Return to
CIM_Policy28.mof
CVS log
Up to [Pegasus] / pegasus / Schemas / CIMPrelim28
|
Return to
CIM_Policy28.mof
CVS log
|
Up to [Pegasus] / pegasus / Schemas / CIMPrelim28
|
|
File: [Pegasus] / pegasus / Schemas / CIMPrelim28 / Attic / CIM_Policy28.mof
(download)
Revision: 1.2, Thu Feb 24 20:47:28 2005 UTC (19 years, 3 months ago) by a.dunfey Branch: MAIN CVS Tags: TASK-PEP362_RestfulService-merged_out_from_trunk, TASK-PEP348_SCMO-merged_out_from_trunk, TASK-PEP317_pullop-merged_out_from_trunk, TASK-PEP317_pullop-merged_in_to_trunk, TASK-PEP311_WSMan-root, TASK-PEP311_WSMan-branch, RELEASE_2_5_0-RC1, HPUX_TEST, HEAD Changes since 1.1: +0 -0 lines FILE REMOVED PEP#: 215 TITLE: Remove old schemas DESCRIPTION: Removing old, unneeded schema files from the repository: CIM 2.7 CIM 2.7.1 Preliminary CIM 2.8 Preliminary CIM 2.9 Preliminary |
// ==================================================================
// Title: Policy Model 2.8
// Filename: CIM_Policy28.MOF
// Version: 2.8
// Status: Preliminary
// Date: 13 August 2003
// ===================================================================
// Copyright 2000-2003 Distributed Management Task Force, Inc. (DMTF).
// All rights reserved.
// DMTF is a not-for-profit association of industry members dedicated
// to promoting enterprise and systems management and interoperability.
// DMTF specifications and documents may be reproduced for uses
// consistent with this purpose by members and non-members,
// provided that correct attribution is given.
// As DMTF specifications may be revised from time to time,
// the particular version and release date should always be noted.
//
// Implementation of certain elements of this standard or proposed
// standard may be subject to third party patent rights, including
// provisional patent rights (herein "patent rights"). DMTF makes
// no representations to users of the standard as to the existence
// of such rights, and is not responsible to recognize, disclose, or
// identify any or all such third party patent right, owners or
// claimants, nor for any incomplete or inaccurate identification or
// disclosure of such rights, owners or claimants. DMTF shall have no
// liability to any party, in any manner or circumstance, under any
// legal theory whatsoever, for failure to recognize, disclose, or
// identify any such third party patent rights, or for such party's
// reliance on the standard or incorporation thereof in its product,
// protocols or testing procedures. DMTF shall have no liability to
// any party implementing such standard, whether such implementation
// is foreseeable or not, nor to any patent owner or claimant, and shall
// have no liability or responsibility for costs or losses incurred if
// a standard is withdrawn or modified after publication, and shall be
// indemnified and held harmless by any party implementing the
// standard from any and all claims of infringement by a patent owner
// for such implementations.
//
// For information about patents held by third-parties which have
// notified the DMTF that, in their opinion, such patent may relate to
// or impact implementations of DMTF standards, visit
// http://www.dmtf.org/about/policies/disclosures.php.
// ===================================================================
// Description: The Policy Model provides a framework for specifying
// configuration and operational information in a scalable
// way using rules composed of conditions and actions.
//
// The object classes below are listed in an order that
// avoids forward references. Required objects, defined
// by other working groups, are omitted.
// ===================================================================
// CIM V2.8 Changes (Company Review)
// DMTFCR1104 -Replace the class definition of
// AuthenticationCondition
// Add the following class defintions:
// SharedSecretAuthentication, AccountAuthentication,
// BiometricAuthentication, NetworkingIDAuthentication,
// PublicPrivateKeyAuthentication, KerberosAuthentication,
// DocumentAuthentication, ChallengeQuestionAuthentication,
// and PhysicalCredentialAuthentication
// DMTFCR1105 - Generalize the SACondition class (from the Networks)
// to be PacketFilterCondition and defined here in Policy.
// Add FilterOfPacketCondition and AcceptCredentialFrom
// class definitions.
// Move FilterOfPacketCondition to Network_IPsecPolicy to
// avoid a forward reference.
// DMTFCR1106 - Add DoActionLogging property to PolicyAction
// Add NetworkPacketAction class definition
// Add RejectConnectionAction class definition
// DMTFCR1128 - Change subclassing of PolicyInSystem from
// Dependency to HostedDependency.
//
// CIM V2.8 Changes
// DMTFCR1057 - Explicit declaration of PolicySets that apply to
// ManagedElements, via PolicyRoleCollections
// DMTFCR1058 - Activate/deactivate PolicySets which match a
// particular PolicyRole on a particular ManagedElement
// DMTFCR1060 - Add AuthenticationCondition and AuthenticationRule
// subclasses of PolicyCondition/PolicyRule
//
// CIM V2.7 Changes
// DMTFCR985 - Promote Deprecations to V2.7 Final
// DMTFCR960 - Remove Weak Qualifier from PolicyRoleCollection and
// derive from SystemSpecificCollection instead of Collection
// DMTFCR930 - Implementation Experience with the Policy 2.7 Model
// - Move PolicyRule.Enabled to PolicySet.Enabled
// - Move PolicyTimePeriodCondition up to PolicySet and
// make clear how to specify global time period with respect
// a given time zone
// - Deprecate policy role combinations
// - Add Unconditional to PolicyRule.ConditionListType
// - Deprecate PolicyRule.Mandatory
// CIMCR914 - Added propagated keys in PolicyRoleCollection
// CIMCR906 - Add text to PolicySetComponent's Description and the
// class' Priority property to indicate that the values
// of Priority must be unique
// With promotion of Component to ManagedElement,
// added CIM_Component as superclass of CIM_PolicyComponent
// (there is no other change to the semantics or syntax)
// CIMCR625 - Add CompoundPolicyCondition as PolicyCondition
// subclass
// - Add PolicyConditionStructure abstract aggregation as a
// subclass of PolicyComponent
// - Change derivation of PolicyConditionInPolicyRule from
// PolicyComponent to PolicyConditionStructure and move
// GroupNumber and ConditionNegated properties up to parent
// class
// - Add PolicyConditionInPolicyCondition aggregation as a
// subclass of PolicyConditionStructure
// - Add PolicyRoleCollection as Collection subclass
// - Add ElementInPolicyRoleCollection as MemberOfCollection
// subclass
// - Add PolicyRoleCollectionInSystem as Dependency subclass
//
// CIM V2.6 Changes
// CIMCR614 - Add CompoundPolicyAction
// - Add CompoundPolicyAction as a subclass of PolicyAction
// - Add PolicyActionStructure abstract aggregation as a
// subclass of PolicyComponent
// - Change derivation of PolicyActionInPolicyRule from
// PolicyComponent to PolicyActionStructure and, thus,
// move ActionOrder property up to parent class
// - Add PolicyActionInPolicyAction aggregation as a
// subclass of PolicyActionStructure
// CIMCR597a - PCIMe updates
// - Edit Policy description
// - Add PolicySet & derive PolicyGroup & PolicyRule
// - Deprecate PolicyRule.Priority for
// PolicySetComponent.Priority
// - Remove PolicyRule.PolicyRoles (it's in PolicySet)
// - Add PolicyRule.ExecutionStrategy
// - Deprecate PolicyRepository & replace with
// ReusablePolicyContainer
// - Add PolicySetInSystem
// - Add PolicySetComponent & deprecate ...InPolicyGroup
// & derive PolicyGroupInSystem & PolicyRuleInSystem
// - Add ContainedDomain (to Core)
// & deprecate PolicyRepositoryInPolicyRepository
// - Add ReusablePolicy & deprecate ...InPolicyRepository
// ==================================================================
#pragma Locale ("en-US")
// ==================================================================
// Compile prerequisite: Core, Network and User MOFs
// Network MOF is needed for FilterList, and the User MOF for
// CredentialManagementService
// ==================================================================
// ==================================================================
// Policy
// ==================================================================
[Abstract, Version ("2.6.0"), Description (
"An abstract class defining the common properties of the policy "
"managed elements derived from CIM_Policy. The subclasses are "
"used to create rules and groups of rules that work together to "
"form a coherent set of policies within an administrative "
"domain or set of domains.") ]
class CIM_Policy : CIM_ManagedElement {
[Description (
"A user-friendly name of this policy-related object.") ]
string CommonName;
[Description (
"An array of keywords for characterizing / categorizing "
"policy objects. Keywords are of one of two types:\n"
"- Keywords defined in this and other MOFs, or in DMTF white "
"papers. These keywords provide a vendor- independent, "
"installation-independent way of characterizing policy objects.\n"
"- Installation-dependent keywords for characterizing policy "
"objects. Examples include 'Engineering', 'Billing', and "
"'Review in December 2000'.\n"
"This MOF defines the following keywords: 'UNKNOWN', "
"'CONFIGURATION', 'USAGE', 'SECURITY', 'SERVICE', "
"'MOTIVATIONAL', 'INSTALLATION', and 'EVENT'. These "
"concepts are self-explanatory and are further discussed in "
"the SLA/Policy White Paper. One additional keyword is "
"defined: 'POLICY'. The role of this keyword is to identify "
"policy-related instances that may not be otherwise "
"identifiable, in some implementations. The keyword "
"'POLICY' is NOT mutually exclusive of the other keywords "
"specified above.") ]
string PolicyKeywords[];
};
// ==================================================================
// PolicySet
// ==================================================================
[Abstract, Version ("2.7.1000"), Description (
"PolicySet is an abstract class that represents a set of "
"policies that form a coherent set. The set of contained "
"policies has a common decision strategy and a common set of "
"policy roles (defined via the PolicySetInRole Collection "
"association). Subclasses include PolicyGroup and PolicyRule.") ]
class CIM_PolicySet : CIM_Policy {
[Description (
"PolicyDecisionStrategy defines the evaluation method used "
"for policies contained in the PolicySet. FirstMatching "
"enforces the actions of the first rule that evaluates to "
"TRUE. It is the only value currently defined."),
ValueMap {"1"},
Values {"First Matching"} ]
uint16 PolicyDecisionStrategy;
[Deprecated {"PolicySetInRoleCollection"}, Description (
"The PolicyRoles property represents the roles associated "
"with a PolicySet. All contained PolicySet instances "
"inherit the values of the PolicyRoles of the aggregating "
"PolicySet but the values are not copied. A contained "
"PolicySet instance may, however, add additional PolicyRoles "
"to those it inherits from its aggregating PolicySet(s). "
"Each value in PolicyRoles multi-valued property represents "
"a role for which the PolicySet applies, i.e., the PolicySet "
"should be used by any enforcement point that assumes any of "
"the listed PolicyRoles values.\n"
"\n"
"Although not officially designated as 'role combinations', "
"multiple roles may be specified using the form:\n"
" <RoleName>[&&<RoleName>]*\n"
"where the individual role names appear in alphabetical "
"order (according to the collating sequence for UCS-2). "
"Implementations may treat PolicyRoles values that are "
"specified as 'role combinations' as simple strings.\n"
"\n"
"This property is deprecated in lieu of the use of an "
"association, PolicySetInRoleCollection. The latter is a "
"more explicit and less error-prone approach to modeling "
"that a PolicySet has one or more PolicyRoles.") ]
string PolicyRoles[];
[Description (
"Indicates whether this PolicySet is administratively "
"enabled, administratively disabled, or enabled for debug. "
"The \"EnabledForDebug\" property value is deprecated and, "
"when it or any value not understood by the receiver is "
"specified, the receiving enforcement point treats the "
"PolicySet as \"Disabled\". To determine if a PolicySet is "
"\"Enabled\", the containment hierarchy specified by the "
"PolicySetComponent aggregation is examined and the Enabled "
"property values of the hierarchy are ANDed together. Thus, "
"for example, everything aggregated by a PolicyGroup may be "
"disabled by setting the Enabled property in the PolicyGroup "
"instance to \"Disabled\" without changing the Enabled "
"property values of any of the aggregated instances. The "
"default value is 1 (\"Enabled\")."),
ValueMap {"1", "2", "3"},
Values {"Enabled", "Disabled", "Enabled For Debug"} ]
uint16 Enabled = 1;
};
// ==================================================================
// PolicyGroup
// ==================================================================
[Version ("2.6.0"), Description (
"An aggregation of PolicySet instances (PolicyGroups and/or "
"PolicyRules) that have the same decision strategy and inherit "
"policy roles. PolicyGroup instances are defined and named "
"relative to the CIM_System that provides their context.") ]
class CIM_PolicyGroup : CIM_PolicySet {
[Key, Propagated ("CIM_System.CreationClassName"), Description (
"The scoping System's CreationClassName."),
MaxLen (256) ]
string SystemCreationClassName;
[Key, Propagated ("CIM_System.Name"), Description (
"The scoping System's Name."),
MaxLen (256) ]
string SystemName;
[Key, Description (
"CreationClassName indicates the name of the class or the "
"subclass used in the creation of an instance. When used "
"with the other key properties of this class, this property "
"allows all instances of this class and its subclasses to be "
"uniquely identified."),
MaxLen (256) ]
string CreationClassName;
[Key, Description (
"A user-friendly name of this PolicyGroup."),
MaxLen (256) ]
string PolicyGroupName;
};
// ==================================================================
// PolicyRule
// ==================================================================
[Version ("2.7.0"), Description (
"The central class used for representing the 'If Condition then "
"Action' semantics of a policy rule. A PolicyRule condition, "
"in the most general sense, is represented as either an ORed "
"set of ANDed conditions (Disjunctive Normal Form, or DNF) or "
"an ANDed set of ORed conditions (Conjunctive Normal Form, or "
"CNF). Individual conditions may either be negated (NOT C) or "
"unnegated (C). The actions specified by a PolicyRule are to "
"be performed if and only if the PolicyRule condition (whether "
"it is represented in DNF or CNF) evaluates to TRUE.\n"
"\n"
"The conditions and actions associated with a PolicyRule are "
"modeled, respectively, with subclasses of PolicyCondition and "
"PolicyAction. These condition and action objects are tied to "
"instances of PolicyRule by the PolicyConditionInPolicyRule and "
"PolicyActionInPolicyRule aggregations.\n"
"\n"
"A PolicyRule may also be associated with one or more policy "
"time periods, indicating the schedule according to which the "
"policy rule is active and inactive. In this case it is the "
"PolicySetValidityPeriod aggregation that provides this linkage.\n"
"\n"
"The PolicyRule class uses the property ConditionListType, to "
"indicate whether the conditions for the rule are in DNF "
"(disjunctive normal form), CNF (conjunctive normal form) or, "
"in the case of a rule with no conditions, as an "
"UnconditionalRule. The PolicyConditionInPolicyRule "
"aggregation contains two additional properties to complete the "
"representation of the Rule's conditional expression. The "
"first of these properties is an integer to partition the "
"referenced PolicyConditions into one or more groups, and the "
"second is a Boolean to indicate whether a referenced Condition "
"is negated. An example shows how ConditionListType and these "
"two additional properties provide a unique representation of a "
"set of PolicyConditions in either DNF or CNF.\n"
"\n"
"Suppose we have a PolicyRule that aggregates five "
"PolicyConditions C1 through C5, with the following values in "
"the properties of the five PolicyConditionInPolicyRule associations:\n"
"C1: GroupNumber = 1, ConditionNegated = FALSE\n"
"C2: GroupNumber = 1, ConditionNegated = TRUE\n"
"C3: GroupNumber = 1, ConditionNegated = FALSE\n"
"C4: GroupNumber = 2, ConditionNegated = FALSE\n"
"C5: GroupNumber = 2, ConditionNegated = FALSE\n"
"\n"
"If ConditionListType = DNF, then the overall condition for the "
"PolicyRule is:\n"
"(C1 AND (NOT C2) AND C3) OR (C4 AND C5)\n"
"\n"
"On the other hand, if ConditionListType = CNF, then the "
"overall condition for the PolicyRule is:\n"
"(C1 OR (NOT C2) OR C3) AND (C4 OR C5)\n"
"\n"
"In both cases, there is an unambiguous specification of the "
"overall condition that is tested to determine whether to "
"perform the PolicyActions associated with the PolicyRule.\n"
"\n"
"PolicyRule instances may also be used to aggregate other "
"PolicyRules and/or PolicyGroups. When used in this way to "
"implement nested rules, the conditions of the aggregating rule "
"apply to the subordinate rules as well. However, any side "
"effects of condition evaluation or the execution of actions "
"MUST NOT affect the result of the evaluation of other "
"conditions evaluated by the rule engine in the same evaluation "
"pass. That is, an implementation of a rule engine MAY "
"evaluate all conditions in any order before applying the "
"priority and determining which actions are to be executed.") ]
class CIM_PolicyRule : CIM_PolicySet {
[Key, Propagated ("CIM_System.CreationClassName"), Description (
"The scoping System's CreationClassName."),
MaxLen (256) ]
string SystemCreationClassName;
[Key, Propagated ("CIM_System.Name"), Description (
"The scoping System's Name."),
MaxLen (256) ]
string SystemName;
[Key, Description (
"CreationClassName indicates the name of the class or the "
"subclass used in the creation of an instance. When used "
"with the other key properties of this class, this property "
"allows all instances of this class and its subclasses to be "
"uniquely identified."),
MaxLen (256) ]
string CreationClassName;
[Key, Description (
"A user-friendly name of this PolicyRule."),
MaxLen (256) ]
string PolicyRuleName;
[Description (
"Indicates whether the list of PolicyConditions associated "
"with this PolicyRule is in disjunctive normal form (DNF), "
"conjunctive normal form (CNF), or has no conditions (i.e., "
"is an UnconditionalRule) and is automatically evaluated to "
"\"True.\" The default value is 1 (\"DNF\")."),
ValueMap {"0", "1", "2"},
Values {"Unconditional Rule", "DNF", "CNF"} ]
uint16 ConditionListType = 1;
[Description (
"A free-form string that can be used to provide guidelines "
"on how this PolicyRule should be used.") ]
string RuleUsage;
[Deprecated {"CIM_PolicySetComponent.Priority"}, Description (
"PolicyRule.Priority is deprecated and replaced by providing "
"the priority for a rule (and a group) in the context of the "
"aggregating PolicySet instead of the priority being used "
"for all aggregating PolicySet instances. Thus, the "
"assignment of priority values is much simpler.\n"
"\n"
"A non-negative integer for prioritizing this Policy Rule "
"relative to other Rules. A larger value indicates a higher "
"priority. The default value is 0.") ]
uint16 Priority;
[Deprecated {"No Value"}, Description (
"A flag indicating that the evaluation of the Policy "
"Conditions and execution of PolicyActions (if the "
"Conditions evaluate to TRUE) is required. The evaluation "
"of a PolicyRule MUST be attempted if the Mandatory property "
"value is TRUE. If the Mandatory property is FALSE, then "
"the evaluation of the Rule is 'best effort' and MAY be "
"ignored.") ]
boolean Mandatory;
[Description (
"This property gives a policy administrator a way of "
"specifying how the ordering of the PolicyActions associated "
"with this PolicyRule is to be interpreted. Three values "
"are supported:\n"
"o mandatory(1): Do the actions in the indicated order, or "
"don't do them at all.\n"
"o recommended(2): Do the actions in the indicated order if "
"you can, but if you can't do them in this order, do them in "
"another order if you can.\n"
"o dontCare(3): Do them -- I don't care about the order.\n"
"The default value is 3 (\"DontCare\")."),
ValueMap {"1", "2", "3"},
Values {"Mandatory", "Recommended", "Dont Care"} ]
uint16 SequencedActions = 3;
[Description (
"ExecutionStrategy defines the strategy to be used in "
"executing the sequenced actions aggregated by this "
"PolicyRule. There are three execution strategies:\n"
"\n"
"Do Until Success - execute actions according to predefined\n"
"order, until successful execution of a\n"
"single action.\n"
"Do All - execute ALL actions which are part of\n"
"the modeled set, according to their\n"
"predefined order. Continue doing this,\n"
"even if one or more of the actions fails.\n"
"Do Until Failure - execute actions according to predefined\n"
"order, until the first failure in\n"
"execution of an action instance."),
ValueMap {"1", "2", "3"},
Values {"Do Until Success", "Do All", "Do Until Failure"} ]
uint16 ExecutionStrategy;
};
// ==================================================================
// AuthenticationRule
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"A class representing a company's and/or administrator's "
"authentication requirements for a CIM_Identity. The "
"PolicyConditions collected by an instance of "
"AuthenticationRule describe the various requirements under "
"which a CIM_Identity's CurrentlyAuthenticated Boolean is set "
"to TRUE. Note that the CIM_Identities which are authenticated "
"are tied to the Rule by the association, PolicySet AppliesToElement.\n"
"\n"
"At this time, there are no actions associated with this "
"PolicyRule. This is because the actions are implicit. When "
"the conditions of the rule are met, then the "
"CurrentlyAuthenticated Boolean properties of the associated "
"instances of CIM_Identity are set to TRUE.") ]
class CIM_AuthenticationRule : CIM_PolicyRule {
};
// ==================================================================
// ReusablePolicyContainer
// ==================================================================
[Version ("2.6.0"), Description (
"A class representing an administratively defined container for "
"reusable policy-related information. This class does not "
"introduce any additional properties beyond those in its "
"superclass AdminDomain. It does, however, participate in a "
"unique association for containing policy elements.\n"
"\n"
"An instance of this class uses the NameFormat value "
"\"ReusablePolicyContainer\".") ]
class CIM_ReusablePolicyContainer : CIM_AdminDomain {
};
// ==================================================================
// PolicyRepository *** deprecated
// ==================================================================
[Deprecated {"CIM_ReusablePolicyContainer"}, Version ("2.7.0"),
Description (
"The term 'PolicyRepository' has been confusing to both "
"developers and users of the model. The replacement class name "
"describes model element properly and is less likely to be "
"confused with a data repository.\n"
"\n"
"A class representing an administratively defined container for "
"reusable policy-related information. This class does not "
"introduce any additional properties beyond those in its "
"superclass AdminDomain. It does, however, participate in a "
"number of unique associations.\n"
"\n"
"An instance of this class uses the NameFormat value "
"\"PolicyRepository\".") ]
class CIM_PolicyRepository : CIM_AdminDomain {
};
// ==================================================================
// PolicyCondition
// ==================================================================
[Abstract, Version ("2.6.0"), Description (
"A class representing a rule-specific or reusable policy "
"condition to be evaluated in conjunction with a Policy Rule. "
"Since all operational details of a PolicyCondition are "
"provided in subclasses of this object, this class is "
"abstract.") ]
class CIM_PolicyCondition : CIM_Policy {
[Key, Description (
"The name of the class or the subclass used in the creation "
"of the System object in whose scope this PolicyCondition is defined.\n"
"\n"
"This property helps to identify the System object in whose "
"scope this instance of PolicyCondition exists. For a "
"rule-specific PolicyCondition, this is the System in whose "
"context the PolicyRule is defined. For a reusable "
"PolicyCondition, this is the instance of PolicyRepository "
"(which is a subclass of System) that holds the Condition.\n"
"\n"
"Note that this property, and the analogous property "
"SystemName, do not represent propagated keys from an "
"instance of the class System. Instead, they are properties "
"defined in the context of this class, which repeat the "
"values from the instance of System to which this "
"PolicyCondition is related, either directly via the "
"PolicyConditionInPolicyRepository association or indirectly "
"via the PolicyConditionInPolicyRule aggregation."),
MaxLen (256) ]
string SystemCreationClassName;
[Key, Description (
"The name of the System object in whose scope this "
"PolicyCondition is defined.\n"
"\n"
"This property completes the identification of the System "
"object in whose scope this instance of PolicyCondition "
"exists. For a rule-specific PolicyCondition, this is the "
"System in whose context the PolicyRule is defined. For a "
"reusable PolicyCondition, this is the instance of "
"PolicyRepository (which is a subclass of System) that holds "
"the Condition."),
MaxLen (256) ]
string SystemName;
[Key, Description (
"For a rule-specific PolicyCondition, the CreationClassName "
"of the PolicyRule object with which this Condition is "
"associated. For a reusable Policy Condition, a special "
"value, 'NO RULE', should be used to indicate that this "
"Condition is reusable and not associated with a single "
"PolicyRule."),
MaxLen (256) ]
string PolicyRuleCreationClassName;
[Key, Description (
"For a rule-specific PolicyCondition, the name of the "
"PolicyRule object with which this Condition is associated. "
"For a reusable PolicyCondition, a special value, 'NO RULE', "
"should be used to indicate that this Condition is reusable "
"and not associated with a single PolicyRule."),
MaxLen (256) ]
string PolicyRuleName;
[Key, Description (
"CreationClassName indicates the name of the class or the "
"subclass used in the creation of an instance. When used "
"with the other key properties of this class, this property "
"allows all instances of this class and its subclasses to be "
"uniquely identified."),
MaxLen (256) ]
string CreationClassName;
[Key, Description (
"A user-friendly name of this PolicyCondition."),
MaxLen (256) ]
string PolicyConditionName;
};
// ==================================================================
// PolicyTimePeriodCondition
// ==================================================================
[Version ("2.7.0"), Description (
"This class provides a means of representing the time periods "
"during which a PolicySet is valid, i.e., active. At all times "
"that fall outside these time periods, the PolicySet has no "
"effect. A PolicySet is treated as valid at ALL times, if it "
"does not specify a PolicyTimePeriodCondition.\n"
"\n"
"In some cases a Policy Consumer may need to perform certain "
"setup / cleanup actions when a PolicySet becomes active / "
"inactive. For example, sessions that were established while a "
"PolicySet was active might need to be taken down when the "
"PolicySet becomes inactive. In other cases, however, such "
"sessions might be left up. In this case, the effect of "
"deactivating the PolicySet would just be to prevent the "
"establishment of new sessions.\n"
"\n"
"Setup / cleanup behaviors on validity period transitions are "
"not currently addressed by the Policy Model, and must be "
"specified in 'guideline' documents or via subclasses of "
"CIM_PolicySet, CIM_PolicyTimePeriod Condition or other "
"concrete subclasses of CIM_Policy. If such behaviors need to "
"be under the control of the policy administrator, then a "
"mechanism to allow this control must also be specified in the subclasses.\n"
"\n"
"PolicyTimePeriodCondition is defined as a subclass of "
"PolicyCondition. This is to allow the inclusion of time-based "
"criteria in the AND/OR condition definitions for a PolicyRule.\n"
"\n"
"Instances of this class may have up to five properties "
"identifying time periods at different levels. The values of "
"all the properties present in an instance are ANDed together "
"to determine the validity period(s) for the instance. For "
"example, an instance with an overall validity range of January "
"1, 2000 through December 31, 2000; a month mask that selects "
"March and April; a day-of-the-week mask that selects Fridays; "
"and a time of day range of 0800 through 1600 would be "
"represented using the following time periods:\n"
"Friday, March 5, 2000, from 0800 through 1600;\n"
"Friday, March 12, 2000, from 0800 through 1600;\n"
"Friday, March 19, 2000, from 0800 through 1600;\n"
"Friday, March 26, 2000, from 0800 through 1600;\n"
"Friday, April 2, 2000, from 0800 through 1600;\n"
"Friday, April 9, 2000, from 0800 through 1600;\n"
"Friday, April 16, 2000, from 0800 through 1600;\n"
"Friday, April 23, 2000, from 0800 through 1600;\n"
"Friday, April 30, 2000, from 0800 through 1600.\n"
"\n"
"Properties not present in an instance of "
"PolicyTimePeriodCondition are implicitly treated as having "
"their value 'always enabled'. Thus, in the example above, the "
"day-of-the-month mask is not present, and so the validity "
"period for the instance implicitly includes a day-of-the-month "
"mask that selects all days of the month. If this 'missing "
"property' rule is applied to its fullest, we see that there is "
"a second way to indicate that a PolicySet is always enabled: "
"associate with it an instance of PolicyTimePeriodCondition "
"whose only properties with specific values are its key "
"properties.") ]
class CIM_PolicyTimePeriodCondition : CIM_PolicyCondition {
[Description (
"This property identifies an overall range of calendar dates "
"and times over which a PolicySet is valid. It is formatted "
"as a string representing a start date and time, in which "
"the character 'T' indicates the beginning of the time "
"portion, followed by the solidus character '/', followed by "
"a similar string representing an end date and time. The "
"first date indicates the beginning of the range, while the "
"second date indicates the end. Thus, the second date and "
"time must be later than the first. Date/times are "
"expressed as substrings of the form yyyymmddThhmmss. For example:\n"
"20000101T080000/20000131T120000 defines\n"
"January 1, 2000, 0800 through January 31, 2000, noon\n"
"\n"
"There are also two special cases in which one of the "
"date/time strings is replaced with a special string defined "
"in RFC 2445.\n"
"o If the first date/time is replaced with the string "
"'THISANDPRIOR', then the property indicates that a "
"PolicySet is valid [from now] until the date/time that "
"appears after the '/'.\n"
"o If the second date/time is replaced with the string "
"'THISANDFUTURE', then the property indicates that a "
"PolicySet becomes valid on the date/time that appears "
"before the '/', and remains valid from that point on."),
ModelCorrespondence {
"CIM_PolicyTimePeriodCondition.MonthOfYearMask",
"CIM_PolicyTimePeriodCondition.DayOfMonthMask",
"CIM_PolicyTimePeriodCondition.DayOfWeekMask",
"CIM_PolicyTimePeriodCondition.TimeOfDayMask",
"CIM_PolicyTimePeriodCondition.LocalOrUtcTime"} ]
string TimePeriod;
[Description (
"The purpose of this property is to refine the valid time "
"period that is defined by the TimePeriod property, by "
"explicitly specifying in which months the PolicySet is "
"valid. These properties work together, with the TimePeriod "
"used to specify the overall time period in which the "
"PolicySet is valid, and the MonthOfYearMask used to pick "
"out the months during which the PolicySet is valid.\n"
"\n"
"This property is formatted as an octet string, structured "
"as follows:\n"
"o a 4-octet length field, indicating the length of the "
"entire octet string; this field is always set to 0x00000006 "
"for this property;\n"
"o a 2-octet field consisting of 12 bits identifying the 12 "
"months of the year, beginning with January and ending with "
"December, followed by 4 bits that are always set to '0'. "
"For each month, the value '1' indicates that the policy is "
"valid for that month, and the value '0' indicates that it "
"is not valid.\n"
"\n"
"The value 0x000000060830, for example, indicates that a "
"PolicySet is valid only in the months May, November, and December.\n"
"\n"
"If a value for this property is not provided, then the "
"PolicySet is treated as valid for all twelve months, and "
"only restricted by its TimePeriod property value and the "
"other Mask properties."),
OctetString,
ModelCorrespondence {
"CIM_PolicyTimePeriodCondition.TimePeriod",
"CIM_PolicyTimePeriodCondition.LocalOrUtcTime"} ]
uint8 MonthOfYearMask[];
[Description (
"The purpose of this property is to refine the valid time "
"period that is defined by the TimePeriod property, by "
"explicitly specifying in which days of the month the "
"PolicySet is valid. These properties work together, with "
"the TimePeriod used to specify the overall time period in "
"which the PolicySet is valid, and the DayOfMonthMask used "
"to pick out the days of the month during which the "
"PolicySet is valid.\n"
"\n"
"This property is formatted as an octet string, structured "
"as follows:\n"
"o a 4-octet length field, indicating the length of the "
"entire octet string; this field is always set to 0x0000000C "
"for this property;\n"
"o an 8-octet field consisting of 31 bits identifying the "
"days of the month counting from the beginning, followed by "
"31 more bits identifying the days of the month counting "
"from the end, followed by 2 bits that are always set to "
"'0'. For each day, the value '1' indicates that the "
"PolicySet is valid for that day, and the value '0' "
"indicates that it is not valid.\n"
"\n"
"The value 0x0000000C8000000100000000, for example, "
"indicates that a PolicySet is valid on the first and last "
"days of the month.\n"
"\n"
"For months with fewer than 31 days, the digits "
"corresponding to days that the months do not have (counting "
"in both directions) are ignored.\n"
"\n"
"If a value for this property is not provided, then the "
"PolicySet is treated as valid for all days of the month, "
"and only restricted by its TimePeriod property value and "
"the other Mask properties."),
OctetString,
ModelCorrespondence {
"CIM_PolicyTimePeriodCondition.TimePeriod",
"CIM_PolicyTimePeriodCondition.LocalOrUtcTime"} ]
uint8 DayOfMonthMask[];
[Description (
"The purpose of this property is to refine the valid time "
"period that is defined by the TimePeriod property, by "
"explicitly specifying in which days of the week the "
"PolicySet is valid. These properties work together, with "
"the TimePeriod used to specify the overall time period in "
"which the PolicySet is valid, and the DayOfWeekMask used to "
"pick out the days of the week during which the PolicySet is valid.\n"
"\n"
"This property is formatted as an octet string, structured "
"as follows:\n"
"o a 4-octet length field, indicating the length of the "
"entire octet string; this field is always set to 0x00000005 "
"for this property;\n"
"o a 1-octet field consisting of 7 bits identifying the 7 "
"days of the week, beginning with Sunday and ending with "
"Saturday, followed by 1 bit that is always set to '0'. For "
"each day of the week, the value '1' indicates that the "
"PolicySet is valid for that day, and the value '0' "
"indicates that it is not valid.\n"
"\n"
"The value 0x000000057C, for example, indicates that a "
"PolicySet is valid Monday through Friday.\n"
"\n"
"If a value for this property is not provided, then the "
"PolicySet is treated as valid for all days of the week, and "
"only restricted by its TimePeriod property value and the "
"other Mask properties."),
OctetString,
ModelCorrespondence {
"CIM_PolicyTimePeriodCondition.TimePeriod",
"CIM_PolicyTimePeriodCondition.LocalOrUtcTime"} ]
uint8 DayOfWeekMask[];
[Description (
"The purpose of this property is to refine the valid time "
"period that is defined by the TimePeriod property, by "
"explicitly specifying a range of times in a day during "
"which the PolicySet is valid. These properties work "
"together, with the TimePeriod used to specify the overall "
"time period in which the PolicySet is valid, and the "
"TimeOfDayMask used to pick out the range of time periods in "
"a given day of during which the PolicySet is valid.\n"
"\n"
"This property is formatted in the style of RFC 2445: a time "
"string beginning with the character 'T', followed by the "
"solidus character '/', followed by a second time string. "
"The first time indicates the beginning of the range, while "
"the second time indicates the end. Times are expressed as "
"substrings of the form 'Thhmmss'.\n"
"\n"
"The second substring always identifies a later time than "
"the first substring. To allow for ranges that span "
"midnight, however, the value of the second string may be "
"smaller than the value of the first substring. Thus, "
"'T080000/T210000' identifies the range from 0800 until "
"2100, while 'T210000/T080000' identifies the range from "
"2100 until 0800 of the following day.\n"
"\n"
"When a range spans midnight, it by definition includes "
"parts of two successive days. When one of these days is "
"also selected by either the MonthOfYearMask, "
"DayOfMonthMask, and/or DayOfWeekMask, but the other day is "
"not, then the PolicySet is active only during the portion "
"of the range that falls on the selected day. For example, "
"if the range extends from 2100 until 0800, and the day of "
"week mask selects Monday and Tuesday, then the PolicySet is "
"active during the following three intervals:\n"
"From midnight Sunday until 0800 Monday;\n"
"From 2100 Monday until 0800 Tuesday;\n"
"From 2100 Tuesday until 23:59:59 Tuesday.\n"
"\n"
"If a value for this property is not provided, then the "
"PolicySet is treated as valid for all hours of the day, and "
"only restricted by its TimePeriod property value and the "
"other Mask properties."),
ModelCorrespondence {
"CIM_PolicyTimePeriodCondition.TimePeriod",
"CIM_PolicyTimePeriodCondition.LocalOrUtcTime"} ]
string TimeOfDayMask;
[Description (
"This property indicates whether the times represented in "
"the TimePeriod property and in the various Mask properties "
"represent local times or UTC times. There is no provision "
"for mixing of local times and UTC times: the value of this "
"property applies to all of the other time-related "
"properties. TimePeriods are synchronized worldwide by "
"using the enumeration value 'UTCTime'. If the goal is to "
"synchronize worldwide on a particular local time (such as "
"0300 - 0500 in New York), then if the TimePeriod property "
"spans a Daylight Savings Time transition in New York, it "
"will be necessary to create multiple instances of "
"PolicyTimePeriodCondition, one based on the offset UTC-0500 "
"for the part of each year when standard time is used in New "
"York, and one based on the offset UTC-0400 for the part of "
"each year when Daylight Savings Time is used there."),
ValueMap {"1", "2"},
Values {"Local Time", "UTC Time"},
ModelCorrespondence {
"CIM_PolicyTimePeriodCondition.TimePeriod",
"CIM_PolicyTimePeriodCondition.MonthOfYearMask",
"CIM_PolicyTimePeriodCondition.DayOfMonthMask",
"CIM_PolicyTimePeriodCondition.DayOfWeekMask",
"CIM_PolicyTimePeriodCondition.TimeOfDayMask"} ]
uint16 LocalOrUtcTime;
};
// ==================================================================
// CompoundPolicyCondition
// ==================================================================
[Version ("2.7.0"), Description (
"CompoundPolicyCondition is used to represent compound "
"conditions formed by aggregating simpler policy conditions. "
"Compound conditions are constructed by associating subordinate "
"condition terms together using the "
"PolicyConditionInPolicyCondition aggregation.") ]
class CIM_CompoundPolicyCondition : CIM_PolicyCondition {
[Description (
"Indicates whether the list of CompoundPolicyConditions "
"associated with this PolicyRule is in disjunctive normal "
"form (DNF) or conjunctive normal form (CNF). The default "
"value is 1 (\"DNF\")."),
ValueMap {"1", "2"},
Values { "DNF", "CNF" } ]
uint16 ConditionListType;
};
// ==================================================================
// AuthenticationCondition
// ==================================================================
[Experimental, Abstract, Version ("2.7.1000"), Description (
"An abstract class whosesubclasses describe one of a company's "
"and/or administrator's credential requirements, and/orother "
"information that should be authenticated in order to "
"establish/trust a CIM_Identity.The PolicyConditions collected "
"by an instance of AuthenticationRuledescribe the various "
"requirements under which a "
"CIM_Identity'sCurrentlyAuthenticated Booleanis set to TRUE. "
"Note that the CIM_Identitieswhich are authenticated are "
"specified through the AuthenticationRule, using the "
"PolicySetAppliesToElementassociation.") ]
class CIM_AuthenticationCondition : CIM_PolicyCondition {
};
// ==================================================================
// SharedSecretAuthentication
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"Aclass describing a company's and/or administrator's "
"credential requirements that should be authenticated in "
"orderto establish/trust a CIM_Identity.This class defines a "
"specific identity whose shared secret should be "
"authenticated.") ]
class CIM_SharedSecretAuthentication : CIM_AuthenticationCondition {
[Description (
"String defining the principal's ID whose secret is "
"authenticated.") ]
string IDOfPrincipal;
[Description (
"String defining a hostname, URI or service/application "
"name. It defines the specific system or service which "
"provides the context for the shared secret.") ]
string ContextOfSecret;
};
// ==================================================================
// AccountAuthentication
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"Aclass describing a company's and/or administrator's "
"credential requirements that should be authenticated in "
"orderto establish/trust a CIM_Identity.This class defines a "
"specific identity whose account credentialsshould be "
"authenticated.") ]
class CIM_AccountAuthentication : CIM_AuthenticationCondition {
[Description (
"String defining the account's ID which is authenticated.") ]
string AccountID;
[Description (
"String defining a hostname, URI or other information "
"identifying the system where the Account resides.") ]
string AccountContext;
};
// ==================================================================
// BiometricAuthentication
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"A class describing a company's and/or administrator's "
"credential requirements that should be authenticated in order "
"to establish/trust a CIM_Identity. This class defines "
"specific biometric data that should be authenticated.") ]
class CIM_BiometricAuthentication : CIM_AuthenticationCondition {
[Description (
"Integer enumeration identifying the biometric data that "
"should be authenticated."),
ValueMap {"1", "2", "3", "4", "5", "6","7", "8"},
Values {"Other", "Facial", "Retina", "Mark", "Finger", "Voice",
"DNA-RNA", "EEG"},
ModelCorrespondence {
"CIM_BiometricAuthentication.OtherBiometric"} ]
uint16 TypeOfBiometric;
[Description (
"String specifying the biometric when the TypeOfBiometric "
"property is set to 1, \"Other\"."),
ModelCorrespondence {
"CIM_BiometricAuthentication.TypeOfBiometric"} ]
string OtherBiometric;
};
// ==================================================================
// NetworkingIDAuthentication
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"Aclass describing a company's and/or administrator's "
"credential requirements that should be authenticated in "
"orderto establish/trust a CIM_Identity.This class defines that "
"a networking ID or address should be verified.") ]
class CIM_NetworkingIDAuthentication : CIM_AuthenticationCondition {
[Description (
"A string defining the specific type/subclass of "
"CIM_Identity which specifies the networking information.For "
"example, CIM_StorageHardwareID would be entered in this "
"property to identify that a 'known' port should be "
"observed.") ]
string NetworkingIdentityClassName;
};
// ==================================================================
// PublicPrivateKeyAuthentication
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"Aclass describing a company's and/or administrator's "
"credential requirements that should be authenticated in "
"orderto establish/trust a CIM_Identity.This class defines the "
"specific public/private key pair that should be "
"authenticated.") ]
class CIM_PublicPrivateKeyAuthentication : CIM_AuthenticationCondition {
[Description (
"Boolean indicating whether the key pair is self-issued "
"(TRUE) or issued by a Certificate Authority (FALSE).") ]
boolean SelfIssuedKey;
[Description (
"String holding the user's (distinguished) name.") ]
string DistinguishedName;
[Description (
"String holding the public key data.") ]
string PublicKey;
};
// ==================================================================
// KerberosAuthentication
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"Aclass describing a company's and/or administrator's "
"credential requirements that should beauthenticated in order "
"to establish/trust a CIM_Identity.This class defines a user "
"whose Kerberos ticket should be authenticated.") ]
class CIM_KerberosAuthentication : CIM_AuthenticationCondition {
[Description (
"String holding the user name for which the ticket is "
"issued.") ]
string UserName;
};
// ==================================================================
// DocumentAuthentication
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"A class describing a company's and/or administrator's "
"credential requirements that should be authenticated in order "
"to establish/trust a CIM_Identity. This class defines the "
"specific document that should be authenticated.") ]
class CIM_DocumentAuthentication : CIM_AuthenticationCondition {
[Description (
"Integer enumeration identifying the document that should be "
"authenticated."),
ValueMap {"1", "2", "3", "4", "5", "6","7"},
Values {"Other", "Passport", "Birth Certificate", "Credit Card",
"Drivers License", "Membership Card", "Social Security Card"},
ModelCorrespondence {
"CIM_DocumentAuthentication.OtherDocument"} ]
uint16 TypeOfDocument;
[Description (
"String specifying the document when the TypeOfDocument "
"property is set to 1, \"Other\"."),
ModelCorrespondence {
"CIM_DocumentAuthentication.TypeOfDocument"} ]
string OtherDocument;
};
// ==================================================================
// ChallengeQuestionAuthentication
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"Aclass describing a company's and/or administrator's "
"credential requirements that should be authenticated in "
"orderto establish/trust a CIM_Identity. This class defines "
"the specific challenge question whose response should be "
"authenticated.") ]
class CIM_ChallengeQuestionAuthentication : CIM_AuthenticationCondition {
[Description (
"The challenge question to be authenticated.") ]
string ChallengeQuestion;
};
// ==================================================================
// PhysicalCredentialAuthentication
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"A class describing a company's and/or "
"administrator'scredential requirements that should be "
"authenticated in orderto establish/trust a CIM_Identity.This "
"class defines the specific type of physical credential that "
"should be authenticated.") ]
class CIM_PhysicalCredentialAuthentication : CIM_AuthenticationCondition {
[Description (
"Integer enumeration identifying the credential that should "
"be authenticated."),
ValueMap {"1", "2", "3", "4"},
Values {"Other", "Magnetic Stripe Card", "Smart Card",
"PasswordGenerator Card"},
ModelCorrespondence {
"CIM_PhysicalCredentialAuthentication.OtherCredential"} ]
uint16 TypeOfCredential;
[Description (
"String specifying the credential when the TypeOfCredential "
"property is set to 1, \"Other\"."),
ModelCorrespondence {
"CIM_PhysicalCredentialAuthentication.TypeOfCredential"} ]
string OtherCredential;
};
// ==================================================================
// VendorPolicyCondition
// ==================================================================
[Version ("2.6.0"), Description (
"A class that provides a general extension mechanism for "
"representing PolicyConditions that have not been modeled with "
"specific properties. Instead, the two properties Constraint "
"and ConstraintEncoding are used to define the content and "
"format of the Condition, as explained below.\n"
"\n"
"As its name suggests, VendorPolicyCondition is intended for "
"vendor-specific extensions to the Policy Core Information "
"Model. Standardized extensions are not expected to use this "
"class.") ]
class CIM_VendorPolicyCondition : CIM_PolicyCondition {
[Description (
"This property provides a general extension mechanism for "
"representing PolicyConditions that have not been modeled "
"with specific properties. The format of the octet strings "
"in the array is left unspecified in this definition. It is "
"determined by the OID value stored in the property "
"ConstraintEncoding. Since ConstraintEncoding is "
"single-valued, all the values of Constraint share the same "
"format and semantics."),
OctetString,
ModelCorrespondence {
"CIM_VendorPolicyCondition.ConstraintEncoding"} ]
string Constraint[];
[Description (
"An OID encoded as a string, identifying the format and "
"semantics for this instance's Constraint property."),
ModelCorrespondence { "CIM_VendorPolicyCondition.Constraint"} ]
string ConstraintEncoding;
};
// ==================================================================
// PacketFilterCondition
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"PacketFilterCondition specifies packet selection criteria (via "
"association to FilterLists) for firewall policies, IPsec "
"policies and similar uses. It is used as an anchor point to "
"associate various types of filters with policy rules via the "
"FilterOfPacketCondition association. By definition, policy "
"rules that aggregate PacketFilterCondition are assumed to "
"operate against every packet received and/or transmitted from "
"an ingress and/or egress point. (Whether policy condition "
"evaluation occurs at ingress or egress is specified by the "
"FilterEvaluation property defined in this class.) "
"PacketFilterCondition MAY also be used to define the specific "
"CredentialManagementService that validates the credentials "
"carried in a packet. This is accomplished using the "
"association, AcceptCredentialFrom.\n"
"\n"
"Associated objects (such as FilterListsor Credential "
"ManagementServices) represent components of the condition that "
"MAY or MAY NOT apply at a given rule evaluation. For example, "
"an AcceptCredentialFrom evaluation is only performed when a "
"credential is available to be evaluated and compared against "
"the list of trusted credential management services. "
"Similarly, a PeerIDPayloadFilterEntry MAY only be evaluated "
"when an ID payload is available for checking. Condition "
"components that do not have applicability at rule evaluation "
"time, MUST be evaluated to TRUE."),
MappingStrings {"IPSP Policy Model.IETF|SACondition"} ]
class CIM_PacketFilterCondition : CIM_PolicyCondition {
[Description (
"An enumeration indicating whether packet evaluation is "
"performed at ingress, egress or both."),
ValueMap {"2", "3", "4"},
Values {"Ingress", "Egress", "Both Ingress and Egress"} ]
uint16 FilterEvaluation;
};
// ==================================================================
// PolicyAction
// ==================================================================
[Abstract, Version ("2.7.1000"), Description (
"A class representing a rule-specific or reusable policy action "
"to be performed if the PolicyConditions for a Policy Rule "
"evaluate to TRUE. Since all operational details of a "
"PolicyAction are provided in subclasses of this object, this "
"class is abstract.") ]
class CIM_PolicyAction : CIM_Policy {
[Key, Description (
"The name of the class or the subclass used in the creation "
"of the System object in whose scope this PolicyAction is defined.\n"
"\n"
"This property helps to identify the System object in whose "
"scope this instance of PolicyAction exists. For a "
"rule-specific PolicyAction, this is the System in whose "
"context the PolicyRule is defined. For a reusable "
"PolicyAction, this is the instance of PolicyRepository "
"(which is a subclass of System) that holds the Action.\n"
"\n"
"Note that this property, and the analogous property "
"SystemName, do not represent propagated keys from an "
"instance of the class System. Instead, they are properties "
"defined in the context of this class, which repeat the "
"values from the instance of System to which this "
"PolicyAction is related, either directly via the "
"PolicyActionInPolicyRepository association or indirectly "
"via the PolicyActionInPolicyRule aggregation."),
MaxLen (256) ]
string SystemCreationClassName;
[Key, Description (
"The name of the System object in whose scope this "
"PolicyAction is defined.\n"
"\n"
"This property completes the identification of the System "
"object in whose scope this instance of PolicyAction "
"exists. For a rule-specific PolicyAction, this is the "
"System in whose context the PolicyRule is defined. For a "
"reusable PolicyAction, this is the instance of "
"PolicyRepository (which is a subclass of System) that holds "
"the Action."),
MaxLen (256) ]
string SystemName;
[Key, Description (
"For a rule-specific PolicyAction, the CreationClassName of "
"the PolicyRule object with which this Action is "
"associated. For a reusable PolicyAction, a special value, "
"'NO RULE', should be used to indicate that this Action is "
"reusable and not associated with a single PolicyRule."),
MaxLen (256) ]
string PolicyRuleCreationClassName;
[Key, Description (
"For a rule-specific PolicyAction, the name of the "
"PolicyRule object with which this Action is associated. "
"For a reusable PolicyAction, a special value, 'NO RULE', "
"should be used to indicate that this Action is reusable and "
"not associated with a single PolicyRule."),
MaxLen (256) ]
string PolicyRuleName;
[Key, Description (
"CreationClassName indicates the name of the class or the "
"subclass used in the creation of an instance. When used "
"with the other key properties of this class, this property "
"allows all instances of this class and its subclasses to be "
"uniquely identified."),
MaxLen (256) ]
string CreationClassName;
[Key, Description (
"A user-friendly name of this PolicyAction."),
MaxLen (256) ]
string PolicyActionName;
[Experimental, Description (
"DoActionLogging causes a log messageto be generated when "
"the action is performed.") ]
boolean DoActionLogging;
};
// ==================================================================
// VendorPolicyAction
// ==================================================================
[Version ("2.6.0"), Description (
"A class that provides a general extension mechanism for "
"representing PolicyActions that have not been modeled with "
"specific properties. Instead, the two properties ActionData "
"and ActionEncoding are used to define the content and format "
"of the Action, as explained below.\n"
"\n"
"As its name suggests, VendorPolicyAction is intended for "
"vendor-specific extensions to the Policy Core Information "
"Model. Standardized extensions are not expected to use this "
"class.") ]
class CIM_VendorPolicyAction : CIM_PolicyAction {
[Description (
"This property provides a general extension mechanism for "
"representing PolicyActions that have not been modeled with "
"specific properties. The format of the octet strings in "
"the array is left unspecified in this definition. It is "
"determined by the OID value stored in the property "
"ActionEncoding. Since ActionEncoding is single-valued, all "
"the values of ActionData share the same format and "
"semantics."),
OctetString,
ModelCorrespondence { "CIM_VendorPolicyAction.ActionEncoding"} ]
string ActionData[];
[Description (
"An OID encoded as a string, identifying the format and "
"semantics for this instance's ActionData property."),
ModelCorrespondence { "CIM_VendorPolicyAction.ActionData"} ]
string ActionEncoding;
};
// ==================================================================
// CompoundPolicyAction
// ==================================================================
[Version ("2.6.0"), Description (
"CompoundPolicyAction is used to represent an expression "
"consisting of an ordered sequence of action terms. Each "
"action term is represented as a subclass of the PolicyAction "
"class. Compound actions are constructed by associating "
"dependent action terms together using the "
"PolicyActionInPolicyAction aggregation.") ]
class CIM_CompoundPolicyAction : CIM_PolicyAction {
[Description (
"This property gives a policy administrator a way of "
"specifying how the ordering of the PolicyActions associated "
"with this PolicyRule is to be interpreted. Three values "
"are supported:\n"
"o mandatory(1): Do the actions in the indicated order, or "
"don't do them at all.\n"
"o recommended(2): Do the actions in the indicated order if "
"you can, but if you can't do them in this order, do them in "
"another order if you can.\n"
"o dontCare(3): Do them -- I don't care about the order.\n"
"The default value is 3 (\"DontCare\")."),
ValueMap {"1", "2", "3"},
Values {"Mandatory", "Recommended", "Dont Care"} ]
uint16 SequencedActions;
[Description (
"ExecutionStrategy defines the strategy to be used in "
"executing the sequenced actions aggregated by this "
"CompoundPolicyAction. There are three execution strategies:\n"
"\n"
"Do Until Success - execute actions according to predefined\n"
"order, until successful execution of a\n"
"single action.\n"
"Do All - execute ALL actions which are part of\n"
"the modeled set, according to their\n"
"predefined order. Continue doing this,\n"
"even if one or more of the actions fails.\n"
"Do Until Failure - execute actions according to predefined\n"
"order, until the first failure in\n"
"execution of an action instance.\n"
"The default value is 2 (\"Do All\")."),
ValueMap {"1", "2", "3"},
Values {"Do Until Success", "Do All", "Do Until Failure"} ]
uint16 ExecutionStrategy;
};
// ==================================================================
// NetworkPacketAction
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"NetworkPacketAction standardizes differentprocessing options "
"that can be taken at the network packetlevel. The specific "
"action is defined in the PacketAction enumerated property. "
"Note that this property can be used in conjunction with other "
"actions aggregated into a Rule, to fullydefine its effects. "
"For example, when aggregated with the SAStaticActionclass, "
"NetworkPacketAction indicates whethera specific packet will be "
"encrypted, bypassed or discarded forthe lifetime of the "
"Security Association.") ]
class CIM_NetworkPacketAction : CIM_PolicyAction {
[Description (
"A network packet can be processed, bypassed for processing "
"(i.e., allowed to continue without further processing,such "
"as being forwarded in the clear versus being encrypted), or "
"discarded. This enumeration indicateshow a packet should "
"be handled if a PolicyRule's PolicyConditions evaluate to "
"TRUE."),
ValueMap {"1", "2", "3", "4"},
Values {"Other", "Processed", "Bypassed", "Discarded"},
MappingStrings {"IPSP Policy Model.IETF|IPsecBypassAction",
"IPSP Policy Model.IETF|IPsecDiscardAction"},
ModelCorrespondence {"CIM_NetworkPacketAction.OtherAction"} ]
uint16 PacketAction;
[Description (
"Description of the action when the value 1 (\"Other\") is "
"specified for the property, PacketAction."),
ModelCorrespondence {"CIM_NetworkPacketAction.PacketAction"} ]
string OtherAction;
};
// ==================================================================
// RejectConnectionAction
// ==================================================================
[Experimental, Version ("2.7.1000"), Description (
"RejectConnectionAction is used to causea connection or its "
"negotiation to be terminated. Forexample, it can be used in "
"conjunction with an address filteron UDP port 500 to reduce "
"Denial of Service vulnerability.As another example, it can be "
"specified as a low priorityrule to explicitly define the "
"default action for IKE keyexchange negotiations - i.e., if the "
"higher priority rules are not satisfied, then reject the "
"connection negotiation."),
MappingStrings {"IPSP Policy Model.IETF|IKERejectAction"} ]
class CIM_RejectConnectionAction : CIM_PolicyAction {
};
// ==================================================================
// PolicyRoleCollection
// ==================================================================
[Version ("2.7.1000"), Description (
"PolicyRoleCollection is used to represent a collection of "
"ManagedElements that share a common policy role, and the "
"PolicySets that CAN BE applied to those elements. (Note that "
"the PolicySets that are CURRENTLY applied are indicated via "
"instances of the association, PolicySetAppliesToElement.) The "
"PolicyRoleCollection always exists in the context of a System, "
"specified using the PolicyRoleCollectionInSystem aggregation. "
"The value of the PolicyRole property in this class specifies "
"the role. It is defined as a free-form string. "
"ManagedElements that share the role defined in this collection "
"are aggregated into the Collection via the "
"ElementInPolicyRoleCollection association.") ]
class CIM_PolicyRoleCollection : CIM_SystemSpecificCollection {
[Required, Description (
"The PolicyRole name for the PolicySets and other "
"ManagedElements that are identified and aggregated by the "
"Collection. Note that the aggregated PolicySets define the "
"rules and groups of rules that may be applied to the "
"associated ManagedElements.\n"
"\n"
"Although not officially designated as 'role combinations', "
"multiple roles may be specified using the form:\n"
" <RoleName>[&&<RoleName>]*\n"
"where the individual role names appear in alphabetical "
"order (according to the collating sequence for UCS-2). "
"Implementations may treat PolicyRole values that are "
"specified as 'role combinations' as simple strings.") ]
string PolicyRole;
[Experimental, Description (
"Activates/applies the PolicySets aggregated into this "
"Collection to the specified ManagedElement. The "
"ManagedElement MUST be a member of the Collection, "
"associated via ElementInPolicyRoleCollection. The result "
"of this method, if it is successfully executed, is that the "
"aggregated PolicySets are deployed and enforced for the "
"Element. This is reflected by the instantiation of the "
"PolicySetAppliesToElement association between the named "
"Element and each PolicySet."),
ValueMap {"0", "1", "2", "3", "4", "..", "0x8000.."},
Values {"Success", "Not Supported", "Unknown", "Timeout",
"Failed", "DMTF Reserved", "Vendor Specific"} ]
uint32 ActivatePolicySet(
[IN, Description(
"The ManagedElement to which the aggregated PolicySets of "
"this Collection are applied.") ]
CIM_ManagedElement REF Element);
[Experimental, Description (
"Deactivates the aggregated PolicySets for the specified "
"ManagedElement. The result of this method, if it is "
"successfully executed, is that the aggregated PolicySets "
"are NOT enforced for the Element. This is reflected by the "
"removal of the PolicySetAppliesToElement association "
"between the named Element and each PolicySet. If a "
"PolicySet is not currently enforced for the ManagedElement, "
"then this method has no effect for that Set."),
ValueMap {"0", "1", "2", "3", "4", "..", "0x8000..0xFFFF"},
Values {"Success", "Not Supported", "Unknown", "Timeout",
"Failed", "DMTF Reserved", "Vendor Specific"} ]
uint32 DeactivatePolicySet(
[IN, Description(
"The ManagedElement to which the aggregated PolicySets of "
"this Collection MUST NOT apply.") ]
CIM_ManagedElement REF Element);
};
// ==================================================================
// === Association classes ===
// ==================================================================
// ==================================================================
// PolicyComponent
// ==================================================================
[Association, Abstract, Aggregation, Version ("2.6.0"),
Description (
"CIM_PolicyComponent is a generic association used to establish "
"'part of' relationships between the subclasses of CIM_Policy. "
"For example, the PolicyConditionInPolicyRule association "
"defines that PolicyConditions are part of a PolicyRule.") ]
class CIM_PolicyComponent : CIM_Component {
[Aggregate, Override ("GroupComponent"), Description (
"The parent Policy in the association.") ]
CIM_Policy REF GroupComponent;
[Override ("PartComponent"), Description (
"The child/part Policy in the association.") ]
CIM_Policy REF PartComponent;
};
// ==================================================================
// PolicyInSystem
// ==================================================================
[Association, Abstract, Version ("2.7.1000"), Description (
"CIM_PolicyInSystem is a generic association used to establish "
"dependency relationships between Policies and the Systems that "
"host them. These Systems may be ComputerSystems where "
"Policies are 'running' or they may be Policy Repositories "
"where Policies are stored. This relationship is similar to "
"the concept of CIM_Services being dependent on CIM_Systems as "
"defined by the HostedService association.\n"
"\n"
"Cardinality is Max (1) for the Antecedent/System reference "
"since Policies can only be hosted in at most one System "
"context. Some subclasses of the association will further "
"refine this definition to make the Policies Weak to Systems. "
"Other subclasses of PolicyInSystem will define an optional "
"hosting relationship. Examples of each of these are the "
"PolicyRuleInSystem and PolicyConditionIn PolicyRepository "
"associations, respectively.") ]
class CIM_PolicyInSystem : CIM_HostedDependency {
[Override ("Antecedent"), Max (1), Description (
"The hosting System.") ]
CIM_System REF Antecedent;
[Override ("Dependent"), Description (
"The hosted Policy.") ]
CIM_Policy REF Dependent;
};
// ==================================================================
// PolicySetInSystem
// ==================================================================
[Association, Abstract, Version ("2.6.0"), Description (
"PolicySetInSystem is an abstract association class that "
"represents a relationship between a System and a PolicySet "
"used in the administrative scope of that system (e.g., "
"AdminDomain, ComputerSystem). The Priority property is used "
"to assign a relative priority to a PolicySet within the "
"administrative scope in contexts where it is not a component "
"of another PolicySet.") ]
class CIM_PolicySetInSystem : CIM_PolicyInSystem {
[Override ("Antecedent"), Min (1), Max (1), Description (
"The System in whose scope a PolicySet is defined.") ]
CIM_System REF Antecedent;
[Override ("Dependent"), Description (
"A PolicySet named within the scope of a System.") ]
CIM_PolicySet REF Dependent;
[Description (
"The Priority property is used to specify the relative "
"priority of the referenced PolicySet when there are more "
"than one PolicySet instances applied to a managed resource "
"that are not PolicySetComponents and, therefore, have no "
"other relative priority defined. The priority is a "
"non-negative integer; a larger value indicates a higher "
"priority.") ]
uint16 Priority;
};
// ==================================================================
// PolicyGroupInSystem
// ==================================================================
[Association, Version ("2.6.0"), Description (
"An association that links a PolicyGroup to the System in whose "
"scope the Group is defined.") ]
class CIM_PolicyGroupInSystem : CIM_PolicySetInSystem {
[Override ("Antecedent"), Min (1), Max (1), Description (
"The System in whose scope a PolicyGroup is defined.") ]
CIM_System REF Antecedent;
[Override ("Dependent"), Weak, Description (
"A PolicyGroup named within the scope of a System.") ]
CIM_PolicyGroup REF Dependent;
};
// ==================================================================
// PolicyRuleInSystem
// ==================================================================
[Association, Version ("2.6.0"), Description (
"An association that links a PolicyRule to the System in whose "
"scope the Rule is defined.") ]
class CIM_PolicyRuleInSystem : CIM_PolicySetInSystem {
[Override ("Antecedent"), Min (1), Max (1), Description (
"The System in whose scope a PolicyRule is defined.") ]
CIM_System REF Antecedent;
[Override ("Dependent"), Weak, Description (
"A PolicyRule named within the scope of a System.") ]
CIM_PolicyRule REF Dependent;
};
// ==================================================================
// PolicySetComponent
// ==================================================================
[Association, Aggregation, Version ("2.6.0"), Description (
"PolicySetComponent is a concrete aggregation that collects "
"instances of the subclasses of PolicySet (i.e., PolicyGroups "
"and PolicyRules). Instances are collected in sets that use "
"the same decision strategy. They are prioritized relative to "
"each other, within the set, using the Priority property of "
"this aggregation.\n"
"\n"
"Together, the PolicySet.PolicyDecisionStrategy and PolicySet "
"Component.Priority properties determine the processing for the "
"groups and rules contained in a PolicySet. A larger priority "
"value represents a higher priority. Note that the Priority "
"property MUST have a unique value when compared with others "
"defined for the same aggregating PolicySet. Thus, the "
"evaluation of rules within a set is deterministically "
"specified.") ]
class CIM_PolicySetComponent : CIM_PolicyComponent {
[Aggregate, Override ("GroupComponent"), Description (
"A PolicySet that aggregates other PolicySet instances.") ]
CIM_PolicySet REF GroupComponent;
[Override ("PartComponent"), Description (
"A PolicySet aggregated into a PolicySet.") ]
CIM_PolicySet REF PartComponent;
[Description (
"A non-negative integer for prioritizing this PolicySet "
"component relative to other elements of the same "
"PolicySet. A larger value indicates a higher priority. "
"The Priority property MUST have a unique value when "
"compared with others defined for the same aggregating "
"PolicySet.") ]
uint16 Priority;
};
// ==================================================================
// PolicyGroupInPolicyGroup *** deprecated
// ==================================================================
[Association, Deprecated {"CIM_PolicySetComponent"}, Aggregation,
Version ("2.7.0"), Description (
"PolicySetComponent provides a more general mechanism for "
"aggregating both PolicyGroups and PolicyRules and doing so "
"with the priority value applying only to the aggregated set "
"rather than policy wide.\n"
"\n"
"A relationship that aggregates one or more lower-level "
"PolicyGroups into a higher-level Group. A Policy Group may "
"aggregate PolicyRules and/or other Policy Groups.") ]
class CIM_PolicyGroupInPolicyGroup : CIM_PolicyComponent {
[Deprecated {"CIM_PolicySetComponent.GroupComponent"}, Aggregate,
Override ("GroupComponent"), Description (
"A PolicyGroup that aggregates other Groups.") ]
CIM_PolicyGroup REF GroupComponent;
[Deprecated {"CIM_PolicySetComponent.PartComponent"},
Override ("PartComponent"), Description (
"A PolicyGroup aggregated by another Group.") ]
CIM_PolicyGroup REF PartComponent;
};
// ==================================================================
// PolicyRuleInPolicyGroup *** deprecated
// ==================================================================
[Association, Deprecated {"CIM_PolicySetComponent"}, Aggregation,
Version ("2.7.0"), Description (
"PolicySetComponent provides a more general mechanism for "
"aggregating both PolicyGroups and PolicyRules and doing so "
"with the priority value applying only to the aggregated set "
"rather than policy wide.\n"
"\n"
"A relationship that aggregates one or more PolicyRules into a "
"PolicyGroup. A PolicyGroup may aggregate PolicyRules and/or "
"other PolicyGroups.") ]
class CIM_PolicyRuleInPolicyGroup : CIM_PolicyComponent {
[Deprecated {"CIM_PolicySetComponent.GroupComponent"}, Aggregate,
Override ("GroupComponent"), Description (
"A PolicyGroup that aggregates one or more PolicyRules.") ]
CIM_PolicyGroup REF GroupComponent;
[Deprecated {"CIM_PolicySetComponent.PartComponent"},
Override ("PartComponent"), Description (
"A PolicyRule aggregated by a PolicyGroup.") ]
CIM_PolicyRule REF PartComponent;
};
// ==================================================================
// PolicySetValidityPeriod
// ==================================================================
[Association, Aggregation, Version ("2.7.0"), Description (
"The PolicySetValidityPeriod aggregation represents scheduled "
"activation and deactivation of a PolicySet. A PolicySet is "
"considered \"active\" if it is both \"Enabled\" and in a valid "
"time period.\n"
"\n"
"If a PolicySet is associated with multiple policy time periods "
"via this association, then the Set is in a valid time period "
"if at least one of the time periods evaluates to TRUE. If a "
"PolicySet is contained in another PolicySet via the "
"PolicySetComponent aggregation (e.g., a PolicyRule in a "
"PolicyGroup), then the contained PolicySet (e.g., PolicyRule) "
"is in a valid period if at least one of the aggregate's "
"PolicyTimePeriodCondition instances evaluates to TRUE and at "
"least one of its own PolicyTimePeriodCondition instances also "
"evalutes to TRUE. (In other words, the "
"PolicyTimePeriodConditions are ORed to determine whether the "
"PolicySet is in a valid time period and then ANDed with the "
"ORed PolicyTimePeriodConditions of each of PolicySet instances "
"in the PolicySetComponent hierarchy to determine if the "
"PolicySet is in a valid time period and, if also \"Enabled\", "
"therefore, active, i.e., the hierachy ANDs the ORed "
"PolicyTimePeriodConditions of the elements of the hierarchy.\n"
"\n"
"A Time Period may be aggregated by multiple PolicySets. A Set "
"that does not point to a PolicyTimePeriodCondition via this "
"association, from the point of view of scheduling, is always "
"in a valid time period.") ]
class CIM_PolicySetValidityPeriod : CIM_PolicyComponent {
[Aggregate, Override ("GroupComponent"), Description (
"This property contains the name of a PolicySet that "
"contains one or more PolicyTimePeriodConditions.") ]
CIM_PolicySet REF GroupComponent;
[Override ("PartComponent"), Description (
"This property contains the name of a "
"PolicyTimePeriodCondition defining the valid time periods "
"for one or more PolicySets.") ]
CIM_PolicyTimePeriodCondition REF PartComponent;
};
// ==================================================================
// PolicyRuleValidityPeriod ** deprecated
// ==================================================================
[Association, Deprecated {"CIM_PolicySetValidityPeriod"},
Aggregation, Version ("2.7.0"), Description (
"The PolicyRuleValidityPeriod aggregation represents scheduled "
"activation and deactivation of a PolicyRule. If a PolicyRule "
"is associated with multiple policy time periods via this "
"association, then the Rule is active if at least one of the "
"time periods indicates that it is active. (In other words, "
"the PolicyTimePeriodConditions are ORed to determine whether "
"the Rule is active.) A Time Period may be aggregated by "
"multiple PolicyRules. A Rule that does not point to a "
"PolicyTimePeriodCondition via this association is, from the "
"point of view of scheduling, always active. It may, however, "
"be inactive for other reasons. For example, the Rule's "
"Enabled property may be set to \"disabled\" (value=2).") ]
class CIM_PolicyRuleValidityPeriod : CIM_PolicyComponent {
[Deprecated {"CIM_PolicySetValidityPeriod.GroupComponent"},
Aggregate, Override ("GroupComponent"), Description (
"This property contains the name of a PolicyRule that "
"contains one or more PolicyTimePeriodConditions.") ]
CIM_PolicyRule REF GroupComponent;
[Deprecated {"CIM_PolicySetValidityPeriod.PartComponent"},
Override ("PartComponent"), Description (
"This property contains the name of a "
"PolicyTimePeriodCondition defining the valid time periods "
"for one or more PolicyRules.") ]
CIM_PolicyTimePeriodCondition REF PartComponent;
};
// ==================================================================
// PolicyConditionStructure
// ==================================================================
[Association, Abstract, Aggregation, Version ("2.7.0"),
Description (
"PolicyConditions may be aggregated into rules and into "
"compound conditions. PolicyConditionStructure is the abstract "
"aggregation class for the structuring of policy conditions.\n"
"\n"
"The Conditions aggregated by a PolicyRule or "
"CompoundPolicyCondition are grouped into two levels of lists: "
"either an ORed set of ANDed sets of conditions (DNF, the "
"default) or an ANDed set of ORed sets of conditions (CNF). "
"Individual PolicyConditions in these lists may be negated. "
"The property ConditionListType specifies which of these two "
"grouping schemes applies to a particular PolicyRule or "
"CompoundPolicyCondition instance.\n"
"\n"
"One or more PolicyTimePeriodConditions may be among the "
"conditions associated with a PolicyRule or "
"CompoundPolicyCondition via the PolicyConditionStructure "
"subclass association. In this case, the time periods are "
"simply additional Conditions to be evaluated along with any "
"others that are specified.") ]
class CIM_PolicyConditionStructure : CIM_PolicyComponent {
[Aggregate, Override ("GroupComponent"), Description (
"This property represents the Policy that contains one or "
"more PolicyConditions.") ]
CIM_Policy REF GroupComponent;
[Override ("PartComponent"), Description (
"This property holds the name of a PolicyCondition contained "
"by one or more PolicyRule or CompoundPolicyCondition "
"instances.") ]
CIM_PolicyCondition REF PartComponent;
[Description (
"Unsigned integer indicating the group to which the "
"contained PolicyCondition belongs. This integer segments "
"the Conditions into the ANDed sets (when the "
"ConditionListType is \"DNF\") or, similarly, into the ORed "
"sets (when the ConditionListType is \"CNF\").") ]
uint16 GroupNumber;
[Description (
"Indication of whether the contained PolicyCondition is "
"negated. TRUE indicates that the PolicyCondition IS "
"negated, FALSE indicates that it IS NOT negated.") ]
boolean ConditionNegated;
};
// ==================================================================
// PolicyConditionInPolicyRule
// ==================================================================
[Association, Aggregation, Version ("2.7.0"), Description (
"A PolicyRule aggregates zero or more instances of the "
"PolicyCondition class, via the PolicyConditionInPolicyRule "
"association. A Rule that aggregates zero Conditions is not "
"valid; it may, however, be in the process of being defined. "
"Note that a PolicyRule should have no effect until it is "
"valid.") ]
class CIM_PolicyConditionInPolicyRule : CIM_PolicyConditionStructure {
[Aggregate, Override ("GroupComponent"), Description (
"This property represents the PolicyRule that contains one "
"or more PolicyConditions.") ]
CIM_PolicyRule REF GroupComponent;
[Override ("PartComponent"), Description (
"This property holds the name of a PolicyCondition contained "
"by one or more PolicyRules.") ]
CIM_PolicyCondition REF PartComponent;
};
// ==================================================================
// PolicyConditionInPolicyCondition
// ==================================================================
[Association, Aggregation, Version ("2.7.0"), Description (
"A CompoundPolicyCondition aggregates zero or more instances of "
"the PolicyCondition class, via the "
"PolicyConditionInPolicyCondition association. A "
"CompoundPolicyCondition that aggregates zero Conditions is not "
"valid; it may, however, be in the process of being defined. "
"Note that a CompoundPolicyCondition should have no effect "
"until it is valid.") ]
class CIM_PolicyConditionInPolicyCondition : CIM_PolicyConditionStructure {
[Aggregate, Override ("GroupComponent"), Description (
"This property represents the CompoundPolicyCondition that "
"contains one or more PolicyConditions.") ]
CIM_CompoundPolicyCondition REF GroupComponent;
[Override ("PartComponent"), Description (
"This property holds the name of a PolicyCondition contained "
"by one or more PolicyRules.") ]
CIM_PolicyCondition REF PartComponent;
};
// ==================================================================
// PolicyActionStructure
// ==================================================================
[Association, Abstract, Aggregation, Version ("2.6.0"),
Description (
"PolicyActions may be aggregated into rules and into compound "
"actions. PolicyActionStructure is the abstract aggregation "
"class for the structuring of policy actions.") ]
class CIM_PolicyActionStructure : CIM_PolicyComponent {
[Aggregate, Override ("GroupComponent"), Description (
"PolicyAction instances may be aggregated into either "
"PolicyRule instances or CompoundPolicyAction instances.") ]
CIM_Policy REF GroupComponent;
[Override ("PartComponent"), Description (
"A PolicyAction aggregated by a PolicyRule or "
"CompoundPolicyAction.") ]
CIM_PolicyAction REF PartComponent;
[Description (
"ActionOrder is an unsigned integer 'n' that indicates the "
"relative position of a PolicyAction in the sequence of "
"actions associated with a PolicyRule or "
"CompoundPolicyAction. When 'n' is a positive integer, it "
"indicates a place in the sequence of actions to be "
"performed, with smaller integers indicating earlier "
"positions in the sequence. The special value '0' indicates "
"'don't care'. If two or more PolicyActions have the same "
"non-zero sequence number, they may be performed in any "
"order, but they must all be performed at the appropriate "
"place in the overall action sequence.\n"
"\n"
"A series of examples will make ordering of PolicyActions clearer:\n"
"o If all actions have the same sequence number,\n"
"regardless of whether it is '0' or non-zero, any\n"
"order is acceptable.\n"
"o The values:\n"
"1:ACTION A\n"
"2:ACTION B\n"
"1:ACTION C\n"
"3:ACTION D\n"
"indicate two acceptable orders: A,C,B,D or C,A,B,D,\n"
"since A and C can be performed in either order, but\n"
"only at the '1' position.\n"
"o The values:\n"
"0:ACTION A\n"
"2:ACTION B\n"
"3:ACTION C\n"
"3:ACTION D\n"
"require that B,C, and D occur either as B,C,D or as\n"
"B,D,C. Action A may appear at any point relative to\n"
"B, C, and D. Thus the complete set of acceptable\n"
"orders is: A,B,C,D; B,A,C,D; B,C,A,D; B,C,D,A;\n"
"A,B,D,C; B,A,D,C; B,D,A,C; B,D,C,A.\n"
"\n"
"Note that the non-zero sequence numbers need not start with "
"'1', and they need not be consecutive. All that matters is "
"their relative magnitude.") ]
uint16 ActionOrder;
};
// ==================================================================
// PolicyActionInPolicyRule
// ==================================================================
[Association, Aggregation, Version ("2.6.0"), Description (
"A PolicyRule aggregates zero or more instances of the "
"PolicyAction class, via the PolicyActionInPolicyRule "
"association. A Rule that aggregates zero Actions is not "
"valid--it may, however, be in the process of being entered "
"into a PolicyRepository or being defined for a System. "
"Alternately, the actions of the policy may be explicit in the "
"definition of the PolicyRule. Note that a PolicyRule should "
"have no effect until it is valid.\n"
"\n"
"The Actions associated with a PolicyRule may be given a "
"required order, a recommended order, or no order at all. For "
"Actions represented as separate objects, the "
"PolicyActionInPolicyRule aggregation can be used to express an order.\n"
"\n"
"This aggregation does not indicate whether a specified action "
"order is required, recommended, or of no significance; the "
"property SequencedActions in the aggregating instance of "
"PolicyRule provides this indication.") ]
class CIM_PolicyActionInPolicyRule : CIM_PolicyActionStructure {
[Aggregate, Override ("GroupComponent"), Description (
"This property represents the PolicyRule that contains one "
"or more PolicyActions.") ]
CIM_PolicyRule REF GroupComponent;
[Override ("PartComponent"), Description (
"This property holds the name of a PolicyAction contained by "
"one or more PolicyRules.") ]
CIM_PolicyAction REF PartComponent;
};
// ==================================================================
// PolicyActionInPolicyAction
// ==================================================================
[Association, Aggregation, Version ("2.6.0"), Description (
"PolicyActionInPolicyAction is used to represent the "
"compounding of policy actions into a higher-level policy "
"action.") ]
class CIM_PolicyActionInPolicyAction : CIM_PolicyActionStructure {
[Aggregate, Override ("GroupComponent"), Description (
"This property represents the CompoundPolicyAction that "
"contains one or more PolicyActions.") ]
CIM_CompoundPolicyAction REF GroupComponent;
[Override ("PartComponent"), Description (
"This property holds the name of a PolicyAction contained by "
"one or more CompoundPolicyActions.") ]
CIM_PolicyAction REF PartComponent;
};
// ==================================================================
// PolicyContainerInPolicyContainer
// ==================================================================
[Association, Aggregation, Version ("2.6.0"), Description (
"A relationship that aggregates one or more lower-level "
"ReusablePolicyContainer instances into a higher-level "
"ReusablePolicyContainer.") ]
class CIM_PolicyContainerInPolicyContainer: CIM_SystemComponent {
[Aggregate, Override ("GroupComponent"), Description (
"A ReusablePolicyContainer that aggregates other "
"ReusablePolicyContainers.") ]
CIM_ReusablePolicyContainer REF GroupComponent;
[Override ("PartComponent"), Description (
"A ReusablePolicyContainer aggregated by another "
"ReusablePolicyContainer.") ]
CIM_ReusablePolicyContainer REF PartComponent;
};
// ==================================================================
// PolicyRepositoryInPolicyRepository *** deprecated
// ==================================================================
[Association, Deprecated {"CIM_PolicyContainerInPolicyContainer"},
Aggregation, Version ("2.7.0"), Description (
"The term 'PolicyRepository' has been confusing to both "
"developers and users of the model. The replacement class name "
"describes model element properly and is less likely to be "
"confused with a data repository. ContainedDomain is a general "
"purpose mechanism for expressing domain hierarchy.\n"
"\n"
"A relationship that aggregates one or more lower-level "
"PolicyRepositories into a higher-level Repository.") ]
class CIM_PolicyRepositoryInPolicyRepository : CIM_SystemComponent {
[Deprecated
{"CIM_PolicyContainerInPolicyContainer.GroupComponent"},
Aggregate, Override ("GroupComponent"), Description (
"A PolicyRepository that aggregates other Repositories.") ]
CIM_PolicyRepository REF GroupComponent;
[Deprecated
{"CIM_PolicyContainerInPolicyContainer.PartComponent"},
Override ("PartComponent"), Description (
"A PolicyRepository aggregated by another Repository.") ]
CIM_PolicyRepository REF PartComponent;
};
// ==================================================================
// ReusablePolicy
// ==================================================================
[Association, Version ("2.6.0"), Description (
"The ReusablePolicy association provides for the reuse of any "
"subclass of Policy in a ReusablePolicyContainer.") ]
class CIM_ReusablePolicy : CIM_PolicyInSystem {
[Override ("Antecedent"), Max (1), Description (
"This property identifies a ReusablePolicyContainer that "
"provides the administrative scope for the reuse of the "
"referenced policy element.") ]
CIM_ReusablePolicyContainer REF Antecedent;
[Override ("Dependent"), Description (
"A reusable policy element.") ]
CIM_Policy REF Dependent;
};
// ==================================================================
// ElementInPolicyRoleCollection
// ==================================================================
[Association, Aggregation, Version ("2.7.1000"), Description (
"An ElementInPolicyRoleCollection aggregates zero or more "
"ManagedElement subclass instances into a PolicyRoleCollection "
"object, representing a role played by these ManagedElements. "
"This Collection indicates that the aggregated PolicySets "
"(aggregated by PolicySetInRoleCollection) MAY BE applied to "
"the referenced elements. To indicate that the PolicySets ARE "
"being enforced for the element, use the "
"PolicySetAppliesToElement association.") ]
class CIM_ElementInPolicyRoleCollection : CIM_MemberOfCollection {
[Aggregate, Override ("Collection"), Description (
"The PolicyRoleCollection.") ]
CIM_PolicyRoleCollection REF Collection;
[Override ("Member"), Description (
"The ManagedElement that plays the role represented by the "
"PolicyRoleCollection.") ]
CIM_ManagedElement REF Member;
};
// ==================================================================
// PolicyRoleCollectionInSystem
// ==================================================================
[Association, Version ("2.7.0"), Description (
"PolicyRoleCollectionInSystem is an association used to "
"establish a relationship between a collection and an 'owning' "
"System such as an AdminDomain or ComputerSystem.") ]
class CIM_PolicyRoleCollectionInSystem: CIM_HostedCollection {
[Override ("Antecedent"), Min (1), Max (1), Description (
"The parent system responsible for the collection.") ]
CIM_System REF Antecedent;
[Override ("Dependent"), Description (
"The Collection.") ]
CIM_PolicyRoleCollection REF Dependent;
};
// ==================================================================
// PolicyConditionInPolicyRepository *** deprecated
// ==================================================================
[Association, Deprecated {"CIM_ReusablePolicy"}, Version ("2.7.0"),
Description (
"The ReusablePolicy association is a more general relationship "
"that incorporates both Conditions and Actions as well as any "
"other policy subclass.\n"
"\n"
"A class representing the hosting of reusable PolicyConditions "
"by a PolicyRepository. A reusable Policy Condition is always "
"related to a single PolicyRepository, via this association.\n"
"\n"
"Note, that an instance of PolicyCondition can be either "
"reusable or rule-specific. When the Condition is rule- "
"specific, it shall not be related to any PolicyRepository via "
"the PolicyConditionInPolicyRepository association.") ]
class CIM_PolicyConditionInPolicyRepository : CIM_PolicyInSystem {
[Deprecated {"CIM_ReusablePolicy.Antecedent"},
Override ("Antecedent"), Max (1), Description (
"This property identifies a PolicyRepository hosting one or "
"more PolicyConditions. A reusable PolicyCondition is "
"always related to exactly one PolicyRepository via the "
"PolicyConditionInPolicyRepository association. The [0..1] "
"cardinality for this property covers the two types of "
"PolicyConditions: 0 for a rule-specific PolicyCondition, 1 "
"for a reusable one.") ]
CIM_PolicyRepository REF Antecedent;
[Deprecated {"CIM_ReusablePolicy.Dependent"},
Override ("Dependent"), Description (
"This property holds the name of a PolicyCondition hosted in "
"the PolicyRepository.") ]
CIM_PolicyCondition REF Dependent;
};
// ==================================================================
// PolicyActionInPolicyRepository *** deprecated
// ==================================================================
[Association, Deprecated {"CIM_ReusablePolicy"}, Version ("2.7.0"),
Description (
"The ReusablePolicy association is a more general relationship "
"that incorporates both Conditions and Actions as well as any "
"other policy subclass.\n"
"\n"
"A class representing the hosting of reusable PolicyActions by "
"a PolicyRepository. A reusable Policy Action is always "
"related to a single PolicyRepository, via this association.\n"
"\n"
"Note, that an instance of PolicyAction can be either reusable "
"or rule-specific. When the Action is rule- specific, it shall "
"not be related to any PolicyRepository via the "
"PolicyActionInPolicyRepository association.") ]
class CIM_PolicyActionInPolicyRepository : CIM_PolicyInSystem {
[Deprecated {"CIM_ReusablePolicy.Antecedent"},
Override ("Antecedent"), Max (1), Description (
"This property represents a PolicyRepository hosting one or "
"more PolicyActions. A reusable PolicyAction is always "
"related to exactly one PolicyRepository via the "
"PolicyActionInPolicyRepository association. The [0..1] "
"cardinality for this property covers the two types of "
"PolicyActions: 0 for a rule-specific PolicyAction, 1 for a "
"reusable one.") ]
CIM_PolicyRepository REF Antecedent;
[Deprecated {"CIM_ReusablePolicy.Dependent"},
Override ("Dependent"), Description (
"This property holds the name of a PolicyAction hosted in "
"the PolicyRepository.") ]
CIM_PolicyAction REF Dependent;
};
// ==================================================================
// PolicySetInRoleCollection
// ==================================================================
[Association, Experimental, Aggregation, Version ("2.7.1000"),
Description (
"PolicySetInRoleCollection aggregates zero or more PolicyRules "
"and PolicyGroups (i.e., the subclasses of PolicySet) into a "
"PolicyRoleCollection object, representing a role "
"supported/enforced by the PolicySet.") ]
class CIM_PolicySetInRoleCollection : CIM_MemberOfCollection {
[Aggregate, Override ("Collection"), Description (
"The PolicyRoleCollection.") ]
CIM_PolicyRoleCollection REF Collection;
[Override ("Member"), Description (
"The PolicySet that supports/enforces the PolicyRole for the "
"elements in the PolicyRoleCollection.") ]
CIM_PolicySet REF Member;
};
// ==================================================================
// PolicySetAppliesToElement
// ==================================================================
[Association, Experimental, Version ("2.7.1000"), Description (
"PolicySetAppliesToElement makes explicit which PolicySets "
"(i.e., policy rules and groups of rules) ARE CURRENTLY applied "
"to a particular Element. This association indicates that the "
"PolicySets that are appropriate for a ManagedElement "
"(specified using the PolicyRoleCollection aggregation) have "
"actually been deployed in the policy management "
"infrastructure. Note that if the named Element refers to a "
"Collection, then the PolicySet is assumed to be applied to all "
"the members of the Collection.") ]
class CIM_PolicySetAppliesToElement {
[Key, Description (
"The PolicyRules and/or groups of rules that are currently "
"applied to an Element.") ]
CIM_PolicySet REF PolicySet;
[Key, Description (
"The ManagedElement to which the PolicySet applies.") ]
CIM_ManagedElement REF ManagedElement;
};
// ==================================================================
// FilterOfPacketCondition
// ==================================================================
[Association, Experimental, Version ("2.7.1000"), Description (
"FilterOfPacketCondition associates a network traffic "
"specification (i.e., a FilterList) with a PolicyRule's "
"PacketFilterCondition."),
MappingStrings {"IPSP Policy Model.IETF|FilterOfSACondition"} ]
class CIM_FilterOfPacketCondition : CIM_Dependency {
[Override ("Antecedent"), Min (1), Max (1), Description (
"A FilterList describes the traffic selected by the "
"PacketFilterCondition. A PacketFilterCondition is "
"associated with one and only one FilterList, but that "
"filter list may aggregate many filter entries."),
MappingStrings { "IPSP Policy "
"Model.IETF|FilterOfSACondition.Antecedent"} ]
CIM_FilterList REF Antecedent;
[Override ("Dependent"), Description (
"The PacketFilterCondition that uses the FilterList as part "
"of a PolicyRule."),
MappingStrings { "IPSP Policy "
"Model.IETF|FilterOfSACondition.Dependent"} ]
CIM_PacketFilterCondition REF Dependent;
};
// ==================================================================
// AcceptCredentialFrom
// ==================================================================
[Association, Experimental, Version ("2.7.1000"), Description (
"This association specifies that a credential management "
"service (e.g., CertificateAuthority or Kerberos key "
"distribution service) is to be trusted to certify credentials, "
"presented at the packet level. The association defines an "
"'approved' CredentialManagementService that is used for validation.\n"
"\n"
"The use of this class is best explained via an example:\n"
"If a CertificateAuthority is specified using this association, "
"and a corresponding X509CredentialFilterEntry is also "
"associated with a PacketFilterCondition (via the relationship, "
"FilterOfPacketCondition), then the credential MUST match the "
"FilterEntry data AND be certified by that CA (or one of the "
"CredentialManagementServices in its trust hierarchy). "
"Otherwise, the X509CredentialFilterEntry is deemed not to "
"match. If a credential is certified by a "
"CredentialManagementService associated with the "
"PacketFilterCondition through the AcceptCredentialFrom "
"relationship, but there is no corresponding "
"CredentialFilterEntry, then all credentials from the related "
"service are considered to match."),
MappingStrings {"IPSP Policy Model.IETF|AcceptCredentialFrom"} ]
class CIM_AcceptCredentialFrom : CIM_Dependency {
[Override ("Antecedent"), Description (
"The CredentialManagementService that is issuing the "
"credential to be matched in the PacketFilterCondition."),
MappingStrings { "IPSP Policy "
"Model.IETF|AcceptCredentialFrom.Antecedent"} ]
CIM_CredentialManagementService REF Antecedent;
[Override ("Dependent"), Description (
"The PacketFilterCondition that associates the "
"CredentialManagementService and any "
"FilterLists/FilterEntries."),
MappingStrings { "IPSP Policy "
"Model.IETF|AcceptCredentialFrom.Dependent"} ]
CIM_PacketFilterCondition REF Dependent;
};
// ===================================================================
// end of file
// ===================================================================
| No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |