1 tony 1.1 // ===================================================================
2 // Title: User-Security Authentication Requirements 2.8
3 // Filename: User28_AuthenticationReqmt.mof
4 // Version: 2.8
5 // Status: Preliminary
6 // Date: 07/29/2003
7 // ===================================================================
8 // Copyright 2000-2003 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 tony 1.1 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 tony 1.1 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the concepts and classes related to
47 // requirements for authentication.
48 //
49 // The object classes below are listed in an order that
50 // avoids forward references. Required objects, defined
51 // by other working groups, are omitted.
52 // ===================================================================
53 // Change Log for v2.8 Preliminary (Company Review)
54 // CR1107 - Deprecated:
55 // AuthenticationRequirement
56 // HostedAuthenticationRequirement
57 // AuthenticatedForUse
58 // RequireCredentialFrom
59 // AuthenticationTarget
60 // CR1128 - Change subclassing of HostedAuthenticationRequirement
61 // from Dependency to HostedDependency.
62 //
63 // Change Log for v2.8 Preliminary - None
64 tony 1.1 //
65 // Change Log for v2.7 - None
66 // ===================================================================
67
68 #pragma Locale ("en_US")
69
70 // ==================================================================
71 // AuthenticationRequirement
72 // ==================================================================
73 [Deprecated {"CIM_AuthenticationCondition","CIM_AuthenticationRule",
74 "CIM_SecuritySensitivity"}, Version ("2.7.1000"), Description (
75 "CIM_AuthenticationRequirement provides, through its "
76 "associations, the authentication requirements for accessto "
77 "system resources. For a particularset of target resources, "
78 "the AuthenticationService may require that credentialsbe "
79 "issued by a specific CredentialManagementService. The "
80 "AuthenticationRequirement class is weak to the system(e.g., "
81 "ComputerSystem or Administrative Domain) for which the "
82 "requirements apply.\n"
83 "\n"
84 "Note that this class was defined before the Policy "
85 tony 1.1 "Modelexisted, and is deprecated in lieuof authentication "
86 "policy - specifically, the AuthenticationConditionand "
87 "AuthenticationRule classes. In the updated design, "
88 "AuthenticationConditiondescribes the specific combinations "
89 "ofcredentials (or alternative credentials) that are required "
90 "in order to authenticatean Identity. This allows a "
91 "moreexplicit and flexible description of authentication "
92 "requirements.Also, the definition of 'security classification' "
93 "as a property of this class was problematic - since itcould "
94 "not be assigned to an element in a straightforwardfashion. To "
95 "correct this issue, the SecuritySensitivityclass (and its "
96 "association, ElementSecuritySensitivity) are defined.") ]
97 class CIM_AuthenticationRequirement : CIM_LogicalElement {
98
99 [Deprecated {"CIM_AuthenticationRule.SystemCreationClassName"},
100 Key, Propagated ("CIM_System.CreationClassName"), Description (
101 "Hosting systemcreation class name."),
102 MaxLen (256) ]
103 string SystemCreationClassName;
104
105 [Deprecated {"CIM_AuthenticationRule.SystemName"}, Key,
106 tony 1.1 Propagated ("CIM_System.Name"), Description (
107 "Hosting system name."),
108 MaxLen (256) ]
109 string SystemName;
110
111 [Deprecated {"CIM_AuthenticationRule.CreationClassName"}, Key,
112 Description (
113 "CreationClassName indicates the nameof the class or the "
114 "subclass used in the creation of an instance.When used with "
115 "the other key properties of thisclass, this property allows "
116 "all instances of this class andits subclasses to be "
117 "uniquely identified."),
118 MaxLen (256) ]
119 string CreationClassName;
120
121 [Deprecated {"CIM_AuthenticationRule.PolicyRuleName"}, Key,
122 Override ("Name"), Description (
123 "The Name property defines the unique label, in the context "
124 "of the hosting system, by which the "
125 "AuthenticationRequirement is known."),
126 MaxLen (256) ]
127 tony 1.1 string Name;
128
129 [Deprecated {"CIM_SecuritySensitivity.SecurityLevel"},
130 Description (
131 "The SecurityClassification property specifiesa named level "
132 "of security associated with the AuthenticationRequirement, "
133 "e.g., 'Confidential', 'Top Secret', etc.") ]
134 string SecurityClassification;
135 };
136
137
138 // ==================================================================
139 // HostedAuthenticationRequirement
140 // ==================================================================
141 [Association, Deprecated {"CIM_PolicyRuleInSystem"},
142 Version ("2.7.1000"), Description (
143 "CIM_HostedAuthenticationRequirement is an associationused to "
144 "provide the namespace scoping of AuthenticationRequirement. "
145 "The hosted requirements may or may not apply to resourceson "
146 "the hosting system. Since theAuthenticationRequirement class "
147 "is deprecated in lieu of explicitpolicy rules, this class is "
148 tony 1.1 "similarly deprecated to its'policy' equivalent.") ]
149 class CIM_HostedAuthenticationRequirement : CIM_HostedDependency {
150
151 [Deprecated {"CIM_PolicyRuleInSystem.Antecedent"},
152 Override ("Antecedent"), Min (1), Max (1), Description (
153 "The hosting system.") ]
154 CIM_System REF Antecedent;
155
156 [Deprecated {"CIM_PolicyRuleInSystem.Dependent"},
157 Override ("Dependent"), Weak, Description (
158 "The hosted AuthenticationRequirement.") ]
159 CIM_AuthenticationRequirement REF Dependent;
160 };
161
162
163 // ==================================================================
164 // AuthenticateForUse
165 // ==================================================================
166 [Association, Deprecated {"No value"}, Version ("2.7.1000"),
167 Description (
168 "CIM_AuthenticateForUse is an association used to providean "
169 tony 1.1 "AuthenticationService with the AuthenticationRequirement it "
170 "needs to do its job. Thisassociation is unnecessary and "
171 "therefore deprecated, sinceit is implied that an Identity MUST "
172 "be authenticated (its CurrentlyAuthenticatedBoolean set to "
173 "TRUE) in order to have any Privileges.") ]
174 class CIM_AuthenticateForUse : CIM_Dependency {
175
176 [Deprecated {"No value"}, Override ("Antecedent"), Description (
177 "AuthenticationRequirementfor use.") ]
178 CIM_AuthenticationRequirement REF Antecedent;
179
180 [Deprecated {"No value"}, Override ("Dependent"), Description (
181 "AuthenticationServicethat uses the requirements.") ]
182 CIM_AuthenticationService REF Dependent;
183 };
184
185
186 // ==================================================================
187 // RequireCredentialsFrom
188 // ==================================================================
189 [Association, Deprecated {"CIM_AuthenticationCondition",
190 tony 1.1 "CIM_AuthenticationRule"}, Version ("2.7.1000"), Description (
191 "CIM_RequireCredentialsFrom is an association usedto require "
192 "that credentials are issued by particular CredentialManagement "
193 "Services in order to authenticate a user. This association is "
194 "deprecated in lieu of explicitdeclaration of the "
195 "AuthenticationConditionsin an AuthenticationRule. Instances "
196 "of AuthenticationCondition describethe specific combinations "
197 "of credentials (or alternativecredentials) that are required "
198 "to authenticate an Identity.This allows a more explicit and "
199 "flexible description of authenticationrequirements.") ]
200 class CIM_RequireCredentialsFrom : CIM_Dependency {
201
202 [Deprecated {"CIM_AuthenticationCondition"},
203 Override ("Antecedent"), Description (
204 "CredentialManagementService from whichcredentials are "
205 "accepted for the associated AuthenticationRequirement.") ]
206 CIM_CredentialManagementService REF Antecedent;
207
208 [Deprecated {"CIM_AuthenticationRule"}, Override ("Dependent"),
209 Description (
210 "AuthenticationRequirementthat limit acceptable "
211 tony 1.1 "credentials.") ]
212 CIM_AuthenticationRequirement REF Dependent;
213 };
214
215
216 // ==================================================================
217 // AuthenticationTarget
218 // ==================================================================
219 [Association, Deprecated {"CIM_PolicySetAppliesToElement"},
220 Version ("2.7.1000"), Description (
221 "CIM_AuthenticationTarget is an association used toapply "
222 "authentication requirements for access to specificresources. "
223 "Forexample, a shared secret may be sufficient for access to "
224 "unclassified resources, but for confidential resources,a "
225 "stronger authentication may be required. Since the "
226 "AuthenticationRequirement class is deprecated in lieu of "
227 "explicit policy rules, thisassociation is similarly deprecated "
228 "to its 'policy'equivalent.") ]
229 class CIM_AuthenticationTarget : CIM_Dependency {
230
231 [Deprecated {"CIM_PolicySetAppliesToElement.PolicySet"},
232 tony 1.1 Override ("Antecedent"), Description (
233 "AuthenticationRequirement that apply to specific "
234 "resources.") ]
235 CIM_AuthenticationRequirement REF Antecedent;
236
237 [Deprecated {"CIM_PolicySetAppliesToElement.ManagedElement"},
238 Override ("Dependent"), Description (
239 "Target resources that may be in a Collection or an "
240 "individual ManagedElement. These resources are protected "
241 "by the AuthenticationRequirement.") ]
242 CIM_ManagedElement REF Dependent;
243 };
244
245
246 // ===================================================================
247 // end of file
248 // ===================================================================
|