular SharedSecret security service. "
101 "Secrets may be in the form of a password used for initial "
102 "authentication, or as with a session key, used as part of a "
103 "message to verify the originator of the message. It is "
104 "important to note that SharedSecret is not just a password, "
105 "but rather is the password used with a particular security "
106 a.dunfey 1.1 "service.")]
107 class CIM_SharedSecret : CIM_Credential {
108
109 [Key,
110 Propagated ( "CIM_SharedSecretService.SystemCreationClassName"
111 ), Description (
112 "The scoping System's CCN."),
113 MaxLen ( 256 )]
114 string SystemCreationClassName;
115
116 [Key, Propagated ( "CIM_SharedSecretService.SystemName" ),
117 Description (
118 "The scoping System's Name."),
119 MaxLen ( 256 )]
120 string SystemName;
121
122 [Key, Propagated ( "CIM_SharedSecretService.CreationClassName" ),
123 Description (
124 "The scoping Service's CCN."),
125 MaxLen ( 256 )]
126 string ServiceCreationClassName;
127 a.dunfey 1.1
128 [Key, Propagated ( "CIM_SharedSecretService.Name" ),
129 Description (
130 "The scoping Service's Name."),
131 MaxLen ( 256 )]
132 string ServiceName;
133
134 [Key, Description (
135 "RemoteID is the name by which the principal is known at the "
136 "remote secret key authentication service."),
137 MaxLen ( 256 )]
138 string RemoteID;
139
140 [Description (
141 "The secret known by the principal.")]
142 string Secret;
143
144 [Description (
145 "The transformation algorithm, if any, used to protect "
146 "passwords before use in the protocol. For instance, "
147 "Kerberos doesn't store passwords as the shared secret, but "
148 a.dunfey 1.1 "rather, a hash of the password.")]
149 string Algorithm;
150
151 [Description (
152 "The protocol with which the SharedSecret is used.")]
153 string Protocol;
154 };
155
156
157 // ===================================================================
158 // SharedSecretIsShared
159 // ===================================================================
160 [Association, Version ( "2.6.0" ), Description (
161 "This relationship associates a SharedSecretService with the "
162 "SecretKey it verifies.")]
163 class CIM_SharedSecretIsShared : CIM_ManagedCredential {
164
165 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
166 "The credential management service.")]
167 CIM_SharedSecretService REF Antecedent;
168
169 a.dunfey 1.1 [Override ( "Dependent" ), Weak, Description (
170 "The managed credential.")]
171 CIM_SharedSecret REF Dependent;
172 };
173
174
175 // ==================================================================
176 // NamedSharedIKESecret
177 // ==================================================================
178 [Version ( "2.6.0" ), Description (
179 "CIM_NamedSharedIKESecret indirectly represents a shared secret "
180 "credential. The local identity, IKEIdentity, and the remote "
181 "peer identity share the secret that is named by the "
182 "SharedSecretName. The SharedSecretName is used by the "
183 "SharedSecretService to reference the secret.")]
184 class CIM_NamedSharedIKESecret : CIM_Credential {
185
186 [Key,
187 Propagated ( "CIM_SharedSecretService.SystemCreationClassName"
188 ), Description (
189 "The scoping System's CCN."),
190 a.dunfey 1.1 MaxLen ( 256 )]
191 string SystemCreationClassName;
192
193 [Key, Propagated ( "CIM_SharedSecretService.SystemName" ),
194 Description (
195 "The scoping System's Name."),
196 MaxLen ( 256 )]
197 string SystemName;
198
199 [Key, Propagated ( "CIM_SharedSecretService.CreationClassName" ),
200 Description (
201 "The scoping Service's CCN."),
202 MaxLen ( 256 )]
203 string ServiceCreationClassName;
204
205 [Key, Propagated ( "CIM_SharedSecretService.Name" ),
206 Description (
207 "The scoping Service's Name."),
208 MaxLen ( 256 )]
209 string ServiceName;
210
211 a.dunfey 1.1 [Key, Description (
212 "The local Identity with whom the direct trust relationship "
213 "exists."),
214 MaxLen ( 256 ),
215 ModelCorrespondence {
216 "CIM_NamedSharedIKESecret.LocalIdentityType" }]
217 string LocalIdentity;
218
219 [Key, Description (
220 "LocalIdentityType is used to describe the type of the "
221 "LocalIdentity."),
222 ValueMap { "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
223 "11" },
224 Values { "IPV4_ADDR", "FQDN", "USER_FQDN", "IPV4_ADDR_SUBNET",
225 "IPV6_ADDR", "IPV6_ADDR_SUBNET", "IPV4_ADDR_RANGE",
226 "IPV6_ADDR_RANGE", "DER_ASN1_DN", "DER_ASN1_GN", "KEY_ID" },
227 ModelCorrespondence { "CIM_NamedSharedIKESecret.LocalIdentity" }]
228 uint16 LocalIdentityType;
229
230 [Key, Description (
231 "The peer identity with whom the direct trust relationship "
232 a.dunfey 1.1 "exists."),
233 MaxLen ( 256 ),
234 ModelCorrespondence {
235 "CIM_NamedSharedIKESecret.PeerIdentityType" }]
236 string PeerIdentity;
237
238 [Key, Description (
239 "PeerIdentityType is used to describe the type of the "
240 "PeerIdentity."),
241 ValueMap { "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
242 "11" },
243 Values { "IPV4_ADDR", "FQDN", "USER_FQDN", "IPV4_ADDR_SUBNET",
244 "IPV6_ADDR", "IPV6_ADDR_SUBNET", "IPV4_ADDR_RANGE",
245 "IPV6_ADDR_RANGE", "DER_ASN1_DN", "DER_ASN1_GN", "KEY_ID" },
246 ModelCorrespondence { "CIM_NamedSharedIKESecret.PeerIdentity" }]
247 uint16 PeerIdentityType;
248
249 [Description (
250 "SharedSecretName is an indirect reference to a shared "
251 "secret. The SecretService does not expose the actual secret "
252 "but rather provides access to the secret via a name.")]
253 a.dunfey 1.1 string SharedSecretName;
254 };
255
256
257 // ==================================================================
258 // IKESecretIsNamed
259 // ==================================================================
260 [Association, Version ( "2.6.0" ), Description (
261 "CIM_IKESecretIsNamed association provides the relationship "
262 "between a SharedSecretService and a NamedSharedIKESecret.")]
263 class CIM_IKESecretIsNamed : CIM_ManagedCredential {
264
265 [Override ( "Antecedent" ), Min ( 1 ), Max ( 1 ), Description (
266 "The SharedSecretService that manages a "
267 "NamedSharedIKESecret.")]
268 CIM_SharedSecretService REF Antecedent;
269
270 [Override ( "Dependent" ), Weak, Description (
271 "The managed NamedSharedIKESecret.")]
272 CIM_NamedSharedIKESecret REF Dependent;
273 };
274 a.dunfey 1.1
275
276 // ===================================================================
277 // end of file
278 // ===================================================================
|