1 tony 1.1 // ===================================================================
2 // Title: User-Security General Credentials 2.8
3 // Filename: User28_Credential.mof
4 // Version: 2.8
5 // Status: Preliminary
6 // Date: 05/29/2003
7 // ===================================================================
8 // Copyright 2000-2003 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 tony 1.1 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 tony 1.1 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the generic concepts of a
47 // credential.
48 //
49 // The object classes below are listed in an order that
50 // avoids forward references. Required objects, defined
51 // by other working groups, are omitted.
52 // ===================================================================
53 // Change Log for v2.8 Preliminary
54 // CR1011 - Add BiometricCredential, update credential description.
55 // CR1014 - Remove Min (1) from ManagedCredential.Antecedent
56 //
57 // Change Log for v2.7
58 // CR784 - Promote 2 properties, Issued and Expired, from
59 // CIM_KerberosTicket to CIM_Credential
60 // CR980 - Remove Experimental qualifier from 2 properties in
61 // Credential
62 // ===================================================================
63
64 tony 1.1 #pragma Locale ("en_US")
65
66
67 // ==================================================================
68 // Credential
69 // ==================================================================
70 [Abstract, Version ("2.7.1000"), Description (
71 "Subclasses of CIM_Credential define materials, information, or "
72 "other data which are used to establish identity. Generally, "
73 "there may be some shared information, or credential material "
74 "which is used to identify and authenticate an entity in the "
75 "process of gaining access to, or permission to use, "
76 "resources. Such credential material may be used to "
77 "authenticate an entity's identity initially, as done by a "
78 "CIM_AuthenticationService, and additionally on an ongoing "
79 "basis (for example, during the course of a connection or other "
80 "security association), as proof that each received message or "
81 "communication came from a valid 'user' of that credential "
82 "material.") ]
83 class CIM_Credential : CIM_ManagedElement {
84
85 tony 1.1 [Description (
86 "The date and time when the credential was issued. Use a "
87 "value of all 0s if this information is not applicable.") ]
88 datetime Issued;
89
90 [Description (
91 "The date and time when the credential expires (and is not "
92 "appropriate for use for authentication/ authorization). "
93 "Use a value of all 9s if this information is not "
94 "applicable. Note that this property does not define how "
95 "the expiration is set - but that there IS an expiration. "
96 "The property may be set to either a specific date/time or "
97 "an interval (calculated from the Issued datetime). For "
98 "example, for Certificate Authority-signed public key, the "
99 "expiration is determined by the CA. Another example is a "
100 "voice mail password that expires 60 days after it is "
101 "set/issued.") ]
102 datetime Expires;
103 };
104
105
106 tony 1.1 // ===================================================================
107 // ManagedCredential
108 // ===================================================================
109 [Association, Version ("2.7.1000"), Description (
110 "This relationship associates a CredentialManagementService "
111 "with the Credential it manages.") ]
112 class CIM_ManagedCredential : CIM_Dependency {
113
114 [Override ("Antecedent"), Max (1), Description (
115 "The credential management service.") ]
116 CIM_CredentialManagementService REF Antecedent;
117
118 [Override ("Dependent"), Description (
119 "The managed credential.") ]
120 CIM_Credential REF Dependent;
121 };
122
123 // ==================================================================
124 // BiometricCredential
125 // ==================================================================
126 [Experimental, Version ("2.7.1000"), Description (
127 tony 1.1 "CIM_BiometricCredential defines specific biometric-related "
128 "credential information, used to validate an identity.") ]
129 class CIM_BiometricCredential : CIM_Credential {
130
131 [Key, Description (
132 "Within the scope of the instantiating Namespace, InstanceID "
133 "opaquely and uniquely identifies an instance of this "
134 "class. In order to ensure uniqueness within the NameSpace, "
135 "the value of InstanceID SHOULD be constructed using the "
136 "following 'preferred' algorithm:\n"
137 "<OrgID>:<LocalID>\n"
138 "Where <OrgID> and <LocalID> are separated by a colon ':', "
139 "and where <OrgID> MUST include a copyrighted, trademarked "
140 "or otherwise unique name that is owned by the business "
141 "entity creating/defining the InstanceID, or is a registered "
142 "ID that is assigned to the business entity by a recognized "
143 "global authority (This is similar to the <Schema "
144 "Name>_<Class Name> structure of Schema class names.) In "
145 "addition, to ensure uniqueness <OrgID> MUST NOT contain a "
146 "colon (':'). When using this algorithm, the first colon to "
147 "appear in InstanceID MUST appear between <OrgID> and "
148 tony 1.1 "<LocalID>.\n"
149 "<LocalID> is chosen by the business entity and SHOULD not "
150 "be re-used to identify different underlying (real-world) "
151 "elements. If the above 'preferred' algorithm is not used, "
152 "the defining entity MUST assure that the resultant "
153 "InstanceID is not re-used across any InstanceIDs produced "
154 "by this or other providers for this instance's NameSpace.\n"
155 "For DMTF defined instances, the 'preferred' algorithm MUST "
156 "be used with the <OrgID> set to 'CIM'.") ]
157 string InstanceID;
158
159 [Description (
160 "The type of biometric information for identification."),
161 ValueMap {"1", "2", "3", "4", "5", "6", "7", "8"},
162 Values {"Other", "Facial", "Retina", "Mark", "Finger", "Voice",
163 "DNA-RNA", "EEG"},
164 ArrayType ("Indexed"),
165 ModelCorrespondence {
166 "CIM_BiometricCredential.BiometricDescriptions"} ]
167 uint16 Biometrics[];
168
169 tony 1.1 [Description (
170 "Additional information regarding the entries in the "
171 "Biometrics array. For example, information regarding where "
172 "or how the data is stored may be specified in this array. "
173 "Entries at the same index correspond between the Biometrics "
174 "and Descriptions arrays. An entry MUST be provided when "
175 "the value 1, \"Other\", is specified in the Biometrics "
176 "array."),
177 ArrayType ("Indexed"),
178 ModelCorrespondence {"CIM_BiometricCredential.Biometrics"} ]
179 string BiometricDescriptions[];
180 };
181
182
183 // ===================================================================
184 // end of file
185 // ===================================================================
|