1 tony 1.1 // ===================================================================
2 // Title: User-Security Public Key Services and Credentials 2.8
3 // Filename: User28_PublicKey.mof
4 // Version: 2.8
5 // Status: Preliminary
6 // Date: 08/14/2003
7 // ===================================================================
8 // Copyright 2000-2003 Distributed Management Task Force, Inc. (DMTF).
9 // All rights reserved.
10 // DMTF is a not-for-profit association of industry members dedicated
11 // to promoting enterprise and systems management and interoperability.
12 // DMTF specifications and documents may be reproduced for uses
13 // consistent with this purpose by members and non-members,
14 // provided that correct attribution is given.
15 // As DMTF specifications may be revised from time to time,
16 // the particular version and release date should always be noted.
17 //
18 // Implementation of certain elements of this standard or proposed
19 // standard may be subject to third party patent rights, including
20 // provisional patent rights (herein "patent rights"). DMTF makes
21 // no representations to users of the standard as to the existence
22 tony 1.1 // of such rights, and is not responsible to recognize, disclose, or
23 // identify any or all such third party patent right, owners or
24 // claimants, nor for any incomplete or inaccurate identification or
25 // disclosure of such rights, owners or claimants. DMTF shall have no
26 // liability to any party, in any manner or circumstance, under any
27 // legal theory whatsoever, for failure to recognize, disclose, or
28 // identify any such third party patent rights, or for such party's
29 // reliance on the standard or incorporation thereof in its product,
30 // protocols or testing procedures. DMTF shall have no liability to
31 // any party implementing such standard, whether such implementation
32 // is foreseeable or not, nor to any patent owner or claimant, and shall
33 // have no liability or responsibility for costs or losses incurred if
34 // a standard is withdrawn or modified after publication, and shall be
35 // indemnified and held harmless by any party implementing the
36 // standard from any and all claims of infringement by a patent owner
37 // for such implementations.
38 //
39 // For information about patents held by third-parties which have
40 // notified the DMTF that, in their opinion, such patent may relate to
41 // or impact implementations of DMTF standards, visit
42 // http://www.dmtf.org/about/policies/disclosures.php.
43 tony 1.1 // ===================================================================
44 // Description: The User Model extends the management concepts that
45 // are related to users and security.
46 // This file defines the classes modeling public key
47 // security services, credentials and the certificate\
48 // authority.
49 //
50 // The object classes below are listed in an order that
51 // avoids forward references. Required objects, defined
52 // by other working groups, are omitted.
53 // ===================================================================
54 // Change Log for v2.8 Preliminary
55 // CR1011 - Modify description for CertificateAuthority,
56 // PublicKeyCertificate,CAHasPublicKey and UnsignedPublicKey
57 //
58 // Change Log for v2.7
59 // CR784 - Deprecate Expires property from CASignsPublicKeyCertificate
60 // CR980 - Take the Deprecation to Final status
61 // ===================================================================
62
63 #pragma Locale ("en_US")
64 tony 1.1
65
66 // ==================================================================
67 // CertificateAuthority
68 // ==================================================================
69 [Version ("2.7.1000"), Description (
70 "A Certificate Authority (CA) is a credential management "
71 "service that issues and cryptographically signs certificates. "
72 "It acts as an trusted third-party intermediary in establishing "
73 "trust relationships. The CA authenticates the identity of the "
74 "holder of the 'private' key, related to the certificate's "
75 "'public' key.") ]
76 class CIM_CertificateAuthority : CIM_CredentialManagementService {
77
78 [Description (
79 "The CAPolicyStatement describes what care is taken by the "
80 "CertificateAuthority when signing a new certificate. The "
81 "CAPolicyStatment may be a dot-delimited ASN.1 OID string "
82 "which identifies to the formal policy statement.") ]
83 string CAPolicyStatement;
84
85 tony 1.1 [Description (
86 "A CRL, or CertificateRevocationList, is a list of "
87 "certificates which the CertificateAuthority has revoked and "
88 "which are not yet expired. Revocation is necessary when "
89 "the private key associated with the public key of a "
90 "certificate is lost or compromised, or when the person for "
91 "whom the certificate is signed no longer is entitled to use "
92 "the certificate."),
93 OctetString ]
94 string CRL[];
95
96 [Description (
97 "Certificate Revocation Lists may be available from a number "
98 "of distribution points. CRLDistributionPoint array values "
99 "provide URIs for those distribution points.") ]
100 string CRLDistributionPoint[];
101
102 [Description (
103 "Certificates refer to their issuing CA by its Distinguished "
104 "Name (as defined in X.501)."),
105 Dn ]
106 tony 1.1 string CADistinguishedName;
107
108 [Description (
109 "The frequency, expressed in hours, at which the CA will "
110 "update its Certificate Revocation List. Zero implies that "
111 "the refresh frequency is unknown."),
112 Units ("Hours") ]
113 uint8 CRLRefreshFrequency;
114
115 [Description (
116 "The maximum number of certificates in a certificate chain "
117 "permitted for credentials issued by this certificate "
118 "authority or it's subordinate CAs.\n"
119 "The MaxChainLength of a superior CA in the trust hierarchy "
120 "should be greater than this value and the MaxChainLength of "
121 "a subordinate CA in the trust hierarchy should be less than "
122 "this value.") ]
123 uint8 MaxChainLength;
124 };
125
126
127 tony 1.1 // ==================================================================
128 // PublicKeyManagementService
129 // ==================================================================
130 [Version ("2.6.0"), Description (
131 "CIM_PublicKeyManagementService is a credential management "
132 "service that provides local system management of public keys "
133 "used by the local system.") ]
134 class CIM_PublicKeyManagementService : CIM_LocalCredentialManagementService {
135 };
136
137
138 // ==================================================================
139 // PublicKeyCertificate
140 // ==================================================================
141 [Version ("2.7.1000"), Description (
142 "A Public Key Certificate is a credential that is "
143 "cryptographically signed by a trusted Certificate Authority "
144 "(CA) and issued to an authenticated entity (e.g., human user, "
145 "service, etc.) called the Subject in the certificate. The "
146 "public key in the certificate is cryptographically related to "
147 "a private key that is held and kept private by the "
148 tony 1.1 "authenticated Subject. The certificate and its related "
149 "private key can then be used for establishing trust "
150 "relationships and securing communications with the Subject. "
151 "Refer to the ITU/CCITT X.509 standard as an example of such "
152 "certificates.") ]
153 class CIM_PublicKeyCertificate : CIM_Credential {
154
155 [Key,
156 Propagated ("CIM_CertificateAuthority.SystemCreationClassName"),
157 Description (
158 "The scoping System's CCN."),
159 MaxLen (256) ]
160 string SystemCreationClassName;
161
162 [Key, Propagated ("CIM_CertificateAuthority.SystemName"),
163 Description (
164 "The scoping System's Name."),
165 MaxLen (256) ]
166 string SystemName;
167
168 [Key, Propagated ("CIM_CertificateAuthority.CreationClassName"),
169 tony 1.1 Description (
170 "The scoping Service's CCN."),
171 MaxLen (256) ]
172 string ServiceCreationClassName;
173
174 [Key, Propagated ("CIM_CertificateAuthority.Name"), Description (
175 "The scoping Service's Name."),
176 MaxLen (256) ]
177 string ServiceName;
178
179 [Key, Description (
180 "Certificate subject identifier."),
181 MaxLen (256) ]
182 string Subject;
183
184 [Description (
185 "Alternate subject identifier for the Certificate."),
186 MaxLen (256) ]
187 string AltSubject;
188
189 [Description (
190 tony 1.1 "The DER-encoded raw public key."),
191 OctetString ]
192 uint8 PublicKey[];
193 };
194
195
196 // ===================================================================
197 // CAHasPublicCertificate
198 // ===================================================================
199 [Association, Version ("2.7.1000"), Description (
200 "A CertificateAuthority may have certificates issued by other "
201 "CAs or self-signed. This association is essentially an "
202 "optimization of the CA having an external identity established "
203 "by itself or another Authority. This maps closely to "
204 "LDAP-based certificate authority implementations.") ]
205 class CIM_CAHasPublicCertificate : CIM_Dependency {
206
207 [Override ("Antecedent"), Description (
208 "The Certificate used by the CA.") ]
209 CIM_PublicKeyCertificate REF Antecedent;
210
211 tony 1.1 [Override ("Dependent"), Description (
212 "The CA that uses a Certificate.") ]
213 CIM_CertificateAuthority REF Dependent;
214 };
215
216
217 // ===================================================================
218 // CASignsPublicKeyCertificate
219 // ===================================================================
220 [Association, Version ("2.7.0"), Description (
221 "This relationship associates a CertificateAuthority with the "
222 "certificates it signs.") ]
223 class CIM_CASignsPublicKeyCertificate : CIM_ManagedCredential {
224
225 [Override ("Antecedent"), Min (1), Max (1), Description (
226 "The CA which signed the certificate.") ]
227 CIM_CertificateAuthority REF Antecedent;
228
229 [Override ("Dependent"), Weak, Description (
230 "The certificate issued by the CA.") ]
231 CIM_PublicKeyCertificate REF Dependent;
232 tony 1.1
233 [Description (
234 "The Serial Number.") ]
235 string SerialNumber;
236
237 [Description (
238 "The Signature."),
239 OctetString ]
240 uint8 Signature[];
241
242 [Deprecated {"CIM_Credential.Expires"}, Description (
243 "The time it expires.") ]
244 datetime Expires;
245
246 [Description (
247 "The Authority's revocation list distribution points.") ]
248 string CRLDistributionPoint[];
249 };
250
251
252 // ==================================================================
253 tony 1.1 // UnsignedPublicKey
254 // ==================================================================
255 [Version ("2.7.1000"), Description (
256 "A CIM_UnsignedPublicKey represents an unsigned public key "
257 "credential. Services accept the public key as authentic "
258 "because of a direct trust relationship, rather than via a "
259 "third-party Certificate Authority.") ]
260 class CIM_UnsignedPublicKey : CIM_Credential {
261
262 [Key,
263 Propagated ( "CIM_PublicKeyManagementService.SystemCreationClassName"),
264 Description (
265 "The scoping System's CCN."),
266 MaxLen (256) ]
267 string SystemCreationClassName;
268
269 [Key, Propagated ("CIM_PublicKeyManagementService.SystemName"),
270 Description (
271 "The scoping System's Name."),
272 MaxLen (256) ]
273 string SystemName;
274 tony 1.1
275 [Key,
276 Propagated ("CIM_PublicKeyManagementService.CreationClassName"),
277 Description (
278 "The scoping Service's CCN."),
279 MaxLen (256) ]
280 string ServiceCreationClassName;
281
282 [Key, Propagated ("CIM_PublicKeyManagementService.Name"),
283 Description (
284 "The scoping Service's Name."),
285 MaxLen (256) ]
286 string ServiceName;
287
288 [Key, Description (
289 "The Identity of the Peer with whom a direct trust "
290 "relationship exists. The public key may be used for "
291 "security functions with the Peer."),
292 MaxLen (256),
293 ModelCorrespondence {
294 "CIM_PublicKeyManagementService.PeerIdentityType"} ]
295 tony 1.1 string PeerIdentity;
296
297 [Description (
298 "PeerIdentityType is used to describe the type of the "
299 "PeerIdentity. The currently defined values are used for "
300 "IKE identities."),
301 ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8", "9",
302 "10", "11"},
303 Values {"Other", "IPV4_ADDR", "FQDN", "USER_FQDN",
304 "IPV4_ADDR_SUBNET", "IPV6_ADDR", "IPV6_ADDR_SUBNET",
305 "IPV4_ADDR_RANGE", "IPV6_ADDR_RANGE", "DER_ASN1_DN",
306 "DER_ASN1_GN", "KEY_ID"},
307 ModelCorrespondence {
308 "CIM_PublicKeyManagementService.PeerIdentity"} ]
309 uint16 PeerIdentityType;
310
311 [Description (
312 "The DER-encoded raw public key."),
313 OctetString ]
314 uint8 PublicKey[];
315 };
316 tony 1.1
317
318 // ==================================================================
319 // LocallyManagedPublicKey
320 // ==================================================================
321 [Association, Version ("2.6.0"), Description (
322 "CIM_LocallyManagedPublicKey association provides the "
323 "relationship between a PublicKeyManagementService and an "
324 "UnsignedPublicKey.") ]
325 class CIM_LocallyManagedPublicKey : CIM_ManagedCredential {
326
327 [Override ("Antecedent"), Min (1), Max (1), Description (
328 "The PublicKeyManagementService that manages an unsigned "
329 "public key.") ]
330 CIM_PublicKeyManagementService REF Antecedent;
331
332 [Override ("Dependent"), Weak, Description (
333 "An unsigned public key.") ]
334 CIM_UnsignedPublicKey REF Dependent;
335 };
336
337 tony 1.1
338 // ===================================================================
339 // end of file
340 // ===================================================================
|