1 karl 1.1 // ===================================================================
2 // Title: User-Security Public Key Services and Credentials 2.7
3 // Filename: User27_PublicKey.mof
4 // Version: 2.7.0
5 // Status: Preliminary
6 // Date: 07/07/2002
7 // ===================================================================
8 // Copyright 2000-2002 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 karl 1.1 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 karl 1.1 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the classes modeling public key
47 // security services, credentials and the certificate\
48 // authority.
49 //
50 // The object classes below are listed in an order that
51 // avoids forward references. Required objects, defined
52 // by other working groups, are omitted.
53 // ===================================================================
54 // Change Log for v2.7
55 // CR784 - Deprecate Expires property from CASignsPublicKeyCertificate
56 // ===================================================================
57
58 #pragma Locale ("en_US")
59
60
61 // ==================================================================
62 // CertificateAuthority
63 // ==================================================================
64 karl 1.1 [Version ("2.6.0"), Description (
65 "A Certificate Authority (CA) is a credential "
66 "management service that issues and cryptographically "
67 "signs certificates thus acting as an trusted third-party "
68 "intermediary in establishing trust relationships. The CA "
69 "authenicates the holder of the private key related to the "
70 "certificate's public key; the authenicated entity is "
71 "represented by the UsersAccess class.") ]
72 class CIM_CertificateAuthority : CIM_CredentialManagementService {
73
74 [Description (
75 "The CAPolicyStatement describes what care is taken by the "
76 "CertificateAuthority when signing a new certificate. "
77 "The CAPolicyStatment may be a dot-delimited ASN.1 OID "
78 "string which identifies to the formal policy statement.") ]
79 string CAPolicyStatement;
80
81 [Octetstring, Description (
82 "A CRL, or CertificateRevocationList, is a "
83 "list of certificates which the CertificateAuthority has "
84 "revoked and which are not yet expired. Revocation is "
85 karl 1.1 "necessary when the private key associated with the public "
86 "key of a certificate is lost or compromised, or when the "
87 "person for whom the certificate is signed no longer is "
88 "entitled to use the certificate.") ]
89 string CRL[];
90
91 [Description (
92 "Certificate Revocation Lists may be "
93 "available from a number of distribution points. "
94 "CRLDistributionPoint array values provide URIs for those "
95 "distribution points.") ]
96 string CRLDistributionPoint[];
97
98 [Description (
99 "Certificates refer to their issuing CA by "
100 "its Distinguished Name (as defined in X.501)."), DN]
101 string CADistinguishedName;
102
103 [Description (
104 "The frequency, expressed in hours, at which "
105 "the CA will update its Certificate Revocation List. Zero "
106 karl 1.1 "implies that the refresh frequency is unknown."),
107 Units("Hours") ]
108 uint8 CRLRefreshFrequency;
109
110 [Description (
111 "The maximum number of certificates in a "
112 "certificate chain permitted for credentials issued by "
113 "this certificate authority or it's subordinate CAs. \n"
114 "The MaxChainLength of a superior CA in the trust "
115 "hierarchy should be greater than this value and the "
116 "MaxChainLength of a subordinate CA in the trust hierarchy "
117 "should be less than this value.") ]
118 uint8 MaxChainLength;
119 };
120
121
122 // ==================================================================
123 // PublicKeyManagementService
124 // ==================================================================
125 [Version ("2.6.0"), Description (
126 "CIM_PublicKeyManagementService is a credential management "
127 karl 1.1 "service that provides local system management of public "
128 "keys used by the local system.") ]
129 class CIM_PublicKeyManagementService :
130 CIM_LocalCredentialManagementService {
131 };
132
133
134 // ==================================================================
135 // PublicKeyCertificate
136 // ==================================================================
137 [Version ("2.6.0"), Description (
138 "A Public Key Certificate is a credential "
139 "that is cryptographically signed by a trusted Certificate "
140 "Authority (CA) and issued to an authenticated entity "
141 "(e.g., human user, service,etc.) called the Subject in "
142 "the certificate and represented by the UsersAccess class. "
143 "The public key in the certificate is cryptographically "
144 "related to a private key that is to be held and kept "
145 "private by the authenticated Subject. The certificate "
146 "and its related private key can then be used for "
147 "establishing trust relationships and securing "
148 karl 1.1 "communications with the Subject. Refer to the ITU/CCITT "
149 "X.509 standard as an example of such certificates.") ]
150 class CIM_PublicKeyCertificate : CIM_Credential {
151
152 [Propagated ("CIM_CertificateAuthority.SystemCreationClassName"),
153 Key, MaxLen (256), Description ("The scoping System's CCN.") ]
154 string SystemCreationClassName;
155
156 [Propagated ("CIM_CertificateAuthority.SystemName"),
157 Key, MaxLen (256),Description ("The scoping System's Name.") ]
158 string SystemName;
159
160 [Propagated ("CIM_CertificateAuthority.CreationClassName"),
161 Key, MaxLen (256), Description ("The scoping Service's CCN.") ]
162 string ServiceCreationClassName;
163
164 [Propagated ("CIM_CertificateAuthority.Name"),
165 Key, MaxLen (256), Description ("The scoping Service's Name.") ]
166 string ServiceName;
167
168 [Key, MaxLen (256), Description (
169 karl 1.1 "Certificate subject identifier.") ]
170 string Subject;
171
172 [MaxLen (256), Description (
173 "Alternate subject identifier for the Certificate.") ]
174 string AltSubject;
175
176 [Octetstring, Description ("The DER-encoded raw public key.") ]
177 uint8 PublicKey[];
178 };
179
180
181 // ===================================================================
182 // CAHasPublicCertificate
183 // ===================================================================
184 [Association, Version ("2.6.0"), Description (
185 "A CertificateAuthority may have certificates issued by other CAs. "
186 "This association is essentially an optimization of the CA having "
187 "a UsersAccess instance with an association to a certificate thus "
188 "mapping more closely to LDAP-based certificate authority "
189 "implementations.") ]
190 karl 1.1 class CIM_CAHasPublicCertificate : CIM_Dependency {
191
192 [Max (1), Override ("Antecedent"),
193 Description ("The Certificate used by the CA.") ]
194 CIM_PublicKeyCertificate REF Antecedent;
195
196 [Override ("Dependent"),
197 Description ("The CA that uses a Certificate.") ]
198 CIM_CertificateAuthority REF Dependent;
199 };
200
201
202 // ===================================================================
203 // CASignsPublicKeyCertificate
204 // ===================================================================
205 [Association, Version ("2.7.0"), Description (
206 "This relationship associates a CertificateAuthority with "
207 "the certificates it signs.") ]
208 class CIM_CASignsPublicKeyCertificate : CIM_ManagedCredential {
209
210 [Override ("Antecedent"), Min (1), Max (1),
211 karl 1.1 Description ("The CA which signed the certificate.") ]
212 CIM_CertificateAuthority REF Antecedent;
213
214 [Override ("Dependent"), Weak,
215 Description ("The certificate issued by the CA.") ]
216 CIM_PublicKeyCertificate REF Dependent;
217
218 [Description (
219 "The Serial Number")]
220 string SerialNumber;
221
222 [Octetstring, Description (
223 "The Signature.") ]
224 uint8 Signature[];
225
226 [Deprecated {"CIM_Credential.Expires"}, Description (
227 "The time it expires.") ]
228 datetime Expires;
229
230 [Description (
231 "The Authority's revocation list distribution points.") ]
232 karl 1.1 string CRLDistributionPoint[];
233 };
234
235
236 // ==================================================================
237 // UnsignedPublicKey
238 // ==================================================================
239 [Version ("2.6.0"), Description (
240 "A CIM_UnsignedPublicKey represents an unsigned public "
241 "key credential. The local UsersAccess (or subclass "
242 "thereof) accepts the public key as authentic because of "
243 "a direct trust relationship rather than via a third-party "
244 "Certificate Authority.") ]
245 class CIM_UnsignedPublicKey : CIM_Credential {
246
247 [Propagated (
248 "CIM_PublicKeyManagementService.SystemCreationClassName"),
249 Key, MaxLen (256), Description ("The scoping System's CCN.") ]
250 string SystemCreationClassName;
251
252 [Propagated ("CIM_PublicKeyManagementService.SystemName"),
253 karl 1.1 Key, MaxLen (256),Description ("The scoping System's Name.") ]
254 string SystemName;
255
256 [Propagated ("CIM_PublicKeyManagementService.CreationClassName"),
257 Key, MaxLen (256), Description ("The scoping Service's CCN.") ]
258 string ServiceCreationClassName;
259
260 [Propagated ("CIM_PublicKeyManagementService.Name"),
261 Key, MaxLen (256), Description ("The scoping Service's Name.") ]
262 string ServiceName;
263
264 [Key, MaxLen (256), Description (
265 "The Identity of the Peer with whom a direct trust "
266 "relationship exists. The public key may be used for "
267 "security functions with the Peer."),
268 ModelCorrespondence {
269 "CIM_PublicKeyManagementService.PeerIdentityType"} ]
270 string PeerIdentity;
271
272 [Description (
273 "PeerIdentityType is used to describe the "
274 karl 1.1 "type of the PeerIdentity. The currently defined values "
275 "are used for IKE identities."),
276 ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8",
277 "9", "10", "11"},
278 Values {"Other", "IPV4_ADDR", "FQDN", "USER_FQDN",
279 "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
280 "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
281 "DER_ASN1_GN", "KEY_ID"},
282 ModelCorrespondence {
283 "CIM_PublicKeyManagementService.PeerIdentity"} ]
284 uint16 PeerIdentityType;
285
286 [Octetstring, Description ("The DER-encoded raw public key.") ]
287 uint8 PublicKey[];
288 };
289
290
291 // ==================================================================
292 // LocallyManagedPublicKey
293 // ==================================================================
294 [Association, Version ("2.6.0"), Description (
295 karl 1.1 "CIM_LocallyManagedPublicKey association provides the "
296 "relationship between a PublicKeyManagementService and an "
297 "UnsignedPublicKey.") ]
298 class CIM_LocallyManagedPublicKey : CIM_ManagedCredential {
299
300 [Override ("Antecedent"), Min (1), Max (1),
301 Description (
302 "The PublicKeyManagementService that manages "
303 "an unsigned public key.") ]
304 CIM_PublicKeyManagementService REF Antecedent;
305
306 [Override ("Dependent"), Weak, Description (
307 "An unsigned public key.") ]
308 CIM_UnsignedPublicKey REF Dependent;
309 };
310
311
312 // ===================================================================
313 // end of file
314 // ===================================================================
|