1 tony 1.1 // ===================================================================
2 // Title: User-Security Accounts 2.8
3 // Filename: User28_Account.mof
4 // Version: 2.8
5 // Status: Preliminary
6 // Date: 05/29/2003
7 // ===================================================================
8 // Copyright 2000-2003 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 tony 1.1 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 tony 1.1 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the concepts and classes related to
47 // Accounts.
48 //
49 // The object classes below are listed in an order that
50 // avoids forward references. Required objects, defined
51 // by other working groups, are omitted.
52 // ===================================================================
53 // Change Log for v2.8 Preliminary
54 // CR1013 - Relate the Account class with Identity
55 // Change account description.
56 // Add AccountIdentity
57 // Deprecate: UsersAccount
58 //
59 // Change Log for v2.7 - None
60 // ===================================================================
61
62 #pragma Locale ("en_US")
63
64 tony 1.1
65 // ==================================================================
66 // Account
67 // ==================================================================
68 [Version ("2.7.1000"), Description (
69 "CIM_Account is the information held by a SecurityService to "
70 "track identity and privileges managed by that service. Common "
71 "examples of an Account are the entries in a UNIX /etc/passwd "
72 "file. Several kinds of security services use various "
73 "information from those entries - the /bin/login program uses "
74 "the account name ('root') and hashed password to authenticate "
75 "users, and the file service, for instance, uses the UserID "
76 "field ('0') and GroupID field ('0') to record ownership and "
77 "determine access control privileges on files in the file "
78 "system. This class is defined so as to incorporate "
79 "commonly-used LDAP attributes to permit implementations to "
80 "easily derive this information from LDAP-accessible "
81 "directories.\n"
82 "\n"
83 "The semantics of Account overlap with that of the class, "
84 "CIM_Identity. However, aspects of Account - such as its "
85 tony 1.1 "specific tie to a System - are valuable and have been widely "
86 "implemented. For this reason, the Account and Identity "
87 "classes are associated using a subclass of LogicalIdentity "
88 "(AccountIdentity), instead of deprecating the Account class in "
89 "the CIM Schema. When an Account has been authenticated, the "
90 "corresponding Identity's TrustEstablished Boolean would be set "
91 "to TRUE. Then, the Identity class can be used as defined for "
92 "authorization purposes.") ]
93 class CIM_Account : CIM_LogicalElement {
94
95 [Key, Propagated ("CIM_System.CreationClassName"), Description (
96 "The scoping System's CCN."),
97 MaxLen (256) ]
98 string SystemCreationClassName;
99
100 [Key, Propagated ("CIM_System.Name"), Description (
101 "The scoping System's Name."),
102 MaxLen (256) ]
103 string SystemName;
104
105 [Key, Description (
106 tony 1.1 "CreationClassName indicates the name of the class or the "
107 "subclass used in the creation of an instance. When used "
108 "with the other key properties of this class, this property "
109 "allows all instances of this class and its subclasses to be "
110 "uniquely identified."),
111 MaxLen (256) ]
112 string CreationClassName;
113
114 [Key, Override ("Name"), Description (
115 "The Name property defines the label by which the object is "
116 "known. The value of this property may be set to be the "
117 "same as that of the UserID property or, in the case of an "
118 "LDAP-derived instance, the Name property value may be set "
119 "to the distinguishedName of the LDAP-accessed object "
120 "instance."),
121 MaxLen (1024) ]
122 string Name;
123
124 [Description (
125 "UserID is the value used by the SecurityService to "
126 "represent identity. For an authentication service, the "
127 tony 1.1 "UserID may be the name of the user, or for an authorization "
128 "service the value which serves as a handle to a mapping of "
129 "the identity."),
130 MaxLen (256) ]
131 string UserID;
132
133 [Description (
134 "In the case of an LDAP-derived instance, the ObjectClass "
135 "property value(s) may be set to the objectClass attribute "
136 "values.") ]
137 string ObjectClass[];
138
139 [Description (
140 "The Descriptions property values may contain human-readable "
141 "descriptions of the object. In the case of an LDAP-derived "
142 "instance, the description attribute may have multiple "
143 "values that, therefore, cannot be placed in the inherited "
144 "Description property."),
145 MaxLen (1024) ]
146 string Descriptions[];
147
148 tony 1.1 [Description (
149 "Based on RFC1274, the host name of the system(s) for which "
150 "the account applies. The host name may be a "
151 "fully-qualified DNS name or it may be an unqualified host "
152 "name.") ]
153 string Host[];
154
155 [Description (
156 "This property contains the name of a locality, such as a "
157 "city, county or other geographic region.") ]
158 string LocalityName[];
159
160 [Required, Description (
161 "The name of the organization related to the account.") ]
162 string OrganizationName[];
163
164 [Description (
165 "The name of an organizational unit related to the account.") ]
166 string OU[];
167
168 [Description (
169 tony 1.1 "In the case of an LDAP-derived instance, the See Also "
170 "property specifies distinguishedName of other Directory "
171 "objects which may be other aspects (in some sense) of the "
172 "same real world object.") ]
173 string SeeAlso[];
174
175 [Description (
176 "Based on inetOrgPerson and for directory compatibility, the "
177 "User Certificate property may be used to specify a public "
178 "key certificate for the person."),
179 OctetString ]
180 string UserCertificate[];
181
182 [Description (
183 "In the case of an LDAP-derived instance, the UserPassword "
184 "property may contain an encrypted password used to access "
185 "the person's resources in a directory."),
186 OctetString ]
187 string UserPassword[];
188 };
189
190 tony 1.1 // ==================================================================
191 // AccountIdentity
192 // ==================================================================
193 [Association, Version ("2.7.1000"), Description (
194 "CIM_AccountIdentity relates a system Account with the Identity "
195 "that is established. Since Account also carries Identity "
196 "semantics, the LogicalIdentity association is defined as the "
197 "superclass of this association.") ]
198 class CIM_AccountIdentity : CIM_LogicalIdentity {
199
200 [Override ("SystemElement"), Description (
201 "The Account that establishes Identity.") ]
202 CIM_Account REF SystemElement;
203
204 [Override ("SameElement"), Description (
205 "The Identity established by the Account.") ]
206 CIM_Identity REF SameElement;
207 };
208
209 // ===================================================================
210 // AccountOnSystem
211 tony 1.1 // ===================================================================
212 [Association, Aggregation, Version ("2.6.0"), Description (
213 "A system (e.g., ApplicationSystem, ComputerSystem, "
214 "AdminDomain) aggregates Accounts and scopes the uniqueness of "
215 "the Account names (i.e., userids).") ]
216 class CIM_AccountOnSystem : CIM_SystemComponent {
217
218 [Aggregate, Override ("GroupComponent"), Min (1), Max (1),
219 Description (
220 "The aggregating system also provides name scoping for the "
221 "Account.") ]
222 CIM_System REF GroupComponent;
223
224 [Override ("PartComponent"), Weak, Description (
225 "The subordinate Account.") ]
226 CIM_Account REF PartComponent;
227 };
228
229
230 // ===================================================================
231 // UsersAccount
232 tony 1.1 // ===================================================================
233 [Association, Deprecated {"CIM_AccountIdentity"},
234 Version ("2.7.1000"), Description (
235 "This relationship associates UsersAccess with the Accounts "
236 "with which they're able to interact. This association is "
237 "deprecated in lieu of AccountIdentity, which defines similar "
238 "semantics. This was done since the UsersAccess reference in "
239 "UsersAccount has been deprecated and replaced by the more "
240 "specific semantics of CIM_Identity.") ]
241 class CIM_UsersAccount : CIM_Dependency {
242
243 [Deprecated {"CIM_AccountIdentity.SystemElement"},
244 Override ("Antecedent"), Description (
245 "The user's Account.") ]
246 CIM_Account REF Antecedent;
247
248 [Deprecated {"CIM_AccountIdentity.SameElement"},
249 Override ("Dependent"), Description (
250 "The User as identified by their UsersAccess instance.") ]
251 CIM_UsersAccess REF Dependent;
252 };
253 tony 1.1
254 // ===================================================================
255 // AccountMapsToAccount
256 // ===================================================================
257 [Association, Version ("2.6.0"), Description (
258 "This relationship may be used to associate an Account used by "
259 "an AuthenticationService to an Account used for "
260 "Authorization. For instance, this mapping occurs naturally in "
261 "the UNIX /etc/passwd file, where the AuthenticationSerice "
262 "Account ('root') is mapped to the AuthorizationService Account "
263 "('0'). The two are separate accounts, as evidenced by the "
264 "ability to have another AuthenticationService Account which "
265 "ALSO maps to the AuthorizationService Account ('0') without "
266 "ambiguity. This association may be used for other account "
267 "mappings as well such as for coordinating single signon for "
268 "multiple accounts for the same user.") ]
269 class CIM_AccountMapsToAccount : CIM_Dependency {
270
271 [Override ("Antecedent"), Description (
272 "An Account.") ]
273 CIM_Account REF Antecedent;
274 tony 1.1
275 [Override ("Dependent"), Description (
276 "A related Account.") ]
277 CIM_Account REF Dependent;
278 };
279
280
281 // ===================================================================
282 // SecurityServiceUsesAccount
283 // ===================================================================
284 [Association, Version ("2.6.0"), Description (
285 "This relationship associates SecurityService instances to the "
286 "Accounts they use in the course of their work.") ]
287 class CIM_SecurityServiceUsesAccount : CIM_Dependency {
288
289 [Override ("Antecedent") ]
290 CIM_Account REF Antecedent;
291
292 [Override ("Dependent") ]
293 CIM_SecurityService REF Dependent;
294 };
295 tony 1.1
296
297 // ==================================================================
298 // AccountManagementService
299 // ==================================================================
300 [Version ("2.6.0"), Description (
301 "CIM_AccountManagementService creates, manages, and if "
302 "necessary destroys Accounts on behalf of other "
303 "SecuritySerices.") ]
304 class CIM_AccountManagementService : CIM_SecurityService {
305 };
306
307
308 // ===================================================================
309 // ManagesAccount
310 // ===================================================================
311 [Association, Version ("2.6.0"), Description (
312 "This relationship associates the AccountManagement security "
313 "service to the Accounts for which it is responsible.") ]
314 class CIM_ManagesAccount : CIM_Dependency {
315
316 tony 1.1 [Override ("Antecedent") ]
317 CIM_AccountManagementService REF Antecedent;
318
319 [Override ("Dependent") ]
320 CIM_Account REF Dependent;
321 };
322
323
324 // ===================================================================
325 // ManagesAccountOnSystem
326 // ===================================================================
327 [Association, Version ("2.6.0"), Description (
328 "The CIM_ManagesAccountOnSystem provides the association "
329 "between a System and the AccountManagementService that manages "
330 "accounts for that system.") ]
331 class CIM_ManagesAccountOnSystem : CIM_SecurityServiceForSystem {
332
333 [Override ("Antecedent"), Description (
334 "An AccountManagementService that manages accounts for the "
335 "system.") ]
336 CIM_AccountManagementService REF Antecedent;
337 tony 1.1
338 [Override ("Dependent"), Description (
339 "The system that is dependent on the "
340 "AccountManagementService.") ]
341 CIM_System REF Dependent;
342 };
343
344
345 // ===================================================================
346 // end of file
347 // ===================================================================
|