1 tony 1.1 // ===================================================================
2 // Title: User-Security Kerberos Services and Credentials 2.8
3 // Filename: User28_Kerberos.mof
4 // Version: 2.8
5 // Status: Preliminary
6 // Date: 05/29/2003
7 // ===================================================================
8 // Copyright 2000-2003 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 tony 1.1 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 tony 1.1 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the classes modeling a Kerberos
47 // security service and credentials.
48 //
49 // The object classes below are listed in an order that
50 // avoids forward references. Required objects, defined
51 // by other working groups, are omitted.
52 // ===================================================================
53 // Change Log for v2.8 Preliminary
54 // CR1011 - Modify description for KerberosTicket
55 //
56 // Change Log for v2.7
57 // CR784 - Promote 2 properties, Issued and Expired, from
58 // CIM_KerberosTicket to CIM_Credential.
59 // ===================================================================
60
61 #pragma Locale ("en_US")
62
63
64 tony 1.1 // ==================================================================
65 // KerberosKeyDistributionCenter
66 // ==================================================================
67 [Version ("2.6.0"), Description (
68 "The Kerberos KDC.") ]
69 class CIM_KerberosKeyDistributionCenter : CIM_CredentialManagementService {
70
71 [Override ("Name"), Description (
72 "The Realm served by this KDC.") ]
73 string Name;
74
75 [Description (
76 "The version of Kerberos supported by this service."),
77 ValueMap {"0", "1", "2", "3"},
78 Values {"V4", "V5", "DCE", "MS"} ]
79 uint16 Protocol[];
80 };
81
82
83 // ==================================================================
84 // KerberosTicket
85 tony 1.1 // ==================================================================
86 [Version ("2.7.1000"), Description (
87 "A CIM_KerberosTicket represents a credential issued by a "
88 "particular Kerberos Key Distribution Center (KDC) to establish "
89 "an identity, as the result of a successful authentication "
90 "process. There are two types of tickets that a KDC may issue "
91 "- a TicketGranting ticket, which is used to protect and "
92 "authenticate communications between an entity and the KDC, and "
93 "a Session ticket, which the KDC issues to two entities to "
94 "allow them to communicate with each other.") ]
95 class CIM_KerberosTicket : CIM_Credential {
96
97 [Key,
98 Propagated ( "CIM_KerberosKeyDistributionCenter.SystemCreationClassName"),
99 Description (
100 "The scoping System's CCN."),
101 MaxLen (256) ]
102 string SystemCreationClassName;
103
104 [Key, Propagated ("CIM_KerberosKeyDistributionCenter.SystemName"),
105 Description (
106 tony 1.1 "The scoping System's Name."),
107 MaxLen (256) ]
108 string SystemName;
109
110 [Key,
111 Propagated ( "CIM_KerberosKeyDistributionCenter.CreationClassName"),
112 Description (
113 "The scoping Service's CCN."),
114 MaxLen (256) ]
115 string ServiceCreationClassName;
116
117 [Key, Propagated ("CIM_KerberosKeyDistributionCenter.Name"),
118 Description (
119 "The scoping Service's Name. The Kerberos KDC Realm of "
120 "CIM_KerberosTicket is used to record the security "
121 "authority, or Realm, name so that tickets issued by "
122 "different Realms can be separately managed and enumerated."),
123 MaxLen (256) ]
124 string ServiceName;
125
126 [Key, Description (
127 tony 1.1 "The name of the service for which this ticket is used."),
128 MaxLen (256) ]
129 string AccessesService;
130
131 [Key, Description (
132 "RemoteID is the name by which the user is known at the KDC "
133 "security service."),
134 MaxLen (256) ]
135 string RemoteID;
136
137 [Description (
138 "The Type of CIM_KerberosTicket is used to indicate whether "
139 "the ticket in question was issued by the Kerberos Key "
140 "Distribution Center (KDC) to support ongoing communication "
141 "between the Users Access and the KDC (\"TicketGranting\"), "
142 "or was issued by the KDC to support ongoing communication "
143 "between two Users Access entities (\"Session\")."),
144 ValueMap {"0", "1"},
145 Values {"Session", "TicketGranting"} ]
146 uint16 TicketType;
147 };
148 tony 1.1
149
150 // ===================================================================
151 // KDCIssuesKerberosTicket
152 // ===================================================================
153 [Association, Version ("2.6.0"), Description (
154 "The KDC issues and owns Kerberos tickets. This association "
155 "captures the relationship between the KDC and its issued "
156 "tickets.") ]
157 class CIM_KDCIssuesKerberosTicket : CIM_ManagedCredential {
158
159 [Override ("Antecedent"), Min (1), Max (1), Description (
160 "The issuing KDC.") ]
161 CIM_KerberosKeyDistributionCenter REF Antecedent;
162
163 [Override ("Dependent"), Weak, Description (
164 "The managed credential.") ]
165 CIM_KerberosTicket REF Dependent;
166 };
167
168
169 tony 1.1 // ===================================================================
170 // end of file
171 // ===================================================================
|