1 tony 1.1 // ==================================================================
2 // Title: Policy Model 2.8
3 // Filename: CIM_Policy28.MOF
4 // Version: 2.8
5 // Status: Preliminary
6 // Date: 13 August 2003
7 // ===================================================================
8 // Copyright 2000-2003 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 tony 1.1 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 tony 1.1 // ===================================================================
44 // Description: The Policy Model provides a framework for specifying
45 // configuration and operational information in a scalable
46 // way using rules composed of conditions and actions.
47 //
48 // The object classes below are listed in an order that
49 // avoids forward references. Required objects, defined
50 // by other working groups, are omitted.
51 // ===================================================================
52 // CIM V2.8 Changes (Company Review)
53 // DMTFCR1104 -Replace the class definition of
54 // AuthenticationCondition
55 // Add the following class defintions:
56 // SharedSecretAuthentication, AccountAuthentication,
57 // BiometricAuthentication, NetworkingIDAuthentication,
58 // PublicPrivateKeyAuthentication, KerberosAuthentication,
59 // DocumentAuthentication, ChallengeQuestionAuthentication,
60 // and PhysicalCredentialAuthentication
61 // DMTFCR1105 - Generalize the SACondition class (from the Networks)
62 // to be PacketFilterCondition and defined here in Policy.
63 // Add FilterOfPacketCondition and AcceptCredentialFrom
64 tony 1.1 // class definitions.
65 // Move FilterOfPacketCondition to Network_IPsecPolicy to
66 // avoid a forward reference.
67 // DMTFCR1106 - Add DoActionLogging property to PolicyAction
68 // Add NetworkPacketAction class definition
69 // Add RejectConnectionAction class definition
70 // DMTFCR1128 - Change subclassing of PolicyInSystem from
71 // Dependency to HostedDependency.
72 //
73 // CIM V2.8 Changes
74 // DMTFCR1057 - Explicit declaration of PolicySets that apply to
75 // ManagedElements, via PolicyRoleCollections
76 // DMTFCR1058 - Activate/deactivate PolicySets which match a
77 // particular PolicyRole on a particular ManagedElement
78 // DMTFCR1060 - Add AuthenticationCondition and AuthenticationRule
79 // subclasses of PolicyCondition/PolicyRule
80 //
81 // CIM V2.7 Changes
82 // DMTFCR985 - Promote Deprecations to V2.7 Final
83 // DMTFCR960 - Remove Weak Qualifier from PolicyRoleCollection and
84 // derive from SystemSpecificCollection instead of Collection
85 tony 1.1 // DMTFCR930 - Implementation Experience with the Policy 2.7 Model
86 // - Move PolicyRule.Enabled to PolicySet.Enabled
87 // - Move PolicyTimePeriodCondition up to PolicySet and
88 // make clear how to specify global time period with respect
89 // a given time zone
90 // - Deprecate policy role combinations
91 // - Add Unconditional to PolicyRule.ConditionListType
92 // - Deprecate PolicyRule.Mandatory
93 // CIMCR914 - Added propagated keys in PolicyRoleCollection
94 // CIMCR906 - Add text to PolicySetComponent's Description and the
95 // class' Priority property to indicate that the values
96 // of Priority must be unique
97 // With promotion of Component to ManagedElement,
98 // added CIM_Component as superclass of CIM_PolicyComponent
99 // (there is no other change to the semantics or syntax)
100 // CIMCR625 - Add CompoundPolicyCondition as PolicyCondition
101 // subclass
102 // - Add PolicyConditionStructure abstract aggregation as a
103 // subclass of PolicyComponent
104 // - Change derivation of PolicyConditionInPolicyRule from
105 // PolicyComponent to PolicyConditionStructure and move
106 tony 1.1 // GroupNumber and ConditionNegated properties up to parent
107 // class
108 // - Add PolicyConditionInPolicyCondition aggregation as a
109 // subclass of PolicyConditionStructure
110 // - Add PolicyRoleCollection as Collection subclass
111 // - Add ElementInPolicyRoleCollection as MemberOfCollection
112 // subclass
113 // - Add PolicyRoleCollectionInSystem as Dependency subclass
114 //
115 // CIM V2.6 Changes
116 // CIMCR614 - Add CompoundPolicyAction
117 // - Add CompoundPolicyAction as a subclass of PolicyAction
118 // - Add PolicyActionStructure abstract aggregation as a
119 // subclass of PolicyComponent
120 // - Change derivation of PolicyActionInPolicyRule from
121 // PolicyComponent to PolicyActionStructure and, thus,
122 // move ActionOrder property up to parent class
123 // - Add PolicyActionInPolicyAction aggregation as a
124 // subclass of PolicyActionStructure
125 // CIMCR597a - PCIMe updates
126 // - Edit Policy description
127 tony 1.1 // - Add PolicySet & derive PolicyGroup & PolicyRule
128 // - Deprecate PolicyRule.Priority for
129 // PolicySetComponent.Priority
130 // - Remove PolicyRule.PolicyRoles (it's in PolicySet)
131 // - Add PolicyRule.ExecutionStrategy
132 // - Deprecate PolicyRepository & replace with
133 // ReusablePolicyContainer
134 // - Add PolicySetInSystem
135 // - Add PolicySetComponent & deprecate ...InPolicyGroup
136 // & derive PolicyGroupInSystem & PolicyRuleInSystem
137 // - Add ContainedDomain (to Core)
138 // & deprecate PolicyRepositoryInPolicyRepository
139 // - Add ReusablePolicy & deprecate ...InPolicyRepository
140 // ==================================================================
141
142 #pragma Locale ("en-US")
143
144
145 // ==================================================================
146 // Compile prerequisite: Core, Network and User MOFs
147 // Network MOF is needed for FilterList, and the User MOF for
148 tony 1.1 // CredentialManagementService
149 // ==================================================================
150
151
152 // ==================================================================
153 // Policy
154 // ==================================================================
155 [Abstract, Version ("2.6.0"), Description (
156 "An abstract class defining the common properties of the policy "
157 "managed elements derived from CIM_Policy. The subclasses are "
158 "used to create rules and groups of rules that work together to "
159 "form a coherent set of policies within an administrative "
160 "domain or set of domains.") ]
161 class CIM_Policy : CIM_ManagedElement {
162
163 [Description (
164 "A user-friendly name of this policy-related object.") ]
165 string CommonName;
166
167 [Description (
168 "An array of keywords for characterizing / categorizing "
169 tony 1.1 "policy objects. Keywords are of one of two types:\n"
170 "- Keywords defined in this and other MOFs, or in DMTF white "
171 "papers. These keywords provide a vendor- independent, "
172 "installation-independent way of characterizing policy objects.\n"
173 "- Installation-dependent keywords for characterizing policy "
174 "objects. Examples include 'Engineering', 'Billing', and "
175 "'Review in December 2000'.\n"
176 "This MOF defines the following keywords: 'UNKNOWN', "
177 "'CONFIGURATION', 'USAGE', 'SECURITY', 'SERVICE', "
178 "'MOTIVATIONAL', 'INSTALLATION', and 'EVENT'. These "
179 "concepts are self-explanatory and are further discussed in "
180 "the SLA/Policy White Paper. One additional keyword is "
181 "defined: 'POLICY'. The role of this keyword is to identify "
182 "policy-related instances that may not be otherwise "
183 "identifiable, in some implementations. The keyword "
184 "'POLICY' is NOT mutually exclusive of the other keywords "
185 "specified above.") ]
186 string PolicyKeywords[];
187 };
188
189
190 tony 1.1 // ==================================================================
191 // PolicySet
192 // ==================================================================
193 [Abstract, Version ("2.7.1000"), Description (
194 "PolicySet is an abstract class that represents a set of "
195 "policies that form a coherent set. The set of contained "
196 "policies has a common decision strategy and a common set of "
197 "policy roles (defined via the PolicySetInRole Collection "
198 "association). Subclasses include PolicyGroup and PolicyRule.") ]
199 class CIM_PolicySet : CIM_Policy {
200
201 [Description (
202 "PolicyDecisionStrategy defines the evaluation method used "
203 "for policies contained in the PolicySet. FirstMatching "
204 "enforces the actions of the first rule that evaluates to "
205 "TRUE. It is the only value currently defined."),
206 ValueMap {"1"},
207 Values {"First Matching"} ]
208 uint16 PolicyDecisionStrategy;
209
210 [Deprecated {"PolicySetInRoleCollection"}, Description (
211 tony 1.1 "The PolicyRoles property represents the roles associated "
212 "with a PolicySet. All contained PolicySet instances "
213 "inherit the values of the PolicyRoles of the aggregating "
214 "PolicySet but the values are not copied. A contained "
215 "PolicySet instance may, however, add additional PolicyRoles "
216 "to those it inherits from its aggregating PolicySet(s). "
217 "Each value in PolicyRoles multi-valued property represents "
218 "a role for which the PolicySet applies, i.e., the PolicySet "
219 "should be used by any enforcement point that assumes any of "
220 "the listed PolicyRoles values.\n"
221 "\n"
222 "Although not officially designated as 'role combinations', "
223 "multiple roles may be specified using the form:\n"
224 " <RoleName>[&&<RoleName>]*\n"
225 "where the individual role names appear in alphabetical "
226 "order (according to the collating sequence for UCS-2). "
227 "Implementations may treat PolicyRoles values that are "
228 "specified as 'role combinations' as simple strings.\n"
229 "\n"
230 "This property is deprecated in lieu of the use of an "
231 "association, PolicySetInRoleCollection. The latter is a "
232 tony 1.1 "more explicit and less error-prone approach to modeling "
233 "that a PolicySet has one or more PolicyRoles.") ]
234 string PolicyRoles[];
235
236 [Description (
237 "Indicates whether this PolicySet is administratively "
238 "enabled, administratively disabled, or enabled for debug. "
239 "The \"EnabledForDebug\" property value is deprecated and, "
240 "when it or any value not understood by the receiver is "
241 "specified, the receiving enforcement point treats the "
242 "PolicySet as \"Disabled\". To determine if a PolicySet is "
243 "\"Enabled\", the containment hierarchy specified by the "
244 "PolicySetComponent aggregation is examined and the Enabled "
245 "property values of the hierarchy are ANDed together. Thus, "
246 "for example, everything aggregated by a PolicyGroup may be "
247 "disabled by setting the Enabled property in the PolicyGroup "
248 "instance to \"Disabled\" without changing the Enabled "
249 "property values of any of the aggregated instances. The "
250 "default value is 1 (\"Enabled\")."),
251 ValueMap {"1", "2", "3"},
252 Values {"Enabled", "Disabled", "Enabled For Debug"} ]
253 tony 1.1 uint16 Enabled = 1;
254 };
255
256
257 // ==================================================================
258 // PolicyGroup
259 // ==================================================================
260 [Version ("2.6.0"), Description (
261 "An aggregation of PolicySet instances (PolicyGroups and/or "
262 "PolicyRules) that have the same decision strategy and inherit "
263 "policy roles. PolicyGroup instances are defined and named "
264 "relative to the CIM_System that provides their context.") ]
265 class CIM_PolicyGroup : CIM_PolicySet {
266
267 [Key, Propagated ("CIM_System.CreationClassName"), Description (
268 "The scoping System's CreationClassName."),
269 MaxLen (256) ]
270 string SystemCreationClassName;
271
272 [Key, Propagated ("CIM_System.Name"), Description (
273 "The scoping System's Name."),
274 tony 1.1 MaxLen (256) ]
275 string SystemName;
276
277 [Key, Description (
278 "CreationClassName indicates the name of the class or the "
279 "subclass used in the creation of an instance. When used "
280 "with the other key properties of this class, this property "
281 "allows all instances of this class and its subclasses to be "
282 "uniquely identified."),
283 MaxLen (256) ]
284 string CreationClassName;
285
286 [Key, Description (
287 "A user-friendly name of this PolicyGroup."),
288 MaxLen (256) ]
289 string PolicyGroupName;
290 };
291
292
293 // ==================================================================
294 // PolicyRule
295 tony 1.1 // ==================================================================
296 [Version ("2.7.0"), Description (
297 "The central class used for representing the 'If Condition then "
298 "Action' semantics of a policy rule. A PolicyRule condition, "
299 "in the most general sense, is represented as either an ORed "
300 "set of ANDed conditions (Disjunctive Normal Form, or DNF) or "
301 "an ANDed set of ORed conditions (Conjunctive Normal Form, or "
302 "CNF). Individual conditions may either be negated (NOT C) or "
303 "unnegated (C). The actions specified by a PolicyRule are to "
304 "be performed if and only if the PolicyRule condition (whether "
305 "it is represented in DNF or CNF) evaluates to TRUE.\n"
306 "\n"
307 "The conditions and actions associated with a PolicyRule are "
308 "modeled, respectively, with subclasses of PolicyCondition and "
309 "PolicyAction. These condition and action objects are tied to "
310 "instances of PolicyRule by the PolicyConditionInPolicyRule and "
311 "PolicyActionInPolicyRule aggregations.\n"
312 "\n"
313 "A PolicyRule may also be associated with one or more policy "
314 "time periods, indicating the schedule according to which the "
315 "policy rule is active and inactive. In this case it is the "
316 tony 1.1 "PolicySetValidityPeriod aggregation that provides this linkage.\n"
317 "\n"
318 "The PolicyRule class uses the property ConditionListType, to "
319 "indicate whether the conditions for the rule are in DNF "
320 "(disjunctive normal form), CNF (conjunctive normal form) or, "
321 "in the case of a rule with no conditions, as an "
322 "UnconditionalRule. The PolicyConditionInPolicyRule "
323 "aggregation contains two additional properties to complete the "
324 "representation of the Rule's conditional expression. The "
325 "first of these properties is an integer to partition the "
326 "referenced PolicyConditions into one or more groups, and the "
327 "second is a Boolean to indicate whether a referenced Condition "
328 "is negated. An example shows how ConditionListType and these "
329 "two additional properties provide a unique representation of a "
330 "set of PolicyConditions in either DNF or CNF.\n"
331 "\n"
332 "Suppose we have a PolicyRule that aggregates five "
333 "PolicyConditions C1 through C5, with the following values in "
334 "the properties of the five PolicyConditionInPolicyRule associations:\n"
335 "C1: GroupNumber = 1, ConditionNegated = FALSE\n"
336 "C2: GroupNumber = 1, ConditionNegated = TRUE\n"
337 tony 1.1 "C3: GroupNumber = 1, ConditionNegated = FALSE\n"
338 "C4: GroupNumber = 2, ConditionNegated = FALSE\n"
339 "C5: GroupNumber = 2, ConditionNegated = FALSE\n"
340 "\n"
341 "If ConditionListType = DNF, then the overall condition for the "
342 "PolicyRule is:\n"
343 "(C1 AND (NOT C2) AND C3) OR (C4 AND C5)\n"
344 "\n"
345 "On the other hand, if ConditionListType = CNF, then the "
346 "overall condition for the PolicyRule is:\n"
347 "(C1 OR (NOT C2) OR C3) AND (C4 OR C5)\n"
348 "\n"
349 "In both cases, there is an unambiguous specification of the "
350 "overall condition that is tested to determine whether to "
351 "perform the PolicyActions associated with the PolicyRule.\n"
352 "\n"
353 "PolicyRule instances may also be used to aggregate other "
354 "PolicyRules and/or PolicyGroups. When used in this way to "
355 "implement nested rules, the conditions of the aggregating rule "
356 "apply to the subordinate rules as well. However, any side "
357 "effects of condition evaluation or the execution of actions "
358 tony 1.1 "MUST NOT affect the result of the evaluation of other "
359 "conditions evaluated by the rule engine in the same evaluation "
360 "pass. That is, an implementation of a rule engine MAY "
361 "evaluate all conditions in any order before applying the "
362 "priority and determining which actions are to be executed.") ]
363 class CIM_PolicyRule : CIM_PolicySet {
364
365 [Key, Propagated ("CIM_System.CreationClassName"), Description (
366 "The scoping System's CreationClassName."),
367 MaxLen (256) ]
368 string SystemCreationClassName;
369
370 [Key, Propagated ("CIM_System.Name"), Description (
371 "The scoping System's Name."),
372 MaxLen (256) ]
373 string SystemName;
374
375 [Key, Description (
376 "CreationClassName indicates the name of the class or the "
377 "subclass used in the creation of an instance. When used "
378 "with the other key properties of this class, this property "
379 tony 1.1 "allows all instances of this class and its subclasses to be "
380 "uniquely identified."),
381 MaxLen (256) ]
382 string CreationClassName;
383
384 [Key, Description (
385 "A user-friendly name of this PolicyRule."),
386 MaxLen (256) ]
387 string PolicyRuleName;
388
389 [Description (
390 "Indicates whether the list of PolicyConditions associated "
391 "with this PolicyRule is in disjunctive normal form (DNF), "
392 "conjunctive normal form (CNF), or has no conditions (i.e., "
393 "is an UnconditionalRule) and is automatically evaluated to "
394 "\"True.\" The default value is 1 (\"DNF\")."),
395 ValueMap {"0", "1", "2"},
396 Values {"Unconditional Rule", "DNF", "CNF"} ]
397 uint16 ConditionListType = 1;
398
399 [Description (
400 tony 1.1 "A free-form string that can be used to provide guidelines "
401 "on how this PolicyRule should be used.") ]
402 string RuleUsage;
403
404 [Deprecated {"CIM_PolicySetComponent.Priority"}, Description (
405 "PolicyRule.Priority is deprecated and replaced by providing "
406 "the priority for a rule (and a group) in the context of the "
407 "aggregating PolicySet instead of the priority being used "
408 "for all aggregating PolicySet instances. Thus, the "
409 "assignment of priority values is much simpler.\n"
410 "\n"
411 "A non-negative integer for prioritizing this Policy Rule "
412 "relative to other Rules. A larger value indicates a higher "
413 "priority. The default value is 0.") ]
414 uint16 Priority;
415
416 [Deprecated {"No Value"}, Description (
417 "A flag indicating that the evaluation of the Policy "
418 "Conditions and execution of PolicyActions (if the "
419 "Conditions evaluate to TRUE) is required. The evaluation "
420 "of a PolicyRule MUST be attempted if the Mandatory property "
421 tony 1.1 "value is TRUE. If the Mandatory property is FALSE, then "
422 "the evaluation of the Rule is 'best effort' and MAY be "
423 "ignored.") ]
424 boolean Mandatory;
425
426 [Description (
427 "This property gives a policy administrator a way of "
428 "specifying how the ordering of the PolicyActions associated "
429 "with this PolicyRule is to be interpreted. Three values "
430 "are supported:\n"
431 "o mandatory(1): Do the actions in the indicated order, or "
432 "don't do them at all.\n"
433 "o recommended(2): Do the actions in the indicated order if "
434 "you can, but if you can't do them in this order, do them in "
435 "another order if you can.\n"
436 "o dontCare(3): Do them -- I don't care about the order.\n"
437 "The default value is 3 (\"DontCare\")."),
438 ValueMap {"1", "2", "3"},
439 Values {"Mandatory", "Recommended", "Dont Care"} ]
440 uint16 SequencedActions = 3;
441
442 tony 1.1 [Description (
443 "ExecutionStrategy defines the strategy to be used in "
444 "executing the sequenced actions aggregated by this "
445 "PolicyRule. There are three execution strategies:\n"
446 "\n"
447 "Do Until Success - execute actions according to predefined\n"
448 "order, until successful execution of a\n"
449 "single action.\n"
450 "Do All - execute ALL actions which are part of\n"
451 "the modeled set, according to their\n"
452 "predefined order. Continue doing this,\n"
453 "even if one or more of the actions fails.\n"
454 "Do Until Failure - execute actions according to predefined\n"
455 "order, until the first failure in\n"
456 "execution of an action instance."),
457 ValueMap {"1", "2", "3"},
458 Values {"Do Until Success", "Do All", "Do Until Failure"} ]
459 uint16 ExecutionStrategy;
460 };
461
462
463 tony 1.1 // ==================================================================
464 // AuthenticationRule
465 // ==================================================================
466 [Experimental, Version ("2.7.1000"), Description (
467 "A class representing a company's and/or administrator's "
468 "authentication requirements for a CIM_Identity. The "
469 "PolicyConditions collected by an instance of "
470 "AuthenticationRule describe the various requirements under "
471 "which a CIM_Identity's CurrentlyAuthenticated Boolean is set "
472 "to TRUE. Note that the CIM_Identities which are authenticated "
473 "are tied to the Rule by the association, PolicySet AppliesToElement.\n"
474 "\n"
475 "At this time, there are no actions associated with this "
476 "PolicyRule. This is because the actions are implicit. When "
477 "the conditions of the rule are met, then the "
478 "CurrentlyAuthenticated Boolean properties of the associated "
479 "instances of CIM_Identity are set to TRUE.") ]
480 class CIM_AuthenticationRule : CIM_PolicyRule {
481 };
482
483
484 tony 1.1 // ==================================================================
485 // ReusablePolicyContainer
486 // ==================================================================
487 [Version ("2.6.0"), Description (
488 "A class representing an administratively defined container for "
489 "reusable policy-related information. This class does not "
490 "introduce any additional properties beyond those in its "
491 "superclass AdminDomain. It does, however, participate in a "
492 "unique association for containing policy elements.\n"
493 "\n"
494 "An instance of this class uses the NameFormat value "
495 "\"ReusablePolicyContainer\".") ]
496 class CIM_ReusablePolicyContainer : CIM_AdminDomain {
497 };
498
499
500 // ==================================================================
501 // PolicyRepository *** deprecated
502 // ==================================================================
503 [Deprecated {"CIM_ReusablePolicyContainer"}, Version ("2.7.0"),
504 Description (
505 tony 1.1 "The term 'PolicyRepository' has been confusing to both "
506 "developers and users of the model. The replacement class name "
507 "describes model element properly and is less likely to be "
508 "confused with a data repository.\n"
509 "\n"
510 "A class representing an administratively defined container for "
511 "reusable policy-related information. This class does not "
512 "introduce any additional properties beyond those in its "
513 "superclass AdminDomain. It does, however, participate in a "
514 "number of unique associations.\n"
515 "\n"
516 "An instance of this class uses the NameFormat value "
517 "\"PolicyRepository\".") ]
518 class CIM_PolicyRepository : CIM_AdminDomain {
519 };
520
521
522 // ==================================================================
523 // PolicyCondition
524 // ==================================================================
525 [Abstract, Version ("2.6.0"), Description (
526 tony 1.1 "A class representing a rule-specific or reusable policy "
527 "condition to be evaluated in conjunction with a Policy Rule. "
528 "Since all operational details of a PolicyCondition are "
529 "provided in subclasses of this object, this class is "
530 "abstract.") ]
531 class CIM_PolicyCondition : CIM_Policy {
532
533 [Key, Description (
534 "The name of the class or the subclass used in the creation "
535 "of the System object in whose scope this PolicyCondition is defined.\n"
536 "\n"
537 "This property helps to identify the System object in whose "
538 "scope this instance of PolicyCondition exists. For a "
539 "rule-specific PolicyCondition, this is the System in whose "
540 "context the PolicyRule is defined. For a reusable "
541 "PolicyCondition, this is the instance of PolicyRepository "
542 "(which is a subclass of System) that holds the Condition.\n"
543 "\n"
544 "Note that this property, and the analogous property "
545 "SystemName, do not represent propagated keys from an "
546 "instance of the class System. Instead, they are properties "
547 tony 1.1 "defined in the context of this class, which repeat the "
548 "values from the instance of System to which this "
549 "PolicyCondition is related, either directly via the "
550 "PolicyConditionInPolicyRepository association or indirectly "
551 "via the PolicyConditionInPolicyRule aggregation."),
552 MaxLen (256) ]
553 string SystemCreationClassName;
554
555 [Key, Description (
556 "The name of the System object in whose scope this "
557 "PolicyCondition is defined.\n"
558 "\n"
559 "This property completes the identification of the System "
560 "object in whose scope this instance of PolicyCondition "
561 "exists. For a rule-specific PolicyCondition, this is the "
562 "System in whose context the PolicyRule is defined. For a "
563 "reusable PolicyCondition, this is the instance of "
564 "PolicyRepository (which is a subclass of System) that holds "
565 "the Condition."),
566 MaxLen (256) ]
567 string SystemName;
568 tony 1.1
569 [Key, Description (
570 "For a rule-specific PolicyCondition, the CreationClassName "
571 "of the PolicyRule object with which this Condition is "
572 "associated. For a reusable Policy Condition, a special "
573 "value, 'NO RULE', should be used to indicate that this "
574 "Condition is reusable and not associated with a single "
575 "PolicyRule."),
576 MaxLen (256) ]
577 string PolicyRuleCreationClassName;
578
579 [Key, Description (
580 "For a rule-specific PolicyCondition, the name of the "
581 "PolicyRule object with which this Condition is associated. "
582 "For a reusable PolicyCondition, a special value, 'NO RULE', "
583 "should be used to indicate that this Condition is reusable "
584 "and not associated with a single PolicyRule."),
585 MaxLen (256) ]
586 string PolicyRuleName;
587
588 [Key, Description (
589 tony 1.1 "CreationClassName indicates the name of the class or the "
590 "subclass used in the creation of an instance. When used "
591 "with the other key properties of this class, this property "
592 "allows all instances of this class and its subclasses to be "
593 "uniquely identified."),
594 MaxLen (256) ]
595 string CreationClassName;
596
597 [Key, Description (
598 "A user-friendly name of this PolicyCondition."),
599 MaxLen (256) ]
600 string PolicyConditionName;
601 };
602
603
604 // ==================================================================
605 // PolicyTimePeriodCondition
606 // ==================================================================
607 [Version ("2.7.0"), Description (
608 "This class provides a means of representing the time periods "
609 "during which a PolicySet is valid, i.e., active. At all times "
610 tony 1.1 "that fall outside these time periods, the PolicySet has no "
611 "effect. A PolicySet is treated as valid at ALL times, if it "
612 "does not specify a PolicyTimePeriodCondition.\n"
613 "\n"
614 "In some cases a Policy Consumer may need to perform certain "
615 "setup / cleanup actions when a PolicySet becomes active / "
616 "inactive. For example, sessions that were established while a "
617 "PolicySet was active might need to be taken down when the "
618 "PolicySet becomes inactive. In other cases, however, such "
619 "sessions might be left up. In this case, the effect of "
620 "deactivating the PolicySet would just be to prevent the "
621 "establishment of new sessions.\n"
622 "\n"
623 "Setup / cleanup behaviors on validity period transitions are "
624 "not currently addressed by the Policy Model, and must be "
625 "specified in 'guideline' documents or via subclasses of "
626 "CIM_PolicySet, CIM_PolicyTimePeriod Condition or other "
627 "concrete subclasses of CIM_Policy. If such behaviors need to "
628 "be under the control of the policy administrator, then a "
629 "mechanism to allow this control must also be specified in the subclasses.\n"
630 "\n"
631 tony 1.1 "PolicyTimePeriodCondition is defined as a subclass of "
632 "PolicyCondition. This is to allow the inclusion of time-based "
633 "criteria in the AND/OR condition definitions for a PolicyRule.\n"
634 "\n"
635 "Instances of this class may have up to five properties "
636 "identifying time periods at different levels. The values of "
637 "all the properties present in an instance are ANDed together "
638 "to determine the validity period(s) for the instance. For "
639 "example, an instance with an overall validity range of January "
640 "1, 2000 through December 31, 2000; a month mask that selects "
641 "March and April; a day-of-the-week mask that selects Fridays; "
642 "and a time of day range of 0800 through 1600 would be "
643 "represented using the following time periods:\n"
644 "Friday, March 5, 2000, from 0800 through 1600;\n"
645 "Friday, March 12, 2000, from 0800 through 1600;\n"
646 "Friday, March 19, 2000, from 0800 through 1600;\n"
647 "Friday, March 26, 2000, from 0800 through 1600;\n"
648 "Friday, April 2, 2000, from 0800 through 1600;\n"
649 "Friday, April 9, 2000, from 0800 through 1600;\n"
650 "Friday, April 16, 2000, from 0800 through 1600;\n"
651 "Friday, April 23, 2000, from 0800 through 1600;\n"
652 tony 1.1 "Friday, April 30, 2000, from 0800 through 1600.\n"
653 "\n"
654 "Properties not present in an instance of "
655 "PolicyTimePeriodCondition are implicitly treated as having "
656 "their value 'always enabled'. Thus, in the example above, the "
657 "day-of-the-month mask is not present, and so the validity "
658 "period for the instance implicitly includes a day-of-the-month "
659 "mask that selects all days of the month. If this 'missing "
660 "property' rule is applied to its fullest, we see that there is "
661 "a second way to indicate that a PolicySet is always enabled: "
662 "associate with it an instance of PolicyTimePeriodCondition "
663 "whose only properties with specific values are its key "
664 "properties.") ]
665 class CIM_PolicyTimePeriodCondition : CIM_PolicyCondition {
666
667 [Description (
668 "This property identifies an overall range of calendar dates "
669 "and times over which a PolicySet is valid. It is formatted "
670 "as a string representing a start date and time, in which "
671 "the character 'T' indicates the beginning of the time "
672 "portion, followed by the solidus character '/', followed by "
673 tony 1.1 "a similar string representing an end date and time. The "
674 "first date indicates the beginning of the range, while the "
675 "second date indicates the end. Thus, the second date and "
676 "time must be later than the first. Date/times are "
677 "expressed as substrings of the form yyyymmddThhmmss. For example:\n"
678 "20000101T080000/20000131T120000 defines\n"
679 "January 1, 2000, 0800 through January 31, 2000, noon\n"
680 "\n"
681 "There are also two special cases in which one of the "
682 "date/time strings is replaced with a special string defined "
683 "in RFC 2445.\n"
684 "o If the first date/time is replaced with the string "
685 "'THISANDPRIOR', then the property indicates that a "
686 "PolicySet is valid [from now] until the date/time that "
687 "appears after the '/'.\n"
688 "o If the second date/time is replaced with the string "
689 "'THISANDFUTURE', then the property indicates that a "
690 "PolicySet becomes valid on the date/time that appears "
691 "before the '/', and remains valid from that point on."),
692 ModelCorrespondence {
693 "CIM_PolicyTimePeriodCondition.MonthOfYearMask",
694 tony 1.1 "CIM_PolicyTimePeriodCondition.DayOfMonthMask",
695 "CIM_PolicyTimePeriodCondition.DayOfWeekMask",
696 "CIM_PolicyTimePeriodCondition.TimeOfDayMask",
697 "CIM_PolicyTimePeriodCondition.LocalOrUtcTime"} ]
698 string TimePeriod;
699
700 [Description (
701 "The purpose of this property is to refine the valid time "
702 "period that is defined by the TimePeriod property, by "
703 "explicitly specifying in which months the PolicySet is "
704 "valid. These properties work together, with the TimePeriod "
705 "used to specify the overall time period in which the "
706 "PolicySet is valid, and the MonthOfYearMask used to pick "
707 "out the months during which the PolicySet is valid.\n"
708 "\n"
709 "This property is formatted as an octet string, structured "
710 "as follows:\n"
711 "o a 4-octet length field, indicating the length of the "
712 "entire octet string; this field is always set to 0x00000006 "
713 "for this property;\n"
714 "o a 2-octet field consisting of 12 bits identifying the 12 "
715 tony 1.1 "months of the year, beginning with January and ending with "
716 "December, followed by 4 bits that are always set to '0'. "
717 "For each month, the value '1' indicates that the policy is "
718 "valid for that month, and the value '0' indicates that it "
719 "is not valid.\n"
720 "\n"
721 "The value 0x000000060830, for example, indicates that a "
722 "PolicySet is valid only in the months May, November, and December.\n"
723 "\n"
724 "If a value for this property is not provided, then the "
725 "PolicySet is treated as valid for all twelve months, and "
726 "only restricted by its TimePeriod property value and the "
727 "other Mask properties."),
728 OctetString,
729 ModelCorrespondence {
730 "CIM_PolicyTimePeriodCondition.TimePeriod",
731 "CIM_PolicyTimePeriodCondition.LocalOrUtcTime"} ]
732 uint8 MonthOfYearMask[];
733
734 [Description (
735 "The purpose of this property is to refine the valid time "
736 tony 1.1 "period that is defined by the TimePeriod property, by "
737 "explicitly specifying in which days of the month the "
738 "PolicySet is valid. These properties work together, with "
739 "the TimePeriod used to specify the overall time period in "
740 "which the PolicySet is valid, and the DayOfMonthMask used "
741 "to pick out the days of the month during which the "
742 "PolicySet is valid.\n"
743 "\n"
744 "This property is formatted as an octet string, structured "
745 "as follows:\n"
746 "o a 4-octet length field, indicating the length of the "
747 "entire octet string; this field is always set to 0x0000000C "
748 "for this property;\n"
749 "o an 8-octet field consisting of 31 bits identifying the "
750 "days of the month counting from the beginning, followed by "
751 "31 more bits identifying the days of the month counting "
752 "from the end, followed by 2 bits that are always set to "
753 "'0'. For each day, the value '1' indicates that the "
754 "PolicySet is valid for that day, and the value '0' "
755 "indicates that it is not valid.\n"
756 "\n"
757 tony 1.1 "The value 0x0000000C8000000100000000, for example, "
758 "indicates that a PolicySet is valid on the first and last "
759 "days of the month.\n"
760 "\n"
761 "For months with fewer than 31 days, the digits "
762 "corresponding to days that the months do not have (counting "
763 "in both directions) are ignored.\n"
764 "\n"
765 "If a value for this property is not provided, then the "
766 "PolicySet is treated as valid for all days of the month, "
767 "and only restricted by its TimePeriod property value and "
768 "the other Mask properties."),
769 OctetString,
770 ModelCorrespondence {
771 "CIM_PolicyTimePeriodCondition.TimePeriod",
772 "CIM_PolicyTimePeriodCondition.LocalOrUtcTime"} ]
773 uint8 DayOfMonthMask[];
774
775 [Description (
776 "The purpose of this property is to refine the valid time "
777 "period that is defined by the TimePeriod property, by "
778 tony 1.1 "explicitly specifying in which days of the week the "
779 "PolicySet is valid. These properties work together, with "
780 "the TimePeriod used to specify the overall time period in "
781 "which the PolicySet is valid, and the DayOfWeekMask used to "
782 "pick out the days of the week during which the PolicySet is valid.\n"
783 "\n"
784 "This property is formatted as an octet string, structured "
785 "as follows:\n"
786 "o a 4-octet length field, indicating the length of the "
787 "entire octet string; this field is always set to 0x00000005 "
788 "for this property;\n"
789 "o a 1-octet field consisting of 7 bits identifying the 7 "
790 "days of the week, beginning with Sunday and ending with "
791 "Saturday, followed by 1 bit that is always set to '0'. For "
792 "each day of the week, the value '1' indicates that the "
793 "PolicySet is valid for that day, and the value '0' "
794 "indicates that it is not valid.\n"
795 "\n"
796 "The value 0x000000057C, for example, indicates that a "
797 "PolicySet is valid Monday through Friday.\n"
798 "\n"
799 tony 1.1 "If a value for this property is not provided, then the "
800 "PolicySet is treated as valid for all days of the week, and "
801 "only restricted by its TimePeriod property value and the "
802 "other Mask properties."),
803 OctetString,
804 ModelCorrespondence {
805 "CIM_PolicyTimePeriodCondition.TimePeriod",
806 "CIM_PolicyTimePeriodCondition.LocalOrUtcTime"} ]
807 uint8 DayOfWeekMask[];
808
809 [Description (
810 "The purpose of this property is to refine the valid time "
811 "period that is defined by the TimePeriod property, by "
812 "explicitly specifying a range of times in a day during "
813 "which the PolicySet is valid. These properties work "
814 "together, with the TimePeriod used to specify the overall "
815 "time period in which the PolicySet is valid, and the "
816 "TimeOfDayMask used to pick out the range of time periods in "
817 "a given day of during which the PolicySet is valid.\n"
818 "\n"
819 "This property is formatted in the style of RFC 2445: a time "
820 tony 1.1 "string beginning with the character 'T', followed by the "
821 "solidus character '/', followed by a second time string. "
822 "The first time indicates the beginning of the range, while "
823 "the second time indicates the end. Times are expressed as "
824 "substrings of the form 'Thhmmss'.\n"
825 "\n"
826 "The second substring always identifies a later time than "
827 "the first substring. To allow for ranges that span "
828 "midnight, however, the value of the second string may be "
829 "smaller than the value of the first substring. Thus, "
830 "'T080000/T210000' identifies the range from 0800 until "
831 "2100, while 'T210000/T080000' identifies the range from "
832 "2100 until 0800 of the following day.\n"
833 "\n"
834 "When a range spans midnight, it by definition includes "
835 "parts of two successive days. When one of these days is "
836 "also selected by either the MonthOfYearMask, "
837 "DayOfMonthMask, and/or DayOfWeekMask, but the other day is "
838 "not, then the PolicySet is active only during the portion "
839 "of the range that falls on the selected day. For example, "
840 "if the range extends from 2100 until 0800, and the day of "
841 tony 1.1 "week mask selects Monday and Tuesday, then the PolicySet is "
842 "active during the following three intervals:\n"
843 "From midnight Sunday until 0800 Monday;\n"
844 "From 2100 Monday until 0800 Tuesday;\n"
845 "From 2100 Tuesday until 23:59:59 Tuesday.\n"
846 "\n"
847 "If a value for this property is not provided, then the "
848 "PolicySet is treated as valid for all hours of the day, and "
849 "only restricted by its TimePeriod property value and the "
850 "other Mask properties."),
851 ModelCorrespondence {
852 "CIM_PolicyTimePeriodCondition.TimePeriod",
853 "CIM_PolicyTimePeriodCondition.LocalOrUtcTime"} ]
854 string TimeOfDayMask;
855
856 [Description (
857 "This property indicates whether the times represented in "
858 "the TimePeriod property and in the various Mask properties "
859 "represent local times or UTC times. There is no provision "
860 "for mixing of local times and UTC times: the value of this "
861 "property applies to all of the other time-related "
862 tony 1.1 "properties. TimePeriods are synchronized worldwide by "
863 "using the enumeration value 'UTCTime'. If the goal is to "
864 "synchronize worldwide on a particular local time (such as "
865 "0300 - 0500 in New York), then if the TimePeriod property "
866 "spans a Daylight Savings Time transition in New York, it "
867 "will be necessary to create multiple instances of "
868 "PolicyTimePeriodCondition, one based on the offset UTC-0500 "
869 "for the part of each year when standard time is used in New "
870 "York, and one based on the offset UTC-0400 for the part of "
871 "each year when Daylight Savings Time is used there."),
872 ValueMap {"1", "2"},
873 Values {"Local Time", "UTC Time"},
874 ModelCorrespondence {
875 "CIM_PolicyTimePeriodCondition.TimePeriod",
876 "CIM_PolicyTimePeriodCondition.MonthOfYearMask",
877 "CIM_PolicyTimePeriodCondition.DayOfMonthMask",
878 "CIM_PolicyTimePeriodCondition.DayOfWeekMask",
879 "CIM_PolicyTimePeriodCondition.TimeOfDayMask"} ]
880 uint16 LocalOrUtcTime;
881 };
882
883 tony 1.1
884 // ==================================================================
885 // CompoundPolicyCondition
886 // ==================================================================
887 [Version ("2.7.0"), Description (
888 "CompoundPolicyCondition is used to represent compound "
889 "conditions formed by aggregating simpler policy conditions. "
890 "Compound conditions are constructed by associating subordinate "
891 "condition terms together using the "
892 "PolicyConditionInPolicyCondition aggregation.") ]
893 class CIM_CompoundPolicyCondition : CIM_PolicyCondition {
894
895 [Description (
896 "Indicates whether the list of CompoundPolicyConditions "
897 "associated with this PolicyRule is in disjunctive normal "
898 "form (DNF) or conjunctive normal form (CNF). The default "
899 "value is 1 (\"DNF\")."),
900 ValueMap {"1", "2"},
901 Values { "DNF", "CNF" } ]
902 uint16 ConditionListType;
903 };
904 tony 1.1
905
906 // ==================================================================
907 // AuthenticationCondition
908 // ==================================================================
909 [Experimental, Abstract, Version ("2.7.1000"), Description (
910 "An abstract class whosesubclasses describe one of a company's "
911 "and/or administrator's credential requirements, and/orother "
912 "information that should be authenticated in order to "
913 "establish/trust a CIM_Identity.The PolicyConditions collected "
914 "by an instance of AuthenticationRuledescribe the various "
915 "requirements under which a "
916 "CIM_Identity'sCurrentlyAuthenticated Booleanis set to TRUE. "
917 "Note that the CIM_Identitieswhich are authenticated are "
918 "specified through the AuthenticationRule, using the "
919 "PolicySetAppliesToElementassociation.") ]
920 class CIM_AuthenticationCondition : CIM_PolicyCondition {
921 };
922
923
924 // ==================================================================
925 tony 1.1 // SharedSecretAuthentication
926 // ==================================================================
927 [Experimental, Version ("2.7.1000"), Description (
928 "Aclass describing a company's and/or administrator's "
929 "credential requirements that should be authenticated in "
930 "orderto establish/trust a CIM_Identity.This class defines a "
931 "specific identity whose shared secret should be "
932 "authenticated.") ]
933 class CIM_SharedSecretAuthentication : CIM_AuthenticationCondition {
934
935 [Description (
936 "String defining the principal's ID whose secret is "
937 "authenticated.") ]
938 string IDOfPrincipal;
939
940 [Description (
941 "String defining a hostname, URI or service/application "
942 "name. It defines the specific system or service which "
943 "provides the context for the shared secret.") ]
944 string ContextOfSecret;
945 };
946 tony 1.1
947
948 // ==================================================================
949 // AccountAuthentication
950 // ==================================================================
951 [Experimental, Version ("2.7.1000"), Description (
952 "Aclass describing a company's and/or administrator's "
953 "credential requirements that should be authenticated in "
954 "orderto establish/trust a CIM_Identity.This class defines a "
955 "specific identity whose account credentialsshould be "
956 "authenticated.") ]
957 class CIM_AccountAuthentication : CIM_AuthenticationCondition {
958
959 [Description (
960 "String defining the account's ID which is authenticated.") ]
961 string AccountID;
962
963 [Description (
964 "String defining a hostname, URI or other information "
965 "identifying the system where the Account resides.") ]
966 string AccountContext;
967 tony 1.1 };
968
969
970 // ==================================================================
971 // BiometricAuthentication
972 // ==================================================================
973 [Experimental, Version ("2.7.1000"), Description (
974 "A class describing a company's and/or administrator's "
975 "credential requirements that should be authenticated in order "
976 "to establish/trust a CIM_Identity. This class defines "
977 "specific biometric data that should be authenticated.") ]
978 class CIM_BiometricAuthentication : CIM_AuthenticationCondition {
979
980 [Description (
981 "Integer enumeration identifying the biometric data that "
982 "should be authenticated."),
983 ValueMap {"1", "2", "3", "4", "5", "6","7", "8"},
984 Values {"Other", "Facial", "Retina", "Mark", "Finger", "Voice",
985 "DNA-RNA", "EEG"},
986 ModelCorrespondence {
987 "CIM_BiometricAuthentication.OtherBiometric"} ]
988 tony 1.1 uint16 TypeOfBiometric;
989
990 [Description (
991 "String specifying the biometric when the TypeOfBiometric "
992 "property is set to 1, \"Other\"."),
993 ModelCorrespondence {
994 "CIM_BiometricAuthentication.TypeOfBiometric"} ]
995 string OtherBiometric;
996 };
997
998
999 // ==================================================================
1000 // NetworkingIDAuthentication
1001 // ==================================================================
1002 [Experimental, Version ("2.7.1000"), Description (
1003 "Aclass describing a company's and/or administrator's "
1004 "credential requirements that should be authenticated in "
1005 "orderto establish/trust a CIM_Identity.This class defines that "
1006 "a networking ID or address should be verified.") ]
1007 class CIM_NetworkingIDAuthentication : CIM_AuthenticationCondition {
1008
1009 tony 1.1 [Description (
1010 "A string defining the specific type/subclass of "
1011 "CIM_Identity which specifies the networking information.For "
1012 "example, CIM_StorageHardwareID would be entered in this "
1013 "property to identify that a 'known' port should be "
1014 "observed.") ]
1015 string NetworkingIdentityClassName;
1016 };
1017
1018
1019 // ==================================================================
1020 // PublicPrivateKeyAuthentication
1021 // ==================================================================
1022 [Experimental, Version ("2.7.1000"), Description (
1023 "Aclass describing a company's and/or administrator's "
1024 "credential requirements that should be authenticated in "
1025 "orderto establish/trust a CIM_Identity.This class defines the "
1026 "specific public/private key pair that should be "
1027 "authenticated.") ]
1028 class CIM_PublicPrivateKeyAuthentication : CIM_AuthenticationCondition {
1029
1030 tony 1.1 [Description (
1031 "Boolean indicating whether the key pair is self-issued "
1032 "(TRUE) or issued by a Certificate Authority (FALSE).") ]
1033 boolean SelfIssuedKey;
1034
1035 [Description (
1036 "String holding the user's (distinguished) name.") ]
1037 string DistinguishedName;
1038
1039 [Description (
1040 "String holding the public key data.") ]
1041 string PublicKey;
1042 };
1043
1044
1045 // ==================================================================
1046 // KerberosAuthentication
1047 // ==================================================================
1048 [Experimental, Version ("2.7.1000"), Description (
1049 "Aclass describing a company's and/or administrator's "
1050 "credential requirements that should beauthenticated in order "
1051 tony 1.1 "to establish/trust a CIM_Identity.This class defines a user "
1052 "whose Kerberos ticket should be authenticated.") ]
1053 class CIM_KerberosAuthentication : CIM_AuthenticationCondition {
1054
1055 [Description (
1056 "String holding the user name for which the ticket is "
1057 "issued.") ]
1058 string UserName;
1059 };
1060
1061
1062 // ==================================================================
1063 // DocumentAuthentication
1064 // ==================================================================
1065 [Experimental, Version ("2.7.1000"), Description (
1066 "A class describing a company's and/or administrator's "
1067 "credential requirements that should be authenticated in order "
1068 "to establish/trust a CIM_Identity. This class defines the "
1069 "specific document that should be authenticated.") ]
1070 class CIM_DocumentAuthentication : CIM_AuthenticationCondition {
1071
1072 tony 1.1 [Description (
1073 "Integer enumeration identifying the document that should be "
1074 "authenticated."),
1075 ValueMap {"1", "2", "3", "4", "5", "6","7"},
1076 Values {"Other", "Passport", "Birth Certificate", "Credit Card",
1077 "Drivers License", "Membership Card", "Social Security Card"},
1078 ModelCorrespondence {
1079 "CIM_DocumentAuthentication.OtherDocument"} ]
1080 uint16 TypeOfDocument;
1081
1082 [Description (
1083 "String specifying the document when the TypeOfDocument "
1084 "property is set to 1, \"Other\"."),
1085 ModelCorrespondence {
1086 "CIM_DocumentAuthentication.TypeOfDocument"} ]
1087 string OtherDocument;
1088 };
1089
1090
1091 // ==================================================================
1092 // ChallengeQuestionAuthentication
1093 tony 1.1 // ==================================================================
1094 [Experimental, Version ("2.7.1000"), Description (
1095 "Aclass describing a company's and/or administrator's "
1096 "credential requirements that should be authenticated in "
1097 "orderto establish/trust a CIM_Identity. This class defines "
1098 "the specific challenge question whose response should be "
1099 "authenticated.") ]
1100 class CIM_ChallengeQuestionAuthentication : CIM_AuthenticationCondition {
1101
1102 [Description (
1103 "The challenge question to be authenticated.") ]
1104 string ChallengeQuestion;
1105 };
1106
1107
1108 // ==================================================================
1109 // PhysicalCredentialAuthentication
1110 // ==================================================================
1111 [Experimental, Version ("2.7.1000"), Description (
1112 "A class describing a company's and/or "
1113 "administrator'scredential requirements that should be "
1114 tony 1.1 "authenticated in orderto establish/trust a CIM_Identity.This "
1115 "class defines the specific type of physical credential that "
1116 "should be authenticated.") ]
1117 class CIM_PhysicalCredentialAuthentication : CIM_AuthenticationCondition {
1118
1119 [Description (
1120 "Integer enumeration identifying the credential that should "
1121 "be authenticated."),
1122 ValueMap {"1", "2", "3", "4"},
1123 Values {"Other", "Magnetic Stripe Card", "Smart Card",
1124 "PasswordGenerator Card"},
1125 ModelCorrespondence {
1126 "CIM_PhysicalCredentialAuthentication.OtherCredential"} ]
1127 uint16 TypeOfCredential;
1128
1129 [Description (
1130 "String specifying the credential when the TypeOfCredential "
1131 "property is set to 1, \"Other\"."),
1132 ModelCorrespondence {
1133 "CIM_PhysicalCredentialAuthentication.TypeOfCredential"} ]
1134 string OtherCredential;
1135 tony 1.1 };
1136
1137
1138 // ==================================================================
1139 // VendorPolicyCondition
1140 // ==================================================================
1141 [Version ("2.6.0"), Description (
1142 "A class that provides a general extension mechanism for "
1143 "representing PolicyConditions that have not been modeled with "
1144 "specific properties. Instead, the two properties Constraint "
1145 "and ConstraintEncoding are used to define the content and "
1146 "format of the Condition, as explained below.\n"
1147 "\n"
1148 "As its name suggests, VendorPolicyCondition is intended for "
1149 "vendor-specific extensions to the Policy Core Information "
1150 "Model. Standardized extensions are not expected to use this "
1151 "class.") ]
1152 class CIM_VendorPolicyCondition : CIM_PolicyCondition {
1153
1154 [Description (
1155 "This property provides a general extension mechanism for "
1156 tony 1.1 "representing PolicyConditions that have not been modeled "
1157 "with specific properties. The format of the octet strings "
1158 "in the array is left unspecified in this definition. It is "
1159 "determined by the OID value stored in the property "
1160 "ConstraintEncoding. Since ConstraintEncoding is "
1161 "single-valued, all the values of Constraint share the same "
1162 "format and semantics."),
1163 OctetString,
1164 ModelCorrespondence {
1165 "CIM_VendorPolicyCondition.ConstraintEncoding"} ]
1166 string Constraint[];
1167
1168 [Description (
1169 "An OID encoded as a string, identifying the format and "
1170 "semantics for this instance's Constraint property."),
1171 ModelCorrespondence { "CIM_VendorPolicyCondition.Constraint"} ]
1172 string ConstraintEncoding;
1173 };
1174
1175
1176 // ==================================================================
1177 tony 1.1 // PacketFilterCondition
1178 // ==================================================================
1179 [Experimental, Version ("2.7.1000"), Description (
1180 "PacketFilterCondition specifies packet selection criteria (via "
1181 "association to FilterLists) for firewall policies, IPsec "
1182 "policies and similar uses. It is used as an anchor point to "
1183 "associate various types of filters with policy rules via the "
1184 "FilterOfPacketCondition association. By definition, policy "
1185 "rules that aggregate PacketFilterCondition are assumed to "
1186 "operate against every packet received and/or transmitted from "
1187 "an ingress and/or egress point. (Whether policy condition "
1188 "evaluation occurs at ingress or egress is specified by the "
1189 "FilterEvaluation property defined in this class.) "
1190 "PacketFilterCondition MAY also be used to define the specific "
1191 "CredentialManagementService that validates the credentials "
1192 "carried in a packet. This is accomplished using the "
1193 "association, AcceptCredentialFrom.\n"
1194 "\n"
1195 "Associated objects (such as FilterListsor Credential "
1196 "ManagementServices) represent components of the condition that "
1197 "MAY or MAY NOT apply at a given rule evaluation. For example, "
1198 tony 1.1 "an AcceptCredentialFrom evaluation is only performed when a "
1199 "credential is available to be evaluated and compared against "
1200 "the list of trusted credential management services. "
1201 "Similarly, a PeerIDPayloadFilterEntry MAY only be evaluated "
1202 "when an ID payload is available for checking. Condition "
1203 "components that do not have applicability at rule evaluation "
1204 "time, MUST be evaluated to TRUE."),
1205 MappingStrings {"IPSP Policy Model.IETF|SACondition"} ]
1206 class CIM_PacketFilterCondition : CIM_PolicyCondition {
1207
1208 [Description (
1209 "An enumeration indicating whether packet evaluation is "
1210 "performed at ingress, egress or both."),
1211 ValueMap {"2", "3", "4"},
1212 Values {"Ingress", "Egress", "Both Ingress and Egress"} ]
1213 uint16 FilterEvaluation;
1214 };
1215
1216
1217 // ==================================================================
1218 // PolicyAction
1219 tony 1.1 // ==================================================================
1220 [Abstract, Version ("2.7.1000"), Description (
1221 "A class representing a rule-specific or reusable policy action "
1222 "to be performed if the PolicyConditions for a Policy Rule "
1223 "evaluate to TRUE. Since all operational details of a "
1224 "PolicyAction are provided in subclasses of this object, this "
1225 "class is abstract.") ]
1226 class CIM_PolicyAction : CIM_Policy {
1227
1228 [Key, Description (
1229 "The name of the class or the subclass used in the creation "
1230 "of the System object in whose scope this PolicyAction is defined.\n"
1231 "\n"
1232 "This property helps to identify the System object in whose "
1233 "scope this instance of PolicyAction exists. For a "
1234 "rule-specific PolicyAction, this is the System in whose "
1235 "context the PolicyRule is defined. For a reusable "
1236 "PolicyAction, this is the instance of PolicyRepository "
1237 "(which is a subclass of System) that holds the Action.\n"
1238 "\n"
1239 "Note that this property, and the analogous property "
1240 tony 1.1 "SystemName, do not represent propagated keys from an "
1241 "instance of the class System. Instead, they are properties "
1242 "defined in the context of this class, which repeat the "
1243 "values from the instance of System to which this "
1244 "PolicyAction is related, either directly via the "
1245 "PolicyActionInPolicyRepository association or indirectly "
1246 "via the PolicyActionInPolicyRule aggregation."),
1247 MaxLen (256) ]
1248 string SystemCreationClassName;
1249
1250 [Key, Description (
1251 "The name of the System object in whose scope this "
1252 "PolicyAction is defined.\n"
1253 "\n"
1254 "This property completes the identification of the System "
1255 "object in whose scope this instance of PolicyAction "
1256 "exists. For a rule-specific PolicyAction, this is the "
1257 "System in whose context the PolicyRule is defined. For a "
1258 "reusable PolicyAction, this is the instance of "
1259 "PolicyRepository (which is a subclass of System) that holds "
1260 "the Action."),
1261 tony 1.1 MaxLen (256) ]
1262 string SystemName;
1263
1264 [Key, Description (
1265 "For a rule-specific PolicyAction, the CreationClassName of "
1266 "the PolicyRule object with which this Action is "
1267 "associated. For a reusable PolicyAction, a special value, "
1268 "'NO RULE', should be used to indicate that this Action is "
1269 "reusable and not associated with a single PolicyRule."),
1270 MaxLen (256) ]
1271 string PolicyRuleCreationClassName;
1272
1273 [Key, Description (
1274 "For a rule-specific PolicyAction, the name of the "
1275 "PolicyRule object with which this Action is associated. "
1276 "For a reusable PolicyAction, a special value, 'NO RULE', "
1277 "should be used to indicate that this Action is reusable and "
1278 "not associated with a single PolicyRule."),
1279 MaxLen (256) ]
1280 string PolicyRuleName;
1281
1282 tony 1.1 [Key, Description (
1283 "CreationClassName indicates the name of the class or the "
1284 "subclass used in the creation of an instance. When used "
1285 "with the other key properties of this class, this property "
1286 "allows all instances of this class and its subclasses to be "
1287 "uniquely identified."),
1288 MaxLen (256) ]
1289 string CreationClassName;
1290
1291 [Key, Description (
1292 "A user-friendly name of this PolicyAction."),
1293 MaxLen (256) ]
1294 string PolicyActionName;
1295
1296 [Experimental, Description (
1297 "DoActionLogging causes a log messageto be generated when "
1298 "the action is performed.") ]
1299 boolean DoActionLogging;
1300 };
1301
1302
1303 tony 1.1 // ==================================================================
1304 // VendorPolicyAction
1305 // ==================================================================
1306 [Version ("2.6.0"), Description (
1307 "A class that provides a general extension mechanism for "
1308 "representing PolicyActions that have not been modeled with "
1309 "specific properties. Instead, the two properties ActionData "
1310 "and ActionEncoding are used to define the content and format "
1311 "of the Action, as explained below.\n"
1312 "\n"
1313 "As its name suggests, VendorPolicyAction is intended for "
1314 "vendor-specific extensions to the Policy Core Information "
1315 "Model. Standardized extensions are not expected to use this "
1316 "class.") ]
1317 class CIM_VendorPolicyAction : CIM_PolicyAction {
1318
1319 [Description (
1320 "This property provides a general extension mechanism for "
1321 "representing PolicyActions that have not been modeled with "
1322 "specific properties. The format of the octet strings in "
1323 "the array is left unspecified in this definition. It is "
1324 tony 1.1 "determined by the OID value stored in the property "
1325 "ActionEncoding. Since ActionEncoding is single-valued, all "
1326 "the values of ActionData share the same format and "
1327 "semantics."),
1328 OctetString,
1329 ModelCorrespondence { "CIM_VendorPolicyAction.ActionEncoding"} ]
1330 string ActionData[];
1331
1332 [Description (
1333 "An OID encoded as a string, identifying the format and "
1334 "semantics for this instance's ActionData property."),
1335 ModelCorrespondence { "CIM_VendorPolicyAction.ActionData"} ]
1336 string ActionEncoding;
1337 };
1338
1339
1340 // ==================================================================
1341 // CompoundPolicyAction
1342 // ==================================================================
1343 [Version ("2.6.0"), Description (
1344 "CompoundPolicyAction is used to represent an expression "
1345 tony 1.1 "consisting of an ordered sequence of action terms. Each "
1346 "action term is represented as a subclass of the PolicyAction "
1347 "class. Compound actions are constructed by associating "
1348 "dependent action terms together using the "
1349 "PolicyActionInPolicyAction aggregation.") ]
1350 class CIM_CompoundPolicyAction : CIM_PolicyAction {
1351
1352 [Description (
1353 "This property gives a policy administrator a way of "
1354 "specifying how the ordering of the PolicyActions associated "
1355 "with this PolicyRule is to be interpreted. Three values "
1356 "are supported:\n"
1357 "o mandatory(1): Do the actions in the indicated order, or "
1358 "don't do them at all.\n"
1359 "o recommended(2): Do the actions in the indicated order if "
1360 "you can, but if you can't do them in this order, do them in "
1361 "another order if you can.\n"
1362 "o dontCare(3): Do them -- I don't care about the order.\n"
1363 "The default value is 3 (\"DontCare\")."),
1364 ValueMap {"1", "2", "3"},
1365 Values {"Mandatory", "Recommended", "Dont Care"} ]
1366 tony 1.1 uint16 SequencedActions;
1367
1368 [Description (
1369 "ExecutionStrategy defines the strategy to be used in "
1370 "executing the sequenced actions aggregated by this "
1371 "CompoundPolicyAction. There are three execution strategies:\n"
1372 "\n"
1373 "Do Until Success - execute actions according to predefined\n"
1374 "order, until successful execution of a\n"
1375 "single action.\n"
1376 "Do All - execute ALL actions which are part of\n"
1377 "the modeled set, according to their\n"
1378 "predefined order. Continue doing this,\n"
1379 "even if one or more of the actions fails.\n"
1380 "Do Until Failure - execute actions according to predefined\n"
1381 "order, until the first failure in\n"
1382 "execution of an action instance.\n"
1383 "The default value is 2 (\"Do All\")."),
1384 ValueMap {"1", "2", "3"},
1385 Values {"Do Until Success", "Do All", "Do Until Failure"} ]
1386 uint16 ExecutionStrategy;
1387 tony 1.1 };
1388
1389
1390 // ==================================================================
1391 // NetworkPacketAction
1392 // ==================================================================
1393 [Experimental, Version ("2.7.1000"), Description (
1394 "NetworkPacketAction standardizes differentprocessing options "
1395 "that can be taken at the network packetlevel. The specific "
1396 "action is defined in the PacketAction enumerated property. "
1397 "Note that this property can be used in conjunction with other "
1398 "actions aggregated into a Rule, to fullydefine its effects. "
1399 "For example, when aggregated with the SAStaticActionclass, "
1400 "NetworkPacketAction indicates whethera specific packet will be "
1401 "encrypted, bypassed or discarded forthe lifetime of the "
1402 "Security Association.") ]
1403 class CIM_NetworkPacketAction : CIM_PolicyAction {
1404
1405 [Description (
1406 "A network packet can be processed, bypassed for processing "
1407 "(i.e., allowed to continue without further processing,such "
1408 tony 1.1 "as being forwarded in the clear versus being encrypted), or "
1409 "discarded. This enumeration indicateshow a packet should "
1410 "be handled if a PolicyRule's PolicyConditions evaluate to "
1411 "TRUE."),
1412 ValueMap {"1", "2", "3", "4"},
1413 Values {"Other", "Processed", "Bypassed", "Discarded"},
1414 MappingStrings {"IPSP Policy Model.IETF|IPsecBypassAction",
1415 "IPSP Policy Model.IETF|IPsecDiscardAction"},
1416 ModelCorrespondence {"CIM_NetworkPacketAction.OtherAction"} ]
1417 uint16 PacketAction;
1418
1419 [Description (
1420 "Description of the action when the value 1 (\"Other\") is "
1421 "specified for the property, PacketAction."),
1422 ModelCorrespondence {"CIM_NetworkPacketAction.PacketAction"} ]
1423 string OtherAction;
1424 };
1425
1426
1427 // ==================================================================
1428 // RejectConnectionAction
1429 tony 1.1 // ==================================================================
1430 [Experimental, Version ("2.7.1000"), Description (
1431 "RejectConnectionAction is used to causea connection or its "
1432 "negotiation to be terminated. Forexample, it can be used in "
1433 "conjunction with an address filteron UDP port 500 to reduce "
1434 "Denial of Service vulnerability.As another example, it can be "
1435 "specified as a low priorityrule to explicitly define the "
1436 "default action for IKE keyexchange negotiations - i.e., if the "
1437 "higher priority rules are not satisfied, then reject the "
1438 "connection negotiation."),
1439 MappingStrings {"IPSP Policy Model.IETF|IKERejectAction"} ]
1440 class CIM_RejectConnectionAction : CIM_PolicyAction {
1441 };
1442
1443
1444 // ==================================================================
1445 // PolicyRoleCollection
1446 // ==================================================================
1447 [Version ("2.7.1000"), Description (
1448 "PolicyRoleCollection is used to represent a collection of "
1449 "ManagedElements that share a common policy role, and the "
1450 tony 1.1 "PolicySets that CAN BE applied to those elements. (Note that "
1451 "the PolicySets that are CURRENTLY applied are indicated via "
1452 "instances of the association, PolicySetAppliesToElement.) The "
1453 "PolicyRoleCollection always exists in the context of a System, "
1454 "specified using the PolicyRoleCollectionInSystem aggregation. "
1455 "The value of the PolicyRole property in this class specifies "
1456 "the role. It is defined as a free-form string. "
1457 "ManagedElements that share the role defined in this collection "
1458 "are aggregated into the Collection via the "
1459 "ElementInPolicyRoleCollection association.") ]
1460 class CIM_PolicyRoleCollection : CIM_SystemSpecificCollection {
1461
1462 [Required, Description (
1463 "The PolicyRole name for the PolicySets and other "
1464 "ManagedElements that are identified and aggregated by the "
1465 "Collection. Note that the aggregated PolicySets define the "
1466 "rules and groups of rules that may be applied to the "
1467 "associated ManagedElements.\n"
1468 "\n"
1469 "Although not officially designated as 'role combinations', "
1470 "multiple roles may be specified using the form:\n"
1471 tony 1.1 " <RoleName>[&&<RoleName>]*\n"
1472 "where the individual role names appear in alphabetical "
1473 "order (according to the collating sequence for UCS-2). "
1474 "Implementations may treat PolicyRole values that are "
1475 "specified as 'role combinations' as simple strings.") ]
1476 string PolicyRole;
1477
1478 [Experimental, Description (
1479 "Activates/applies the PolicySets aggregated into this "
1480 "Collection to the specified ManagedElement. The "
1481 "ManagedElement MUST be a member of the Collection, "
1482 "associated via ElementInPolicyRoleCollection. The result "
1483 "of this method, if it is successfully executed, is that the "
1484 "aggregated PolicySets are deployed and enforced for the "
1485 "Element. This is reflected by the instantiation of the "
1486 "PolicySetAppliesToElement association between the named "
1487 "Element and each PolicySet."),
1488 ValueMap {"0", "1", "2", "3", "4", "..", "0x8000.."},
1489 Values {"Success", "Not Supported", "Unknown", "Timeout",
1490 "Failed", "DMTF Reserved", "Vendor Specific"} ]
1491 uint32 ActivatePolicySet(
1492 tony 1.1
1493 [IN, Description(
1494 "The ManagedElement to which the aggregated PolicySets of "
1495 "this Collection are applied.") ]
1496 CIM_ManagedElement REF Element);
1497
1498 [Experimental, Description (
1499 "Deactivates the aggregated PolicySets for the specified "
1500 "ManagedElement. The result of this method, if it is "
1501 "successfully executed, is that the aggregated PolicySets "
1502 "are NOT enforced for the Element. This is reflected by the "
1503 "removal of the PolicySetAppliesToElement association "
1504 "between the named Element and each PolicySet. If a "
1505 "PolicySet is not currently enforced for the ManagedElement, "
1506 "then this method has no effect for that Set."),
1507 ValueMap {"0", "1", "2", "3", "4", "..", "0x8000..0xFFFF"},
1508 Values {"Success", "Not Supported", "Unknown", "Timeout",
1509 "Failed", "DMTF Reserved", "Vendor Specific"} ]
1510 uint32 DeactivatePolicySet(
1511 [IN, Description(
1512 "The ManagedElement to which the aggregated PolicySets of "
1513 tony 1.1 "this Collection MUST NOT apply.") ]
1514 CIM_ManagedElement REF Element);
1515 };
1516
1517
1518 // ==================================================================
1519 // === Association classes ===
1520 // ==================================================================
1521
1522
1523 // ==================================================================
1524 // PolicyComponent
1525 // ==================================================================
1526 [Association, Abstract, Aggregation, Version ("2.6.0"),
1527 Description (
1528 "CIM_PolicyComponent is a generic association used to establish "
1529 "'part of' relationships between the subclasses of CIM_Policy. "
1530 "For example, the PolicyConditionInPolicyRule association "
1531 "defines that PolicyConditions are part of a PolicyRule.") ]
1532 class CIM_PolicyComponent : CIM_Component {
1533
1534 tony 1.1 [Aggregate, Override ("GroupComponent"), Description (
1535 "The parent Policy in the association.") ]
1536 CIM_Policy REF GroupComponent;
1537
1538 [Override ("PartComponent"), Description (
1539 "The child/part Policy in the association.") ]
1540 CIM_Policy REF PartComponent;
1541 };
1542
1543
1544 // ==================================================================
1545 // PolicyInSystem
1546 // ==================================================================
1547 [Association, Abstract, Version ("2.7.1000"), Description (
1548 "CIM_PolicyInSystem is a generic association used to establish "
1549 "dependency relationships between Policies and the Systems that "
1550 "host them. These Systems may be ComputerSystems where "
1551 "Policies are 'running' or they may be Policy Repositories "
1552 "where Policies are stored. This relationship is similar to "
1553 "the concept of CIM_Services being dependent on CIM_Systems as "
1554 "defined by the HostedService association.\n"
1555 tony 1.1 "\n"
1556 "Cardinality is Max (1) for the Antecedent/System reference "
1557 "since Policies can only be hosted in at most one System "
1558 "context. Some subclasses of the association will further "
1559 "refine this definition to make the Policies Weak to Systems. "
1560 "Other subclasses of PolicyInSystem will define an optional "
1561 "hosting relationship. Examples of each of these are the "
1562 "PolicyRuleInSystem and PolicyConditionIn PolicyRepository "
1563 "associations, respectively.") ]
1564 class CIM_PolicyInSystem : CIM_HostedDependency {
1565
1566 [Override ("Antecedent"), Max (1), Description (
1567 "The hosting System.") ]
1568 CIM_System REF Antecedent;
1569
1570 [Override ("Dependent"), Description (
1571 "The hosted Policy.") ]
1572 CIM_Policy REF Dependent;
1573 };
1574
1575
1576 tony 1.1 // ==================================================================
1577 // PolicySetInSystem
1578 // ==================================================================
1579 [Association, Abstract, Version ("2.6.0"), Description (
1580 "PolicySetInSystem is an abstract association class that "
1581 "represents a relationship between a System and a PolicySet "
1582 "used in the administrative scope of that system (e.g., "
1583 "AdminDomain, ComputerSystem). The Priority property is used "
1584 "to assign a relative priority to a PolicySet within the "
1585 "administrative scope in contexts where it is not a component "
1586 "of another PolicySet.") ]
1587 class CIM_PolicySetInSystem : CIM_PolicyInSystem {
1588
1589 [Override ("Antecedent"), Min (1), Max (1), Description (
1590 "The System in whose scope a PolicySet is defined.") ]
1591 CIM_System REF Antecedent;
1592
1593 [Override ("Dependent"), Description (
1594 "A PolicySet named within the scope of a System.") ]
1595 CIM_PolicySet REF Dependent;
1596
1597 tony 1.1 [Description (
1598 "The Priority property is used to specify the relative "
1599 "priority of the referenced PolicySet when there are more "
1600 "than one PolicySet instances applied to a managed resource "
1601 "that are not PolicySetComponents and, therefore, have no "
1602 "other relative priority defined. The priority is a "
1603 "non-negative integer; a larger value indicates a higher "
1604 "priority.") ]
1605 uint16 Priority;
1606 };
1607
1608
1609 // ==================================================================
1610 // PolicyGroupInSystem
1611 // ==================================================================
1612 [Association, Version ("2.6.0"), Description (
1613 "An association that links a PolicyGroup to the System in whose "
1614 "scope the Group is defined.") ]
1615 class CIM_PolicyGroupInSystem : CIM_PolicySetInSystem {
1616
1617 [Override ("Antecedent"), Min (1), Max (1), Description (
1618 tony 1.1 "The System in whose scope a PolicyGroup is defined.") ]
1619 CIM_System REF Antecedent;
1620
1621 [Override ("Dependent"), Weak, Description (
1622 "A PolicyGroup named within the scope of a System.") ]
1623 CIM_PolicyGroup REF Dependent;
1624 };
1625
1626
1627 // ==================================================================
1628 // PolicyRuleInSystem
1629 // ==================================================================
1630 [Association, Version ("2.6.0"), Description (
1631 "An association that links a PolicyRule to the System in whose "
1632 "scope the Rule is defined.") ]
1633 class CIM_PolicyRuleInSystem : CIM_PolicySetInSystem {
1634
1635 [Override ("Antecedent"), Min (1), Max (1), Description (
1636 "The System in whose scope a PolicyRule is defined.") ]
1637 CIM_System REF Antecedent;
1638
1639 tony 1.1 [Override ("Dependent"), Weak, Description (
1640 "A PolicyRule named within the scope of a System.") ]
1641 CIM_PolicyRule REF Dependent;
1642 };
1643
1644
1645 // ==================================================================
1646 // PolicySetComponent
1647 // ==================================================================
1648 [Association, Aggregation, Version ("2.6.0"), Description (
1649 "PolicySetComponent is a concrete aggregation that collects "
1650 "instances of the subclasses of PolicySet (i.e., PolicyGroups "
1651 "and PolicyRules). Instances are collected in sets that use "
1652 "the same decision strategy. They are prioritized relative to "
1653 "each other, within the set, using the Priority property of "
1654 "this aggregation.\n"
1655 "\n"
1656 "Together, the PolicySet.PolicyDecisionStrategy and PolicySet "
1657 "Component.Priority properties determine the processing for the "
1658 "groups and rules contained in a PolicySet. A larger priority "
1659 "value represents a higher priority. Note that the Priority "
1660 tony 1.1 "property MUST have a unique value when compared with others "
1661 "defined for the same aggregating PolicySet. Thus, the "
1662 "evaluation of rules within a set is deterministically "
1663 "specified.") ]
1664 class CIM_PolicySetComponent : CIM_PolicyComponent {
1665
1666 [Aggregate, Override ("GroupComponent"), Description (
1667 "A PolicySet that aggregates other PolicySet instances.") ]
1668 CIM_PolicySet REF GroupComponent;
1669
1670 [Override ("PartComponent"), Description (
1671 "A PolicySet aggregated into a PolicySet.") ]
1672 CIM_PolicySet REF PartComponent;
1673
1674 [Description (
1675 "A non-negative integer for prioritizing this PolicySet "
1676 "component relative to other elements of the same "
1677 "PolicySet. A larger value indicates a higher priority. "
1678 "The Priority property MUST have a unique value when "
1679 "compared with others defined for the same aggregating "
1680 "PolicySet.") ]
1681 tony 1.1 uint16 Priority;
1682 };
1683
1684
1685 // ==================================================================
1686 // PolicyGroupInPolicyGroup *** deprecated
1687 // ==================================================================
1688 [Association, Deprecated {"CIM_PolicySetComponent"}, Aggregation,
1689 Version ("2.7.0"), Description (
1690 "PolicySetComponent provides a more general mechanism for "
1691 "aggregating both PolicyGroups and PolicyRules and doing so "
1692 "with the priority value applying only to the aggregated set "
1693 "rather than policy wide.\n"
1694 "\n"
1695 "A relationship that aggregates one or more lower-level "
1696 "PolicyGroups into a higher-level Group. A Policy Group may "
1697 "aggregate PolicyRules and/or other Policy Groups.") ]
1698 class CIM_PolicyGroupInPolicyGroup : CIM_PolicyComponent {
1699
1700 [Deprecated {"CIM_PolicySetComponent.GroupComponent"}, Aggregate,
1701 Override ("GroupComponent"), Description (
1702 tony 1.1 "A PolicyGroup that aggregates other Groups.") ]
1703 CIM_PolicyGroup REF GroupComponent;
1704
1705 [Deprecated {"CIM_PolicySetComponent.PartComponent"},
1706 Override ("PartComponent"), Description (
1707 "A PolicyGroup aggregated by another Group.") ]
1708 CIM_PolicyGroup REF PartComponent;
1709 };
1710
1711
1712 // ==================================================================
1713 // PolicyRuleInPolicyGroup *** deprecated
1714 // ==================================================================
1715 [Association, Deprecated {"CIM_PolicySetComponent"}, Aggregation,
1716 Version ("2.7.0"), Description (
1717 "PolicySetComponent provides a more general mechanism for "
1718 "aggregating both PolicyGroups and PolicyRules and doing so "
1719 "with the priority value applying only to the aggregated set "
1720 "rather than policy wide.\n"
1721 "\n"
1722 "A relationship that aggregates one or more PolicyRules into a "
1723 tony 1.1 "PolicyGroup. A PolicyGroup may aggregate PolicyRules and/or "
1724 "other PolicyGroups.") ]
1725 class CIM_PolicyRuleInPolicyGroup : CIM_PolicyComponent {
1726
1727 [Deprecated {"CIM_PolicySetComponent.GroupComponent"}, Aggregate,
1728 Override ("GroupComponent"), Description (
1729 "A PolicyGroup that aggregates one or more PolicyRules.") ]
1730 CIM_PolicyGroup REF GroupComponent;
1731
1732 [Deprecated {"CIM_PolicySetComponent.PartComponent"},
1733 Override ("PartComponent"), Description (
1734 "A PolicyRule aggregated by a PolicyGroup.") ]
1735 CIM_PolicyRule REF PartComponent;
1736 };
1737
1738
1739 // ==================================================================
1740 // PolicySetValidityPeriod
1741 // ==================================================================
1742 [Association, Aggregation, Version ("2.7.0"), Description (
1743 "The PolicySetValidityPeriod aggregation represents scheduled "
1744 tony 1.1 "activation and deactivation of a PolicySet. A PolicySet is "
1745 "considered \"active\" if it is both \"Enabled\" and in a valid "
1746 "time period.\n"
1747 "\n"
1748 "If a PolicySet is associated with multiple policy time periods "
1749 "via this association, then the Set is in a valid time period "
1750 "if at least one of the time periods evaluates to TRUE. If a "
1751 "PolicySet is contained in another PolicySet via the "
1752 "PolicySetComponent aggregation (e.g., a PolicyRule in a "
1753 "PolicyGroup), then the contained PolicySet (e.g., PolicyRule) "
1754 "is in a valid period if at least one of the aggregate's "
1755 "PolicyTimePeriodCondition instances evaluates to TRUE and at "
1756 "least one of its own PolicyTimePeriodCondition instances also "
1757 "evalutes to TRUE. (In other words, the "
1758 "PolicyTimePeriodConditions are ORed to determine whether the "
1759 "PolicySet is in a valid time period and then ANDed with the "
1760 "ORed PolicyTimePeriodConditions of each of PolicySet instances "
1761 "in the PolicySetComponent hierarchy to determine if the "
1762 "PolicySet is in a valid time period and, if also \"Enabled\", "
1763 "therefore, active, i.e., the hierachy ANDs the ORed "
1764 "PolicyTimePeriodConditions of the elements of the hierarchy.\n"
1765 tony 1.1 "\n"
1766 "A Time Period may be aggregated by multiple PolicySets. A Set "
1767 "that does not point to a PolicyTimePeriodCondition via this "
1768 "association, from the point of view of scheduling, is always "
1769 "in a valid time period.") ]
1770 class CIM_PolicySetValidityPeriod : CIM_PolicyComponent {
1771
1772 [Aggregate, Override ("GroupComponent"), Description (
1773 "This property contains the name of a PolicySet that "
1774 "contains one or more PolicyTimePeriodConditions.") ]
1775 CIM_PolicySet REF GroupComponent;
1776
1777 [Override ("PartComponent"), Description (
1778 "This property contains the name of a "
1779 "PolicyTimePeriodCondition defining the valid time periods "
1780 "for one or more PolicySets.") ]
1781 CIM_PolicyTimePeriodCondition REF PartComponent;
1782 };
1783
1784
1785 // ==================================================================
1786 tony 1.1 // PolicyRuleValidityPeriod ** deprecated
1787 // ==================================================================
1788 [Association, Deprecated {"CIM_PolicySetValidityPeriod"},
1789 Aggregation, Version ("2.7.0"), Description (
1790 "The PolicyRuleValidityPeriod aggregation represents scheduled "
1791 "activation and deactivation of a PolicyRule. If a PolicyRule "
1792 "is associated with multiple policy time periods via this "
1793 "association, then the Rule is active if at least one of the "
1794 "time periods indicates that it is active. (In other words, "
1795 "the PolicyTimePeriodConditions are ORed to determine whether "
1796 "the Rule is active.) A Time Period may be aggregated by "
1797 "multiple PolicyRules. A Rule that does not point to a "
1798 "PolicyTimePeriodCondition via this association is, from the "
1799 "point of view of scheduling, always active. It may, however, "
1800 "be inactive for other reasons. For example, the Rule's "
1801 "Enabled property may be set to \"disabled\" (value=2).") ]
1802 class CIM_PolicyRuleValidityPeriod : CIM_PolicyComponent {
1803
1804 [Deprecated {"CIM_PolicySetValidityPeriod.GroupComponent"},
1805 Aggregate, Override ("GroupComponent"), Description (
1806 "This property contains the name of a PolicyRule that "
1807 tony 1.1 "contains one or more PolicyTimePeriodConditions.") ]
1808 CIM_PolicyRule REF GroupComponent;
1809
1810 [Deprecated {"CIM_PolicySetValidityPeriod.PartComponent"},
1811 Override ("PartComponent"), Description (
1812 "This property contains the name of a "
1813 "PolicyTimePeriodCondition defining the valid time periods "
1814 "for one or more PolicyRules.") ]
1815 CIM_PolicyTimePeriodCondition REF PartComponent;
1816 };
1817
1818
1819 // ==================================================================
1820 // PolicyConditionStructure
1821 // ==================================================================
1822 [Association, Abstract, Aggregation, Version ("2.7.0"),
1823 Description (
1824 "PolicyConditions may be aggregated into rules and into "
1825 "compound conditions. PolicyConditionStructure is the abstract "
1826 "aggregation class for the structuring of policy conditions.\n"
1827 "\n"
1828 tony 1.1 "The Conditions aggregated by a PolicyRule or "
1829 "CompoundPolicyCondition are grouped into two levels of lists: "
1830 "either an ORed set of ANDed sets of conditions (DNF, the "
1831 "default) or an ANDed set of ORed sets of conditions (CNF). "
1832 "Individual PolicyConditions in these lists may be negated. "
1833 "The property ConditionListType specifies which of these two "
1834 "grouping schemes applies to a particular PolicyRule or "
1835 "CompoundPolicyCondition instance.\n"
1836 "\n"
1837 "One or more PolicyTimePeriodConditions may be among the "
1838 "conditions associated with a PolicyRule or "
1839 "CompoundPolicyCondition via the PolicyConditionStructure "
1840 "subclass association. In this case, the time periods are "
1841 "simply additional Conditions to be evaluated along with any "
1842 "others that are specified.") ]
1843 class CIM_PolicyConditionStructure : CIM_PolicyComponent {
1844
1845 [Aggregate, Override ("GroupComponent"), Description (
1846 "This property represents the Policy that contains one or "
1847 "more PolicyConditions.") ]
1848 CIM_Policy REF GroupComponent;
1849 tony 1.1
1850 [Override ("PartComponent"), Description (
1851 "This property holds the name of a PolicyCondition contained "
1852 "by one or more PolicyRule or CompoundPolicyCondition "
1853 "instances.") ]
1854 CIM_PolicyCondition REF PartComponent;
1855
1856 [Description (
1857 "Unsigned integer indicating the group to which the "
1858 "contained PolicyCondition belongs. This integer segments "
1859 "the Conditions into the ANDed sets (when the "
1860 "ConditionListType is \"DNF\") or, similarly, into the ORed "
1861 "sets (when the ConditionListType is \"CNF\").") ]
1862 uint16 GroupNumber;
1863
1864 [Description (
1865 "Indication of whether the contained PolicyCondition is "
1866 "negated. TRUE indicates that the PolicyCondition IS "
1867 "negated, FALSE indicates that it IS NOT negated.") ]
1868 boolean ConditionNegated;
1869 };
1870 tony 1.1
1871
1872 // ==================================================================
1873 // PolicyConditionInPolicyRule
1874 // ==================================================================
1875 [Association, Aggregation, Version ("2.7.0"), Description (
1876 "A PolicyRule aggregates zero or more instances of the "
1877 "PolicyCondition class, via the PolicyConditionInPolicyRule "
1878 "association. A Rule that aggregates zero Conditions is not "
1879 "valid; it may, however, be in the process of being defined. "
1880 "Note that a PolicyRule should have no effect until it is "
1881 "valid.") ]
1882 class CIM_PolicyConditionInPolicyRule : CIM_PolicyConditionStructure {
1883
1884 [Aggregate, Override ("GroupComponent"), Description (
1885 "This property represents the PolicyRule that contains one "
1886 "or more PolicyConditions.") ]
1887 CIM_PolicyRule REF GroupComponent;
1888
1889 [Override ("PartComponent"), Description (
1890 "This property holds the name of a PolicyCondition contained "
1891 tony 1.1 "by one or more PolicyRules.") ]
1892 CIM_PolicyCondition REF PartComponent;
1893 };
1894
1895
1896 // ==================================================================
1897 // PolicyConditionInPolicyCondition
1898 // ==================================================================
1899 [Association, Aggregation, Version ("2.7.0"), Description (
1900 "A CompoundPolicyCondition aggregates zero or more instances of "
1901 "the PolicyCondition class, via the "
1902 "PolicyConditionInPolicyCondition association. A "
1903 "CompoundPolicyCondition that aggregates zero Conditions is not "
1904 "valid; it may, however, be in the process of being defined. "
1905 "Note that a CompoundPolicyCondition should have no effect "
1906 "until it is valid.") ]
1907 class CIM_PolicyConditionInPolicyCondition : CIM_PolicyConditionStructure {
1908
1909 [Aggregate, Override ("GroupComponent"), Description (
1910 "This property represents the CompoundPolicyCondition that "
1911 "contains one or more PolicyConditions.") ]
1912 tony 1.1 CIM_CompoundPolicyCondition REF GroupComponent;
1913
1914 [Override ("PartComponent"), Description (
1915 "This property holds the name of a PolicyCondition contained "
1916 "by one or more PolicyRules.") ]
1917 CIM_PolicyCondition REF PartComponent;
1918 };
1919
1920
1921 // ==================================================================
1922 // PolicyActionStructure
1923 // ==================================================================
1924 [Association, Abstract, Aggregation, Version ("2.6.0"),
1925 Description (
1926 "PolicyActions may be aggregated into rules and into compound "
1927 "actions. PolicyActionStructure is the abstract aggregation "
1928 "class for the structuring of policy actions.") ]
1929 class CIM_PolicyActionStructure : CIM_PolicyComponent {
1930
1931 [Aggregate, Override ("GroupComponent"), Description (
1932 "PolicyAction instances may be aggregated into either "
1933 tony 1.1 "PolicyRule instances or CompoundPolicyAction instances.") ]
1934 CIM_Policy REF GroupComponent;
1935
1936 [Override ("PartComponent"), Description (
1937 "A PolicyAction aggregated by a PolicyRule or "
1938 "CompoundPolicyAction.") ]
1939 CIM_PolicyAction REF PartComponent;
1940
1941 [Description (
1942 "ActionOrder is an unsigned integer 'n' that indicates the "
1943 "relative position of a PolicyAction in the sequence of "
1944 "actions associated with a PolicyRule or "
1945 "CompoundPolicyAction. When 'n' is a positive integer, it "
1946 "indicates a place in the sequence of actions to be "
1947 "performed, with smaller integers indicating earlier "
1948 "positions in the sequence. The special value '0' indicates "
1949 "'don't care'. If two or more PolicyActions have the same "
1950 "non-zero sequence number, they may be performed in any "
1951 "order, but they must all be performed at the appropriate "
1952 "place in the overall action sequence.\n"
1953 "\n"
1954 tony 1.1 "A series of examples will make ordering of PolicyActions clearer:\n"
1955 "o If all actions have the same sequence number,\n"
1956 "regardless of whether it is '0' or non-zero, any\n"
1957 "order is acceptable.\n"
1958 "o The values:\n"
1959 "1:ACTION A\n"
1960 "2:ACTION B\n"
1961 "1:ACTION C\n"
1962 "3:ACTION D\n"
1963 "indicate two acceptable orders: A,C,B,D or C,A,B,D,\n"
1964 "since A and C can be performed in either order, but\n"
1965 "only at the '1' position.\n"
1966 "o The values:\n"
1967 "0:ACTION A\n"
1968 "2:ACTION B\n"
1969 "3:ACTION C\n"
1970 "3:ACTION D\n"
1971 "require that B,C, and D occur either as B,C,D or as\n"
1972 "B,D,C. Action A may appear at any point relative to\n"
1973 "B, C, and D. Thus the complete set of acceptable\n"
1974 "orders is: A,B,C,D; B,A,C,D; B,C,A,D; B,C,D,A;\n"
1975 tony 1.1 "A,B,D,C; B,A,D,C; B,D,A,C; B,D,C,A.\n"
1976 "\n"
1977 "Note that the non-zero sequence numbers need not start with "
1978 "'1', and they need not be consecutive. All that matters is "
1979 "their relative magnitude.") ]
1980 uint16 ActionOrder;
1981 };
1982
1983
1984 // ==================================================================
1985 // PolicyActionInPolicyRule
1986 // ==================================================================
1987 [Association, Aggregation, Version ("2.6.0"), Description (
1988 "A PolicyRule aggregates zero or more instances of the "
1989 "PolicyAction class, via the PolicyActionInPolicyRule "
1990 "association. A Rule that aggregates zero Actions is not "
1991 "valid--it may, however, be in the process of being entered "
1992 "into a PolicyRepository or being defined for a System. "
1993 "Alternately, the actions of the policy may be explicit in the "
1994 "definition of the PolicyRule. Note that a PolicyRule should "
1995 "have no effect until it is valid.\n"
1996 tony 1.1 "\n"
1997 "The Actions associated with a PolicyRule may be given a "
1998 "required order, a recommended order, or no order at all. For "
1999 "Actions represented as separate objects, the "
2000 "PolicyActionInPolicyRule aggregation can be used to express an order.\n"
2001 "\n"
2002 "This aggregation does not indicate whether a specified action "
2003 "order is required, recommended, or of no significance; the "
2004 "property SequencedActions in the aggregating instance of "
2005 "PolicyRule provides this indication.") ]
2006 class CIM_PolicyActionInPolicyRule : CIM_PolicyActionStructure {
2007
2008 [Aggregate, Override ("GroupComponent"), Description (
2009 "This property represents the PolicyRule that contains one "
2010 "or more PolicyActions.") ]
2011 CIM_PolicyRule REF GroupComponent;
2012
2013 [Override ("PartComponent"), Description (
2014 "This property holds the name of a PolicyAction contained by "
2015 "one or more PolicyRules.") ]
2016 CIM_PolicyAction REF PartComponent;
2017 tony 1.1 };
2018
2019
2020 // ==================================================================
2021 // PolicyActionInPolicyAction
2022 // ==================================================================
2023 [Association, Aggregation, Version ("2.6.0"), Description (
2024 "PolicyActionInPolicyAction is used to represent the "
2025 "compounding of policy actions into a higher-level policy "
2026 "action.") ]
2027 class CIM_PolicyActionInPolicyAction : CIM_PolicyActionStructure {
2028
2029 [Aggregate, Override ("GroupComponent"), Description (
2030 "This property represents the CompoundPolicyAction that "
2031 "contains one or more PolicyActions.") ]
2032 CIM_CompoundPolicyAction REF GroupComponent;
2033
2034 [Override ("PartComponent"), Description (
2035 "This property holds the name of a PolicyAction contained by "
2036 "one or more CompoundPolicyActions.") ]
2037 CIM_PolicyAction REF PartComponent;
2038 tony 1.1 };
2039
2040
2041 // ==================================================================
2042 // PolicyContainerInPolicyContainer
2043 // ==================================================================
2044 [Association, Aggregation, Version ("2.6.0"), Description (
2045 "A relationship that aggregates one or more lower-level "
2046 "ReusablePolicyContainer instances into a higher-level "
2047 "ReusablePolicyContainer.") ]
2048 class CIM_PolicyContainerInPolicyContainer: CIM_SystemComponent {
2049
2050 [Aggregate, Override ("GroupComponent"), Description (
2051 "A ReusablePolicyContainer that aggregates other "
2052 "ReusablePolicyContainers.") ]
2053 CIM_ReusablePolicyContainer REF GroupComponent;
2054
2055 [Override ("PartComponent"), Description (
2056 "A ReusablePolicyContainer aggregated by another "
2057 "ReusablePolicyContainer.") ]
2058 CIM_ReusablePolicyContainer REF PartComponent;
2059 tony 1.1 };
2060
2061
2062 // ==================================================================
2063 // PolicyRepositoryInPolicyRepository *** deprecated
2064 // ==================================================================
2065 [Association, Deprecated {"CIM_PolicyContainerInPolicyContainer"},
2066 Aggregation, Version ("2.7.0"), Description (
2067 "The term 'PolicyRepository' has been confusing to both "
2068 "developers and users of the model. The replacement class name "
2069 "describes model element properly and is less likely to be "
2070 "confused with a data repository. ContainedDomain is a general "
2071 "purpose mechanism for expressing domain hierarchy.\n"
2072 "\n"
2073 "A relationship that aggregates one or more lower-level "
2074 "PolicyRepositories into a higher-level Repository.") ]
2075 class CIM_PolicyRepositoryInPolicyRepository : CIM_SystemComponent {
2076
2077 [Deprecated
2078 {"CIM_PolicyContainerInPolicyContainer.GroupComponent"},
2079 Aggregate, Override ("GroupComponent"), Description (
2080 tony 1.1 "A PolicyRepository that aggregates other Repositories.") ]
2081 CIM_PolicyRepository REF GroupComponent;
2082
2083 [Deprecated
2084 {"CIM_PolicyContainerInPolicyContainer.PartComponent"},
2085 Override ("PartComponent"), Description (
2086 "A PolicyRepository aggregated by another Repository.") ]
2087 CIM_PolicyRepository REF PartComponent;
2088 };
2089
2090
2091 // ==================================================================
2092 // ReusablePolicy
2093 // ==================================================================
2094 [Association, Version ("2.6.0"), Description (
2095 "The ReusablePolicy association provides for the reuse of any "
2096 "subclass of Policy in a ReusablePolicyContainer.") ]
2097 class CIM_ReusablePolicy : CIM_PolicyInSystem {
2098
2099 [Override ("Antecedent"), Max (1), Description (
2100 "This property identifies a ReusablePolicyContainer that "
2101 tony 1.1 "provides the administrative scope for the reuse of the "
2102 "referenced policy element.") ]
2103 CIM_ReusablePolicyContainer REF Antecedent;
2104
2105 [Override ("Dependent"), Description (
2106 "A reusable policy element.") ]
2107 CIM_Policy REF Dependent;
2108 };
2109
2110
2111 // ==================================================================
2112 // ElementInPolicyRoleCollection
2113 // ==================================================================
2114 [Association, Aggregation, Version ("2.7.1000"), Description (
2115 "An ElementInPolicyRoleCollection aggregates zero or more "
2116 "ManagedElement subclass instances into a PolicyRoleCollection "
2117 "object, representing a role played by these ManagedElements. "
2118 "This Collection indicates that the aggregated PolicySets "
2119 "(aggregated by PolicySetInRoleCollection) MAY BE applied to "
2120 "the referenced elements. To indicate that the PolicySets ARE "
2121 "being enforced for the element, use the "
2122 tony 1.1 "PolicySetAppliesToElement association.") ]
2123 class CIM_ElementInPolicyRoleCollection : CIM_MemberOfCollection {
2124
2125 [Aggregate, Override ("Collection"), Description (
2126 "The PolicyRoleCollection.") ]
2127 CIM_PolicyRoleCollection REF Collection;
2128
2129 [Override ("Member"), Description (
2130 "The ManagedElement that plays the role represented by the "
2131 "PolicyRoleCollection.") ]
2132 CIM_ManagedElement REF Member;
2133 };
2134
2135
2136 // ==================================================================
2137 // PolicyRoleCollectionInSystem
2138 // ==================================================================
2139 [Association, Version ("2.7.0"), Description (
2140 "PolicyRoleCollectionInSystem is an association used to "
2141 "establish a relationship between a collection and an 'owning' "
2142 "System such as an AdminDomain or ComputerSystem.") ]
2143 tony 1.1 class CIM_PolicyRoleCollectionInSystem: CIM_HostedCollection {
2144
2145 [Override ("Antecedent"), Min (1), Max (1), Description (
2146 "The parent system responsible for the collection.") ]
2147 CIM_System REF Antecedent;
2148
2149 [Override ("Dependent"), Description (
2150 "The Collection.") ]
2151 CIM_PolicyRoleCollection REF Dependent;
2152 };
2153
2154
2155 // ==================================================================
2156 // PolicyConditionInPolicyRepository *** deprecated
2157 // ==================================================================
2158 [Association, Deprecated {"CIM_ReusablePolicy"}, Version ("2.7.0"),
2159 Description (
2160 "The ReusablePolicy association is a more general relationship "
2161 "that incorporates both Conditions and Actions as well as any "
2162 "other policy subclass.\n"
2163 "\n"
2164 tony 1.1 "A class representing the hosting of reusable PolicyConditions "
2165 "by a PolicyRepository. A reusable Policy Condition is always "
2166 "related to a single PolicyRepository, via this association.\n"
2167 "\n"
2168 "Note, that an instance of PolicyCondition can be either "
2169 "reusable or rule-specific. When the Condition is rule- "
2170 "specific, it shall not be related to any PolicyRepository via "
2171 "the PolicyConditionInPolicyRepository association.") ]
2172 class CIM_PolicyConditionInPolicyRepository : CIM_PolicyInSystem {
2173
2174 [Deprecated {"CIM_ReusablePolicy.Antecedent"},
2175 Override ("Antecedent"), Max (1), Description (
2176 "This property identifies a PolicyRepository hosting one or "
2177 "more PolicyConditions. A reusable PolicyCondition is "
2178 "always related to exactly one PolicyRepository via the "
2179 "PolicyConditionInPolicyRepository association. The [0..1] "
2180 "cardinality for this property covers the two types of "
2181 "PolicyConditions: 0 for a rule-specific PolicyCondition, 1 "
2182 "for a reusable one.") ]
2183 CIM_PolicyRepository REF Antecedent;
2184
2185 tony 1.1 [Deprecated {"CIM_ReusablePolicy.Dependent"},
2186 Override ("Dependent"), Description (
2187 "This property holds the name of a PolicyCondition hosted in "
2188 "the PolicyRepository.") ]
2189 CIM_PolicyCondition REF Dependent;
2190 };
2191
2192
2193 // ==================================================================
2194 // PolicyActionInPolicyRepository *** deprecated
2195 // ==================================================================
2196 [Association, Deprecated {"CIM_ReusablePolicy"}, Version ("2.7.0"),
2197 Description (
2198 "The ReusablePolicy association is a more general relationship "
2199 "that incorporates both Conditions and Actions as well as any "
2200 "other policy subclass.\n"
2201 "\n"
2202 "A class representing the hosting of reusable PolicyActions by "
2203 "a PolicyRepository. A reusable Policy Action is always "
2204 "related to a single PolicyRepository, via this association.\n"
2205 "\n"
2206 tony 1.1 "Note, that an instance of PolicyAction can be either reusable "
2207 "or rule-specific. When the Action is rule- specific, it shall "
2208 "not be related to any PolicyRepository via the "
2209 "PolicyActionInPolicyRepository association.") ]
2210 class CIM_PolicyActionInPolicyRepository : CIM_PolicyInSystem {
2211
2212 [Deprecated {"CIM_ReusablePolicy.Antecedent"},
2213 Override ("Antecedent"), Max (1), Description (
2214 "This property represents a PolicyRepository hosting one or "
2215 "more PolicyActions. A reusable PolicyAction is always "
2216 "related to exactly one PolicyRepository via the "
2217 "PolicyActionInPolicyRepository association. The [0..1] "
2218 "cardinality for this property covers the two types of "
2219 "PolicyActions: 0 for a rule-specific PolicyAction, 1 for a "
2220 "reusable one.") ]
2221 CIM_PolicyRepository REF Antecedent;
2222
2223 [Deprecated {"CIM_ReusablePolicy.Dependent"},
2224 Override ("Dependent"), Description (
2225 "This property holds the name of a PolicyAction hosted in "
2226 "the PolicyRepository.") ]
2227 tony 1.1 CIM_PolicyAction REF Dependent;
2228 };
2229
2230
2231 // ==================================================================
2232 // PolicySetInRoleCollection
2233 // ==================================================================
2234 [Association, Experimental, Aggregation, Version ("2.7.1000"),
2235 Description (
2236 "PolicySetInRoleCollection aggregates zero or more PolicyRules "
2237 "and PolicyGroups (i.e., the subclasses of PolicySet) into a "
2238 "PolicyRoleCollection object, representing a role "
2239 "supported/enforced by the PolicySet.") ]
2240 class CIM_PolicySetInRoleCollection : CIM_MemberOfCollection {
2241
2242 [Aggregate, Override ("Collection"), Description (
2243 "The PolicyRoleCollection.") ]
2244 CIM_PolicyRoleCollection REF Collection;
2245
2246 [Override ("Member"), Description (
2247 "The PolicySet that supports/enforces the PolicyRole for the "
2248 tony 1.1 "elements in the PolicyRoleCollection.") ]
2249 CIM_PolicySet REF Member;
2250 };
2251
2252
2253 // ==================================================================
2254 // PolicySetAppliesToElement
2255 // ==================================================================
2256 [Association, Experimental, Version ("2.7.1000"), Description (
2257 "PolicySetAppliesToElement makes explicit which PolicySets "
2258 "(i.e., policy rules and groups of rules) ARE CURRENTLY applied "
2259 "to a particular Element. This association indicates that the "
2260 "PolicySets that are appropriate for a ManagedElement "
2261 "(specified using the PolicyRoleCollection aggregation) have "
2262 "actually been deployed in the policy management "
2263 "infrastructure. Note that if the named Element refers to a "
2264 "Collection, then the PolicySet is assumed to be applied to all "
2265 "the members of the Collection.") ]
2266 class CIM_PolicySetAppliesToElement {
2267
2268 [Key, Description (
2269 tony 1.1 "The PolicyRules and/or groups of rules that are currently "
2270 "applied to an Element.") ]
2271 CIM_PolicySet REF PolicySet;
2272
2273 [Key, Description (
2274 "The ManagedElement to which the PolicySet applies.") ]
2275 CIM_ManagedElement REF ManagedElement;
2276 };
2277
2278
2279 // ==================================================================
2280 // FilterOfPacketCondition
2281 // ==================================================================
2282 [Association, Experimental, Version ("2.7.1000"), Description (
2283 "FilterOfPacketCondition associates a network traffic "
2284 "specification (i.e., a FilterList) with a PolicyRule's "
2285 "PacketFilterCondition."),
2286 MappingStrings {"IPSP Policy Model.IETF|FilterOfSACondition"} ]
2287 class CIM_FilterOfPacketCondition : CIM_Dependency {
2288
2289 [Override ("Antecedent"), Min (1), Max (1), Description (
2290 tony 1.1 "A FilterList describes the traffic selected by the "
2291 "PacketFilterCondition. A PacketFilterCondition is "
2292 "associated with one and only one FilterList, but that "
2293 "filter list may aggregate many filter entries."),
2294 MappingStrings { "IPSP Policy "
2295 "Model.IETF|FilterOfSACondition.Antecedent"} ]
2296 CIM_FilterList REF Antecedent;
2297
2298 [Override ("Dependent"), Description (
2299 "The PacketFilterCondition that uses the FilterList as part "
2300 "of a PolicyRule."),
2301 MappingStrings { "IPSP Policy "
2302 "Model.IETF|FilterOfSACondition.Dependent"} ]
2303 CIM_PacketFilterCondition REF Dependent;
2304 };
2305
2306
2307 // ==================================================================
2308 // AcceptCredentialFrom
2309 // ==================================================================
2310 [Association, Experimental, Version ("2.7.1000"), Description (
2311 tony 1.1 "This association specifies that a credential management "
2312 "service (e.g., CertificateAuthority or Kerberos key "
2313 "distribution service) is to be trusted to certify credentials, "
2314 "presented at the packet level. The association defines an "
2315 "'approved' CredentialManagementService that is used for validation.\n"
2316 "\n"
2317 "The use of this class is best explained via an example:\n"
2318 "If a CertificateAuthority is specified using this association, "
2319 "and a corresponding X509CredentialFilterEntry is also "
2320 "associated with a PacketFilterCondition (via the relationship, "
2321 "FilterOfPacketCondition), then the credential MUST match the "
2322 "FilterEntry data AND be certified by that CA (or one of the "
2323 "CredentialManagementServices in its trust hierarchy). "
2324 "Otherwise, the X509CredentialFilterEntry is deemed not to "
2325 "match. If a credential is certified by a "
2326 "CredentialManagementService associated with the "
2327 "PacketFilterCondition through the AcceptCredentialFrom "
2328 "relationship, but there is no corresponding "
2329 "CredentialFilterEntry, then all credentials from the related "
2330 "service are considered to match."),
2331 MappingStrings {"IPSP Policy Model.IETF|AcceptCredentialFrom"} ]
2332 tony 1.1 class CIM_AcceptCredentialFrom : CIM_Dependency {
2333
2334 [Override ("Antecedent"), Description (
2335 "The CredentialManagementService that is issuing the "
2336 "credential to be matched in the PacketFilterCondition."),
2337 MappingStrings { "IPSP Policy "
2338 "Model.IETF|AcceptCredentialFrom.Antecedent"} ]
2339 CIM_CredentialManagementService REF Antecedent;
2340
2341 [Override ("Dependent"), Description (
2342 "The PacketFilterCondition that associates the "
2343 "CredentialManagementService and any "
2344 "FilterLists/FilterEntries."),
2345 MappingStrings { "IPSP Policy "
2346 "Model.IETF|AcceptCredentialFrom.Dependent"} ]
2347 CIM_PacketFilterCondition REF Dependent;
2348 };
2349
2350
2351 // ===================================================================
2352 // end of file
2353 tony 1.1 // ===================================================================
|