1 tony 1.1 // ===================================================================
2 // Title: User-Security Identity
3 // Filename: User28_Identity.mof
4 // Version: 2.8
5 // Release: Preliminary
6 // Date: 05/30/2003
7 // ===================================================================
8 // Copyright 1998-2003 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 tony 1.1 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 tony 1.1 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the concepts and classes related to
47 // Identities.
48 //
49 // The object classes below are listed in an order that
50 // avoids forward references. Required objects, defined
51 // by other working groups, are omitted.
52 // ===================================================================
53 // Change Log for v2.8 Preliminary
54 // CR1011 - Add Identity and Privilege; Deprecate UsersAccess and
55 // AccessControlInformation and their related classes
56 // CR1026 - Extend Identity with an IPNetworkIdentity subclass
57 // ===================================================================
58
59 #pragma Locale ("en_US")
60
61
62 // ==================================================================
63 // Identity
64 tony 1.1 // ==================================================================
65 [Experimental, Version ("2.7.1000"), Description (
66 "An instance of an Identity represents a ManagedElement that "
67 "acts as a security principal within the scope in which it is "
68 "defined and authenticated. ManagedElements with Identities "
69 "can be OrganizationalEntities, Services, Systems, etc. The "
70 "ManagedElement 'behind' an Identity is described using the "
71 "AssignedIdentity association.\n"
72 "\n"
73 "Within a given security context, an Identity may be imparted a "
74 "level of trust, usually based on its credentials. Each trust "
75 "level in each context is represented as a unique instance of "
76 "Identity. Whether an Identity is currently authenticated is "
77 "evaluated by checking the CurrentlyAuthenticated boolean "
78 "property. This property is set and cleared by the security "
79 "infrastructure, and should only be readable within the "
80 "management infrastructure. The conditions which must be "
81 "met/authenticated in order for an Identity's "
82 "CurrentlyAuthenticated Boolean to be TRUE are defined using a "
83 "subclass of PolicyCondition - AuthenticationCondition. The "
84 "inheritance tree for AuthenticationCondition is defined in the "
85 tony 1.1 "CIM Policy Model.\n"
86 "\n"
87 "Subclasses of Identity may include specific information "
88 "related to a given AuthenticationService or authority (such as "
89 "a security token or computer hardware port/communication "
90 "details) that more specifically determine the authenticity of "
91 "the Identity. An instance of Identity may be persisted even "
92 "though it is not CurrentlyAuthenticated, in order to maintain "
93 "static relationships to Roles, associations to accounting "
94 "information, and policy data defining authentication "
95 "requirements. Note however, when an Identity is not "
96 "authenticated (CurrentlyAuthenticated = FALSE), then "
97 "Privileges or rights SHOULD NOT be authorized. The lifetime, "
98 "validity, and propagation of the Identity is dependent on a "
99 "security infrastructure's policies.") ]
100 class CIM_Identity : CIM_ManagedElement {
101
102 [Key, Description (
103 "Within the scope of the instantiating Namespace, InstanceID "
104 "opaquely and uniquely identifies an instance of this "
105 "class. In order to ensure uniqueness within the NameSpace, "
106 tony 1.1 "the value of InstanceID SHOULD be constructed using the "
107 "following 'preferred' algorithm:\n"
108 "<OrgID>:<LocalID>\n"
109 "Where <OrgID> and <LocalID> are separated by a colon ':', "
110 "and where <OrgID> MUST include a copyrighted, trademarked "
111 "or otherwise unique name that is owned by the business "
112 "entity creating/defining the InstanceID, or is a registered "
113 "ID that is assigned to the business entity by a recognized "
114 "global authority (This is similar to the <Schema "
115 "Name>_<Class Name> structure of Schema class names.) In "
116 "addition, to ensure uniqueness <OrgID> MUST NOT contain a "
117 "colon (':'). When using this algorithm, the first colon to "
118 "appear in InstanceID MUST appear between <OrgID> and "
119 "<LocalID>.\n"
120 "<LocalID> is chosen by the business entity and SHOULD not "
121 "be re-used to identify different underlying (real-world) "
122 "elements. If the above 'preferred' algorithm is not used, "
123 "the defining entity MUST assure that the resultant "
124 "InstanceID is not re-used across any InstanceIDs produced "
125 "by this or other providers for this instance's NameSpace.\n"
126 "For DMTF defined instances, the 'preferred' algorithm MUST "
127 tony 1.1 "be used with the <OrgID> set to 'CIM'.") ]
128 string InstanceID;
129
130 [Description (
131 "Boolean indicating whether this Identity has been "
132 "authenticated, and is currently known within the scope of "
133 "an AuthenticationService or authority. By default, "
134 "authenticity SHOULD NOT be assumed. This property is set "
135 "and cleared by the security infrastructure, and should only "
136 "be readable within the management infrastructure. Note "
137 "that its value, alone, may not be sufficient to determine "
138 "authentication/ authorization, in that properties of an "
139 "Identity subclass (such as a security token or computer "
140 "hardware port/ communication details) may be required by "
141 "the security infrastructure.") ]
142 boolean CurrentlyAuthenticated = FALSE;
143 };
144
145
146 // ===================================================================
147 // AssignedIdentity
148 tony 1.1 // ===================================================================
149 [Association, Experimental, Version ("2.7.1000"), Description (
150 "This relationship associates an Identity to a specific "
151 "ManagedElement, whose trust is represented.") ]
152 class CIM_AssignedIdentity {
153
154 [Key, Description (
155 "An Identity of the referenced ManagedElement.") ]
156 CIM_Identity REF IdentityInfo;
157
158 [Key, Max (1), Description (
159 "The ManagedElement assigned to a specific Identity.") ]
160 CIM_ManagedElement REF ManagedElement;
161 };
162
163
164 // ==================================================================
165 // IPNetworkIdentity
166 // ==================================================================
167 [Experimental, Version ("2.7.1000"), Description (
168 "IPNetworkIdentity is used to represent the various network "
169 tony 1.1 "identities that may be used for an IPProtocolEndpoint. The "
170 "relationship between the NetworkIdentity and the "
171 "IPProtocolEndpoint is modeled by the AssignedIdentity "
172 "association, inherited from CIM_Identity. This association "
173 "could also be used to relate an address range or other "
174 "endpoint collection with the Identity."),
175 MappingStrings {"IPSP Policy Model.IETF|IKEIdentity"} ]
176 class CIM_IPNetworkIdentity : CIM_Identity {
177
178 [Required, Description (
179 "The IdentityType specifies the type of IP network "
180 "Identity. The list of identities was generated from "
181 "Section 4.6.2.1 of RFC2407. Note that the enumeration is "
182 "different than the RFC list, since the value 'Other' is "
183 "taken into account."),
184 ValueMap {"1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
185 "11", "12", "..", "0x8000.."},
186 Values {"Other", "IPV4 Address", "FQDN", "User FQDN",
187 "IPV4 Subnet Address", "IPV6 Address",
188 "IPV6 Subnet Address", "IPV4 Address Range",
189 "IPV6 Address Range", "DER ASN1 DN", "DER ASN1 GN",
190 tony 1.1 "KEY ID", "DMTF Reserved", "Vendor Reserved"},
191 MappingStrings { "IPSP Policy "
192 "Model.IETF|IKEIdentity.IdentityType",
193 "RFC2407.IETF|Section 4.6.2.1"},
194 ModelCorrespondence { "CIM_IPNetworkIdentity.IdentityValue"} ]
195 uint16 IdentityType;
196
197 [Required, Description (
198 "IdentityValue contains a string encoding of the Identity. "
199 "For Identity instances that are address types, the "
200 "IdentityValue string value may be omitted and the "
201 "associated IPProtocolEndpoint, RangeOfIPAddresses or "
202 "similar class is used to define this information. The "
203 "class is associated using the AssignedIdentity "
204 "relationship."),
205 MappingStrings { "IPSP Policy "
206 "Model.IETF|IKEIdentity.IdentityValue"},
207 ModelCorrespondence { "CIM_IPNetworkIdentity.IdentityType"} ]
208 string IdentityValue;
209
210 [Write, Description (
211 tony 1.1 "The IdentityContexts property is an array of strings "
212 "representing the different roles or contexts that describe "
213 "this Identity. Each value represents one context or a "
214 "context combination, and is a string of the form:\n"
215 "<ContextName>[&&<ContextName>]*\n"
216 "where the individual context names appear in alphabetical "
217 "order (according to the collating sequence for UCS-2)."),
218 MappingStrings { "IPSP Policy "
219 "Model.IETF|IKEIdentity.IdentityContexts"} ]
220 string IdentityContexts[];
221 };
222
223
224 // ===================================================================
225 // end of file
226 // ===================================================================
|
Return to
User28_Identity.mof
CVS log
Up to [Pegasus] / pegasus / Schemas / CIMPrelim28