1 tony 1.1 // ===================================================================
2 // Title: User-Security Access Control 2.8
3 // Filename: User28_AccessControl.mof
4 // Version: 2.8
5 // Status: Preliminary
6 // Date: 05/29/2003
7 // ===================================================================
8 // Copyright 2000-2003 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 tony 1.1 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 tony 1.1 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the concepts and classes for
47 // access control.
48 //
49 // The object classes below are listed in an order that
50 // avoids forward references. Required objects, defined
51 // by other working groups, are omitted.
52 // ===================================================================
53 // Change Log for v2.8 Preliminary (Company Review)
54 // CR1128 - Change subclassing of HostedACI from Dependency to
55 // HostedDependency.
56 // Change Log for v2.8 Preliminary
57 // CR1011 - Deprecate AccessControlInformation,HostedACI,
58 // AuthorizedUse,
59 // AuthorizationTarget,AuthorizationSubject
60 //
61 // Change Log for v2.7 - None
62 // ===================================================================
63
64 tony 1.1 #pragma Locale ("en_US")
65
66
67 // ==================================================================
68 // AccessControlInformation
69 // ==================================================================
70 [Deprecated {"CIM_Privilege", "CIM_SecuritySensitivity"},
71 Version ("2.7.1000"), Description (
72 "CIM_AccessControlInformation provides, through its properties "
73 "and its associations, the specification of the access rights "
74 "granted to a set of subject users to a set of target "
75 "resources. The AccessControlInformation class is weak to the "
76 "system (e.g., Computer System or Administrative Domain) for "
77 "which the access controls apply.\n"
78 "\n"
79 "This class is deprecated in lieu of two others, Privilege "
80 "(defining specific access details) and SecuritySensitivity "
81 "(defining individual security levels). The reasons for this "
82 "are: 1. More specific access details are defined in "
83 "Privilege; and, 2. SecuritySensitivity allows security levels "
84 "to be applied to other elements than access control "
85 tony 1.1 "information.") ]
86 class CIM_AccessControlInformation : CIM_LogicalElement {
87
88 [Deprecated {"No value"}, Key,
89 Propagated ("CIM_System.CreationClassName"), Description (
90 "Hosting system creation class name."),
91 MaxLen (256) ]
92 string SystemCreationClassName;
93
94 [Deprecated {"No value"}, Key, Propagated ("CIM_System.Name"),
95 Description (
96 "Hosting system name."),
97 MaxLen (256) ]
98 string SystemName;
99
100 [Deprecated {"No value"}, Key, Description (
101 "CreationClassName indicates the name of the class or the "
102 "subclass used in the creation of an instance. When used "
103 "with the other key properties of this class, this property "
104 "allows all instances of this class and its subclasses to be "
105 "uniquely identified."),
106 tony 1.1 MaxLen (256) ]
107 string CreationClassName;
108
109 [Deprecated {"CIM_Privilege.InstanceID"}, Key, Override ("Name"),
110 Description (
111 "The Name property defines the unique label, in the context "
112 "of the hosting system, by which the "
113 "AccessControlInformation is known."),
114 MaxLen (256) ]
115 string Name;
116
117 [Deprecated {"CIM_SecuritySensitivity.SecurityLevel"},
118 Description (
119 "The SecurityClassification property specifies a named level "
120 "of security associated with the AccessControlInformation, "
121 "e.g., 'Confidential', 'Top Secret', etc.") ]
122 string SecurityClassification;
123
124 [Deprecated {"CIM_Privilege.Activities"}, Description (
125 "The AccessType property is an array of string values that "
126 "specifies the type of access for which the corresponding "
127 tony 1.1 "permission applies. For example, it can be used to specify "
128 "a generic access such as 'Read-only', 'Read/Write', etc. "
129 "for file or record access control or it can be used to "
130 "specifiy an entry point name for service access control."),
131 ModelCorrespondence {
132 "CIM_AccessControlInformation.AccessQualifier",
133 "CIM_AccessControlInformation.Permission"} ]
134 string AccessType[];
135
136 [Deprecated {"CIM_Privilege.ActivityQualifiers"}, Description (
137 "The AccessQualifier property is an array of string values "
138 "may be used to further qualify the type of access for which "
139 "the corresponding permission applies. For example, it may "
140 "be used to specify a set of parameters that are permitted "
141 "or denied in conjunction with the corresponding AccessType "
142 "entry point name."),
143 ModelCorrespondence { "CIM_AccessControlInformation.AccessType",
144 "CIM_AccessControlInformation.Permission"} ]
145 string AccessQualifier[];
146
147 [Deprecated {"CIM_AuthorizedSubject.PrivilegeGranted"},
148 tony 1.1 Description (
149 "The Permission property is an array of string values "
150 "indicating the permission that applies to the corresponding "
151 "AccessType and AccessQualifier array values. The values "
152 "may be extended in subclasses to provide more specific "
153 "access controls."),
154 ValueMap {"Unknown", "Allow", "Deny", "Manage"},
155 ModelCorrespondence { "CIM_AccessControlInformation.AccessType",
156 "CIM_AccessControlInformation.AccessQualifier"} ]
157 string Permission[];
158 };
159
160
161
162 // ==================================================================
163 // HostedACI
164 // ==================================================================
165 [Association, Deprecated {"No value"}, Version ("2.7.1000"),
166 Description (
167 "CIM_HostedACI is an association used to provide the namespace "
168 "scoping of AccessControlInformation. Since the referenced "
169 tony 1.1 "class, AccessControlInformation, is deprecated, this Weak "
170 "association is similarly deprecated. Also, although "
171 "Privileges/ access control can be defined in the context of a "
172 "System, this is not a mandatory association nor does it "
173 "provide any additional semantics for the Privilege. "
174 "Therefore, HostedACI is deprecated with no replacement "
175 "association.") ]
176 class CIM_HostedACI : CIM_HostedDependency {
177
178 [Deprecated {"No value"}, Override ("Antecedent"), Min (1),
179 Max (1), Description (
180 "The hosting system.") ]
181 CIM_System REF Antecedent;
182
183 [Deprecated {"No value"}, Override ("Dependent"), Weak,
184 Description (
185 "The hosted AccessControlInformation.") ]
186 CIM_AccessControlInformation REF Dependent;
187 };
188
189
190 tony 1.1 // ==================================================================
191 // AuthorizedUse
192 // ==================================================================
193 [Association, Deprecated {"No value"}, Version ("2.6.0"),
194 Description (
195 "CIM_AuthorizedUse is an association used to provide an "
196 "AuthorizationService with the AccessControlInformation it "
197 "needs to do its job. This association is deprecated with no "
198 "proposed replacement, since authorization processing will be "
199 "handled via policy or static checking of Privileges.") ]
200 class CIM_AuthorizedUse : CIM_Dependency {
201
202 [Deprecated {"No value"}, Override ("Antecedent"), Description (
203 "Access Control Information.") ]
204 CIM_AccessControlInformation REF Antecedent;
205
206 [Deprecated {"No value"}, Override ("Dependent"), Description (
207 "AuthorizationService that uses an ACI.") ]
208 CIM_AuthorizationService REF Dependent;
209 };
210
211 tony 1.1
212 // ==================================================================
213 // AuthorizationSubject
214 // ==================================================================
215 [Association, Deprecated {"CIM_AuthorizedSubject"},
216 Version ("2.7.1000"), Description (
217 "CIM_AuthorizationSubject is an association used to apply "
218 "authorization decisions to specific subjects (i.e., users). "
219 "This association is deprecated in lieu of a semantically "
220 "equivalent one, AuthorizedSubject, since one of the referenced "
221 "classes (AccessControlInformation) has been deprecated.") ]
222 class CIM_AuthorizationSubject : CIM_Dependency {
223
224 [Deprecated {"CIM_AuthorizedSubject.Privilege"},
225 Override ("Antecedent"), Description (
226 "AccessControlInformation that applies to a subject set.") ]
227 CIM_AccessControlInformation REF Antecedent;
228
229 [Deprecated {"CIM_AuthorizedSubject.PrivilegedElement"},
230 Override ("Dependent"), Description (
231 "The subject set may be specified as a collection or as a "
232 tony 1.1 "set of associations to ManagedElements that represent "
233 "users.") ]
234 CIM_ManagedElement REF Dependent;
235 };
236
237
238 // ==================================================================
239 // AuthorizationTarget
240 // ==================================================================
241 [Association, Deprecated {"CIM_AuthorizedTarget"},
242 Version ("2.7.1000"), Description (
243 "CIM_AuthorizationTarget is an association used to apply "
244 "authorization decisions to specific target resources. The "
245 "target resources may be aggregated into a collection or may be "
246 "represented as a set of associations to ManagedElements. This "
247 "association is deprecated in lieu of a semantically equivalent "
248 "one, AuthorizedTarget, since one of the referenced classes "
249 "(AccessControlInformation) has been deprecated.") ]
250 class CIM_AuthorizationTarget : CIM_Dependency {
251
252 [Deprecated {"CIM_AuthorizedTarget.Privilege"},
253 tony 1.1 Override ("Antecedent"), Description (
254 "AccessControlInformation that applies to the target set.") ]
255 CIM_AccessControlInformation REF Antecedent;
256
257 [Deprecated {"CIM_AuthorizedTarget.TargetElement"},
258 Override ("Dependent"), Description (
259 "The target set of resources may be specified as a "
260 "collection or as a set of associations to ManagedElements "
261 "that represent target resources.") ]
262 CIM_ManagedElement REF Dependent;
263 };
264
265
266 // ===================================================================
267 // end of file
268 // ===================================================================
|